Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reload rules with out restarting snort completly

From: Andreas Östling <andreaso () it su se>
Date: Sat, 3 Sep 2005 08:47:42 +0200 (CEST)

On Sat, 3 Sep 2005, Frank Knobbe wrote:

Heya Michael,

perhaps he meant a reload with having to stop/kill Snort and start it up
again. The answer to that is Yes, you can cause Snort to reload the
rules and config without having to restart it. You do that by sending
Snort the HUP signal. "killall -HUP snort" will cause Snort to reload
config and rules, but the process never stops, so if you run it with
daemontools or some other scripts, it will not continue with the script.

But I thought you knew that ;)

Cheers,
Frank
kill -HUP will make Snort execve() itself which is basically the same as stopping and starting it. What is more important is that it only works if you run Snort as root and non-chrooted, which you should never ever do. So if kill -HUP works for you, you are doing something seriously wrong.
Sep 3 08:43:45 foo snort[23549]: Reload via Signal HUP does not work if you aren't root or are chroot'ed 

/Andreas


-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: