[Oisf-users] Suricata Rule-Reload not working properly

Andreas Herz andi at geekosphere.org
Tue Jul 19 19:10:10 UTC 2016 

On 19/07/16 at 11:08, jordon.carpenter at rooksecurity.com wrote:
> Having issues with running the following command to perform a live rule
> reload for suricata;
> 
> kill -USR2 `pidof suricata`
> 
> It works on some of my other engines(all have same configuration), but some
> seem to hang at "<Notice> - rule reload starting” and it doesn’t give the
> "<Notice> - rule reload complete” message. Suricata still processes
> packets, but it is unable to reload the rules any further until I kill the
> process. Anyone know how to fix this issue, I have seen this brought up
> before and no solution has been given yet. Im running Suricata version
> 2.1beta4

Could you please update to the stable 3.1.1 release and see if it's
still an issue?
We did a lot of improvements regarding the reload.

> *Thanks,*
> *Jordon Carpenter*
> Rook Security <https://www.rooksecurity.com/>
> *Anticipate, Manage, & Eliminate Threats*
> 
> O: 888.712.9531 x734
> E: jordon.carpenter at rooksecurity.com
> 
> [image: rookconsulting] <https://www.facebook.com/rookconsulting>    [image:
> rooksecurity] <https://twitter.com/rooksecurity>    [image: Rook LinkedIn]
> <https://www.linkedin.com/company/rook-security>
> 
> [image: Seconds Matter]
> <https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a>
> 
> This e-mail may contain confidential and privileged material for the sole
> use of the intended recipient. Any review, use, distribution or disclosure
> by others is strictly prohibited. If you are not the intended recipient (or
> authorized to receive for the recipient), please contact the sender by
> reply e-mail and delete all copies of this message
> 
> [image: Powered by Sigstr]
> <https://rooksecurity.sigstr.net/uc/5702adef825be96deedb141a/watermark>





> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net


-- 
Andreas Herz

More information about the Oisf-users mailing list