[Snort-users] RE: Upgrading Snort - Baffled?

chae chae at ...6316...
Wed Jul 17 03:53:04 EDT 2002

Hi Yah,

This is for the archives in case anyone else had the same problem...

"..Decided to upgrade the 1.8.1 to 1.8.7 - copied the binary onto the 
server, stopped snort and issued -Uvh snort-1.8.7-1snort.i386.rpm from the 
folder in which I uploaded the binary. The upgraded then came back to me 
with the following errors about the /etc/snort/whatever-ruleset-name 
snort-1.8.7-1 conflicted with the same ruleset name on package 1.8.1."

Tried the remove but it didn't want to play the game so I used the --force 
install; thank you I knew it had to be something silly ;)

Anyway once it installed I ran snort and of course didn't want to play the 
game, so did some snooping and on the old version the binary was called 
just snort yet on the new version it was called snortd, so I called that up 
from the command line...

[root at ...6339... init.d]# /etc/rc.d/init.d/snortd start -c /etc/snort.conf -D -O -h 
-N -l /var/log/snort -b
Starting snort: snort

This is when I noticed it didn't start as usual in the daemon mode :(

did a snort status:

[root at ...6339... init.d]# /etc/rc.d/init.d/snort status
snort dead but subsys locked

bummer couldn't think what that was and again after doing some snooping and 
searching through the archives I read that the newer version of snort would 
read the /etc/snort/snort.conf file where in the old version it was reading 
/etc/snort.conf. Moved the snort.conf into the /etc/snort folder and tried 

[root at ...6339... init.d]# /etc/rc.d/init.d/snortd start -c /etc/snort.conf -D -O -h 
-N -l /var/log/snort -b
Starting snort:
[root at ...6339... init.d]# /etc/rc.d/init.d/snort status
snort (pid 21198) is running...

Now it's running and checked my syslogs and seen that it did start in 
Daemon mode. Now to see what it does at the end of play when I call the 
reports off.

Thanks for all the replies and help



More information about the Snort-users mailing list