Snort mailing list archives
Snort upgrade from 1.9.1 to 2.0.0
From: Lloyd_Ardoin () mazzios com
Date: Mon, 28 Apr 2003 09:01:24 -0500
John, my apologies for not submitting enough information about the upgrade. I tried using the same conf file that I had been using with the 1.9.0 and 1.9.1 version. When I started snort with the -T option I received this ERROR: unknown preprocessor "asn1_decode" Fatal Error, Quitting.. so I modified the conf file that came with the 2.0.0 version to reflect the same information as the 1.9.1 conf file. I again ran snort with the -T switch and got a successful load. I started snort and allowed it to run for 48 hours with no alerts during that time period. I then went back and compared both conf files to make sure my HOME_NET was the same in both and I had left EXTERNAL_NET as 'any'. I looked for any other possible discrepancies but was unable to find any. I would be happy to provided any other information that you might feel would be helpful to allow me to upgrade to 2.0.0. thanks in advance, LA On or about Sat, Apr 26, 2003 at 03:37:44PM -0500, Lloyd_Ardoin () mazzios com posited:
Just an FYI ....I had submitted a question a couple of days ago about upgrading from Snort 1.9.1 to 2.0.0 and wasn't getting any alerts
anymore
on a RedHat 8.0 Dell box. I have gone back to the 1.9.1 version and I am
seeing the exploit traffic again on my DMZ.
Given that you presented little to no useful background regarding your new 2.0.0 configuration, it's not surprising that no one was able to help you. Should you decide to progress to 2.0.0 at a later date, more detail beyond "...I upgraded to the 2.0.0 version on April 23rd and I am no longer getting any alerts..." would be a good starting point toward your receiving actual help from the list. Just a thought... - John
Current thread:
- Snort upgrade from 1.9.1 to 2.0.0 Lloyd_Ardoin (Apr 28)
- <Possible follow-ups>
- Re: Snort upgrade from 1.9.1 to 2.0.0 Neil Dickey (Apr 28)