Snort mailing list archives
Re: help add rule while snort is running
From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 01 Mar 2013 21:34:09 -0500
On 3/1/2013 04:08, Prabhudev Avarasang wrote:
Hello, I am using snort 2.9. Is there any way to add rule while running snort. Because now i have to restart snort every time i add a rule.
when you add, remove, or delete rules, you always have to restart snort or at least cause it to reload its configs and rules IF you have it compiled with that option... if you do, you can send a SIGHUP (IIRC) to it... it will consume roughly twice as much memory for a time until all of the old connections are terminated and it can drop the old config from memory... if you do this reload a third time before the first config and rule image is unloaded, then you will be seeing three times the memory usage... there is no set time for the older config and rules images to be dumped... only when all traffic going thru them is complete will they be dumped... then, depending on your OS, the flushing of the memory and returning it to general use may take a while... NOTE: the above is my understanding based on initial experiments performed about a year ago... followup testing shows roughly the same since then... ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- help add rule while snort is running Prabhudev Avarasang (Mar 01)
- Re: help add rule while snort is running James Lay (Mar 01)
- Re: help add rule while snort is running waldo kitty (Mar 01)