Snort mailing list archives
Re: Upgrading Snort - Baffled?
From: John Sage <jsage () finchhaven com>
Date: Wed, 17 Jul 2002 19:38:16 -0700
Chae: On Wed, Jul 17, 2002 at 05:02:14PM +1200, chae wrote:
Hi Yah, Current have 1.8.1.i386 running on a Cobalt RaQ3, upgraded the rules and it's only reporting on ICMP's and the Virus rulesets. Decided to upgrade the 1.8.1 to 1.8.7 - copied the binary onto the server, stopped snort and issued -Uvh snort-1.8.7-1snort.i386.rpm from the folder in which I uploaded the binary. The upgraded then came back to me with the following errors about the /etc/snort/whatever-ruleset-name snort-1.8.7-1 conflicted with the same ruleset name on package 1.8.1. Okay so did a search on the server for the rpm to uninstall but the rpm had been removed - previously installed prior to me taking on the server. So what I then did was renamed the snort folder to something unique along with the /usr/sbin/snort binary and tried to install the rpm again - same error everytime I try to upgrade. Am I missing something totally obvious (Windows user looking after a Cobalt)? Had a search through documentation for upgrading from older versions but nothing. Would it be better to get the tar version and do a make install with that or I'm I going to get the same errors? Do I have to physically root out any of the existing snort files and delete them before installing the new version? Any pointers would be great or if some could tell me why 1.8.1 has suddenly stopped logging everything except ICMP and Virus rulesets, all rules were installed at the same time and used the snort .conf that came with the ruleset.
My very personal opinion would be to never install snort via rpm -- mainly because I want to know where everything goes, and even put stuff where I want, by my own method. When you use an rpm, you are forced (unless you fiddle..) to use the rpm builder's assumptions. Currently I have no fewer than five distinct snort versions installed and operable on my firewall box, each of them very deliberately placed in a distinct directory under /usr/local/, each snort.conf renamed to add the version number (i.e. snort187.conf) and each executable renamed in the same manner and executed via a sim link out of /usr/bin Thus I can run any one of these different versions when I want; put on a new version and test it; and always have my previous version available and ready to go in a moment, if I need it. All installations have been done by the traditional tar -xzvf ./configure make make install routine... My personal method; others may do it differently. As always, YMMV... - John -- "Obviously, we do not want to leave zombies around." PGP key http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Upgrading Snort - Baffled? chae (Jul 16)
- Re: Upgrading Snort - Baffled? John Sage (Jul 17)
- <Possible follow-ups>
- RE: Upgrading Snort - Baffled? chae (Jul 17)
- Re: RE: Upgrading Snort - Baffled? Alwin Raymundo (Jul 17)
- RE: Upgrading Snort - Baffled? chae (Jul 17)