[Snort-users] Whats the correct way to migrate from v2.8.5.x to v2.8.6.x?

Chan, Wilson wchan at ...14702...
Tue Apr 27 19:16:23 EDT 2010


For the new oinkmaster updates (Free Feed) which tar.gz file do you use?

snortrules-snapshot-CURRENT.tar.gz
snortrules-snapshot-2860.tar.gz
snortrules-snapshot-2860_s.tar.gz

I was reading http://www.dshield.org/diary.html?storyid=8692 article by Joel Esler and it mentions to use snapshot-2860 without the "_s".  However, when I go to http://www.snort.org/snort-rules I see snortrules-snapshot-2860_s.tar.gz only for the subscription release. So, my assumption is "_s" means subscription release but there isn't any links under the registered-user release (30 day old) for the new file format. Any ideas? Thanks!




Wilson Chan


-----Original Message-----
From: Joel Esler [mailto:jesler at ...1935...] 
Sent: Tuesday, April 27, 2010 1:02 PM
To: Chan, Wilson
Subject: Re: [Snort-users] Whats the correct way to migrate from v2.8.5.x to v2.8.6.x?

Where do you see 2.8.6.1?

On Tuesday, April 27, 2010, Chan, Wilson <wchan at ...14702...> wrote:
> Upgrade seems to be going. However, my oinkmaster configuration needs to
> change from reading the docs. Do I reference
> snortrules-snapshot-2861.tar.gz or 2860.tar.gz?  It seems the latest
> version of snort is v2.8.6.1.
>
> ==oinkmaster.conf==
> ##Old
> ##url =
> http://www.snort.org/pub-bin/oinkmaster.cgi/oink_key/snortrules-snapshot
> -2.8.tar.gz
>
> ## Snort 2.8.6.1
> url =
> http://www.snort.org/pub-bin/oinkmaster.cgi/oink_key/snortrules-snapshot
> -2861.tar.gz
>
>
> Wilson Chan
>
> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...]
> Sent: Tuesday, April 27, 2010 12:12 PM
> To: Chan, Wilson
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Whats the correct way to migrate from
> v2.8.5.x to v2.8.6.x?
>
> That's what I did.  I used the snort.conf from the 2.8.6 rulepack and
> migrated my settings over.
>
> J
>
> On Tuesday, April 27, 2010, Chan, Wilson <wchan at ...14702...> wrote:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Do you take the v2.8.6 snort.conf and manually port all the
>> setting over from v2.8.5.x?
>>
>> What is the correct procedure for updating from source?
>> Thanks!
>>
>>
>>
>> Wilson
>> Chan
>>
>>
>>
>>
>>
>>
>>
>
> --
> Joel Esler
>
>

-- 
Joel Esler





More information about the Snort-users mailing list