Snort mailing list archives
Re: Snort and rules
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 23 Jul 2014 21:32:38 +0000
ALL A 422 means that you are requesting a file that does not exist. Most of the errors that I have seen are coming from people attempting to download a ruleset that doesn’t exist anymore. Please review our EOL policy: http://www.snort.org/eol On Jul 23, 2014, at 2:56 PM, Jeremy Hoel <jthoel () gmail com<mailto:jthoel () gmail com>> wrote: We have 50+ sensors.. and snort doesn't change that much that when a new version comes out I just log into each and rebuild. A quick search lists 2.9.5 builds available in jessie and sid. You could pull from those repos for snort and it's dependencies. On Wed, Jul 23, 2014 at 6:48 PM, Richard Smollett <yawningdogge () gmail com<mailto:yawningdogge () gmail com>> wrote: Thanks for the reply. The questions are apropos of the 422 error questions that have been lurking about. I'm one of those that apparently needs to upgrade in order to get pulledpork working again. Last question... Does anyone know of an apt repository that has the latest snort? I built a new sensor from Debian which had snort installed via apt-get, but it installed version 2.9.2.2 which is out of support. Am I stuck with installing from source? I'm planning on having several sensors in my environment and keeping them up to date would be a lot easier vi apt-get. On Wed, Jul 23, 2014 at 12:14 PM, Jeremy Hoel <jthoel () gmail com<mailto:jthoel () gmail com>> wrote: 1 - the rule snapshot needs to be close, but not newer then. ie: 2.9.6.2 is the latest version and i believe the snapshot is 2.9.6 or something. if you tried to run the 2.9.6 rules on 2.9.4 it would be bad. USe pulledpork. it makes the process easier. 2 - that depends on how you installed it. if you did it by source, grab the new source and upgrade, check the new conf file for any changes and away you go. if you did it via repo.. then apt-get/yum install the new version. There's no other official documentation about that. But if you want to look around - https://www.snort.org/#documents On Wed, Jul 23, 2014 at 1:21 PM, Richard Smollett <yawningdogge () gmail com<mailto:yawningdogge () gmail com>> wrote: Noob questions... 1. Does the rule snapshot version have to match the snort version that I'm running? 2. What's the official procedure for updating snort. (Yes, I've googled it. Lots of info on how to update rules, nothing on how to update snort.) ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort and rules Richard Smollett (Jul 23)
- Re: Snort and rules Jeremy Hoel (Jul 23)
- Re: Snort and rules Richard Smollett (Jul 23)
- Re: Snort and rules Jeremy Hoel (Jul 23)
- Re: Snort and rules Joel Esler (jesler) (Jul 23)
- Re: Snort and rules Richard Smollett (Jul 23)
- Re: Snort and rules Jeremy Hoel (Jul 23)