Suricata not updating latest rules without so-rule-update in security onion 170 #11159
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I have on environment where i have one security onion 170 machine. on that I have so-suricata docker.
If i have added new rules to suricata then to reflect that rule inside the docker i need to manually do so-rule-update.
Which in turn restarts the so-suricata docker. which may be unnecessary
as mentioned in the below discussion link-
#5330
In that link they have mentioned that for suricata service only doing "systemctl reload suricata (ExecReload=/bin/kill -USR2 $MAINPID)"
Works as expected.
It will reload suricata rules without restart whole service and other background processes.
I want do do the same with my so-suricata docker.
But not sure how to do.
I think in above link its mentioned that securityonion team is integrating same command with so-suricata docker.
I want to know some steps related to this. How we can do that.
Please help me with that as soon as possible.
I need to implement such feature which will just reload suricata rules without restarting whole so-suricata docker inside security onion 170
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions