[Oisf-users] Suricata Rule Reload
Leonard Jacobs
ljacobs at netsecuris.com
Thu Jul 30 19:03:54 UTC 2015
Probably will have to stop and start Suricata.
Leonard
_____
From: Saxena, Samiksha [mailto:samiksha.saxena at verizon.com]
To: Leonard Jacobs [mailto:ljacobs at netsecuris.com], 'oisf-users' [mailto:oisf-users at lists.openinfosecfoundation.org]
Sent: Thu, 30 Jul 2015 08:47:15 -0600
Subject: Re: [Oisf-users] Suricata Rule Reload
That might be the reason, let me enable the feature and try it again.
From: Leonard Jacobs <ljacobs at netsecuris.com>
Date: Wednesday, July 29, 2015 at 10:33 PM
To: "Saxena, Samiksha" <samiksha.saxena at one.verizon.com>, 'oisf-users' <oisf-users at lists.openinfosecfoundation.org>
Subject: RE: [Oisf-users] Suricata Rule Reload
Did you enable the feature in your suricata.yaml file?
# When rule-reload is enabled, sending a USR2 signal to the Suricata process
# will trigger a live rule reload. Experimental feature, use with care.
#- rule-reload: true
# If set to yes, the loading of signatures will be made after the capture
# is started. This will limit the downtime in IPS mode.
#- delayed-detect: yes
From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Saxena, Samiksha
Sent: Wednesday, July 29, 2015 3:31 PM
To: oisf-users
Subject: [Oisf-users] Suricata Rule Reload
Hi,
I am trying to reload the rules based on this document: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Live_Rule_Swap
When I tried the command Kill –USR2 PID, nothing happens, and new rules are not getting loaded. If I do Kill –9 it does kill the suricata. Am I missing something?
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150730/60334c9c/attachment-0002.html>
More information about the Oisf-users
mailing list