Snort mailing list archives
Re: Upgrading from Snort v2.3.2 to 2.8.3.1
From: Ian Masters <ian () acces co jp>
Date: Wed, 10 Dec 2008 10:01:29 +0900
Zultan Thanks for the reply and the useful information.
You might as well upgrade pcre and libpcap before you move to 2.8+
As you say pcre *has* to be upgraded or snort v2.8.3.1 will not install. Libcap seemed not to be a problem.
So you probably should build a test configuration first.
A test configuration turned out to be a very good idea. In moving from v2.3.2 to 2.8.3.1 quite a few things have changed. Since the installations I have were not updated for the last year and a half, I've found the following problems so far (for anyone's future reference): 1. As you mentioned, quite a few config options have changed in the application hence also in snort.conf (dynamic preprocessors "frag2" and "telnet_decode" have disappeared, the Stream4 preprocessor will be deprecated in a future release). A v2.3.2 snort.conf is unusable. I migrated current settings to the new snort.conf. 2. Somewhere along the line SIDs became mandatory for custom rules (even simple pass rules), hence: FATAL ERROR: /etc/snort/rules/test.rules(13): Duplicate rule with same gid (1) and no sid. To avoid this, make sure all of your rules define an sid. I added SIDs to my test.rules. 3. MySQL's DB schema changed to minimum version 107, hence the following error: FATAL ERROR: database: The underlying database seems to be running an older version of the DB schema (current version=106, required minimum version= 107). Back to the list archives to try and sort that out: I have information in the current DB that I want to retain. That's as far as I've got so far.
Be sure to read the files in the docs directory.
Thanks, I will. Ta very much. Ian ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Upgrading from Snort v2.3.2 Ian Masters (Dec 08)
- <Possible follow-ups>
- Re: Upgrading from Snort v2.3.2 Zultan (Dec 09)
- Re: Upgrading from Snort v2.3.2 Joel Esler (Dec 09)
- Error loading plugins... Jose J. Cintron (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Ian Masters (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Joel Esler (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Ian Masters (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Joel Esler (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Harry Hoffman (Dec 09)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Joel Esler (Dec 10)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Michael Steele (Dec 10)
- Re: Upgrading from Snort v2.3.2 to 2.8.3.1 Joel Esler (Dec 10)