Snort mailing list archives
Re: Reload rules with out restarting snort completly
From: Frank Knobbe <frank () knobbe us>
Date: Sat, 03 Sep 2005 01:51:19 -0500
On Sat, 2005-09-03 at 08:47 +0200, Andreas Östling wrote:
kill -HUP will make Snort execve() itself which is basically the same as stopping and starting it.
Right. But it doesn't return from the first instance, so if called from a script, it doesn't continue in the script.
What is more important is that it only works if you run Snort as root and non-chrooted, which you should never ever do.
Good point, didn't consider that. But that wasn't the original question either ;)
So if kill -HUP works for you, you are doing something seriously wrong.
Nope, I kill it and let daemontools send me an email and restart it. (and if it does that over and over, and flood our IRC channel with restart messages, then I know I made a typo somewhere :) Cheers, Frank -- Ciscogate: Shame on Cisco. Double-Shame on ISS.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Reload rules with out restarting snort completly Pablo Nebrera (Sep 02)
- Re: Reload rules with out restarting snort completly Michael Boman (Sep 02)
- Re: Reload rules with out restarting snort completly Frank Knobbe (Sep 02)
- Re: Reload rules with out restarting snort completly Andreas Östling (Sep 02)
- Re: Reload rules with out restarting snort completly Frank Knobbe (Sep 02)
- Re: Reload rules with out restarting snort completly Joel Esler (Sep 03)
- Re: Reload rules with out restarting snort completly Frank Knobbe (Sep 02)
- Re: Reload rules with out restarting snort completly Michael Boman (Sep 02)