Hi Risto,

I have a SEC running doubt referring sec restart rules. I have the
following graph attached to the email.

Scene:
I start reading logs and launching rules as normal, while i´m doing the
process i want to restart sec to download a list and load the list
generated in iniLib in the hash table. Batch file is working properly. The
problem is the system doesn´t stop and refresh the rules when the time have
been spent the time. Have i assign reset rule each file?Can i do globally?


resetRules.conf
_____________________________________________________________________
type=Calendar
time= 58 * * * *
desc=Download_Rule_List
action= shellcmd C:\launchBat.bat;event RELOAD;

type=single
ptype=regexp
pattern=.*
desc=reload_hash
action=lcall %o -> (sub{$main::refresh = 1;})

Thank you Risto. Regards.

2016-06-21 8:50 GMT+02:00 Jaren Peich <burkol...@gmail.com>:

> Hi,
>
> I founded yesterday night!. I could not write to sec list.
>
> Thank you again Risto!. Have a nice day!.
>
> 2016-06-20 17:58 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>
>> That's really easy -- instead of setting $main::softrefresh you have to
>> set  $main::refresh:
>>
>> type=single
>> ptype=substr
>> pattern=RESTART
>> desc=reload all sec rule files with a full restart
>> action=lcall %o -> ( sub { $main::refresh = 1; } )
>>
>> Hope this helps,
>> risto
>>
>> 2016-06-20 17:39 GMT+03:00 Jaren Peich <burkol...@gmail.com>:
>>
>>> Hi,
>>>
>>> In case that i want to reload all rules like when you are starting sec
>>> at the first time. No just a softreset and check new rules. Which variables
>>> must i activate like in the example before? Working with sec 2.6.2.
>>>
>>> Thank you!. Regards.
>>>
>>>
>>>
>>> 2016-06-19 13:29 GMT+02:00 Jaren Peich <burkol...@gmail.com>:
>>>
>>>> Ups,
>>>>
>>>> Sorry Peter, i haven´t realised that i copied wrongly.I wrote the email
>>>> quickly.
>>>>
>>>> Thank you again Risto. Have a nice weekend!.
>>>>
>>>> 2016-06-17 17:08 GMT+02:00 Risto Vaarandi <risto.vaara...@gmail.com>:
>>>>
>>>>> hi Peter,
>>>>> actually, the code snippets were different in my original e-mail. For
>>>>> sec-2.6.2, you would need the following rule:
>>>>>
>>>>> type=single
>>>>> ptype=substr
>>>>> pattern=RELOAD
>>>>> desc=reload sec rule files that have been modified
>>>>> action=lcall %o -> ( sub { $main::softrefresh = 1; } )
>>>>>
>>>>> That's because in sec-2.6.2 there is no $sigreceived flag in the code,
>>>>> while sec-2.7.X is uses this flag for optimization purposes.
>>>>>
>>>>> kind regards,
>>>>> risto
>>>>>
>>>>>
>>>>> 2016-06-17 16:04 GMT+03:00 Peter Eckel <li...@eckel-edv.de>:
>>>>>
>>>>>> Hi Jaren,
>>>>>>
>>>>>> > Thank you peter! The problem is windows doesn´t work with signals,
>>>>>> you need cygwin installed on it, that allow you to use linux commands on
>>>>>> windows and in my enviroment i can´t do that.
>>>>>> >
>>>>>> > Risto contribute with this solution in other mail thread(I copy and
>>>>>> paste):
>>>>>> >
>>>>>> > Sec-2.6.2
>>>>>> > type=single
>>>>>> > ptype=substr
>>>>>> > pattern=RELOAD
>>>>>> > desc=reload sec rule files that have been modified
>>>>>> > action=lcall %o -> ( sub { $main::sigreceived = 1;
>>>>>> $main::softrefresh = 1; } )
>>>>>> >
>>>>>> > Sec-2.7.10
>>>>>> > type=single
>>>>>> > ptype=substr
>>>>>> > pattern=RELOAD
>>>>>> > desc=reload sec rule files that have been modified
>>>>>> > action=lcall %o -> ( sub { $main::sigreceived = 1;
>>>>>> $main::softrefresh = 1; } )
>>>>>>
>>>>>> awesome, thanks - a genuine Risto solution! ;-)
>>>>>>
>>>>>> In fact it's even more elegant on Unix as well as on Windows, as it
>>>>>> avoids spawning a shell and sending the signal via an external command.
>>>>>> I'll keep that on my list of dirty tricks :-)
>>>>>>
>>>>>> By the way: The two code snippets look absolutely identical, are you
>>>>>> sure you didn't miss something?
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>>   Peter.
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to