Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Upgrading Snort - Baffled?

From: chae <chae () hyper net nz>
Date: Wed, 17 Jul 2002 22:52:49 +1200
Hi Yah,

This is for the archives in case anyone else had the same problem...

Problem:
"..Decided to upgrade the 1.8.1 to 1.8.7 - copied the binary onto the server, stopped snort and issued -Uvh snort-1.8.7-1snort.i386.rpm from the folder in which I uploaded the binary. The upgraded then came back to me with the following errors about the /etc/snort/whatever-ruleset-name snort-1.8.7-1 conflicted with the same ruleset name on package 1.8.1." 

Solution:
Tried the remove but it didn't want to play the game so I used the --force install; thank you I knew it had to be something silly ;)
Anyway once it installed I ran snort and of course didn't want to play the game, so did some snooping and on the old version the binary was called just snort yet on the new version it was called snortd, so I called that up from the command line...
[root@ns init.d]# /etc/rc.d/init.d/snortd start -c /etc/snort.conf -D -O -h -N -l /var/log/snort -b 
Starting snort: snort

This is when I noticed it didn't start as usual in the daemon mode :(

did a snort status:

[root@ns init.d]# /etc/rc.d/init.d/snort status
snort dead but subsys locked
bummer couldn't think what that was and again after doing some snooping and searching through the archives I read that the newer version of snort would read the /etc/snort/snort.conf file where in the old version it was reading /etc/snort.conf. Moved the snort.conf into the /etc/snort folder and tried again...
[root@ns init.d]# /etc/rc.d/init.d/snortd start -c /etc/snort.conf -D -O -h -N -l /var/log/snort -b 
Starting snort:
[root@ns init.d]# /etc/rc.d/init.d/snort status
snort (pid 21198) is running...
Now it's running and checked my syslogs and seen that it did start in Daemon mode. Now to see what it does at the end of play when I call the reports off. 

Thanks for all the replies and help

Regards

Chae





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: