Hi,
In case that i want to reload all rules like when you are starting sec at
the first time. No just a softreset and check new rules. Which variables
must i activate like in the example before? Working with sec 2.6.2.
Thank you!. Regards.
2016-06-19 13:29 GMT+02:00 Jaren Peich <burkol...@gmail.com>:
> Ups,
>
> Sorry Peter, i haven´t realised that i copied wrongly.I wrote the email
> quickly.
>
> Thank you again Risto. Have a nice weekend!.
>
> 2016-06-17 17:08 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>
>> hi Peter,
>> actually, the code snippets were different in my original e-mail. For
>> sec-2.6.2, you would need the following rule:
>>
>> type=single
>> ptype=substr
>> pattern=RELOAD
>> desc=reload sec rule files that have been modified
>> action=lcall %o -> ( sub { $main::softrefresh = 1; } )
>>
>> That's because in sec-2.6.2 there is no $sigreceived flag in the code,
>> while sec-2.7.X is uses this flag for optimization purposes.
>>
>> kind regards,
>> risto
>>
>>
>> 2016-06-17 16:04 GMT+03:00 Peter Eckel <li...@eckel-edv.de>:
>>
>>> Hi Jaren,
>>>
>>> > Thank you peter! The problem is windows doesn´t work with signals, you
>>> need cygwin installed on it, that allow you to use linux commands on
>>> windows and in my enviroment i can´t do that.
>>> >
>>> > Risto contribute with this solution in other mail thread(I copy and
>>> paste):
>>> >
>>> > Sec-2.6.2
>>> > type=single
>>> > ptype=substr
>>> > pattern=RELOAD
>>> > desc=reload sec rule files that have been modified
>>> > action=lcall %o -> ( sub { $main::sigreceived = 1; $main::softrefresh
>>> = 1; } )
>>> >
>>> > Sec-2.7.10
>>> > type=single
>>> > ptype=substr
>>> > pattern=RELOAD
>>> > desc=reload sec rule files that have been modified
>>> > action=lcall %o -> ( sub { $main::sigreceived = 1; $main::softrefresh
>>> = 1; } )
>>>
>>> awesome, thanks - a genuine Risto solution! ;-)
>>>
>>> In fact it's even more elegant on Unix as well as on Windows, as it
>>> avoids spawning a shell and sending the signal via an external command.
>>> I'll keep that on my list of dirty tricks :-)
>>>
>>> By the way: The two code snippets look absolutely identical, are you
>>> sure you didn't miss something?
>>>
>>> Regards,
>>>
>>> Peter.
>>
>>
>>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
