Snort mailing list archives

Re: Snort 2.9.3

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 20 Jul 2012 12:30:52 -0400

On Fri, Jul 20, 2012 at 04:25:18PM +0000, Eric Luellen wrote:

Thanks for the information. That is what I assumed but since there wasn't a 2.9.3 one on the official Snort page yet 
I was hoping for the best. I'll use the VRT rules.


There is a 2.9.3.0 rule release.  They are subscriber rules.  Registered users have to wait 30 days.

Eric

From: Tony Robinson [mailto:trobinson () sourcefire com]
Sent: Friday, July 20, 2012 12:16 PM
To: Eric Luellen
Cc: Joel Esler; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort 2.9.3

Eric,
snapshot-2923.tar.gz
Means you are attempting to use the latest rule snapshot designed for snort 2.9.2.3. If you want 2.9.3 compatible SO 
rules you will need to utilize a VRT rule subscription or wait for the 2.9.3 rules to be made available publicly on 
snort.org<http://snort.org> -- usually 30 days later.

-Tony
On Fri, Jul 20, 2012 at 10:51 AM, Eric Luellen <eluellen () perimeterusa com<mailto:eluellen () perimeterusa com>> 
wrote:
I agree with that but not really sure how. I removed my previous Snort install and then did the whole ./configure, 
make, make install with 2.9.3 and then loaded the latest rule set I could get from snort.org<http://snort.org>. Which 
was snapshot-2923.tar.gz.

Eric Luellen, CISSP, GCED
Level II  Security Analyst
Perimeter E-Security
919.228.2523<tel:919.228.2523>

From: Joel Esler [mailto:jesler () sourcefire com<mailto:jesler () sourcefire com>]
Sent: Friday, July 20, 2012 10:42 AM
To: Eric Luellen
Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort 2.9.3

Looks like you are using 2.9.2 shared object rules with 2.9.3.

On Jul 20, 2012, at 9:26 AM, Eric Luellen <eluellen () perimeterusa com<mailto:eluellen () perimeterusa com>> wrote:

Has anyone ran into this error when upgrading from 2.9.2 to 2.9.3?

ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/misc.so" version 1.0 compiled with dynamic 
engine library version 1.15 isn't compatible with the current dynamic engine library 
"/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 1.16.

Eric

--

 The sender of this email subscribes to Perimeter E-Security's email

 anti-virus service. This email has been scanned for malicious code and is

 believed to be virus free. For more information on email security please

 visit: http://www.perimeterusa.com/services/messaging

 This communication is confidential, intended only for the named recipient(s)

 above and may contain trade secrets or other information that is exempt from

 disclosure under applicable law. Any use, dissemination, distribution or

 copying of this communication by anyone other than the named recipient(s) is

 strictly prohibited. If you have received this communication in error, please

 delete the email and immediately notify our Command Center at 203-541-3444<tel:203-541-3444>.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

--

 The sender of this email subscribes to Perimeter E-Security's email

 anti-virus service. This email has been scanned for malicious code and is

 believed to be virus free. For more information on email security please

 visit: http://www.perimeterusa.com/services/messaging

 This communication is confidential, intended only for the named recipient(s)

 above and may contain trade secrets or other information that is exempt from

 disclosure under applicable law. Any use, dissemination, distribution or

 copying of this communication by anyone other than the named recipient(s) is

 strictly prohibited. If you have received this communication in error, please

 delete the email and immediately notify our Command Center at 203-541-3444<tel:203-541-3444>.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

--
Tony Robinson
Security Consultant I
SourceFIRE Professional Services Division

--
 The sender of this email subscribes to Perimeter E-Security's email
 anti-virus service. This email has been scanned for malicious code and is
 believed to be virus free. For more information on email security please
 visit: http://www.perimeterusa.com/services/messaging
 This communication is confidential, intended only for the named recipient(s)
 above and may contain trade secrets or other information that is exempt from
 disclosure under applicable law. Any use, dissemination, distribution or
 copying of this communication by anyone other than the named recipient(s) is
 strictly prohibited. If you have received this communication in error, please
 delete the email and immediately notify our Command Center at 203-541-3444.


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort 2.9.3 Eric Luellen (Jul 20)
- Re: Snort 2.9.3 Joel Esler (Jul 20)
  - Re: Snort 2.9.3 Eric Luellen (Jul 20)
    - Re: Snort 2.9.3 Joel Esler (Jul 20)
    - Re: Snort 2.9.3 Tony Robinson (Jul 20)
    - Re: Snort 2.9.3 Eric Luellen (Jul 20)
    - Re: Snort 2.9.3 Joel Esler (Jul 20)