RE: Snort 2.3

[SN ORT <snort_on_acid () yahoo com>]

Ha! If you don't have time to "patch manually" you
don't have time to try and "trim down" a distro. The
point is you don't need to patch and you don't need
any newer OS, especially if you're just going to "trim
it down" anyways. Besides, those OSes you mentioned
aren't going to trim down very much, what with all
that gui and junk that comes with it. Many people here
probably don't patch their Snort boxes at all. I
don't. It has ACL'd access per host, I don't need to
worry about patching every other day and wondering,
"Now what options did I last compile that with?" !!
"Oh now everything's broke!...etc"

Cheese!

Marc

--- "Harper, Patrick" <Patrick.Harper () phns com> wrote:

> I just have a problem running a system that no one
> is doing patches for.  A lot of new distros can be
> trimmed down just as well as 7.X could be. You can
> patch manually but I personally do not have that
> kind of time.
>
> -----Original Message-----
> From: SN ORT [mailto:snort_on_acid () yahoo com] 
> Sent: Thursday, February 03, 2005 11:07 AM
> To: snort-users () lists sourceforge net
> Cc: Harper, Patrick
> Subject: RE: [Snort-users] Snort 2.3
>
> There is absolutely nothing wrong with running Snort
> on Redhat 7.x, Many have been doing it for years.
> What would be the point to have to constantly update
> it if only you can get to it and it only runs Snort?
> I also run it on FreeBSD, and why would I want to
> keep that updated? SO what if it's no longer
> available or not supported?  The OS is running,
> solidly, bugfree, tried tested and proven! What more
> is there? And a lot of people have smaller machines
> to run this stuff on. I'm a little discouraged at
> the newer fat distros anymore and the giant
> resources required to even load them up.
>
>
> The bottom line is, on an IDS/IPS system, a
> low-profile OS is the best match. Newer distros are
> a waste of resources.
>
> Cheese!
> Marc
> > --__--__--
> >
> > Message: 1
> > From: "Harper, Patrick" <Patrick.Harper () phns com>
> > To: "Narayan Sivaramakrishnan"
> > <nsivaram () mix wvu edu>,
> >     <snort-users () lists sourceforge net>
> > Date: Thu, 3 Feb 2005 00:15:20 -0600
> > Subject: RE: [Snort-users] Snort 2.3
> >
> > I would assume it would work, but why are you
> running on such an 
> > antiquated distro.  You can not even get patched
> from the 
> > http://fedoralegacy.org/ project.  I am a redhat
> fan, but I would 
> > never use a distro that had been EOL'd by the
> vendor for a new 
> > project.  If you want free check out
> http://fedora.redhat.com or any 
> > of the other distros http://distrowatch.com/
> >
> > -----Original Message-----
> > From: Narayan Sivaramakrishnan
> > [mailto:nsivaram () mix wvu edu]=20
> > Sent: Wednesday, February 02, 2005 1:36 PM
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] Snort 2.3
> >
> > All,
> > Is Snort 2.3 good to go with Redhat Linux 7.2  .
> > Please advice.Is there
> > an installation manual which could detail the
> installation of Snort 
> > 2.3 on Linux 7.2.?
> > Cheers,
> > Narayan
-------------------------------------------------------
> > This SF.Net email is sponsored by: IntelliVIEW --
> Interactive 
> > Reporting Tool for open source databases. Create
> drag-&-drop reports. 
> > Save time by over 75%! Publish reports on the web.
> Export to DOC, XLS,
> > RTF, etc.
> > Download a FREE copy at
> > http://www.intelliview.com/go/osdn_nl
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or
> > unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users
> > Disclaimer:
> > This electronic message, including any
> attachments, is confidential 
> > and int= ended solely for use of the intended
> recipient(s).
> > This message may contain=
> >  information that is privileged or otherwise
> protected from disclosure
> > by a= pplicable law. Any unauthorized disclosure,
> dissemination, use
> > or reproduct= ion is strictly prohibited. If you
> have received this 
> > message in error, ple= ase delete it and notify
> the sender 
> > immediately.=20
> >
> >
> >
> >
> >
> > --__--__--
> >
> > Message: 2
> > From: Brian Stamper <BStamper () spencerhospital org>
> > To: snort-users () lists sourceforge net
> > Date: Thu, 3 Feb 2005 08:19:05 -0600
> > Subject: [Snort-users] Alerts
> >
> > I've had snort running now for a while and would
> like to figure out 
> > how to have it alert by email on certain things. 
> I've attempted to 
> > make Swatch work but so far haven't had any luck
> with that.
> > What is everyone using to
> > make this happen?  Guess I just wanted some ideas.
> > Thanks,
> > Brian
> >
> >
> > --__--__--
> >
> > Message: 3
> > Date: Thu, 3 Feb 2005 16:14:45 +0100 (CET)
> > From: Fabio Spadoni <fabiosge () yahoo it>
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] ACID doesn't show nothing
> >
> > --0-489904743-1107443685=:50488
> > Content-Type: text/plain; charset=iso-8859-1
> > Content-Transfer-Encoding: 8bit
> >
> > I have installed on fedora 3 box snort 2.3.0,
> mysql
> > and acid.
> >  
> > Using snort -c /... everythink appears to func
> very
> > well, but while I can see some results in
> > /var/log/snort/alert nothing on the contrary
> appear
> > in acid web page, everythink has zero value,
> sensor,
> > alert, etc etc
> >  
> > Any ideas?
> >  
> > Thanks, 
> >  
> > ciao
> >  
> > Fabio
> >  
> >
> >                             
> > ---------------------------------
> > Nuovo Yahoo! Messenger E' molto più divertente:
> > Audibles, Avatar, Webcam, Giochi, Rubrica...
> Scaricalo
> > ora! 
> > --0-489904743-1107443685=:50488
> > Content-Type: text/html; charset=iso-8859-1
> > Content-Transfer-Encoding: 8bit
> >
> > <DIV>I have installed on fedora 3 box snort 2.3.0,
> > mysql and acid.</DIV>
> > <DIV>&nbsp;</DIV>
> > <DIV>Using snort -c /...&nbsp;everythink
> > appears&nbsp;to&nbsp;func very well, but while I
> can
> > see some results in /var/log/snort/alert nothing
> on
> > the contrary appear in acid web page, everythink
> has
> > zero value, sensor, alert, etc etc</DIV>
> > <DIV>&nbsp;</DIV>
> > <DIV>Any ideas?</DIV>
> > <DIV>&nbsp;</DIV>
> > <DIV>Thanks, </DIV>
> > <DIV>&nbsp;</DIV>
> > <DIV>ciao</DIV>
=== message truncated ===



                
__________________________________ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users