[Oisf-users] Suricata Rule Reload

Leonard Jacobs ljacobs at netsecuris.com
Thu Jul 30 19:03:54 UTC 2015

Probably will have to stop and start Suricata.



From: Saxena, Samiksha [mailto:samiksha.saxena at verizon.com]
To: Leonard Jacobs [mailto:ljacobs at netsecuris.com], 'oisf-users' [mailto:oisf-users at lists.openinfosecfoundation.org]
Sent: Thu, 30 Jul 2015 08:47:15 -0600
Subject: Re: [Oisf-users] Suricata Rule Reload

That might be the reason, let me enable the feature and try it again.

From:  Leonard Jacobs <ljacobs at netsecuris.com>
Date:  Wednesday, July 29, 2015 at 10:33 PM
To:  "Saxena, Samiksha" <samiksha.saxena at one.verizon.com>, 'oisf-users' <oisf-users at lists.openinfosecfoundation.org>
Subject:  RE: [Oisf-users] Suricata Rule Reload

Did you enable the feature in your suricata.yaml file?


# When rule-reload is enabled, sending a USR2 signal to the Suricata process

  # will trigger a live rule reload. Experimental feature, use with care.

  #- rule-reload: true

  # If set to yes, the loading of signatures will be made after the capture

  # is started. This will limit the downtime in IPS mode.

  #- delayed-detect: yes


From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org]  On Behalf Of Saxena, Samiksha
Sent: Wednesday, July 29, 2015 3:31 PM
To: oisf-users
Subject: [Oisf-users] Suricata Rule Reload




I am trying to reload the rules based on this document: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Live_Rule_Swap

When I tried the command Kill –USR2 PID, nothing happens, and new rules are not getting loaded. If I do Kill –9 it does kill the suricata. Am I missing something?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150730/60334c9c/attachment-0002.html>

More information about the Oisf-users mailing list