[Zeek] signature update without restarting zeek

Christopher M. Hobbs christopher.hobbs at corelight.com
Wed Aug 7 09:03:58 PDT 2019



On 8/7/19 10:38 AM, Palumbo Mauro wrote:
> Hi everybody,
> 
>    I think it would be nice to be able to update a user-defined
> signature file without restarting zeek, possibly using the input
> framework. 

Hello, Palumbo!

I'm not sure about the rule parsing but it might help to know that the
input framework is capable of re-reading files:

https://docs.zeek.org/en/stable/frameworks/input.html#re-reading-and-streaming-data

Sorry if that's not much help, it's just a recent feature that I came
across that may be useful to you.

Regards,
cmh


More information about the Zeek mailing list