[Snort-users] snort rules update

Dragos Ruiu dr at ...381...
Sun Nov 16 23:59:16 EST 2003


On November 16, 2003 10:29 pm, Aryan D wrote:
> Hi All,
>
> I have installed snort 2.0.4, i want to update the snort rules.
>
> After i downloaded "snortrules-stable.tar.gz" i unzip the file to some
> directory. It creates /rules which contains all the rule.
>
> Now how do i update the rules. Should i just stop the snort and copy the
> *.rules and *.config to /etc/snort and then start it again. I have not
> customised any rules. What about the snort.conf file.
>
> Please help.
>

Yes that is the correct procedure to update the rules. Restart snort.
The internal rules data structures are loaded and erm... compiled at startup.
Or you could start another snort even before you kill the old one.

The rules are loaded through your snort.conf file so you will have
to update this file - but it too is only consulted at startup so you do
not have to worry about upsetting the running snort process when
editing.

cheers,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Vancouver, Canada	April 21-23 2004  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp




More information about the Snort-users mailing list