Snort mailing list archives

Re: Snort Upgrade

From: "Neelakantam, Raju" <Raju.Neelakantam () contractor ca com>
Date: Fri, 13 Jan 2017 21:46:55 +0000

Hi Snort Team,

We are currently running snort version 
2.9.6.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.2&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=YMq9GsASdVZRkVpT7oktQZ3wUrqRxxbnlCjgFBvUkxc&e=>
 in our enterprise. I read in snort blog about the 
2.9.6.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.2&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=YMq9GsASdVZRkVpT7oktQZ3wUrqRxxbnlCjgFBvUkxc&e=>
 end of life.

How can we upgrade the snort to latest version?
What version is recommended?
What is the upgrade process?
Should we install new version from scratch? Is there way to retain the current configuration during the new version 
upgrade?

# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 
2.9.6.1<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.1&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=0p-vmt5hs0Xxqvy6BT4iWz-uhW5nwqn0ag0o4G0ywvc&e=>
 GRE (Build 56)
   ''''    By Martin Roesch & The Snort Team: 
http://www.snort.org/snort/snort-team<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.snort.org_snort_snort-2Dteam&d=DwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=S9ovyJWAnr2_RH07o2kdDQBEkUSeAYuQrT0RvewMe10&e=>
           Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.4.0
           Using PCRE version: 7.8 2008-09-05
           Using ZLIB version: 1.2.3

And there is pulledpork package being in use. However, unable to identify the latest rules update.


Regards,
Raju

From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Friday, January 13, 2017 12:53 PM
To: Neelakantam, Raju <Raju.Neelakantam () contractor ca com<mailto:Raju.Neelakantam () contractor ca com>>
Cc: snort-site(mailer list) <snort-site () cisco com<mailto:snort-site () cisco com>>
Subject: Re: Snort Upgrade

Sorry. 
https://www.snort.org/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.snort.org_community&d=DwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=Zy3utvbPBu2vD3qP2QzE58rNqzPW26qJ12umrR9ECec&s=U1LgPAenQVV1ole_raVDcQPveADfq4fcTsQSKY6u8fk&e=>

--
Sent from my iPhone

On Jan 13, 2017, at 3:43 PM, Neelakantam, Raju <Raju.Neelakantam () contractor ca com<mailto:Raju.Neelakantam () 
contractor ca com>> wrote:
Hi Joel,

This what I get from the link, see attached. Could you provide working link?



Sent from my T-Mobile 4G LTE device

------ Original message------
From: Joel Esler (jesler)
Date: Fri, Jan 13, 2017 12:08 PM
To: Neelakantam, Raju;
Cc: snort-site(mailer list);
Subject:Re: Snort Upgrade

Please direct your questions to the Snort mailing lists: 
http://www.snort.org/community/mailing-lists<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.snort.org_community_mailing-2Dlists&d=DwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=DSO4xt-TS3csWgJXrEPjq_acoa0WEjZBxwbS8fX7l_s&e=>

--
Sent from my iPhone

On Jan 13, 2017, at 2:21 PM, Neelakantam, Raju <Raju.Neelakantam () contractor ca com<mailto:Raju.Neelakantam () 
contractor ca com>> wrote:
Hi Snort Team,

We are currently running snort version 
2.9.6.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.2&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=YMq9GsASdVZRkVpT7oktQZ3wUrqRxxbnlCjgFBvUkxc&e=>
 in our enterprise. I read in snort blog about the 
2.9.6.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.2&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=YMq9GsASdVZRkVpT7oktQZ3wUrqRxxbnlCjgFBvUkxc&e=>
 end of life.

How can we upgrade the snort to latest version?
What version is recommended?
What is the upgrade process?
Should we install new version from scratch? Is there way to retain the current configuration during the new version 
upgrade?

# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 
2.9.6.1<https://urldefense.proofpoint.com/v2/url?u=http-3A__2.9.6.1&d=DwQFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=0p-vmt5hs0Xxqvy6BT4iWz-uhW5nwqn0ag0o4G0ywvc&e=>
 GRE (Build 56)
   ''''    By Martin Roesch & The Snort Team: 
http://www.snort.org/snort/snort-team<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.snort.org_snort_snort-2Dteam&d=DwMFAg&c=_hRq4mqlUmqpqlyQ5hkoDXIVh6I6pxfkkNxQuL0p-Z0&r=WqcySmX1r9LmeeP2OWOSKKxi3Y6_Rx56gkkvS9cRlVLj5aRP5-Mt1Q7OCCGB4M7X&m=kWT26Rx6vV1vlJxO3zOXHjggAVpg-PQuVmEhNwz5sUo&s=S9ovyJWAnr2_RH07o2kdDQBEkUSeAYuQrT0RvewMe10&e=>
           Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.4.0
           Using PCRE version: 7.8 2008-09-05
           Using ZLIB version: 1.2.3

And there is pulledpork package being in use. However, unable to identify the latest rules update.


Regards,
Raju

<Capture+_2017-01-13-12-41-55_resized.png>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Snort Upgrade N. V. R. K. RAJU (Jan 13)
- <Possible follow-ups>
- Re: Snort Upgrade N. V. R. K. RAJU (Jan 16)
- Re: Snort Upgrade Neelakantam, Raju (Jan 16)
- Re: Snort Upgrade Neelakantam, Raju (Jan 16)
  - Re: Snort Upgrade James Lay (Jan 16)