[Snort-users] Reload rules with out restarting snort completly

Andreas Östling andreaso at ...236...
Fri Sep 2 23:48:04 EDT 2005


On Sat, 3 Sep 2005, Frank Knobbe wrote:
> Heya Michael,
>
> perhaps he meant a reload with having to stop/kill Snort and start it up
> again. The answer to that is Yes, you can cause Snort to reload the
> rules and config without having to restart it. You do that by sending
> Snort the HUP signal. "killall -HUP snort" will cause Snort to reload
> config and rules, but the process never stops, so if you run it with
> daemontools or some other scripts, it will not continue with the script.
>
> But I thought you knew that ;)
>
> Cheers,
> Frank

kill -HUP will make Snort execve() itself which is basically the same as 
stopping and starting it. What is more important is that it only works 
if you run Snort as root and non-chrooted, which you should never 
ever do. So if kill -HUP works for you, you are doing something 
seriously wrong.

Sep  3 08:43:45 foo snort[23549]: Reload via Signal HUP does not work 
if you aren't root or are chroot'ed

/Andreas




More information about the Snort-users mailing list