[Snort-users] Need to log FULL packets

Brian bmc at ...950...
Tue Mar 19 05:15:06 EST 2002

According to Matt Kettler:
> Well, first I'm wondering what version of snort you are running. Snort 
> 1.9??? Erm, snort 1.8.4 isn't even in non beta yet as far as I can tell 
> (1.8.4 beta4 was released march 2). Is 1.9 what the CVS image tarballs call 
> themselves? If so, why are you using snort-current for production use? 
> (that's a development branch snapshot, which really could use a better name 
> on the website, the term "current" risks implying "current release").

In order to clear up any confusion, this is our versioning scheme.


People familiar with various BSD projects will recognize the naming

The 'CURRENT' download is the latest files currently available via CVS.  
Any downloads marked 'CURRENT' include the latest and greatest features, 
bugs, bug fixes, flaws and fixes available.  As any major software project, 
new features add new bugs.  We try to not add bugs, but sometimes that
happens.  As we work forward to make snort better, we are constantly adding 
new features.  Some of the features are not documented and may be broken.  
You should only use the CURRENT release if you know what you are doing.  
This is meant for developers and beta testers to play with.  The CVS
tag that is used for this branch right now is HEAD or CURRENT.  When
this version is stable, we will 'tag and branch' and this branch will
be labeled SNORT_1_9.

The 'STABLE' download is the most stable files available via CVS.
This includes any bug fixes and updates to currently available.  This
is generally much more tested than the CURRENT branch, and we try and
keep the documentation up to date with this branch.  If you are trying
to keep your rules up to date, this is the branch you should track.  This
branch is tagged SNORT_1_8.

If you are deploying in a production environment, I suggest going with
either STABLE or one of the RELEASES (such as snort-1.8.3.tar.gz).  If
you are looking to develop a new plugin, or just help us test new
features, use CURRENT.


More information about the Snort-users mailing list