[Snort-users] Reload Snort to use new ruleset

Gregory Zill gregory at ...14510...
Tue Jul 26 16:51:40 EDT 2011


If you configured your snort install correctly to allow reload via
#kill -HUP <snort-pid>

My configure line:
$ ./configure --enable-gre --enable-mpls --enable-targetbased
--enable-reload --enable-decoder-preprocessor-rules --enable-ppm
--enable-perfprofiling --with-mysql --enable-zlib

On Tue, Jul 26, 2011 at 3:40 PM,
<snort-users-request at lists.sourceforge.net> wrote:

> Message: 3
> Date: Tue, 26 Jul 2011 15:39:43 -0500
> From: "Gibson, Nathan J. (HSC)" <Nathan-Gibson at ...15095...>
> Subject: Re: [Snort-users] Reload Snort to use new ruleset
> To: RICHARD METZER <rlmst26 at ...14704...>,
>        "snort-users at lists.sourceforge.net"
>        <snort-users at lists.sourceforge.net>
> Message-ID:
>        <B30DD99805FB504981E5411867CF4B9C27A113A7BC at ...15096...>
> Content-Type: text/plain; charset="us-ascii"
>
> I have found this only works when running snort as root. Are you running snort as root?
>
> From: RICHARD METZER [mailto:rlmst26 at ...14704...]
> Sent: Tuesday, July 26, 2011 3:24 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Reload Snort to use new ruleset
>
> I understand the command kill -SIGHUP <pid> should reload Snort with the ability to read an updated ruleset.  However, it only seems to kill it.  I am manually adding new rules, so I would like to reload Snort to avoid any downtime monitoring.  I used the -enable-reload switch when I compiled Snort on an Ubuntu OS.  What am I missing?
>
> Thanks in advance,
> Rick
>


-- 
Happiness is when what you think, what you say, and what you do are in harmony.

                      ~Mahatma Gandhi

Gregory W Zill, MBA, CISSP, GPEN




More information about the Snort-users mailing list