[Snort-users] How to upgrade from Snort 1.9.1 to 2.0.1 Please....

Erek Adams erek at ...950...
Thu Sep 18 04:33:18 EDT 2003

On Wed, 17 Sep 2003, Snortty wrote:

> Thanks for the prompt reply.
> Still, not so sure yet about the upgrading steps.
> I tried (without touching existing working snort
> 1.9.0)
> # gzip -d -c snort-2.0.1.tar.gz |tar xvf -
> # cd snort-2.0.1
> #./configure
> #make
> error reported:
> r cru libspo.a spo_alert_fast.o spo_alert_full.o
> spo_alert_smb.o spo_alert_syslog.o
> spo_alert_unixsock.o spo_csv.o spo_database.o
> spo_log_null.o spo_log_tcpdump.o spo_unified.o
> spo_log_ascii.o spo_alert_sf_socket.o
> make[3]: ar: Command not found

You've got a problem here.  You need to make sure that /usr/ccs/bin is in
your path.  I usually place it last, with /usr/local/bin and
/usr/local/sbin near the front of the path.  Make sure you 'rehash' or
'hash' (depends on your shell) to reread programs along the path.


> then.
> #make install
> Then,
> #snort -V
> still shows Snort Version 1.9.0 is running...

Right.  Because of the error from above, you never actually got 2.0.1
built.  It bailed out on you.

> Do I need to remove/uninstall the existing 1.9.0
> before install
> 2.0.1? and HOW to uninstall snort if needed in the
> right way?

There's not really anything to uninstall.  You copy the 2.x binary over
the 1.x, backup your snort.conf, copy the 2.x snort.conf over the 1.9
snort.conf, copy *.rules *.config *.map over the old versions, go back and
edit your 2.0 Snort.conf to match any specific changes that you had made
to the 1.9.x version (HOME_NET, EXTERNAL_NET, etc...).

After that, you should be in buisness!


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list