[Snort-users] Upgrading Snort - Baffled?

chae chae at ...6316...
Tue Jul 16 22:03:03 EDT 2002

Hi Yah,

Current have 1.8.1.i386 running on a Cobalt RaQ3, upgraded the rules and 
it's only reporting on ICMP's and the Virus rulesets.

Decided to upgrade the 1.8.1 to 1.8.7 - copied the binary onto the server, 
stopped snort and issued -Uvh snort-1.8.7-1snort.i386.rpm from the folder 
in which I uploaded the binary. The upgraded then came back to me with the 
following errors about the /etc/snort/whatever-ruleset-name snort-1.8.7-1 
conflicted with the same ruleset name on package 1.8.1.

Okay so did a search on the server for the rpm to uninstall but the rpm had 
been removed - previously installed prior to me taking on the server. So 
what I then did was renamed the snort folder to something unique along with 
the /usr/sbin/snort binary and tried to install the rpm again - same error 
everytime I try to upgrade.

Am I missing something totally obvious (Windows user looking after a 
Cobalt)? Had a search through documentation for upgrading from older 
versions but nothing.

Would it be better to get the tar version and do a make install with that 
or I'm I going to get the same errors?
Do I have to physically root out any of the existing snort files and delete 
them before installing the new version?

Any pointers would be great or if some could tell me why 1.8.1 has suddenly 
stopped logging everything except ICMP and Virus rulesets, all rules were 
installed at the same time and used the snort .conf that came with the ruleset.



More information about the Snort-users mailing list