[Snort-sigs] Snort Upgrade

Neelakantam, Raju Raju.Neelakantam at ...4217...
Fri Jan 13 16:40:10 EST 2017


Hi Snort Team,

We are currently running snort version 2.9.6.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.2&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=YMq9GsASdVZRkVpT7oktQZ3wUrqRxxbnlCjgFBvUkxc&e=> in our enterprise. I read in snort blog about the 2.9.6.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.2&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=YMq9GsASdVZRkVpT7oktQZ3wUrqRxxbnlCjgFBvUkxc&e=> end of life.

How can we upgrade the snort to latest version?
What version is recommended?
What is the upgrade process?
Should we install new version from scratch? Is there way to retain the current configuration during the new version upgrade?

# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.6.1<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.1&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=0p-vmt5hs0Xxqvy6BT4iWz-uhW5nwqn0ag0o4G0ywvc&e=> GRE (Build 56)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.snort.org_snort_snort-2Dteam&d=DwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=S9ovyJWAnr2_RH07o2kdDQBEkUSeAYuQrT0RvewMe10&e=>
           Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.4.0
           Using PCRE version: 7.8 2008-09-05
           Using ZLIB version: 1.2.3

And there is pulledpork package being in use. However, unable to identify the latest rules update.


Regards,
Raju

From: Joel Esler (jesler) [mailto:jesler at ...3865...]
Sent: Friday, January 13, 2017 12:53 PM
To: Neelakantam, Raju <Raju.Neelakantam at ...4217...>
Cc: snort-site(mailer list) <snort-site at ...3865...>
Subject: Re: Snort Upgrade

Sorry. https://www.snort.org/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.snort.org_community&d=DwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=Zy3utvbPBu2vD3qP2QzE58rNqzPW26qJ12umrR9ECec&s=U1LgPAenQVV1ole_raVDcQPveADfq4fcTsQSKY6u8fk&e=>

--
Sent from my iPhone

On Jan 13, 2017, at 3:43 PM, Neelakantam, Raju <Raju.Neelakantam at ...4217...<mailto:Raju.Neelakantam at ...4217...>> wrote:
Hi Joel,

This what I get from the link, see attached. Could you provide working link?



Sent from my T-Mobile 4G LTE device

------ Original message------
From: Joel Esler (jesler)
Date: Fri, Jan 13, 2017 12:08 PM
To: Neelakantam, Raju;
Cc: snort-site(mailer list);
Subject:Re: Snort Upgrade

Please direct your questions to the Snort mailing lists: http://www.snort.org/community/mailing-lists<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.snort.org_community_mailing-2Dlists&d=DwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=DSO4xt-TS3csWgJXrEPjq_acoa0WEjZBxwbS8fX7l_s&e=>

--
Sent from my iPhone

On Jan 13, 2017, at 2:21 PM, Neelakantam, Raju <Raju.Neelakantam at ...4217...<mailto:Raju.Neelakantam at ...4217...>> wrote:
Hi Snort Team,

We are currently running snort version 2.9.6.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.2&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=YMq9GsASdVZRkVpT7oktQZ3wUrqRxxbnlCjgFBvUkxc&e=> in our enterprise. I read in snort blog about the 2.9.6.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.2&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=YMq9GsASdVZRkVpT7oktQZ3wUrqRxxbnlCjgFBvUkxc&e=> end of life.

How can we upgrade the snort to latest version?
What version is recommended?
What is the upgrade process?
Should we install new version from scratch? Is there way to retain the current configuration during the new version upgrade?

# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.6.1<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.1&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=0p-vmt5hs0Xxqvy6BT4iWz-uhW5nwqn0ag0o4G0ywvc&e=> GRE (Build 56)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.snort.org_snort_snort-2Dteam&d=DwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=S9ovyJWAnr2_RH07o2kdDQBEkUSeAYuQrT0RvewMe10&e=>
           Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.4.0
           Using PCRE version: 7.8 2008-09-05
           Using ZLIB version: 1.2.3

And there is pulledpork package being in use. However, unable to identify the latest rules update.


Regards,
Raju

<Capture+_2017-01-13-12-41-55_resized.png>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170113/50b9f610/attachment.html>


More information about the Snort-sigs mailing list