[Snort-users] HTTP traffic not being scanned after upgrade from 1.9.1 to 2.0.0

Erek Adams erek at ...950...
Wed Apr 23 09:06:00 EDT 2003


On Tue, 22 Apr 2003, Kevin Van Der Hart wrote:

> After upgrading from 1.9.1 to 2.0.0, the rules for HTTP traffic such as the
> WEB-IIS and WEB-FRONTPAGE rules are not working. HOME_NET, HTTP_SERVERS, and
> HTTP_PORTS are set properly. Other rules such as DDOS rules are working
> fine. Permissions are set the same on all .rules files and all are included
> in the snort.conf file. I have upgraded 2 separate web servers and both are
> having the same issues. I can look at my web server logs and see several
> frontpage attempts that were getting logged before the upgrade.

Lets be specific.  What SID's are you refering to?  There's a lot of rules
for FrontPage.  :)

Did you think to upgrade your rules when you upgraded?  Along with your
snort.conf?  When upgrading, it's no different that an a standard
install--Except that you want to keep some of the settings from the old
snort.conf file.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list