RE: How do I upgrade Snort to the latest version?

["Lance Boon" <lboon () firststatebanksw com>]

When you say configuration you're talking the snort.conf file correct?
How much does the snort.conf file change between different versions of
snort? i.e. 2.1.2 and 2.1.3 I run pretty much the entire rule set + a
few custom rules. What my plan was to take 1 snort.conf file modify the
following then use that on all of my sensor's. Anyone see any holes in
this?

var HOME_NET
var DNS_SERVERS
var SMTP_SERVERS
var HTTP_SERVERS
var SQL_SERVERS
var TELNET_SERVERS
var SNMP_SERVERS
output database: sensor_name=
then uncomment or comment out the rules that don't apply to my network

Thanks

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Doug
Nordwall
Sent: Friday, June 04, 2004 1:33 PM
To: <snort-users () lists sourceforge net>
<snort-users () lists sourceforge net>
Subject: Re: [Snort-users] How do I upgrade Snort to the latest version?

i'd just back up your configuration first, but yep, that's essentially 
how it's done :)

On Jun 4, 2004, at 7:20 AM, Lance Boon wrote:

> I want to upgrade to the latest version of snort and was wondering how
>  to go about doing it. I've looked through the online users manual and
>  can't find anything telling how to upgrade or update snort. I've got
6
>  snort sensors on Fedora core1 logging to a centralized mysql server
so
>  any assistance would be greatly appreciated.
>
>  This is what I'm thinking
>
> /etc/rc5.d/S99snort stop
>
> tar -xvzf snort-2.1.3.tar.gz
>  cd snort-2.1.3
>  ./configure --with-mysql=/usr/local/mysql &&make &&make install
>
> Installing the rules and conf file:
>  (From the Snort installation directory)
>  cd rules
>  cp * /etc/snort/rules
> cd ../etc
>  cp *.conf /etc/snort
>  cp *.config /etc/snort
>  cp *.map /etc/snort
>
> Then modify my snort.conf file accordingly?
>
> Am I on the right track or has my train completely derailed.
>
>  I'm pretty sure this was covered in the Snort 2.0 Intrusion Detection
>  book but I don't have it with me and can't run out and get it right 
> now.
>
>
>
> -------------------------------------------------------
>  This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
>  installation-authoring solution that does it all. Learn more and
>  evaluate today! http://www.installshield.com/Dev2Dev/0504
> _______________________________________________
> Snort-users mailing list
>  Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
>  https://lists.sourceforge.net/lists/listinfo/snort-users
>  Snort-users list archive:
>  http://www.geocrawler.com/redir-sf.php3?list=ort-users

Doug Nordwall
Unix Administrator
EMSL Computer and Network Support
Phone: (509)376-4308; Fax: (509)376-0420



-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users