Daniel, Thank you for the response.
Can you tell me which process would need to be manually restarted to reload the 'rules/local_rules.xml' file? Thanks, Michael On Fri, Jun 26, 2009 at 9:24 AM, Daniel Cid <[email protected]> wrote: > > Hi Michael, > > There is no way to do this out of the box, but we plan to add this > option in the future. > > As a hack, it is possible but depends on which change you made. > > If you only modified a log file to be monitored, you can kill only the > ossec-logcollector process > and leave all others running (killall ossec-logcollector; > /var/ossec/bin/ossec-logcollector) and > to the same most syscheck/rootcheck (only kill ossec-syscheckd). > > The only exception is ossec-analysisd, which if you kill it, the other > processes will not work > until you start it back. > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > > > On Tue, Jun 23, 2009 at 7:52 PM, Michael Altfield<[email protected]> > wrote: > > > > Hello, > > > > I was wondering if there was a way to tell ossec to reload its > > configuration files without having to restart the process. > > > > For example, running `/etc/init.d/sshd restart` completely shuts down > > and starts up the ssh daemon. This contrasts from `/etc/init.d/sshd > > reload`in that *reload* cause sshd to reload it's configuration file (/ > > etc/ssh/sshd_config) without having to shut down the ssh daemon (so > > there is no downtime for users trying to connect to the server). > > > > Is it possible to have ossec reload its configuration files without > > shutting it down (either with a built-in capability or by means of a > > hack)? > > > > > > TIA > > -Michael > > >
