[Snort-users] Advice on Snort 2.8.x

Richard Lichvar rlichvar at ...14639...
Fri Aug 21 14:10:14 EDT 2009


Joel,

 

Finally getting into some documentation! Got the Snort manual open right
now.

 

One of the main challenges is I didn't install any of the software we
use for this: not CentOS, not Snort/Barnyard, none of it. And the
installer didn't leave a whole lot (read that as "none") of
configuration management documentation behind on what he did. I can say
that mysqld is running (although I haven't checked the version yet).

 

I just went to the isc.sans.org article you apparently wrote and am now
convinced we need to upgrade to 2.8.4 (as well as barnyard2). I'm
presuming, since CentOS is pretty much a clone of RHEL we can just
download the appropriate RPM and use the normal RPM installation
process. Will this overwrite anything important or will it simply
upgrade the code? The only thing I have to find out, now, is if the DoD
client for which we are running this needs to approve the updates before
they are done. Still waiting for the response to that one.

 

Also, want to say I really, really appreciate your help and patience and
that of the other Snort old-hand users in the forum. It's making my job
a lot easier coming up to speed!

 

Rich

 

From: Joel Esler [mailto:jesler at ...1935...] 
Sent: Friday, August 21, 2009 1:56 PM
To: Richard Lichvar
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Advice on Snort 2.8.x

 

On Fri, Aug 21, 2009 at 1:47 PM, Richard Lichvar <rlichvar at ...14639...>
wrote:

	1.       We are on 2.8.0.2 (Build 75). Is there any real
advantage to upgrading to 2.8.4?

 

There are always advantages to staying current with software.  Check out
the changelog between 2.8.0.2 and 2.8.4.  Included with 2.8.4.

 

	2.       Will upgrading Barnyard2 interfere with 2.8.0.2 or
should we upgrade to 2.8.4?

Barnyard2 should read the unified output module and input into your
output method desire.  Unified output hasn't changed in quite some time.

 

 

	3.       We seem to be using PCRE version 6.6. What does this
tell us?

That you are running PCRE version 6.6.  I don't understand what you are
asking.

 

	4.       I notice there are MySql and other versions of Snort.
How do I tell whether we are using the MySQL version or not? (We running
on CentOS 5.2.)

How did you install Snort?  Through the tarball or via RPM?  If you
installed via the tarball, you would need to check your config.log file.
If you installed via the RPM, run the command "rpm -q snort" on the
command line.

 

	 

	Again, many thanks in advance for helping this Snort newbie.

	 

	RichLich

	 

	
	
------------------------------------------------------------------------
------
	Let Crystal Reports handle the reporting - Free Crystal Reports
2008 30-Day
	trial. Simplify your report design, integration and deployment -
and focus on
	what you do best, core application coding. Discover what's new
with
	Crystal Reports now.  http://p.sf.net/sfu/bobj-july
	_______________________________________________
	Snort-users mailing list
	Snort-users at lists.sourceforge.net
	Go to this URL to change user options or unsubscribe:
	https://lists.sourceforge.net/lists/listinfo/snort-users
	Snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-use
rs>  list archive:
	http://www.geocrawler.com/redir-sf.php3?list=snort-users

 

-- Joel Esler | Sourcefire | Google Voice: 302-223-5974

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090821/72e9f402/attachment.html>


More information about the Snort-users mailing list