Snort mailing list archives

Re: snort rules update

From: "Aryan D" <aryan_912 () hotmail com>
Date: Thu, 20 Nov 2003 13:18:12 +0530

For Snort 2.0.4 which rules files should i download "Stable" or "Current".

From: Dragos Ruiu <dr () kyx net>
To: "Aryan D" <aryan_912 () hotmail com>,snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort rules update
Date: Sun, 16 Nov 2003 23:55:13 -0800

On November 16, 2003 10:29 pm, Aryan D wrote:
> Hi All,
>
> I have installed snort 2.0.4, i want to update the snort rules.
>
> After i downloaded "snortrules-stable.tar.gz" i unzip the file to some
> directory. It creates /rules which contains all the rule.
>
> Now how do i update the rules. Should i just stop the snort and copy the
> *.rules and *.config to /etc/snort and then start it again. I have not
> customised any rules. What about the snort.conf file.
>
> Please help.
>

Yes that is the correct procedure to update the rules. Restart snort.

The internal rules data structures are loaded and erm... compiled atstartup.

Or you could start another snort even before you kill the old one.

The rules are loaded through your snort.conf file so you will have
to update this file - but it too is only consulted at startup so you do
not have to worry about upsetting the running snort process when
editing.

cheers,
--dr

--
Top security experts.  Cutting edge tools, techniques and information.
Vancouver, Canada       April 21-23 2004  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp


_________________________________________________________________

Express your Digital Self. Win fabulous prizes.http://www.msn.co.in/DigitalSelf/ Enter this cool contest.




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort rules update Aryan D (Nov 16)
- Re: snort rules update Dragos Ruiu (Nov 17)
- <Possible follow-ups>
- Re: snort rules update Aryan D (Nov 20)