Snort mailing list archives
Re: Reload Snort to use new ruleset
From: Gregory Zill <gregory () r3g net>
Date: Tue, 26 Jul 2011 15:51:40 -0500
If you configured your snort install correctly to allow reload via #kill -HUP <snort-pid> My configure line: $ ./configure --enable-gre --enable-mpls --enable-targetbased --enable-reload --enable-decoder-preprocessor-rules --enable-ppm --enable-perfprofiling --with-mysql --enable-zlib On Tue, Jul 26, 2011 at 3:40 PM, <snort-users-request () lists sourceforge net> wrote:
Message: 3 Date: Tue, 26 Jul 2011 15:39:43 -0500 From: "Gibson, Nathan J. (HSC)" <Nathan-Gibson () ouhsc edu> Subject: Re: [Snort-users] Reload Snort to use new ruleset To: RICHARD METZER <rlmst26 () mail rmu edu>, "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <B30DD99805FB504981E5411867CF4B9C27A113A7BC () ENZO hsc net ou edu> Content-Type: text/plain; charset="us-ascii" I have found this only works when running snort as root. Are you running snort as root? From: RICHARD METZER [mailto:rlmst26 () mail rmu edu] Sent: Tuesday, July 26, 2011 3:24 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Reload Snort to use new ruleset I understand the command kill -SIGHUP <pid> should reload Snort with the ability to read an updated ruleset. However, it only seems to kill it. I am manually adding new rules, so I would like to reload Snort to avoid any downtime monitoring. I used the -enable-reload switch when I compiled Snort on an Ubuntu OS. What am I missing? Thanks in advance, Rick
-- Happiness is when what you think, what you say, and what you do are in harmony. ~Mahatma Gandhi Gregory W Zill, MBA, CISSP, GPEN ------------------------------------------------------------------------------ Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- Re: Reload Snort to use new ruleset, (continued)
- Re: Reload Snort to use new ruleset Gibson, Nathan J. (HSC) (Jul 26)
- Re: Reload Snort to use new ruleset Eoin Miller (Jul 26)
- Re: [Spam] Reload Snort to use new ruleset Lay, James (Jul 26)
- Re: Reload Snort to use new ruleset Castle, Shane (Jul 26)
- Re: Reload Snort to use new ruleset Marcos Rodriguez (Jul 26)
- Re: Reload Snort to use new ruleset Lay, James (Jul 26)
- Re: Reload Snort to use new ruleset Joel Esler (Jul 26)
- Re: Reload Snort to use new ruleset Lay, James (Jul 26)
- Re: Reload Snort to use new ruleset Paul Schmehl (Jul 28)
- Re: Reload Snort to use new ruleset Gibson, Nathan J. (HSC) (Jul 26)
- Re: Reload Snort to use new ruleset Agustin Roca (Jul 27)
- Re: Reload Snort to use new ruleset Gregory Zill (Jul 26)