-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob,
On Tue, 22 Jan 2008 21:09:15 +0000 Robert Mcmillen <[EMAIL PROTECTED]> wrote: >Earl, > >On Jan 22, 2008, at 2:07 PM, Earl wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Rob, >> >> I believe someone mentioned that I also left this step out of >the >> automated rule update process. Should this step be included >there >> as well so the map is created if rules are updated? >> >> Earl > >This step should only be executed if snort is going to be >restarted >after rule update. In other words, the walleye ids_sig table >should >always reflect the sid-map snort is using because that is what it > >dumps to the unified file which hflowd reads and puts in the >database. So we want these guys to match. > >Is this something you want to do? Sounds like we need to decide exactly how it should work before I or anyone mucks with it :) The current "automated" rule update process offers the option to restart snort/snort-inline IF changes are made to rules on a rule update run. So, according to what you say below, by offering this option, we are setting people (that choose not to do the restart) up for failure. That being said, should we force the restart IF rules are updated? FYI: the update process only takes action of rules are modified... i.e. no unnecessary restarts occur in the case of no changes for a give update run. Earl > >Rob >_______________________________________________ >Honeywall mailing list >[email protected] >https://public.honeynet.org/mailman/listinfo/honeywall -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Charset: UTF8 Version: Hush 2.5 wkYEARECAAYFAkeWZNYACgkQk7+e+4lPSm0Z0ACdEeHETujkRtzyJ8BKRL4FBD3KWpAA ni45koNS4kcX1TlHoUSggpF+NQhz =IXVC -----END PGP SIGNATURE----- _______________________________________________ Honeywall mailing list [email protected] https://public.honeynet.org/mailman/listinfo/honeywall
