Project

General

Profile

Actions
Copy link

Support #2801

closed

Disable/Enable suricata logs on a running instance

Added by Pavan P about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
4.0.1
Label:

Description

Hi,

I tried to disable/enable suricata logs ie fast.log,eve.log,stats.log on a running suricata instance by sending "kill -USR2 <pid_suricata>" signal after updating the yaml file. But, i observe that the changes in the yaml file are not reflected. The log disable/enable did not happen.

Could you please let me know if it is supported. If yes, how would i achieve it

Thanks
Pavan

Actions
Copy link
 #1

Updated by Victor Julien about 5 years ago

  • Priority changed from Immediate to Normal

This is not supported at this time. The USR2 signal will reload the rules only. Log output cannot dynamically be enabled/disabled.

Actions
Copy link
 #2

Updated by Victor Julien about 5 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF