Re: [Snort-users] runtime rule adding
This is a discussion on Re: [Snort-users] runtime rule adding within the Snort forums, part of the System Security and Security Related category; --0-1703055551-1092707099=:89678 Content-Type: text/plain; charset=us-ascii Thankyou all for your quick answer.......... This means that ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-17-2004
|
|||
|
|||
Re: [Snort-users] runtime rule adding
--0-1703055551-1092707099=:89678
Content-Type: text/plain; charset=us-ascii Thankyou all for your quick answer.......... This means that adding new rules will result in packet loss... :-( Anyway thanks again Dennis Matt Kettler <mkettler@evi-inc.com> wrote: At 05:06 AM 8/16/2004, Dennis George wrote: >can anybody tell me that whether I can add a rule while snort is >running..... so that the rule can be active without restarting the snort..... No. You can't add rules to a running snort without interrupting it. The closest you can do is send snort a SIGHUP after adding rules. This doesn't cause the process to exit, but does force it to re-initialize. However, even this does interrupt snort momentarily. It's faster than completely exiting restarting it, but the effect on snort's internal state is largely the same.. --------------------------------- Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. --0-1703055551-1092707099=:89678 Content-Type: text/html; charset=us-ascii <DIV>Thankyou all for your quick answer.......... </DIV> <DIV> </DIV> <DIV>This means that adding new rules will result in packet loss... :-(</DIV> <DIV> </DIV> <DIV>Anyway thanks again</DIV> <DIV>Dennis</DIV> <DIV> </DIV> <DIV><B><I>Matt Kettler <mkettler@evi-inc.com></I></B> wrote:</DIV> <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">At 05:06 AM 8/16/2004, Dennis George wrote:<BR>>can anybody tell me that whether I can add a rule while snort is <BR>>running..... so that the rule can be active without restarting the snort.....<BR><BR>No. You can't add rules to a running snort without interrupting it.<BR><BR>The closest you can do is send snort a SIGHUP after adding rules. This <BR>doesn't cause the process to exit, but does force it to re-initialize. <BR>However, even this does interrupt snort momentarily. It's faster than <BR>completely exiting restarting it, but the effect on snort's internal state <BR>is largely the same..<BR><BR><BR></BLOCKQUOTE><p> <hr size=1>Do you Yahoo!?<br> <a href="http://us.rd.yahoo.com/mail_us/taglines/aac/*http://promotions.yahoo.com/new_mail/static/ease.html">Yahoo! Mail Address AutoComplete</a> - You start. We finish. --0-1703055551-1092707099=:89678-- ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
