Snort mailing list archives

Re: Snort & Pulled Pork questions

From: Joel Esler <jesler () sourcefire com>
Date: Thu, 17 May 2012 12:45:57 -0400

The next major version of Snort. 2.9.3.

Snort 2.9.2.3 can use 2.9.2.2 rules


J

On May 17, 2012, at 12:22 PM, "Weir, Jason" <jason.weir () nhrs org> wrote:

Thanks Joel any ETA?

Jason

From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Thursday, May 17, 2012 11:36 AM
To: Weir, Jason
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort & Pulled Pork questions

What we are going to start doing is releasing a version of the Shared Object rules for the new version so people can 
upgrade right away.  The text rules will always work.

J

On May 17, 2012, at 9:20 AM, "Weir, Jason" <jason.weir () nhrs org> wrote:

Working on updating to the latest version of snort (2.9.2.3) and using pulledpork (0.6.1).

For those of us that are not paying subscribers of the VRT rule set updating to the latest issue within the first 30 
days causes issues..

I updated from 2.9.2.2 to 2.9.2.3 yesterday, when pulled pork runs it detects the snort version and attempts to 
download the correct rule set, well for me there is no rule set and won’t be for 30 days..

Now I can manually set the snort version to 2.9.2.2 in pulledpork.conf as long as 2.9.2.2 rules are compatible with 
2.9.2.3 (which Joel indicated they are.  This time..).

What happens when a change is made that make the older rules not compatible?

Are my choices to (1) not upgrade to the latest snort version for 30 days, until “free” rules are available, or (2) 
purchase a rule subscription?

Thanks,
Jason
_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort & Pulled Pork questions Weir, Jason (May 17)
- Re: Snort & Pulled Pork questions Joel Esler (May 17)
  - Re: Snort & Pulled Pork questions Heine Lysemose (May 17)
  - Re: Snort & Pulled Pork questions Weir, Jason (May 17)
    - Re: Snort & Pulled Pork questions Joel Esler (May 17)