[Snort-users] Advice on Snort 2.8.x

Joel Esler jesler at ...1935...
Fri Aug 21 14:16:00 EDT 2009


You'll want to maintain a copy of your snort.conf, so you can move the
settings that you already have configured over into a new snort.conf file
with the new version.J

On Fri, Aug 21, 2009 at 2:10 PM, Richard Lichvar <rlichvar at ...14639...> wrote:

>  Joel,
>
>
>
> Finally getting into some documentation! Got the Snort manual open right
> now.
>
>
>
> One of the main challenges is I didn’t install any of the software we use
> for this: not CentOS, not Snort/Barnyard, none of it. And the installer
> didn’t leave a whole lot (read that as “none”) of configuration management
> documentation behind on what he did. I can say that mysqld is running
> (although I haven’t checked the version yet).
>
>
>
> I just went to the isc.sans.org article you apparently wrote and am now
> convinced we need to upgrade to 2.8.4 (as well as barnyard2). I’m presuming,
> since CentOS is pretty much a clone of RHEL we can just download the
> appropriate RPM and use the normal RPM installation process. Will this
> overwrite anything important or will it simply upgrade the code? The only
> thing I have to find out, now, is if the DoD client for which we are running
> this needs to approve the updates before they are done. Still waiting for
> the response to that one.
>
>
>
> Also, want to say I really, really appreciate your help and patience and
> that of the other Snort old-hand users in the forum. It’s making my job a
> lot easier coming up to speed!
>
>
>
> Rich
>
>
>
> *From:* Joel Esler [mailto:jesler at ...1935...]
> *Sent:* Friday, August 21, 2009 1:56 PM
> *To:* Richard Lichvar
> *Cc:* snort-users at lists.sourceforge.net
> *Subject:* Re: [Snort-users] Advice on Snort 2.8.x
>
>
>
> On Fri, Aug 21, 2009 at 1:47 PM, Richard Lichvar <rlichvar at ...14639...>
> wrote:
>
>  1.       We are on 2.8.0.2 (Build 75). Is there any real advantage to
> upgrading to 2.8.4?
>
>
>
> There are always advantages to staying current with software.  Check out
> the changelog between 2.8.0.2 and 2.8.4.  Included with 2.8.4.
>
>
>
>  2.       Will upgrading Barnyard2 interfere with 2.8.0.2 or should we
> upgrade to 2.8.4?
>
>  Barnyard2 should read the unified output module and input into your
> output method desire.  Unified output hasn't changed in quite some time.
>
>
>
>
>
>  3.       We seem to be using PCRE version 6.6. What does this tell us?
>
>  That you are running PCRE version 6.6.  I don't understand what you are
> asking.
>
>
>
>  4.       I notice there are MySql and other versions of Snort. How do I
> tell whether we are using the MySQL version or not? (We running on CentOS
> 5.2.)
>
>  How did you install Snort?  Through the tarball or via RPM?  If you
> installed via the tarball, you would need to check your config.log file.  If
> you installed via the RPM, run the command "rpm -q snort" on the command
> line.
>
>
>
>
>
> Again, many thanks in advance for helping this Snort newbie.
>
>
>
> RichLich
>
>
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -- Joel Esler | Sourcefire | Google Voice: 302-223-5974
>

-- Joel Esler | Sourcefire | Google Voice: 302-223-5974
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090821/315eebb8/attachment.html>


More information about the Snort-users mailing list