[Oisf-users] Suricata Rule Reload

Leonard Jacobs ljacobs at netsecuris.com
Thu Jul 30 02:33:19 UTC 2015

Did you enable the feature in your suricata.yaml file?
# When rule-reload is enabled, sending a USR2 signal to the Suricata process
  # will trigger a live rule reload. Experimental feature, use with care.
  #- rule-reload: true
  # If set to yes, the loading of signatures will be made after the capture
  # is started. This will limit the downtime in IPS mode.
  #- delayed-detect: yes
From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Saxena, Samiksha
Sent: Wednesday, July 29, 2015 3:31 PM
To: oisf-users
Subject: [Oisf-users] Suricata Rule Reload
I am trying to reload the rules based on this document: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Live_Rule_Swap
When I tried the command Kill -USR2 PID, nothing happens, and new rules are not getting loaded. If I do Kill -9 it does kill the suricata. Am I missing something?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150729/a58284d6/attachment-0002.html>

More information about the Oisf-users mailing list