[Snort-users] Reload rules with out restarting snort completly

Frank Knobbe frank at ...9761...
Fri Sep 2 23:52:27 EDT 2005


On Sat, 2005-09-03 at 08:47 +0200, Andreas Östling wrote:
> kill -HUP will make Snort execve() itself which is basically the same as 
> stopping and starting it.

Right. But it doesn't return from the first instance, so if called from
a script, it doesn't continue in the script.

>  What is more important is that it only works 
> if you run Snort as root and non-chrooted, which you should never 
> ever do. 

Good point, didn't consider that. But that wasn't the original question
either ;)

> So if kill -HUP works for you, you are doing something 
> seriously wrong.

Nope, I kill it and let daemontools send me an email and restart it.
(and if it does that over and over, and flood our IRC channel with
restart messages, then I know I made a typo somewhere :)

Cheers,
Frank

-- 
Ciscogate: Shame on Cisco. Double-Shame on ISS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050902/2867ac0f/attachment.sig>


More information about the Snort-users mailing list