[Snort-users] Getting Snort version as bash variable

waldo kitty wkitty42 at ...14940...
Wed Aug 4 12:33:31 EDT 2010


On 8/4/2010 04:56, Rob MacGregor wrote:
> On Wed, Aug 4, 2010 at 06:37, CoryC<oakleeman at ...131...>  wrote:
>> Last week someone wrote that they used a script to do automatic updates of Snort. I'm trying to do something similar but am having difficulty capturing the version number as a Bash variable. I can capture the whole version string&  ascii art but can't figure out how to manipulate it to give me just the version number. I'm unable to echo the string into a text file either, it shows all the info on the screen.
>>
>> I was getting it from the snort.conf file but I didn't see it written in the latest version so I thought I'd get it from the -V method.
>>
>> I've google searched but might be using the wrong terms since I've not had much luck. Any advice would be appreciated.
>
> snort -V 2>&1 | egrep Version | sed "s/.*Version \([0-9\.]*\) .*/\1"

that's almost exactly what i do in perl... more specifically, lines 1, 4, and 7 
in the following perl snippet ;)

open(MY_INPUT,"/usr/bin/snort -V 2>&1 |");
while(MY_INPUT) {
   chomp;
   if (/Version\s+(.*)/i) {
     (${display_version}, ${sub1}, $sub2}) = split(/ /,$1);
     ${snortDLversion} = ${display_version};
     ${snortDLversion} =~ s/\.//g;
     ${display_version} .= " ${sub1} ${sub2}";
   }
}
close(MY_INPUT);
while (length(${snortDLversion}) < 4) {
   ${snortDLversion} .= '0';
}

> Should do the trick (caution, that wasn't a copy and paste, some minor
> tweaking may be required).  Basically, it redirects stderr to stdout,
> extracts only the line with the word Version in it and then extracts
> the field after the word Version, that consists only of numbers and
> dots.

yup... mine above extracts the field into three vars via splitting on the 
spaces... then we remove all the dots from the version portion...

> If Snort were to move to including letters in the version you'd
> want:
>
> snort -V 2>&1 | egrep Version | sed "s/.*Version //" | awk '{ print $1 }'
>
> Which does much the same, only it extracts the space delimited field
> after the word Version.

so many ways and so little time :P :)




More information about the Snort-users mailing list