From: Andreas Dolp Date: Mon, 26 Jul 2021 19:44:09 +0000 (+0200) Subject: Doc: Improve documentation of Suricata reload. X-Git-Tag: 1.3.0rc1~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=947a4ddd58f583ef5c2a0963bd242c411b89f280;p=thirdparty%2Fsuricata-update.git Doc: Improve documentation of Suricata reload. Redmine issue: https://redmine.openinfosecfoundation.org/issues/4564 --- diff --git a/doc/quickstart.rst b/doc/quickstart.rst index dabc187..0f17a7b 100644 --- a/doc/quickstart.rst +++ b/doc/quickstart.rst @@ -122,7 +122,8 @@ This command will: .. note:: Suricata-Update is also capable of triggering a rule reload, but doing so requires some extra configuration that will be - covered later. + covered later. See the documentation of + :command:`--reload-command=` for more details. Configure Suricata to Load Suricata-Update Managed Rules ======================================================== diff --git a/doc/update.rst b/doc/update.rst index ec69225..19ab525 100644 --- a/doc/update.rst +++ b/doc/update.rst @@ -153,12 +153,26 @@ Options .. option:: --reload-command= A command to run after the rules have been updated; will not run if - no change to the output files was made. For example:: + no change to the output files was made. For example:: - --reload-command='sudo kill -USR2 $(cat /var/run/suricata.pid)' + --reload-command='sudo kill -USR2 $(pidof suricata)' will tell Suricata to reload its rules. + Furthermore the reload can be triggered using the Unix socket of Suricata. + + Blocking reload (with Suricata waiting for the reload to finish):: + + --reload-command='sudo suricatasc -c reload-rules' + + Non blocking reload (without restarting Suricata):: + + --reload-command='sudo suricatasc -c ruleset-reload-nonblocking' + + See the Suricata documentation on `Rule Reloads + `_ + for more information. + .. option:: --no-reload Disable Suricata rule reload. diff --git a/suricata/update/configs/update.yaml b/suricata/update/configs/update.yaml index e113f53..358e869 100644 --- a/suricata/update/configs/update.yaml +++ b/suricata/update/configs/update.yaml @@ -36,6 +36,8 @@ ignore: # Provide a command to reload the Suricata rules. # May be overrided by the --reload-command command line option. +# See the documentation of --reload-command for the different options +# to reload Suricata rules. #reload-command: sudo systemctl reload suricata # Remote rule sources. Simply a list of URLs.