[Snort-users] Snort 2.3

Ron Jenkins rjenkins at ...12829...
Thu Feb 3 11:41:31 EST 2005


I do think that this topic it dead.  How about moving on.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-admin at ...3204...ts.sourceforge.net] On Behalf Of SN ORT
Sent: Thursday, February 03, 2005 12:53 PM
To: Harper, Patrick; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Snort 2.3

Ha! If you don't have time to "patch manually" you
don't have time to try and "trim down" a distro. The
point is you don't need to patch and you don't need
any newer OS, especially if you're just going to "trim
it down" anyways. Besides, those OSes you mentioned
aren't going to trim down very much, what with all
that gui and junk that comes with it. Many people here
probably don't patch their Snort boxes at all. I
don't. It has ACL'd access per host, I don't need to
worry about patching every other day and wondering,
"Now what options did I last compile that with?" !!
"Oh now everything's broke!...etc"

Cheese!

Marc

--- "Harper, Patrick" <Patrick.Harper at ...11593...> wrote:

> I just have a problem running a system that no one
> is doing patches for.  A lot of new distros can be
> trimmed down just as well as 7.X could be. You can
> patch manually but I personally do not have that
> kind of time.
> 
> -----Original Message-----
> From: SN ORT [mailto:snort_on_acid at ...131...] 
> Sent: Thursday, February 03, 2005 11:07 AM
> To: snort-users at lists.sourceforge.net
> Cc: Harper, Patrick
> Subject: RE: [Snort-users] Snort 2.3
> 
> There is absolutely nothing wrong with running Snort
> on Redhat 7.x, Many have been doing it for years.
> What would be the point to have to constantly update
> it if only you can get to it and it only runs Snort?
> I also run it on FreeBSD, and why would I want to
> keep that updated? SO what if it's no longer
> available or not supported?  The OS is running,
> solidly, bugfree, tried tested and proven! What more
> is there? And a lot of people have smaller machines
> to run this stuff on. I'm a little discouraged at
> the newer fat distros anymore and the giant
> resources required to even load them up.
> 
> 
> The bottom line is, on an IDS/IPS system, a
> low-profile OS is the best match. Newer distros are
> a waste of resources.
> 
> Cheese!
> Marc
> > --__--__--
> > 
> > Message: 1
> > From: "Harper, Patrick" <Patrick.Harper at ...11593...>
> > To: "Narayan Sivaramakrishnan"
> > <nsivaram at ...12971...>,
> > 	<snort-users at lists.sourceforge.net>
> > Date: Thu, 3 Feb 2005 00:15:20 -0600
> > Subject: RE: [Snort-users] Snort 2.3
> > 
> > I would assume it would work, but why are you
> running on such an 
> > antiquated distro.  You can not even get patched
> from the 
> > http://fedoralegacy.org/ project.  I am a redhat
> fan, but I would 
> > never use a distro that had been EOL'd by the
> vendor for a new 
> > project.  If you want free check out
> http://fedora.redhat.com or any 
> > of the other distros http://distrowatch.com/
> > 
> > -----Original Message-----
> > From: Narayan Sivaramakrishnan
> > [mailto:nsivaram at ...12971...]=20
> > Sent: Wednesday, February 02, 2005 1:36 PM
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] Snort 2.3
> > 
> > All,
> > Is Snort 2.3 good to go with Redhat Linux 7.2  .
> > Please advice.Is there
> > an installation manual which could detail the
> installation of Snort 
> > 2.3 on Linux 7.2.?
> > Cheers,
> > Narayan
> > 
> > 
> > 
> >
>
-------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW --
> Interactive 
> > Reporting Tool for open source databases. Create
> drag-&-drop reports. 
> > Save time by over 75%! Publish reports on the web.
> Export to DOC, XLS,
> > RTF, etc.
> > Download a FREE copy at
> > http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
> > 
> > 
> > 
> > 
> > 
> > 
> > Disclaimer:
> > This electronic message, including any
> attachments, is confidential 
> > and int= ended solely for use of the intended
> recipient(s).
> > This message may contain=
> >  information that is privileged or otherwise
> protected from disclosure
> > by a= pplicable law. Any unauthorized disclosure,
> dissemination, use
> > or reproduct= ion is strictly prohibited. If you
> have received this 
> > message in error, ple= ase delete it and notify
> the sender 
> > immediately.=20
> > 
> > 
> > 
> > 
> > 
> > --__--__--
> > 
> > Message: 2
> > From: Brian Stamper <BStamper at ...12816...>
> > To: snort-users at lists.sourceforge.net
> > Date: Thu, 3 Feb 2005 08:19:05 -0600
> > Subject: [Snort-users] Alerts
> > 
> > I've had snort running now for a while and would
> like to figure out 
> > how to have it alert by email on certain things. 
> I've attempted to 
> > make Swatch work but so far haven't had any luck
> with that.
> > What is everyone using to
> > make this happen?  Guess I just wanted some ideas.
> > Thanks,
> > Brian
> > 
> > 
> > --__--__--
> > 
> > Message: 3
> > Date: Thu, 3 Feb 2005 16:14:45 +0100 (CET)
> > From: Fabio Spadoni <fabiosge at ...5849...>
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] ACID doesn't show nothing
> > 
> > --0-489904743-1107443685=:50488
> > Content-Type: text/plain; charset=iso-8859-1
> > Content-Transfer-Encoding: 8bit
> > 
> > I have installed on fedora 3 box snort 2.3.0,
> mysql
> > and acid.
> >  
> > Using snort -c /... everythink appears to func
> very
> > well, but while I can see some results in
> > /var/log/snort/alert nothing on the contrary
> appear
> > in acid web page, everythink has zero value,
> sensor,
> > alert, etc etc
> >  
> > Any ideas?
> >  
> > Thanks, 
> >  
> > ciao
> >  
> > Fabio
> >  
> > 
> > 				
> > ---------------------------------
> > Nuovo Yahoo! Messenger E' molto più divertente:
> > Audibles, Avatar, Webcam, Giochi, Rubrica...
> Scaricalo
> > ora! 
> > --0-489904743-1107443685=:50488
> > Content-Type: text/html; charset=iso-8859-1
> > Content-Transfer-Encoding: 8bit
> > 
> > <DIV>I have installed on fedora 3 box snort 2.3.0,
> > mysql and acid.</DIV>
> > <DIV> </DIV>
> > <DIV>Using snort -c /... everythink
> > appears to func very well, but while I
> can
> > see some results in /var/log/snort/alert nothing
> on
> > the contrary appear in acid web page, everythink
> has
> > zero value, sensor, alert, etc etc</DIV>
> > <DIV> </DIV>
> > <DIV>Any ideas?</DIV>
> > <DIV> </DIV>
> > <DIV>Thanks, </DIV>
> > <DIV> </DIV>
> > <DIV>ciao</DIV>
> 
=== message truncated ===



		
__________________________________ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list