[Snort-devel] O Snort development gurus!

Justin Lundy jbl at ...314...
Tue Oct 1 21:25:13 EDT 2002


It would not take two months, but new features I would like
to see in Snort would include the ability to load/unload rules
without having to SIGHUP the Snort process. Also, a system
similar to Symantec LiveUpdate where Snort would check for
updated rulesets and reload them on the fly. I realize that
this same functionality can be duplicated with perl scripts
(works fine). It would just be nice to have it integrated.

--jbl

On Sun, Sep 29, 2002 at 07:12:54PM -0700, Yas wrote:
> Hello,
> 
> Heh! Here is an over simplistic awkward question. I am
> under a situation where I need to ask: what would be a
> snort programming problem that will be enough for a
> master's project and doable in two months for an above
> average but not top notch C programmer.
> 
> I was thinking about doing the "AND" as a rule type;
> but that requires changing the parsing the rules for
> rtn and then for parsing the packets. I got lost
> somewhere in there. (played around with snort-1.8.3
> code for that).
> have already looked into freshmeat.net to get an idea,
> couldnt.
> 
> - Lost in Snort
> 
> __________________________________________________
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!
> http://sbc.yahoo.com
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel

-- 
--jbl [subterrain / techitch]
--email : jbl at ...314...




More information about the Snort-devel mailing list