Unfortunately, strawberry perl does not support most of the signals that
are used by sec. With sec-2.6.2, you can also raise the $softrefresh flag
that is used in the sec code for indicating the arrival of the SIGABRT
signal:
type=single
ptype=substr
pattern=RELOAD
desc=reload sec rule files that have been modified
action=lcall %o -> ( sub { $main::softrefresh = 1; } )
However, note that this approach is a crude workaround and is not
recommended, since the signal handling routines might change between major
sec releases. For example, with sec-2.7.10 you actually need to rewrite
this rule as follows:
type=single
ptype=substr
pattern=RELOAD
desc=reload sec rule files that have been modified
action=lcall %o -> ( sub { $main::sigreceived = 1; $main::softrefresh = 1;
} )
Unless you have specific reasons for using strawberry perl, I would
strongly recommend to run sec with cygwin perl instead which offers a
proper emulation of unix features. Firstly, with cygwin you can enjoy full
sec functionality on windows platform, and secondly, you can avoid
workarounds like the one above.
kind regards,
risto
2016-06-16 13:37 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
> Hi,
>
> Sorry i missed, i use strawberry perl with sec 2.6.2.Can you send signals
> to windows process?or as string on an input file?
>
> Regards.
>
>
>
> 2016-06-16 11:07 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>
>> 2016-06-16 11:36 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
>>
>>> Hi,
>>>
>>> Is it possible to restart or reload sec file rules from a sec rule?. I´m
>>> using sec 2.6.2 over windows.
>>>
>>> Thank you. Regards.
>>>
>>
>> If you are using cygwin perl which properly supports all signals, you can
>> use the following rule:
>>
>> type=single
>> ptype=substr
>> pattern=RELOAD
>> desc=reload sec rule files that have been modified
>> action=lcall %o -> ( sub { kill(ABRT, $$) } )
>>
>> Whenever the string RELOAD is seen in any of the input files, this rule
>> will send the SIGABRT signal to the current process ($$ variable denotes
>> the PID of the current process).
>>
>> hope this helps,
>> risto
>>
>>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://pubads.g.doubleclick.net/gampad/clk?id=1444514421&iu=/41014381
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
