Snort mailing list archives

Re: Updating Snort

From: "Mark W. Jeanmougin via Snort-users" <snort-users () lists snort org>
Date: Mon, 22 Apr 2019 12:41:46 -0400

Nathan,

Some more info would be handy. Which version of snort ("snort --version")?
Which OS? Which version? Is the underlying OS up to date on patches?

Do you know if snort was installed via the OS's package manager or
otherwise?

Is this Security Onion, by chance?

MJ



On Mon, Apr 22, 2019 at 12:11 PM Nathan Hicks <NHicks () telpay ca> wrote:

Hi,



We’re using Snort as an IDS. So Snort, PulledPork, Barnyard2 and Snorby
for the web interface. I’m having an issue where the snorby page isn’t
updating with detected events.

Everything else appears to be running properly, but when I try to start
Snort, I get:



“ERROR: /etc/snort/rules/snort.rules(9243): unknown modifier "bitmask
0x8000"

Fatal Error, Quitting..”



I believe this is because we’re using a very old version of Snort. I’d
like to update all the components, but there doesn’t appear to be any
documentation that explains how to do that.



I’m a complete beginner at this stuff. Previous admin set it up and I’m
just trying to figure it out – so any help is greatly appreciated.



Thanks,

Nathan




_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

Please follow these rules:
https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Updating Snort Nathan Hicks (Apr 22)
- Re: Updating Snort Mark W. Jeanmougin via Snort-users (Apr 22)
- Re: Updating Snort Joel Esler (jesler) via Snort-users (Apr 22)