[Zeek] signature update without restarting zeek
Palumbo Mauro
mauro.palumbo at aizoon.it
Wed Aug 7 08:38:24 PDT 2019
Hi everybody,
I think it would be nice to be able to update a user-defined signature file without restarting zeek, possibly using the input framework. However, I believe this is not available yet nor it seems easy to implement. After a quick look at the code, it is my understanding that the rule parsing is done for signature files using bison/yacc machinery. Signature files are loaded and parsed when starting zeek, in main.cc.
It would save me a great deal of time if somebody could tell me how easy it would be to implement this feature and point me in the right direction.
Thanks in advance,
Mauro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190807/6e4062ea/attachment.html
More information about the Zeek
mailing list