[Snort-users] RE: Upgrading Snort - Baffled?

Alwin Raymundo alrayworld at ...131...
Wed Jul 17 04:43:03 EDT 2002


I think you have to update your ruleset (*.rules).  I
exprience the same thing when I try to update my

step one

you have to know where your snort located.
#rpm -ql snort-mysql or whatever.

Look for /usr/bin/snort or /usr/local/snort something
like that.

Step Two

To diagnose the problem execute the following command.
# /usr/bin/snort -c /etc/snort/snort.conf -i eth0

take note of the eth0 may be you are using eth1 after
you execute the command above and you will see what is
the error all about.

--- chae <chae at ...6316...> wrote:
> Hi Yah,
> This is for the archives in case anyone else had the
> same problem...
> Problem:
> "..Decided to upgrade the 1.8.1 to 1.8.7 - copied
> the binary onto the 
> server, stopped snort and issued -Uvh
> snort-1.8.7-1snort.i386.rpm from the 
> folder in which I uploaded the binary. The upgraded
> then came back to me 
> with the following errors about the
> /etc/snort/whatever-ruleset-name 
> snort-1.8.7-1 conflicted with the same ruleset name
> on package 1.8.1."
> Solution:
> Tried the remove but it didn't want to play the game
> so I used the --force 
> install; thank you I knew it had to be something
> silly ;)
> Anyway once it installed I ran snort and of course
> didn't want to play the 
> game, so did some snooping and on the old version
> the binary was called 
> just snort yet on the new version it was called
> snortd, so I called that up 
> from the command line...
> [root at ...6339... init.d]# /etc/rc.d/init.d/snortd start -c
> /etc/snort.conf -D -O -h 
> -N -l /var/log/snort -b
> Starting snort: snort
> This is when I noticed it didn't start as usual in
> the daemon mode :(
> did a snort status:
> [root at ...6339... init.d]# /etc/rc.d/init.d/snort status
> snort dead but subsys locked
> bummer couldn't think what that was and again after
> doing some snooping and 
> searching through the archives I read that the newer
> version of snort would 
> read the /etc/snort/snort.conf file where in the old
> version it was reading 
> /etc/snort.conf. Moved the snort.conf into the
> /etc/snort folder and tried 
> again...
> [root at ...6339... init.d]# /etc/rc.d/init.d/snortd start -c
> /etc/snort.conf -D -O -h 
> -N -l /var/log/snort -b
> Starting snort:
> [root at ...6339... init.d]# /etc/rc.d/init.d/snort status
> snort (pid 21198) is running...
> Now it's running and checked my syslogs and seen
> that it did start in 
> Daemon mode. Now to see what it does at the end of
> play when I call the 
> reports off.
> Thanks for all the replies and help
> Regards
> Chae
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
> Snort-users list archive:

Alwin Raymundo

Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes

More information about the Snort-users mailing list