Snort mailing list archives

Re: Reporting server and sensor compatibility

From: Pratibha Rajan <pratibha.nair12 () outlook com>
Date: Tue, 5 Jul 2016 10:16:55 +0530

Thank you Joel,
So as I gather, what I am looking at is a complete revamp of the reporting server and the sensors for the new version 
of Snort to work.If I were to update rules on Snort 2.9.0.x, I should first update the Sid-msg.map file right?
regards,Pratibha
From: jesler () cisco com
To: pratibha.nair12 () outlook com
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Reporting server and sensor compatibility
Date: Fri, 1 Jul 2016 15:18:53 +0000

When you upgrade to the current version, you’ll need to move to a Snort -> unified2 -> barnyard2 -> mysql structure.  
We’ve removed the Mysql output module from Snort a long time ago.

--Joel EslerManager, Talos Group

On Jul 1, 2016, at 9:03 AM, Pratibha Rajan <pratibha.nair12 () outlook com> wrote:While rechecking I did find 
sid-msg.map in the path /etc/snort/rules.

From: pratibha.nair12 () outlook com
To: jesler () cisco com; snort-users () lists sourceforge net
Date: Fri, 1 Jul 2016 18:17:20 +0530
Subject: Re: [Snort-users] Reporting server and sensor compatibility

Thanks Joel. Our output method from Snort to database is with mysql. So i'm not sure if Sid-msg.map file may be present.

regards 
Pratibha

From: jesler () cisco com
To: pratibha.nair12 () outlook com
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Reporting server and sensor compatibility
Date: Fri, 1 Jul 2016 11:20:59 +0000

As long as you are using the correct Sid-msg.map file for your rules, there shouldn't be a problem. 

--Joel EsleriPhone
On Jul 1, 2016, at 6:10 AM, Pratibha Rajan <pratibha.nair12 () outlook com> wrote:

Hi,
We run Snort as an IDS with one centralized reporting server that is used to push the VRT updates to multiple sensors 
sitting in promiscuous mode. All the servers including the reporting server and sensors run with very old versions of 
Snort - 2.9.0.3 on RHEL 5.3. Needless to say the Rules also haven't been updated for a long time. 

Now if we were to upgrade some sensors to RHEL 7.2 with Snort 2.9.8.3, what issues will we be looking at w.r.t- VRT 
updates and conflict with the central reporting server (Snort - 2.9.0.3 on RHEL 5.3).
Will the Central reporting server still be able to download new rules(seeing that VRT updates have been EOL for 
2.9.0.3)?

Thanks much
Pratibha------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 
15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present 
their vision of the future. This family event has something for everyone, including kids. Get more information and 
register today. http://sdm.link/attshape
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to 
this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users 
list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to 
stay current on all the latest Snort news!

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
- Re: Reporting server and sensor compatibility Al Lewis (allewi) (Jul 01)
  - Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
    - Re: Reporting server and sensor compatibility Joel Esler (jesler) (Jul 01)
- Re: Reporting server and sensor compatibility Joel Esler (jesler) (Jul 01)
  - Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
    - Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 01)
    - Re: Reporting server and sensor compatibility Joel Esler (jesler) (Jul 01)
    - Re: Reporting server and sensor compatibility Pratibha Rajan (Jul 04)
    - Re: Reporting server and sensor compatibility Joel Esler (jesler) (Jul 05)
    - Re: Reporting server and sensor compatibility wkitty42 (Jul 05)