hi Jaren,
I would also encourage you to look into the SECwin package at
https://github.com/minagerges/SECwin
This package has been designed for making the use of sec on windows easier,
providing the following benefits:
1) the package installs cygwin perl alongside with sec (but can also use
other perl flavors)
2) it offers a windows GUI for interacting with sec
3) it runs sec as a native windows service, providing the necessary
interface for the operating system and the user
4) it can perform automatic upgrades of sec (and SECwin itself!) when new
versions become available
In short, I'd recommend to run the most recent sec version (2.7.10) with
cygwin perl. The secwin package will install all required components for
you through a single installer, making the installation process really easy.
hope this helps,
risto
2016-06-16 14:18 GMT+03:00 Risto Vaarandi <risto.vaara...@gmail.com>:
> Unfortunately, strawberry perl does not support most of the signals that
> are used by sec. With sec-2.6.2, you can also raise the $softrefresh flag
> that is used in the sec code for indicating the arrival of the SIGABRT
> signal:
>
> type=single
> ptype=substr
> pattern=RELOAD
> desc=reload sec rule files that have been modified
> action=lcall %o -> ( sub { $main::softrefresh = 1; } )
>
> However, note that this approach is a crude workaround and is not
> recommended, since the signal handling routines might change between major
> sec releases. For example, with sec-2.7.10 you actually need to rewrite
> this rule as follows:
>
> type=single
> ptype=substr
> pattern=RELOAD
> desc=reload sec rule files that have been modified
> action=lcall %o -> ( sub { $main::sigreceived = 1; $main::softrefresh = 1;
> } )
>
> Unless you have specific reasons for using strawberry perl, I would
> strongly recommend to run sec with cygwin perl instead which offers a
> proper emulation of unix features. Firstly, with cygwin you can enjoy full
> sec functionality on windows platform, and secondly, you can avoid
> workarounds like the one above.
>
> kind regards,
> risto
>
>
> 2016-06-16 13:37 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
>
>> Hi,
>>
>> Sorry i missed, i use strawberry perl with sec 2.6.2.Can you send signals
>> to windows process?or as string on an input file?
>>
>> Regards.
>>
>>
>>
>> 2016-06-16 11:07 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>>
>>> 2016-06-16 11:36 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
>>>
>>>> Hi,
>>>>
>>>> Is it possible to restart or reload sec file rules from a sec rule?.
>>>> I´m using sec 2.6.2 over windows.
>>>>
>>>> Thank you. Regards.
>>>>
>>>
>>> If you are using cygwin perl which properly supports all signals, you
>>> can use the following rule:
>>>
>>> type=single
>>> ptype=substr
>>> pattern=RELOAD
>>> desc=reload sec rule files that have been modified
>>> action=lcall %o -> ( sub { kill(ABRT, $$) } )
>>>
>>> Whenever the string RELOAD is seen in any of the input files, this rule
>>> will send the SIGABRT signal to the current process ($$ variable denotes
>>> the PID of the current process).
>>>
>>> hope this helps,
>>> risto
>>>
>>>
>>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
