Thank you risto! I know the project but i can´t use secwin for programming.
In case that you need i can help you to develop it.
2016-06-16 18:51 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
> hi Jaren,
> I would also encourage you to look into the SECwin package at
> https://github.com/minagerges/SECwin
>
> This package has been designed for making the use of sec on windows
> easier, providing the following benefits:
> 1) the package installs cygwin perl alongside with sec (but can also use
> other perl flavors)
> 2) it offers a windows GUI for interacting with sec
> 3) it runs sec as a native windows service, providing the necessary
> interface for the operating system and the user
> 4) it can perform automatic upgrades of sec (and SECwin itself!) when new
> versions become available
>
> In short, I'd recommend to run the most recent sec version (2.7.10) with
> cygwin perl. The secwin package will install all required components for
> you through a single installer, making the installation process really easy.
>
> hope this helps,
> risto
>
> 2016-06-16 14:18 GMT+03:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>
>> Unfortunately, strawberry perl does not support most of the signals that
>> are used by sec. With sec-2.6.2, you can also raise the $softrefresh flag
>> that is used in the sec code for indicating the arrival of the SIGABRT
>> signal:
>>
>> type=single
>> ptype=substr
>> pattern=RELOAD
>> desc=reload sec rule files that have been modified
>> action=lcall %o -> ( sub { $main::softrefresh = 1; } )
>>
>> However, note that this approach is a crude workaround and is not
>> recommended, since the signal handling routines might change between major
>> sec releases. For example, with sec-2.7.10 you actually need to rewrite
>> this rule as follows:
>>
>> type=single
>> ptype=substr
>> pattern=RELOAD
>> desc=reload sec rule files that have been modified
>> action=lcall %o -> ( sub { $main::sigreceived = 1; $main::softrefresh =
>> 1; } )
>>
>> Unless you have specific reasons for using strawberry perl, I would
>> strongly recommend to run sec with cygwin perl instead which offers a
>> proper emulation of unix features. Firstly, with cygwin you can enjoy full
>> sec functionality on windows platform, and secondly, you can avoid
>> workarounds like the one above.
>>
>> kind regards,
>> risto
>>
>>
>> 2016-06-16 13:37 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
>>
>>> Hi,
>>>
>>> Sorry i missed, i use strawberry perl with sec 2.6.2.Can you send
>>> signals to windows process?or as string on an input file?
>>>
>>> Regards.
>>>
>>>
>>>
>>> 2016-06-16 11:07 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>>>
>>>> 2016-06-16 11:36 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
>>>>
>>>>> Hi,
>>>>>
>>>>> Is it possible to restart or reload sec file rules from a sec rule?.
>>>>> I´m using sec 2.6.2 over windows.
>>>>>
>>>>> Thank you. Regards.
>>>>>
>>>>
>>>> If you are using cygwin perl which properly supports all signals, you
>>>> can use the following rule:
>>>>
>>>> type=single
>>>> ptype=substr
>>>> pattern=RELOAD
>>>> desc=reload sec rule files that have been modified
>>>> action=lcall %o -> ( sub { kill(ABRT, $$) } )
>>>>
>>>> Whenever the string RELOAD is seen in any of the input files, this rule
>>>> will send the SIGABRT signal to the current process ($$ variable denotes
>>>> the PID of the current process).
>>>>
>>>> hope this helps,
>>>> risto
>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
