blob: 5c29232d6e8edc15e7b9d5b54b23c044db16bd61 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Rule Reloads
============
Suricata can reload the rules without restarting. This way, there
is minimal service disruption.
This works by sending Suricata a signal or by using the unix socket. When Suricata is told to reload the rules these are the basic steps it takes:
* Load new config to update rule variables and values.
* Load new rules
* Construct new detection engine
* Swap old and new detection engines
* Make sure all threads are updated
* Free old detection engine
Suricata will continue to process packets normally during this process. Keep in mind though, that the system should have enough memory for both detection engines.
Signal::
kill -USR2 $(pidof suricata)
There are two methods available when using the Unix socket.
Blocking reload ::
suricatasc -c reload-rules
Non blocking reload ::
suricatasc -c ruleset-reload-nonblocking
It is also possible to get information about the last reload via dedicated commands. See :ref:`standard-unix-socket-commands` for more information.
|
