Re: Upgrading Snort - Baffled?

[John Sage <jsage () finchhaven com>]

Chae:

On Wed, Jul 17, 2002 at 05:02:14PM +1200, chae wrote:
> Hi Yah,
>
> Current have 1.8.1.i386 running on a Cobalt RaQ3, upgraded the rules and 
> it's only reporting on ICMP's and the Virus rulesets.
>
> Decided to upgrade the 1.8.1 to 1.8.7 - copied the binary onto the server, 
> stopped snort and issued -Uvh snort-1.8.7-1snort.i386.rpm from the folder 
> in which I uploaded the binary. The upgraded then came back to me with the 
> following errors about the /etc/snort/whatever-ruleset-name snort-1.8.7-1 
> conflicted with the same ruleset name on package 1.8.1.
>
> Okay so did a search on the server for the rpm to uninstall but the rpm had 
> been removed - previously installed prior to me taking on the server. So 
> what I then did was renamed the snort folder to something unique along with 
> the /usr/sbin/snort binary and tried to install the rpm again - same error 
> everytime I try to upgrade.
>
> Am I missing something totally obvious (Windows user looking after a 
> Cobalt)? Had a search through documentation for upgrading from older 
> versions but nothing.
>
> Would it be better to get the tar version and do a make install with that 
> or I'm I going to get the same errors?
> Do I have to physically root out any of the existing snort files and delete 
> them before installing the new version?
>
> Any pointers would be great or if some could tell me why 1.8.1 has suddenly 
> stopped logging everything except ICMP and Virus rulesets, all rules were 
> installed at the same time and used the snort .conf that came with the ruleset.

My very personal opinion would be to never install snort via rpm --
mainly because I want to know where everything goes, and even put
stuff where I want, by my own method. When you use an rpm, you are
forced (unless you fiddle..) to use the rpm builder's assumptions.

Currently I have no fewer than five distinct snort versions installed
and operable on my firewall box, each of them very deliberately placed
in a distinct directory under /usr/local/, each snort.conf renamed
to add the version number (i.e. snort187.conf) and each executable
renamed in the same manner and executed via a sim link out of /usr/bin

Thus I can run any one of these different versions when I want; put on
a new version and test it; and always have my previous version available
and ready to go in a moment, if I need it.

All installations have been done by the traditional tar -xzvf
./configure   make   make install   routine...

My personal method; others may do it differently.

As always, YMMV...



- John
-- 
"Obviously, we do not want to leave zombies around."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users