Sensor Rule Updates

The sensors now reload the rules every 12 hours to suck in any rules automatically. The real nice thing is that we restart one Snort process at a time and pfring dynamically shifts the load to the other remaining processes. This way, even while reloading, there is no packet loss. This is especially important if you are configured inline. If you have only one Snort process because you have an older 1-2 core CPU or not enough memory, this feature obviously wont help you and you will get some small packet loss every 12 hours.

Leave a Reply

Your email address will not be published. Required fields are marked *