Project

General

Profile

Actions
Copy link

Feature #1290

open
DB CT

handle SIGHUP signal

Feature #1290: handle SIGHUP signal

Added by Dariusz Binkul over 11 years ago. Updated about 7 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Hello,

it would be nice to make Suricata to handle SIGHUP signal in a way that it would:
- reopen log files
- reopen unix socket
- reread configuration file

Currently if a unix socket is created after suricata starts, I must restart suricata in order to connect to socket.

If you implement it,
I could send SIGHUP (or other) signal to suricata every time when socket is created so it can reconnect successfully.

Kind regards,
Dariusz Binkul

JI Updated by Jason Ish over 11 years ago Actions
Copy link
 #1

In 2.0.4 a SIGHUP will re-open all the log files (zeroing them in doing so, on the assumption that a tool like logrotate has moved them out). I believe a SIGUSR2 will re-read the configuration.

I don't know enough about the unix socket to know if its a good idea to re-open it as part of the SIGHUP. Why does it need re-opening?

DB Updated by Dariusz Binkul over 11 years ago Actions
Copy link
 #2

Hello,

like I said. If a unix socket is created after suricata starts, I must restart suricata in order to connect to socket.
This is a problem, because you must config your system start scripts to check if a service that provides socket is init before suricata starts.

Another thing is that restart of a service that provide socket must be followed by a suricata restart.

If suricata could reopen unix socket, then suricata and socket provider(service) could work independently.

Kind regards,
Dariusz Binkul

Jason Ish wrote:

In 2.0.4 a SIGHUP will re-open all the log files (zeroing them in doing so, on the assumption that a tool like logrotate has moved them out). I believe a SIGUSR2 will re-read the configuration.

I don't know enough about the unix socket to know if its a good idea to re-open it as part of the SIGHUP. Why does it need re-opening?

AH Updated by Andreas Herz about 10 years ago Actions
Copy link
 #3

  • Assignee set to OISF Dev
  • Target version set to TBD

VJ Updated by Victor Julien over 7 years ago Actions
Copy link
 #4

  • Assignee changed from OISF Dev to Anonymous

So HUP would be like USR2, except it would handle socket reconnects as well?

AH Updated by Andreas Herz about 7 years ago Actions
Copy link
 #5

  • Assignee set to Community Ticket
Actions
Copy link

Also available in: PDF Atom