[Oisf-users] Is is possible to restart suricata with zero drops when suricata-IPS crashes
Cooper F. Nelson
cnelson at ucsd.edu
Tue Nov 20 05:17:31 UTC 2018
You could use something like Nagios to monitor the suri process and
start a new one if its not running.
You could also have a cron job that runs every minute that does
something like this:
> if [[ ! $(pgrep Suricata-Main) ]]; then /usr/local/sbin/warm_boot.sh; fi
This just checks if Suricata-Main is running, if not it will launch the
exec wrapper.
-Coop
On 11/19/2018 8:26 PM, kavi perumal wrote:
> Thanks for comments.
>
>
> Nelson, Cooper, Michał Purzyński, Actually my requirement is to
> allow all traffic incase suricata is down. i don't want to drop
> packets.
>
> @Nelson, Cooper: is there any configuration to configure suricata to
> restart by itself incase of failure with in a specific time?
>
> Regards
> -Kavi Perumal G.
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181119/27fc1e97/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181119/27fc1e97/attachment.sig>
More information about the Oisf-users
mailing list