Re: Snort and rules

[Richard Smollett <yawningdogge () gmail com>]

Thanks for the reply.

The questions are apropos of the 422 error questions that have been lurking
about. I'm one of those that apparently needs to upgrade in order to get
pulledpork working again.

Last question... Does anyone know of an apt repository that has the latest
snort? I built a new sensor from Debian which had snort installed via
apt-get, but it installed version 2.9.2.2 which is out of support. Am I
stuck with installing from source? I'm planning on having several sensors
in my environment and keeping them up to date would be a lot easier vi
apt-get.


On Wed, Jul 23, 2014 at 12:14 PM, Jeremy Hoel <jthoel () gmail com> wrote:

> 1 - the rule snapshot needs to be close, but not newer then.  ie: 2.9.6.2
> is the latest version and i believe the snapshot is 2.9.6 or something.  if
> you tried to run the 2.9.6 rules on 2.9.4 it would be bad.  USe
> pulledpork.  it makes the process easier.
>
> 2 - that depends on how you installed it.  if you did it by source, grab
> the new source and upgrade, check the new conf file for any changes and
> away you go.  if you did it via repo.. then apt-get/yum install the new
> version.  There's no other official documentation about that.  But if you
> want to look around - https://www.snort.org/#documents
>
>
> On Wed, Jul 23, 2014 at 1:21 PM, Richard Smollett <yawningdogge () gmail com>
> wrote:
>
> > Noob questions...
> > 1. Does the rule snapshot version have to match the snort version that
> > I'm running?
> > 2. What's the official procedure for updating snort. (Yes, I've googled
> > it. Lots of info on how to update rules, nothing on how to update snort.)
> >
> >
> > ------------------------------------------------------------------------------
> > Want fast and easy access to all the code in your enterprise? Index and
> > search up to 200,000 lines of code with a free copy of Black Duck
> > Code Sight - the same software that powers the world's largest code
> > search on Ohloh, the Black Duck Open Hub! Try it now.
> > http://p.sf.net/sfu/bds
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!