[Snort-users] Reload Snort to use new ruleset
gregory at ...14510...
Tue Jul 26 16:51:40 EDT 2011
If you configured your snort install correctly to allow reload via
#kill -HUP <snort-pid>
My configure line:
$ ./configure --enable-gre --enable-mpls --enable-targetbased
--enable-reload --enable-decoder-preprocessor-rules --enable-ppm
--enable-perfprofiling --with-mysql --enable-zlib
On Tue, Jul 26, 2011 at 3:40 PM,
<snort-users-request at lists.sourceforge.net> wrote:
> Message: 3
> Date: Tue, 26 Jul 2011 15:39:43 -0500
> From: "Gibson, Nathan J. (HSC)" <Nathan-Gibson at ...15095...>
> Subject: Re: [Snort-users] Reload Snort to use new ruleset
> To: RICHARD METZER <rlmst26 at ...14704...>,
> "snort-users at lists.sourceforge.net"
> <snort-users at lists.sourceforge.net>
> <B30DD99805FB504981E5411867CF4B9C27A113A7BC at ...15096...>
> Content-Type: text/plain; charset="us-ascii"
> I have found this only works when running snort as root. Are you running snort as root?
> From: RICHARD METZER [mailto:rlmst26 at ...14704...]
> Sent: Tuesday, July 26, 2011 3:24 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Reload Snort to use new ruleset
> I understand the command kill -SIGHUP <pid> should reload Snort with the ability to read an updated ruleset. However, it only seems to kill it. I am manually adding new rules, so I would like to reload Snort to avoid any downtime monitoring. I used the -enable-reload switch when I compiled Snort on an Ubuntu OS. What am I missing?
> Thanks in advance,
Happiness is when what you think, what you say, and what you do are in harmony.
Gregory W Zill, MBA, CISSP, GPEN
More information about the Snort-users