[Snort-users] runtime rule adding

Dennis George easyeinfo at ...131...
Mon Aug 16 18:49:20 EDT 2004


Thankyou all for your quick answer.......... 
 
This means that adding new rules will result in packet loss... :-(
 
Anyway thanks again
Dennis
 
Matt Kettler <mkettler at ...4108...> wrote:
At 05:06 AM 8/16/2004, Dennis George wrote:
>can anybody tell me that whether I can add a rule while snort is 
>running..... so that the rule can be active without restarting the snort.....

No. You can't add rules to a running snort without interrupting it.

The closest you can do is send snort a SIGHUP after adding rules. This 
doesn't cause the process to exit, but does force it to re-initialize. 
However, even this does interrupt snort momentarily. It's faster than 
completely exiting restarting it, but the effect on snort's internal state 
is largely the same..



		
---------------------------------
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040816/79d07cdf/attachment.html>


More information about the Snort-users mailing list