[Oisf-users] Live rule swap not working?

John Daly longjohngolf at gmail.com
Wed Apr 27 20:40:15 UTC 2016


On Wed, Apr 27, 2016 at 1:10 PM Victor Julien <lists at inliniac.net> wrote:

> On 27-04-16 21:47, John Daly wrote:
> > It seems that live rule swap doesn't work in my Suricata deployment. As
> > far as I understand it, my suricata.log should show that the process is
> > reloading rules after kill -USR2 <suricata pid>, my suricata.log is
> > empty. Am I missing something?
> >
> > [root at host1 ~]# ps aux | grep -i suricata
> >
> > suri     11622  855 10.9 27780748 21623588 ?   Ssl  Apr20 85922:03
> > /opt/*suricata*/bin/*suricata*--netmap=eno49 --netmap=ens3f0 -c
> > /opt/*suricata*/etc/*suricata*/*suricata*.yml -D
> >
> > [root at host1 ~]# kill -USR2 11622
> >
> > [root at host1 log]# cat suricata.log
> >
> > [root at host1 log]#
> >
> > I'm running Suricata 3.0, Centos 7.1, starting Suricata via systemd,
> > acquiring packets via Netmap.
>
> We did a lot of fixes in 3.0.1 related to rule reloads, so I would
> suggest updating first.
>

Fantastic, thanks Victor. I will give it a shot.


>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC:
> http://oisfevents.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160427/1230e7ee/attachment-0002.html>


More information about the Oisf-users mailing list