Snort mailing list archives
Re: Whats the correct way to migrate from v2.8.5.x to v2.8.6.x?
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 27 Apr 2010 19:40:44 -0400
If you are NOT a Snort VRT rules subscriber (aka, registered user, you don't pay for it, and you get the rulepack after the "30-day free window" is lifted) you need to make the change. So for example, if snortrules-snapshot-CURRENT.tar.gz is in your rule download URL, you need to update it to snortrules-snapshot-2853.tar.gz (or snortrules-snapshot-2860.tar.gz if you update). The Symlinks will NEVER apply to you, as the new packages won't be available to registered users for 30 days. J On Tuesday, April 27, 2010, Chan, Wilson <wchan () honolulu gov> wrote:
For the new oinkmaster updates (Free Feed) which tar.gz file do you use? snortrules-snapshot-CURRENT.tar.gz snortrules-snapshot-2860.tar.gz snortrules-snapshot-2860_s.tar.gz I was reading http://www.dshield.org/diary.html?storyid=8692 article by Joel Esler and it mentions to use snapshot-2860 without the "_s". However, when I go to http://www.snort.org/snort-rules I see snortrules-snapshot-2860_s.tar.gz only for the subscription release. So, my assumption is "_s" means subscription release but there isn't any links under the registered-user release (30 day old) for the new file format. Any ideas? Thanks! Wilson Chan -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Tuesday, April 27, 2010 1:02 PM To: Chan, Wilson Subject: Re: [Snort-users] Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? Where do you see 2.8.6.1? On Tuesday, April 27, 2010, Chan, Wilson <wchan () honolulu gov> wrote:Upgrade seems to be going. However, my oinkmaster configuration needs to change from reading the docs. Do I reference snortrules-snapshot-2861.tar.gz or 2860.tar.gz? It seems the latest version of snort is v2.8.6.1. ==oinkmaster.conf== ##Old ##url = http://www.snort.org/pub-bin/oinkmaster.cgi/oink_key/snortrules-snapshot -2.8.tar.gz ## Snort 2.8.6.1 url = http://www.snort.org/pub-bin/oinkmaster.cgi/oink_key/snortrules-snapshot -2861.tar.gz Wilson Chan -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Tuesday, April 27, 2010 12:12 PM To: Chan, Wilson Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? That's what I did. I used the snort.conf from the 2.8.6 rulepack and migrated my settings over. J On Tuesday, April 27, 2010, Chan, Wilson <wchan () honolulu gov> wrote:Do you take the v2.8.6 snort.conf and manually port all the setting over from v2.8.5.x? What is the correct procedure for updating from source? Thanks! Wilson Chan-- Joel Esler-- Joel Esler
-- Joel Esler ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? Chan, Wilson (Apr 27)
- Re: Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? Joel Esler (Apr 27)
- Message not available
- Message not available
- Re: Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? Chan, Wilson (Apr 27)
- Re: Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? Joel Esler (Apr 27)
- Re: Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? Joel Esler (Apr 27)
- Message not available
- Re: Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? Joel Esler (Apr 27)
- <Possible follow-ups>
- Re: Whats the correct way to migrate from v2.8.5.x to v2.8.6.x? Joel Esler (Apr 27)