Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Reload Snort to use new ruleset

From: RICHARD METZER <rlmst26 () mail rmu edu>
Date: Tue, 26 Jul 2011 15:24:14 -0500
I understand the command *kill -SIGHUP <pid> *should reload Snort with the
ability to read an updated ruleset.  However, it only seems to kill it.  I
am manually adding new rules, so I would like to reload Snort to avoid any
downtime monitoring.  I used the -enable-reload switch when I compiled Snort
on an Ubuntu OS.  What am I missing?

Thanks in advance,
Rick







As I understand the command *kill -SIGHUP <pid> *should reload Snort with
the ability to read an updated ruleset; however, it only seems to kill it.
 I am manually adding new rules, so I would like to reload Snort to avoid
any downtime monitoring.  I used the --enable-reload switch when I compiled
Snort. What am I missing?

Thanks in advance!
Rick

------------------------------------------------------------------------------
Magic Quadrant for Content-Aware Data Loss Prevention
Research study explores the data loss prevention market. Includes in-depth
analysis on the changes within the DLP market, and the criteria used to
evaluate the strengths and weaknesses of these DLP solutions.
http://www.accelacomm.com/jaw/sfnl/114/51385063/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation
Previous By Date Next
Previous By Thread Next

Current thread: