[Snort-users] Upgrading from Snort v2.3.2 to 126.96.36.199
ian at ...12163...
Tue Dec 9 20:01:29 EST 2008
Thanks for the reply and the useful information.
> You might as well upgrade pcre and libpcap before you move to 2.8+
As you say pcre *has* to be upgraded or snort v188.8.131.52 will not install.
Libcap seemed not to be a problem.
> So you probably should build a test configuration first.
A test configuration turned out to be a very good idea. In moving from
v2.3.2 to 184.108.40.206 quite a few things have changed. Since the
installations I have were not updated for the last year and a half, I've
found the following problems so far (for anyone's future reference):
1. As you mentioned, quite a few config options have changed in the
application hence also in snort.conf (dynamic preprocessors "frag2" and
"telnet_decode" have disappeared, the Stream4 preprocessor will be
deprecated in a future release). A v2.3.2 snort.conf is unusable.
I migrated current settings to the new snort.conf.
2. Somewhere along the line SIDs became mandatory for custom rules (even
simple pass rules), hence:
FATAL ERROR: /etc/snort/rules/test.rules(13): Duplicate rule with same
gid (1) and no sid. To avoid this, make sure all of your rules define
I added SIDs to my test.rules.
3. MySQL's DB schema changed to minimum version 107, hence the following
FATAL ERROR: database: The underlying database seems to be running an
older version of the DB schema (current version=106, required minimum
Back to the list archives to try and sort that out: I have information
in the current DB that I want to retain.
That's as far as I've got so far.
> Be sure to read the files in the docs directory.
Thanks, I will.
Ta very much.
More information about the Snort-users