[Oisf-users] Suricata Rule Reload

Peter Manev petermanev at gmail.com
Thu Jul 30 20:20:36 UTC 2015



> On 30 jul 2015, at 20:03, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
> 
> Probably will have to stop and start Suricata.
> 
> Leonard
> 
> From: Saxena, Samiksha [mailto:samiksha.saxena at verizon.com]
> To: Leonard Jacobs [mailto:ljacobs at netsecuris.com], 'oisf-users' [mailto:oisf-users at lists.openinfosecfoundation.org]
> Sent: Thu, 30 Jul 2015 08:47:15 -0600
> Subject: Re: [Oisf-users] Suricata Rule Reload
> 
> That might be the reason, let me enable the feature and try it again.
> 


If you are using Suri from git - the feature is enabled by default and it is not present in the yaml as a config option.



> From: Leonard Jacobs <ljacobs at netsecuris.com>
> Date: Wednesday, July 29, 2015 at 10:33 PM
> To: "Saxena, Samiksha" <samiksha.saxena at one.verizon.com>, 'oisf-users' <oisf-users at lists.openinfosecfoundation.org>
> Subject: RE: [Oisf-users] Suricata Rule Reload
> 
> Did you enable the feature in your suricata.yaml file?
>  
> # When rule-reload is enabled, sending a USR2 signal to the Suricata process
>   # will trigger a live rule reload. Experimental feature, use with care.
>   #- rule-reload: true
>   # If set to yes, the loading of signatures will be made after the capture
>   # is started. This will limit the downtime in IPS mode.
>   #- delayed-detect: yes
>  
> From: oisf-users-bounces at lists.openinfosecfoundation.org [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Saxena, Samiksha
> Sent: Wednesday, July 29, 2015 3:31 PM
> To: oisf-users
> Subject: [Oisf-users] Suricata Rule Reload
>  
> Hi, 
>  
> I am trying to reload the rules based on this document: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Live_Rule_Swap
> When I tried the command Kill –USR2 PID, nothing happens, and new rules are not getting loaded. If I do Kill –9 it does kill the suricata. Am I missing something?
>  
> Thanks
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150730/fbbdd128/attachment-0002.html>


More information about the Oisf-users mailing list