Actions
Bug #1466
closedRule reload - Rules won't reload if rule files are listed in an included file.
Affected Versions:
Effort:
Difficulty:
Label:
Description
Appears to affect at least 2.1beta3, and 2.1beta4. 2.0.8 seems fine.
If the "rule-files" configuration node is in a file included into suricata.yaml, no rules appear to be reloaded after a SIGUSR2.
For example, my suricata.yaml looks like:
default-rule-path: /etc/suricata/rules include: /etc/suricata/rules/rules.yaml
Where rules.yaml is something like:
rule-files: - botcc.portgrouped.rules - botcc.rules
The output after a SIGUSR2 is something like:
[14081] 11/5/2015 -- 09:44:35 - (reputation.c:620) <Info> (SRepInit) -- IP reputation disabled [14081] 11/5/2015 -- 09:44:35 - (util-classification-config.c:359) <Info> (SCClassConfParseFile) -- Added "34" classification types from the classification file [14081] 11/5/2015 -- 09:44:35 - (util-reference-config.c:337) <Info> (SCRConfParseFile) -- Added "19" reference types from the reference.config file [14081] 11/5/2015 -- 09:44:35 - (detect.c:474) <Info> (SigLoadSignatures) -- No signatures supplied. [14081] 11/5/2015 -- 09:44:35 - (util-threshold-config.c:1195) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found [14081] 11/5/2015 -- 09:44:35 - (detect-engine.c:574) <Notice> (DetectEngineReloadThreads) -- rule reload starting [14081] 11/5/2015 -- 09:44:35 - (detect-engine.c:653) <Info> (DetectEngineReloadThreads) -- Live rule swap has swapped 12 old det_ctx's with new ones, along with the new de_ctx [14081] 11/5/2015 -- 09:44:35 - (detect-engine.c:725) <Notice> (DetectEngineReloadThreads) -- rule reload complete [14081] 11/5/2015 -- 09:44:35 - (detect.c:4185) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure... complete
Resulting in no rules being loaded.
Updated by Jason Ish over 9 years ago
- Status changed from New to Assigned
- Assignee set to Jason Ish
Updated by Victor Julien over 9 years ago
Whats the status of this one? Think I remember seeing a patch :)
Updated by Jason Ish over 9 years ago
Addressed in this PR https://github.com/inliniac/suricata/pull/1483 (merged).
Updated by Victor Julien over 9 years ago
- Status changed from Assigned to Closed
Actions