Re: SNORT version lifecycle

[<Hanson.Webster () salemfive com>]

I found something on line that for that error.

comment out the line in your snort.conf /similar/ to the
following...

dynamicdetection directory /usr/local/lib/snort_dynamic_rules

just place a # at the beginning of the line and try starting snort again...

I did this and I get a little further,  now I get this error:
+----------------------------------------------------------------
[ Number of patterns truncated to 20 bytes: 324 ]
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".
ERROR: Can't set DAQ BPF filter to '.T' (pcap_daq_set_filter: pcap_compile: illegal char '.')!
Fatal Error, Quitting..

From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Monday, October 20, 2014 1:43 PM
To: Webster, Hanson
Cc: snort-sigs () lists sourceforge net
Subject: Re: [Snort-sigs] SNORT version lifecycle

Looks like you are running an old version of the preprocessors with a new version of Snort.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos

On Oct 20, 2014, at 1:33 PM, Hanson.Webster () salemfive com<mailto:Hanson.Webster () salemfive com> wrote:

OK I downloaded Snort 2.9.6.2 and daq 2.0.2 and installed them .  I can get pulled pork to update the rules now, 
however I can’t get Snort to start.  This is the error I get:

Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/
ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/web-activex.so" version 1.0 compiled with 
dynamic engine library version 2.0 isn't compatible with the current dynamic engine library 
"/usr/local/lib/snort_dynamicengine/libsf_engine.so" version 2.1.
Fatal Error, Quitting..

What do I need to update?

From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: Monday, October 20, 2014 9:46 AM
To: Webster, Hanson
Cc: snort-sigs () lists sourceforge net<mailto:snort-sigs () lists sourceforge net>
Subject: Re: [Snort-sigs] SNORT version lifecycle

EOL has nothing to do with “time” per say.

As is listed on the EOL page (www.snort.org/eol<http://www.snort.org/eol>), we support the latest patch version of the 
current major version and the latest patched version of the prior major version (So 2.9.6.2, 2.9.5.6)  (The third 
number being the major version).  When we introduce a new version (2.9.6.2), we support the last minor revision for 90 
days, then it is EOL.


So, for instance, The next version with be 2.9.7.0, at which time, we will set 2.9.5.6 (two major versions down) to 90 
day EOL.  We will support 2.9.6.2 until the next major version (2.9.8.0 or whatever we are calling it) is released.

Does that help?

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos



On Oct 20, 2014, at 9:30 AM, Hanson.Webster () salemfive com<mailto:Hanson.Webster () salemfive com> wrote:

Looking at the EOL table it appears that SNORT versions go end of life after 6 months. 2.9.6 was valid from 1/2014 
until 7/2014 and 2.9.61 was valid from 4/2014 until 10/2014.  Should I assume that 2.9.6.2 will go EOL in February of 
2015?

What is the procedure for updating SNORT?  Is it required to update it twice a year?

Snort Version

Released

EOL

Snort 2.9.5.6

2013-11-18

TBD**

Snort 2.9.6.0

2014-01-23

2014-07-23

Snort 2.9.6.1

2014-04-24

2014-10-15

Snort 2.9.6.2

2014-07-17

TBD**



________________________________
Hanson M. Webster | Network and Security Analyst | Salem Five Bank | 210 Essex Street, Salem MA 01970 | Tel: 978.720. 
5230 | Fax: 978.498.0230 | www.salemfive.com<http://www.salemfive.com/>

This information may be confidential and/or privileged.  Use of this information by anyone other than the intended 
recipient is prohibited.  If you receive this message in error, please inform the sender and remove any record of this 
message.

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>


Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org<http://www.snort.org/>


Please visit http://blog.snort.org<http://blog.snort.org/> for the latest news about Snort!

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!