Snort mailing list archives
Re: Upgrading from Snort v2.3.2
From: Joel Esler <eslerj () gmail com>
Date: Tue, 9 Dec 2008 08:37:56 -0500
On Dec 9, 2008, at 3:49 AM, Zultan allegedly wrote:
Hello I'm back managing six Snort sensors after a couple of years away and during that time, no upgrades were done :( I'm wondering if I can upgrade directly from v2.3.2 to v2.8.3 or if there are any gotchas. I looked in the documentation, FAQs and this mailing list's archives but didn't see anything much on upgrading. Any information gratefully received. Ian-------------------------- Ian, I went from 2.4.5 to 2.8.3 this past summer. You might as well upgrade pcre and libpcap before you move to 2.8+ 2.8.3 is much faster running, and has a new ruleset and lots more config options in the snort.conf file. And it has dynamic preprocessor and plugin rules that if used, must be built separately. Richard Bejtlich wrote a long How To on them. http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1299181,00.html You also loose the original portscan preprocessor and the granular output it provided. But the new portscan preprocessor does a better job of catching the slow scanners. 2.8.3 will not run with the original portscan preprocessor configured in snort.conf. Other stuff in snort.conf should be changed as well. So you probably should build a test configuration first. Be sure to read the files is the docs directory.
I'd also suggest you go ahead and go right to the current Snort, 2.8.3.1. Please try and stay current, especially through 2.8.4, as it will have some big features that you WILL NEED. Joel ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Upgrading from Snort v2.3.2 Ian Masters (Dec 08)
- <Possible follow-ups>
- Re: Upgrading from Snort v2.3.2 Zultan (Dec 09)
- Re: Upgrading from Snort v2.3.2 Joel Esler (Dec 09)
- Error loading plugins... Jose J. Cintron (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Ian Masters (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Joel Esler (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Ian Masters (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Joel Esler (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Harry Hoffman (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Joel Esler (Dec 10)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Michael Steele (Dec 10)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Joel Esler (Dec 10)