[Snort-users] HTTP traffic not being scanned after upgrade from 1.9.1 to 2.0.0

Erek Adams erek at ...950...
Wed Apr 23 09:06:00 EDT 2003

On Tue, 22 Apr 2003, Kevin Van Der Hart wrote:

> After upgrading from 1.9.1 to 2.0.0, the rules for HTTP traffic such as the
> WEB-IIS and WEB-FRONTPAGE rules are not working. HOME_NET, HTTP_SERVERS, and
> HTTP_PORTS are set properly. Other rules such as DDOS rules are working
> fine. Permissions are set the same on all .rules files and all are included
> in the snort.conf file. I have upgraded 2 separate web servers and both are
> having the same issues. I can look at my web server logs and see several
> frontpage attempts that were getting logged before the upgrade.

Lets be specific.  What SID's are you refering to?  There's a lot of rules
for FrontPage.  :)

Did you think to upgrade your rules when you upgraded?  Along with your
snort.conf?  When upgrading, it's no different that an a standard
install--Except that you want to keep some of the settings from the old
snort.conf file.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list