[Snort-users] Upgrading Snort - Baffled?
chae at ...6316...
Tue Jul 16 22:03:03 EDT 2002
Current have 1.8.1.i386 running on a Cobalt RaQ3, upgraded the rules and
it's only reporting on ICMP's and the Virus rulesets.
Decided to upgrade the 1.8.1 to 1.8.7 - copied the binary onto the server,
stopped snort and issued -Uvh snort-1.8.7-1snort.i386.rpm from the folder
in which I uploaded the binary. The upgraded then came back to me with the
following errors about the /etc/snort/whatever-ruleset-name snort-1.8.7-1
conflicted with the same ruleset name on package 1.8.1.
Okay so did a search on the server for the rpm to uninstall but the rpm had
been removed - previously installed prior to me taking on the server. So
what I then did was renamed the snort folder to something unique along with
the /usr/sbin/snort binary and tried to install the rpm again - same error
everytime I try to upgrade.
Am I missing something totally obvious (Windows user looking after a
Cobalt)? Had a search through documentation for upgrading from older
versions but nothing.
Would it be better to get the tar version and do a make install with that
or I'm I going to get the same errors?
Do I have to physically root out any of the existing snort files and delete
them before installing the new version?
Any pointers would be great or if some could tell me why 1.8.1 has suddenly
stopped logging everything except ICMP and Virus rulesets, all rules were
installed at the same time and used the snort .conf that came with the ruleset.
More information about the Snort-users