Snort Restart Scenarios

When the traffic inspection engine referred to as the Snort process on a managed device restarts, inspection is interrupted until the process resumes. Whether traffic drops during this interruption or passes without further inspection depends on how the assigned device handles traffic. See Snort Restart Traffic Behavior for more information. Additionally, resource demands may result in a small number of packets dropping without inspection when you deploy, regardless of whether the Snort process restarts.

Any of the following scenarios cause the Snort process to restart:

You deploy a specific configuration that requires the Snort process to restart. See Configurations that Restart the Snort Process When Deployed or Activated.
You make a change that immediately restarts the Snort process. See Changes that Immediately Restart the Snort Process.
Traffic activates the currently deployed Automatic Application Bypass (AAB) configuration. See Configure Automatic Application Bypass.
Enabling or disabling "Logging connection events to RAM disk" feature. See the section Log to Ramdisk in Troubleshoot Drain of FMC Unprocessed Events.

The following topics provide more detail about Snort restart.