Snort mailing list archives
Re: Reload Snort to use new ruleset
From: Agustin Roca <agustin.roca () globant com>
Date: Tue, 26 Jul 2011 17:31:44 -0300
You should check the error why it is exiting. Probably new rule with some keywords not supported... Also i know that for Centos or RH the init script has a bug that doesnt let u do that.. Or at least for some older versions Cheers 2011/7/26 RICHARD METZER <rlmst26 () mail rmu edu>
I understand the command *kill -SIGHUP <pid> *should reload Snort with the ability to read an updated ruleset. However, it only seems to kill it. I am manually adding new rules, so I would like to reload Snort to avoid any downtime monitoring. I used the -enable-reload switch when I compiled Snort on an Ubuntu OS. What am I missing? Thanks in advance, Rick As I understand the command *kill -SIGHUP <pid> *should reload Snort with the ability to read an updated ruleset; however, it only seems to kill it. I am manually adding new rules, so I would like to reload Snort to avoid any downtime monitoring. I used the --enable-reload switch when I compiled Snort. What am I missing? Thanks in advance! Rick ------------------------------------------------------------------------------ Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
-- Agustin Roca Information Security Team agustin.roca () globant com work: 54+(011) 4109.1700 ext. 8098 cel: 54+(011)15-5022-3042
------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- Reload Snort to use new ruleset RICHARD METZER (Jul 26)
- Re: Reload Snort to use new ruleset Gibson, Nathan J. (HSC) (Jul 26)
- Re: Reload Snort to use new ruleset Eoin Miller (Jul 26)
- Re: [Spam] Reload Snort to use new ruleset Lay, James (Jul 26)
- Re: Reload Snort to use new ruleset Castle, Shane (Jul 26)
- Re: Reload Snort to use new ruleset Marcos Rodriguez (Jul 26)
- Re: Reload Snort to use new ruleset Lay, James (Jul 26)
- Re: Reload Snort to use new ruleset Joel Esler (Jul 26)
- Re: Reload Snort to use new ruleset Lay, James (Jul 26)
- Re: Reload Snort to use new ruleset Paul Schmehl (Jul 28)
- Re: Reload Snort to use new ruleset Gibson, Nathan J. (HSC) (Jul 26)
- Re: Reload Snort to use new ruleset Agustin Roca (Jul 27)
- <Possible follow-ups>
- Re: Reload Snort to use new ruleset Gregory Zill (Jul 26)