[Oisf-users] Is is possible to restart suricata with zero drops when suricata-IPS crashes
kavi perumal
kaviperumal22 at gmail.com
Tue Nov 20 08:59:55 UTC 2018
Hi All,
Thanks a lot for all the clarifications... Sure i will use any one of the
option.
Regards
-Kavi Perumal G.
On Tue, Nov 20, 2018 at 1:46 PM Michał Purzyński <michalpurzynski1 at gmail.com>
wrote:
> I just use systemd and Suricata in IDS (not IDP) mode.
>
> For IDS that's easy - use one of suggested solutions here, systemd,
> supervisord, etc.
>
> IDP is going to be difficult.
> On Mon, Nov 19, 2018 at 9:17 PM Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> >
> > You could use something like Nagios to monitor the suri process and
> start a new one if its not running.
> >
> > You could also have a cron job that runs every minute that does
> something like this:
> >
> > if [[ ! $(pgrep Suricata-Main) ]]; then /usr/local/sbin/warm_boot.sh; fi
> >
> > This just checks if Suricata-Main is running, if not it will launch the
> exec wrapper.
> >
> > -Coop
> >
> > On 11/19/2018 8:26 PM, kavi perumal wrote:
> >
> > Thanks for comments.
> >
> > Nelson, Cooper, Michał Purzyński, Actually my requirement is to allow
> all traffic incase suricata is down. i don't want to drop packets.
> >
> > @Nelson, Cooper: is there any configuration to configure suricata to
> restart by itself incase of failure with in a specific time?
> >
> > Regards
> > -Kavi Perumal G.
> >
> >
> > --
> > Cooper Nelson
> > Network Security Analyst
> > UCSD ITS Security Team
> > cnelson at ucsd.edu x41042
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181120/f8974aba/attachment.html>
More information about the Oisf-users
mailing list