[Oisf-users] Is is possible to restart suricata with zero drops when suricata-IPS crashes
Michał Purzyński
michalpurzynski1 at gmail.com
Tue Nov 20 08:15:59 UTC 2018
I just use systemd and Suricata in IDS (not IDP) mode.
For IDS that's easy - use one of suggested solutions here, systemd,
supervisord, etc.
IDP is going to be difficult.
On Mon, Nov 19, 2018 at 9:17 PM Cooper F. Nelson <cnelson at ucsd.edu> wrote:
>
> You could use something like Nagios to monitor the suri process and start a new one if its not running.
>
> You could also have a cron job that runs every minute that does something like this:
>
> if [[ ! $(pgrep Suricata-Main) ]]; then /usr/local/sbin/warm_boot.sh; fi
>
> This just checks if Suricata-Main is running, if not it will launch the exec wrapper.
>
> -Coop
>
> On 11/19/2018 8:26 PM, kavi perumal wrote:
>
> Thanks for comments.
>
> Nelson, Cooper, Michał Purzyński, Actually my requirement is to allow all traffic incase suricata is down. i don't want to drop packets.
>
> @Nelson, Cooper: is there any configuration to configure suricata to restart by itself incase of failure with in a specific time?
>
> Regards
> -Kavi Perumal G.
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042
More information about the Oisf-users
mailing list