Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Advice on Snort 2.8.x

From: "Richard Lichvar" <rlichvar () sainc com>
Date: Fri, 21 Aug 2009 14:10:14 -0400
Joel,

 

Finally getting into some documentation! Got the Snort manual open right
now.

 

One of the main challenges is I didn't install any of the software we
use for this: not CentOS, not Snort/Barnyard, none of it. And the
installer didn't leave a whole lot (read that as "none") of
configuration management documentation behind on what he did. I can say
that mysqld is running (although I haven't checked the version yet).

 

I just went to the isc.sans.org article you apparently wrote and am now
convinced we need to upgrade to 2.8.4 (as well as barnyard2). I'm
presuming, since CentOS is pretty much a clone of RHEL we can just
download the appropriate RPM and use the normal RPM installation
process. Will this overwrite anything important or will it simply
upgrade the code? The only thing I have to find out, now, is if the DoD
client for which we are running this needs to approve the updates before
they are done. Still waiting for the response to that one.

 

Also, want to say I really, really appreciate your help and patience and
that of the other Snort old-hand users in the forum. It's making my job
a lot easier coming up to speed!

 

Rich

 

From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Friday, August 21, 2009 1:56 PM
To: Richard Lichvar
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Advice on Snort 2.8.x

 

On Fri, Aug 21, 2009 at 1:47 PM, Richard Lichvar <rlichvar () sainc com>
wrote:

        1.       We are on 2.8.0.2 (Build 75). Is there any real
advantage to upgrading to 2.8.4?

 

There are always advantages to staying current with software.  Check out
the changelog between 2.8.0.2 and 2.8.4.  Included with 2.8.4.

 

        2.       Will upgrading Barnyard2 interfere with 2.8.0.2 or
should we upgrade to 2.8.4?

Barnyard2 should read the unified output module and input into your
output method desire.  Unified output hasn't changed in quite some time.

 

 

        3.       We seem to be using PCRE version 6.6. What does this
tell us?

That you are running PCRE version 6.6.  I don't understand what you are
asking.

 

        4.       I notice there are MySql and other versions of Snort.
How do I tell whether we are using the MySQL version or not? (We running
on CentOS 5.2.)

How did you install Snort?  Through the tarball or via RPM?  If you
installed via the tarball, you would need to check your config.log file.
If you installed via the RPM, run the command "rpm -q snort" on the
command line.

 

         

        Again, many thanks in advance for helping this Snort newbie.

         

        RichLich

         

        
        
------------------------------------------------------------------------
------
        Let Crystal Reports handle the reporting - Free Crystal Reports
2008 30-Day
        trial. Simplify your report design, integration and deployment -
and focus on
        what you do best, core application coding. Discover what's new
with
        Crystal Reports now.  http://p.sf.net/sfu/bobj-july
        _______________________________________________
        Snort-users mailing list
        Snort-users () lists sourceforge net
        Go to this URL to change user options or unsubscribe:
        https://lists.sourceforge.net/lists/listinfo/snort-users
        Snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-use
rs>  list archive:
        http://www.geocrawler.com/redir-sf.php3?list=snort-users

 

-- Joel Esler | Sourcefire | Google Voice: 302-223-5974


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: