Hi,
I founded yesterday night!. I could not write to sec list.
Thank you again Risto!. Have a nice day!.
2016-06-20 17:58 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
> That's really easy -- instead of setting $main::softrefresh you have to
> set $main::refresh:
>
> type=single
> ptype=substr
> pattern=RESTART
> desc=reload all sec rule files with a full restart
> action=lcall %o -> ( sub { $main::refresh = 1; } )
>
> Hope this helps,
> risto
>
> 2016-06-20 17:39 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
>
>> Hi,
>>
>> In case that i want to reload all rules like when you are starting sec at
>> the first time. No just a softreset and check new rules. Which variables
>> must i activate like in the example before? Working with sec 2.6.2.
>>
>> Thank you!. Regards.
>>
>>
>>
>> 2016-06-19 13:29 GMT+02:00 Jaren Peich <burkol...@gmail.com>:
>>
>>> Ups,
>>>
>>> Sorry Peter, i haven´t realised that i copied wrongly.I wrote the email
>>> quickly.
>>>
>>> Thank you again Risto. Have a nice weekend!.
>>>
>>> 2016-06-17 17:08 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>>>
>>>> hi Peter,
>>>> actually, the code snippets were different in my original e-mail. For
>>>> sec-2.6.2, you would need the following rule:
>>>>
>>>> type=single
>>>> ptype=substr
>>>> pattern=RELOAD
>>>> desc=reload sec rule files that have been modified
>>>> action=lcall %o -> ( sub { $main::softrefresh = 1; } )
>>>>
>>>> That's because in sec-2.6.2 there is no $sigreceived flag in the code,
>>>> while sec-2.7.X is uses this flag for optimization purposes.
>>>>
>>>> kind regards,
>>>> risto
>>>>
>>>>
>>>> 2016-06-17 16:04 GMT+03:00 Peter Eckel <li...@eckel-edv.de>:
>>>>
>>>>> Hi Jaren,
>>>>>
>>>>> > Thank you peter! The problem is windows doesn´t work with signals,
>>>>> you need cygwin installed on it, that allow you to use linux commands on
>>>>> windows and in my enviroment i can´t do that.
>>>>> >
>>>>> > Risto contribute with this solution in other mail thread(I copy and
>>>>> paste):
>>>>> >
>>>>> > Sec-2.6.2
>>>>> > type=single
>>>>> > ptype=substr
>>>>> > pattern=RELOAD
>>>>> > desc=reload sec rule files that have been modified
>>>>> > action=lcall %o -> ( sub { $main::sigreceived = 1;
>>>>> $main::softrefresh = 1; } )
>>>>> >
>>>>> > Sec-2.7.10
>>>>> > type=single
>>>>> > ptype=substr
>>>>> > pattern=RELOAD
>>>>> > desc=reload sec rule files that have been modified
>>>>> > action=lcall %o -> ( sub { $main::sigreceived = 1;
>>>>> $main::softrefresh = 1; } )
>>>>>
>>>>> awesome, thanks - a genuine Risto solution! ;-)
>>>>>
>>>>> In fact it's even more elegant on Unix as well as on Windows, as it
>>>>> avoids spawning a shell and sending the signal via an external command.
>>>>> I'll keep that on my list of dirty tricks :-)
>>>>>
>>>>> By the way: The two code snippets look absolutely identical, are you
>>>>> sure you didn't miss something?
>>>>>
>>>>> Regards,
>>>>>
>>>>> Peter.
>>>>
>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users