[Snort-sigs] upgrade Snort

Dan Michitsch dmichitsch at ...2066...
Wed Feb 18 08:56:02 EST 2004


I think your question should probably be sent to snort-users instead of
snort-sigs, but here's my experience with the upgrade:

If you use the ACID web console and/or you rely on portscan2, then I
personally would not recommend that you upgrade to 2.1.x!  I would say
you should upgrade to 2.0.6 for security reasons however!  So, the
upgrade from 2.0.1 to 2.0.6 should be pretty painless.

I tried to upgrade, but they got rid of portscan2 in 2.1 and they have
flow-portscan instead which I found very complicated to configure and
use. In addition to that, ACID is not written to understand the
flow-portscan alerts, so they were getting logged in mysql but they did
not show up in ACID!  The author of ACID said he is working on a new
version but he is really busy, so who knows when it will be ready.

-Dan


>>> "Rowland, Krisa W ERDC-ITL-MS Contractor"
<Krisa.W.Rowland at ...2112...> 02/18/04 10:10AM >>>
Can you someone please give me some instructions on how to upgrade
Snort
from 2.0.1 to 2.1?  

Krisa Rowland 
ERDC Information Assurance Team 
(SAIC Contractor) 
3909 Halls Ferry Rd.,  Bldg. 8000 
Vicksburg, MS 39180 
601-634-2493 
krisa.w.rowland at ...2112... 

 




More information about the Snort-sigs mailing list