Re: help：how to use -R to load a rules file.？

[Russ via Snort-users <snort-users () lists snort org>]

The -R option is used to specify a rules file via the command line:

$ snort -? | grep "\-R"
-R <rules> include this rules file in the default policy

So these two are equivalent:

$ snort -c snort.lua -R local.rules ...
$ snort -c snort.lua --lua "ips = { include = 'local.rules' }" ...

Reloading configurations is a different story.  If you want to input 
commands:

$ snort -c snort.lua --shell ...

That will allow you to input commands.  Start with "help()".  Note that 
it requires that you build with --enable-shell.  You can also connect 
over a socket, etc.  Check the user manual under "Usage / Shell".

Hope that helps.
Russ

On 3/17/19 1:17 AM, sofardware via Snort-users wrote:
>       Hi all,
>              snort --daq nfq --daq-var queue=1 -c snort.lua
>              If I have started snort with the above command，and 
> how how to use -R to load a rules file？what is the complete 
> command，and where to input it？
>
> when snort started with the above command，the Linux terminal showing 
> as the flow，and can not continue inputing anything。so where to input 
> the reloading command？
> -----------------------
> --------------------------------------------------
> rule counts
>        total rules loaded: 2
>                text rules: 2
>             option chains: 2
>             chain headers: 2
> --------------------------------------------------
> port rule counts
>              tcp     udp    icmp      ip
>      any       0       1       0       0
>      src       1       0       0       0
>    total       1       1       0       0
> Binder
> --------------------------------------------------
> nfq DAQ configured to inline.
> Commencing packet processing
> ++ [0]
>
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists snort org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
>         To unsubscribe, send an email to:
>         snort-users-leave () lists snort org
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette