[Snort-users] help:how to use -R to load a rules file.?

Russ rucombs at cisco.com
Sun Mar 17 08:31:52 EDT 2019


The -R option is used to specify a rules file via the command line:

$ snort -? | grep "\-R"
-R <rules> include this rules file in the default policy

So these two are equivalent:

$ snort -c snort.lua -R local.rules ...
$ snort -c snort.lua --lua "ips = { include = 'local.rules' }" ...

Reloading configurations is a different story.  If you want to input 
commands:

$ snort -c snort.lua --shell ...

That will allow you to input commands.  Start with "help()".  Note that 
it requires that you build with --enable-shell.  You can also connect 
over a socket, etc.  Check the user manual under "Usage / Shell".

Hope that helps.
Russ

On 3/17/19 1:17 AM, sofardware via Snort-users wrote:
>       Hi all,
>              snort --daq nfq --daq-var queue=1 -c snort.lua
>              If I have started snort with the above command,and 
> how how to use -R to load a rules file?what is the complete 
> command,and where to input it?
>
> when snort started with the above command,the Linux terminal showing 
> as the flow,and can not continue inputing anything。so where to input 
> the reloading command?
> -----------------------
> --------------------------------------------------
> rule counts
>        total rules loaded: 2
>                text rules: 2
>             option chains: 2
>             chain headers: 2
> --------------------------------------------------
> port rule counts
>              tcp     udp    icmp      ip
>      any       0       1       0       0
>      src       1       0       0       0
>    total       1       1       0       0
> Binder
> --------------------------------------------------
> nfq DAQ configured to inline.
> Commencing packet processing
> ++ [0]
>
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> 	To unsubscribe, send an email to:
> 	snort-users-leave at lists.snort.org
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190317/211fd538/attachment.html>


More information about the Snort-users mailing list