[Snort-users] runtime rule adding

Matt Kettler mkettler at ...4108...
Mon Aug 16 08:25:25 EDT 2004


At 05:06 AM 8/16/2004, Dennis George wrote:
>can anybody tell me that whether I can add a rule while snort is 
>running..... so that the rule can be active without restarting the snort.....

No. You can't add rules to a running snort without interrupting it.

The closest you can do is send snort a SIGHUP after adding rules. This 
doesn't cause the process to exit, but does force it to re-initialize. 
However, even this does interrupt snort momentarily. It's faster than 
completely exiting restarting it, but the effect on snort's internal state 
is largely the same..






More information about the Snort-users mailing list