Snort mailing list archives
Re: Reporting server and sensor compatibility
From: Pratibha Rajan <pratibha.nair12 () outlook com>
Date: Tue, 5 Jul 2016 10:16:55 +0530
Thank you Joel, So as I gather, what I am looking at is a complete revamp of the reporting server and the sensors for the new version of Snort to work.If I were to update rules on Snort 2.9.0.x, I should first update the Sid-msg.map file right? regards,Pratibha From: jesler () cisco com To: pratibha.nair12 () outlook com CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] Reporting server and sensor compatibility Date: Fri, 1 Jul 2016 15:18:53 +0000 When you upgrade to the current version, you’ll need to move to a Snort -> unified2 -> barnyard2 -> mysql structure. We’ve removed the Mysql output module from Snort a long time ago. --Joel EslerManager, Talos Group On Jul 1, 2016, at 9:03 AM, Pratibha Rajan <pratibha.nair12 () outlook com> wrote:While rechecking I did find sid-msg.map in the path /etc/snort/rules. From: pratibha.nair12 () outlook com To: jesler () cisco com; snort-users () lists sourceforge net Date: Fri, 1 Jul 2016 18:17:20 +0530 Subject: Re: [Snort-users] Reporting server and sensor compatibility Thanks Joel. Our output method from Snort to database is with mysql. So i'm not sure if Sid-msg.map file may be present. regards Pratibha From: jesler () cisco com To: pratibha.nair12 () outlook com CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] Reporting server and sensor compatibility Date: Fri, 1 Jul 2016 11:20:59 +0000 As long as you are using the correct Sid-msg.map file for your rules, there shouldn't be a problem. --Joel EsleriPhone On Jul 1, 2016, at 6:10 AM, Pratibha Rajan <pratibha.nair12 () outlook com> wrote: Hi, We run Snort as an IDS with one centralized reporting server that is used to push the VRT updates to multiple sensors sitting in promiscuous mode. All the servers including the reporting server and sensors run with very old versions of Snort - 2.9.0.3 on RHEL 5.3. Needless to say the Rules also haven't been updated for a long time. Now if we were to upgrade some sensors to RHEL 7.2 with Snort 2.9.8.3, what issues will we be looking at w.r.t- VRT updates and conflict with the central reporting server (Snort - 2.9.0.3 on RHEL 5.3). Will the Central reporting server still be able to download new rules(seeing that VRT updates have been EOL for 2.9.0.3)? Thanks much Pratibha------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
- Re: Reporting server and sensor compatibility Al Lewis (allewi) (Jul 01)
- Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
- Re: Reporting server and sensor compatibility Joel Esler (jesler) (Jul 01)
- Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
- Re: Reporting server and sensor compatibility Joel Esler (jesler) (Jul 01)
- Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
- Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
- Re: Reporting server and sensor compatibility Joel Esler (jesler) (Jul 01)
- Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 04)
- Re: Reporting server and sensor compatibility Joel Esler (jesler) (Jul 05)
- Re: Reporting server and sensor compatibility wkitty42 (Jul 05)
- Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
- Re: Reporting server and sensor compatibility Al Lewis (allewi) (Jul 01)