[Zeek] signature update without restarting zeek
Christopher M. Hobbs
christopher.hobbs at corelight.com
Wed Aug 7 09:03:58 PDT 2019
On 8/7/19 10:38 AM, Palumbo Mauro wrote:
> Hi everybody,
>
> I think it would be nice to be able to update a user-defined
> signature file without restarting zeek, possibly using the input
> framework.
Hello, Palumbo!
I'm not sure about the rule parsing but it might help to know that the
input framework is capable of re-reading files:
https://docs.zeek.org/en/stable/frameworks/input.html#re-reading-and-streaming-data
Sorry if that's not much help, it's just a recent feature that I came
across that may be useful to you.
Regards,
cmh
More information about the Zeek
mailing list