[Snort-users] What to do?

James Lay digitalx00 at ...11827...
Thu Nov 21 08:37:05 EST 2013


On Nov 21, 2013, at 2:27 AM, Ellad G. Yatsko <eyatsko at ...16592...> wrote:

> Hello!
> 
> We have Ubuntu Server 12.04.1 LTS with snort 2.9.2 - both installed from 
> scratch. Snort 2.9.2 distribution is native for this Ubuntu Release.
> 
> ~# snort --daq-list
> Available DAQ modules:
> pcap(v3): readback live multi unpriv
> ipfw(v2): live inline multi unpriv
> dump(v1): readback live inline multi unpriv
> afpacket(v4): live inline multi unpriv
> ~#
> 
[redacted]
> 
> Please, help... :-)
> 
> Kind regards,
> Ellad Yatsko
> 
> 

I run the same OS, and while Ubuntu is great for keeping some things up to date, at the speed at which Snort is updated, you’re only real option is to go from source.  2.9.2 is ancient…I’d install 2.9.5.5 so you can get the full ruleset.  Keep in mind it’s not going to be pretty as you’ll most likely have to rip out the current Snort.

James





More information about the Snort-users mailing list