[Snort-users] ADdRules

Matt Kettler mkettler at ...4108...
Sun May 12 20:02:02 EDT 2002


Hmm, is this a request for help, or a commentary? If it's a request for 
help I'd suggest at least including a bit of your code, and perhaps using 
the devel mailing list instead of the users mailing list.

Is there a reason why you need to do this and just adding the rules to a 
file included by the standard ruleset and using SIGHUP isn't fast enough? 
(ie: is having snort offline for a few hundred milliseconds really that 
critical to your network?)


At 02:50 PM 5/12/2002 +0300, dareen wrote:
>hi
>i am trying   to modify my snort source code to add a new rule without
>restarting it.
>whenevr i want to add a rule, i put it in a file and signal snort. I added a
>signal
>handler to parse that rules file whenevr signaled.
>
>it didn't work. actually it deletes all the previous rules from the linked
>list.
>
>Dareen





More information about the Snort-users mailing list