[Snort-users] runtime rule adding

Dennis George easyeinfo at ...131...
Mon Aug 16 18:49:20 EDT 2004

Thankyou all for your quick answer.......... 
This means that adding new rules will result in packet loss... :-(
Anyway thanks again
Matt Kettler <mkettler at ...4108...> wrote:
At 05:06 AM 8/16/2004, Dennis George wrote:
>can anybody tell me that whether I can add a rule while snort is 
>running..... so that the rule can be active without restarting the snort.....

No. You can't add rules to a running snort without interrupting it.

The closest you can do is send snort a SIGHUP after adding rules. This 
doesn't cause the process to exit, but does force it to re-initialize. 
However, even this does interrupt snort momentarily. It's faster than 
completely exiting restarting it, but the effect on snort's internal state 
is largely the same..

Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040816/79d07cdf/attachment.html>

More information about the Snort-users mailing list