Re: help add rule while snort is running

[waldo kitty <wkitty42 () windstream net>]

On 3/1/2013 04:08, Prabhudev Avarasang wrote:
> Hello,
> I am using snort 2.9. Is there any way to add rule while running snort.
> Because now i have to restart snort every time i add a rule.

when you add, remove, or delete rules, you always have to restart snort or at 
least cause it to reload its configs and rules IF you have it compiled with that 
option... if you do, you can send a SIGHUP (IIRC) to it... it will consume 
roughly twice as much memory for a time until all of the old connections are 
terminated and it can drop the old config from memory... if you do this reload a 
third time before the first config and rule image is unloaded, then you will be 
seeing three times the memory usage... there is no set time for the older config 
and rules images to be dumped... only when all traffic going thru them is 
complete will they be dumped... then, depending on your OS, the flushing of the 
memory and returning it to general use may take a while...

NOTE: the above is my understanding based on initial experiments performed about 
a year ago... followup testing shows roughly the same since then...

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!