[Snort-users] Whats the correct way to migrate from v2.8.5.x to v2.8.6.x?

Joel Esler jesler at ...1935...
Tue Apr 27 19:37:50 EDT 2010


I said that the registered rules release window does not open for
another 30 days (29 now).

J

On Tuesday, April 27, 2010, Chan, Wilson <wchan at ...14702...> wrote:
> For the new oinkmaster updates (Free Feed) which tar.gz file do you use?
>
> snortrules-snapshot-CURRENT.tar.gz
> snortrules-snapshot-2860.tar.gz
> snortrules-snapshot-2860_s.tar.gz
>
> I was reading http://www.dshield.org/diary.html?storyid=8692 article by Joel Esler and it mentions to use snapshot-2860 without the "_s".  However, when I go to http://www.snort.org/snort-rules I see snortrules-snapshot-2860_s.tar.gz only for the subscription release. So, my assumption is "_s" means subscription release but there isn't any links under the registered-user release (30 day old) for the new file format. Any ideas? Thanks!
>
>
>
>
> Wilson Chan
>
>
> -----Original Message-----
> From: Joel Esler [mailto:jesler at ...1935...]
> Sent: Tuesday, April 27, 2010 1:02 PM
> To: Chan, Wilson
> Subject: Re: [Snort-users] Whats the correct way to migrate from v2.8.5.x to v2.8.6.x?
>
> Where do you see 2.8.6.1?
>
> On Tuesday, April 27, 2010, Chan, Wilson <wchan at ...14702...> wrote:
>> Upgrade seems to be going. However, my oinkmaster configuration needs to
>> change from reading the docs. Do I reference
>> snortrules-snapshot-2861.tar.gz or 2860.tar.gz?  It seems the latest
>> version of snort is v2.8.6.1.
>>
>> ==oinkmaster.conf==
>> ##Old
>> ##url =
>> http://www.snort.org/pub-bin/oinkmaster.cgi/oink_key/snortrules-snapshot
>> -2.8.tar.gz
>>
>> ## Snort 2.8.6.1
>> url =
>> http://www.snort.org/pub-bin/oinkmaster.cgi/oink_key/snortrules-snapshot
>> -2861.tar.gz
>>
>>
>> Wilson Chan
>>
>> -----Original Message-----
>> From: Joel Esler [mailto:jesler at ...1935...]
>> Sent: Tuesday, April 27, 2010 12:12 PM
>> To: Chan, Wilson
>> Cc: snort-users at lists.sourceforge.net
>> Subject: Re: [Snort-users] Whats the correct way to migrate from
>> v2.8.5.x to v2.8.6.x?
>>
>> That's what I did.  I used the snort.conf from the 2.8.6 rulepack and
>> migrated my settings over.
>>
>> J
>>
>> On Tuesday, April 27, 2010, Chan, Wilson <wchan at ...14702...> wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Do you take the v2.8.6 snort.conf and manually port all the
>>> setting over from v2.8.5.x?
>>>
>>> What is the correct procedure for updating from source?
>>> Thanks!
>>>
>>>
>>>
>>> Wilson
>>> Chan
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> Joel Esler
>>
>>
>
> --
> Joel Esler
>
>

-- 
Joel Esler




More information about the Snort-users mailing list