That's really easy -- instead of setting $main::softrefresh you have to
set $main::refresh:
type=single
ptype=substr
pattern=RESTART
desc=reload all sec rule files with a full restart
action=lcall %o -> ( sub { $main::refresh = 1; } )
Hope this helps,
risto
2016-06-20 17:39 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
> Hi,
>
> In case that i want to reload all rules like when you are starting sec at
> the first time. No just a softreset and check new rules. Which variables
> must i activate like in the example before? Working with sec 2.6.2.
>
> Thank you!. Regards.
>
>
>
> 2016-06-19 13:29 GMT+02:00 Jaren Peich <burkol...@gmail.com>:
>
>> Ups,
>>
>> Sorry Peter, i haven´t realised that i copied wrongly.I wrote the email
>> quickly.
>>
>> Thank you again Risto. Have a nice weekend!.
>>
>> 2016-06-17 17:08 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>>
>>> hi Peter,
>>> actually, the code snippets were different in my original e-mail. For
>>> sec-2.6.2, you would need the following rule:
>>>
>>> type=single
>>> ptype=substr
>>> pattern=RELOAD
>>> desc=reload sec rule files that have been modified
>>> action=lcall %o -> ( sub { $main::softrefresh = 1; } )
>>>
>>> That's because in sec-2.6.2 there is no $sigreceived flag in the code,
>>> while sec-2.7.X is uses this flag for optimization purposes.
>>>
>>> kind regards,
>>> risto
>>>
>>>
>>> 2016-06-17 16:04 GMT+03:00 Peter Eckel <li...@eckel-edv.de>:
>>>
>>>> Hi Jaren,
>>>>
>>>> > Thank you peter! The problem is windows doesn´t work with signals,
>>>> you need cygwin installed on it, that allow you to use linux commands on
>>>> windows and in my enviroment i can´t do that.
>>>> >
>>>> > Risto contribute with this solution in other mail thread(I copy and
>>>> paste):
>>>> >
>>>> > Sec-2.6.2
>>>> > type=single
>>>> > ptype=substr
>>>> > pattern=RELOAD
>>>> > desc=reload sec rule files that have been modified
>>>> > action=lcall %o -> ( sub { $main::sigreceived = 1; $main::softrefresh
>>>> = 1; } )
>>>> >
>>>> > Sec-2.7.10
>>>> > type=single
>>>> > ptype=substr
>>>> > pattern=RELOAD
>>>> > desc=reload sec rule files that have been modified
>>>> > action=lcall %o -> ( sub { $main::sigreceived = 1; $main::softrefresh
>>>> = 1; } )
>>>>
>>>> awesome, thanks - a genuine Risto solution! ;-)
>>>>
>>>> In fact it's even more elegant on Unix as well as on Windows, as it
>>>> avoids spawning a shell and sending the signal via an external command.
>>>> I'll keep that on my list of dirty tricks :-)
>>>>
>>>> By the way: The two code snippets look absolutely identical, are you
>>>> sure you didn't miss something?
>>>>
>>>> Regards,
>>>>
>>>> Peter.
>>>
>>>
>>>
>>
>
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
