Re: Advice on Snort 2.8.x

[Joel Esler <jesler () sourcefire com>]

You'll want to maintain a copy of your snort.conf, so you can move the
settings that you already have configured over into a new snort.conf file
with the new version.J

On Fri, Aug 21, 2009 at 2:10 PM, Richard Lichvar <rlichvar () sainc com> wrote:

>  Joel,
>
>
>
> Finally getting into some documentation! Got the Snort manual open right
> now.
>
>
>
> One of the main challenges is I didn’t install any of the software we use
> for this: not CentOS, not Snort/Barnyard, none of it. And the installer
> didn’t leave a whole lot (read that as “none”) of configuration management
> documentation behind on what he did. I can say that mysqld is running
> (although I haven’t checked the version yet).
>
>
>
> I just went to the isc.sans.org article you apparently wrote and am now
> convinced we need to upgrade to 2.8.4 (as well as barnyard2). I’m presuming,
> since CentOS is pretty much a clone of RHEL we can just download the
> appropriate RPM and use the normal RPM installation process. Will this
> overwrite anything important or will it simply upgrade the code? The only
> thing I have to find out, now, is if the DoD client for which we are running
> this needs to approve the updates before they are done. Still waiting for
> the response to that one.
>
>
>
> Also, want to say I really, really appreciate your help and patience and
> that of the other Snort old-hand users in the forum. It’s making my job a
> lot easier coming up to speed!
>
>
>
> Rich
>
>
>
> *From:* Joel Esler [mailto:jesler () sourcefire com]
> *Sent:* Friday, August 21, 2009 1:56 PM
> *To:* Richard Lichvar
> *Cc:* snort-users () lists sourceforge net
> *Subject:* Re: [Snort-users] Advice on Snort 2.8.x
>
>
>
> On Fri, Aug 21, 2009 at 1:47 PM, Richard Lichvar <rlichvar () sainc com>
> wrote:
>
>  1.       We are on 2.8.0.2 (Build 75). Is there any real advantage to
> upgrading to 2.8.4?
>
>
>
> There are always advantages to staying current with software.  Check out
> the changelog between 2.8.0.2 and 2.8.4.  Included with 2.8.4.
>
>
>
>  2.       Will upgrading Barnyard2 interfere with 2.8.0.2 or should we
> upgrade to 2.8.4?
>
>  Barnyard2 should read the unified output module and input into your
> output method desire.  Unified output hasn't changed in quite some time.
>
>
>
>
>
>  3.       We seem to be using PCRE version 6.6. What does this tell us?
>
>  That you are running PCRE version 6.6.  I don't understand what you are
> asking.
>
>
>
>  4.       I notice there are MySql and other versions of Snort. How do I
> tell whether we are using the MySQL version or not? (We running on CentOS
> 5.2.)
>
>  How did you install Snort?  Through the tarball or via RPM?  If you
> installed via the tarball, you would need to check your config.log file.  If
> you installed via the RPM, run the command "rpm -q snort" on the command
> line.
>
>
>
>
>
> Again, many thanks in advance for helping this Snort newbie.
>
>
>
> RichLich
>
>
>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> -- Joel Esler | Sourcefire | Google Voice: 302-223-5974

-- Joel Esler | Sourcefire | Google Voice: 302-223-5974

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users