Snort mailing list archives
Re: Restart or not
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 13 Mar 2003 13:28:54 -0500
At 08:04 AM 3/13/2003 -0600, Paul Schmehl wrote:
On Thu, 2003-03-13 at 00:34, Jeff wrote: > Do you need to restart snort after adding or changing rules? I can't > seem to find anything in the documentation on this. > Yes.
And to add further explanation, if snort parsed the rule files live it would be too slow to be useful. Since snort tries to be as lightweight and fast as possible, it reads the rulefiles on startup, and doesn't waste time constantly checking to see if they've changed..
Besides, would you *really* want it to do that, realizing that a re-parse of the rules would cause snort to miss packets at some time that you don't have control over?
Also you can restart snort by sending it a HUP signal, but be aware that it re-execs itself from scratch, and if you're chrooting it will wind up chrooted twice.
-------------------------------------------------------This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Restart or not Jeff (Mar 12)
- Re: Restart or not Paul Schmehl (Mar 13)
- Re: Restart or not Matt Kettler (Mar 13)
- Re: Restart or not Paul Schmehl (Mar 13)