Snort mailing list archives
Re: Ruleupdate
From: Ralf Spenneberg <lists () spenneberg org>
Date: 06 Aug 2003 13:13:30 +0200
Am Mit, 2003-08-06 um 12.24 schrieb Ravi:
Dear Ralf, Can you suggest what should we change in snort to take rules dynamically with out stopping and restarting snort. Did anyone tried this?
I do not think this is possible, since Snort parses the rules and builds it detection-engine on the fly. (At least that's how I understand it.) What you could do, is generate a cronjob which checks the modification dates of the rule-files and HUPs snort when needed. But I guess you lose all state information. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ruleupdate Timm Schneider (Aug 05)
- Re: Ruleupdate Ralf Spenneberg (Aug 06)
- Message not available
- Re: Ruleupdate Ralf Spenneberg (Aug 06)
- Message not available
- Re: Ruleupdate Ralf Spenneberg (Aug 06)
- Re: Ruleupdate Erek Adams (Aug 06)