Re: snort rules update

[Dragos Ruiu <dr () kyx net>]

On November 16, 2003 10:29 pm, Aryan D wrote:
> Hi All,
>
> I have installed snort 2.0.4, i want to update the snort rules.
>
> After i downloaded "snortrules-stable.tar.gz" i unzip the file to some
> directory. It creates /rules which contains all the rule.
>
> Now how do i update the rules. Should i just stop the snort and copy the
> *.rules and *.config to /etc/snort and then start it again. I have not
> customised any rules. What about the snort.conf file.
>
> Please help.

Yes that is the correct procedure to update the rules. Restart snort.
The internal rules data structures are loaded and erm... compiled at startup.
Or you could start another snort even before you kill the old one.

The rules are loaded through your snort.conf file so you will have
to update this file - but it too is only consulted at startup so you do
not have to worry about upsetting the running snort process when
editing.

cheers,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Vancouver, Canada       April 21-23 2004  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users