RE: [Snort-users] How do I upgrade Snort to the latest version?

When you say configuration you're talking the snort.conf file correct?
How much does the snort.conf file change between different versions of
snort? i.e. 2.1.2 and 2.1.3 I run pretty much the entire rule set + a
few custom rules. What my plan was to take 1 snort.conf file modify the
following then use that on all of my sensor's. Anyone see any holes in
this?

var HOME_NET
var DNS_SERVERS
var SMTP_SERVERS
var HTTP_SERVERS
var SQL_SERVERS
var TELNET_SERVERS
var SNMP_SERVERS
output database: sensor_name=3D
then uncomment or comment out the rules that don't apply to my network

Thanks

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Doug
Nordwall
Sent: Friday, June 04, 2004 1:33 PM
To: <snort-users@lists.sourceforge.net>
<snort-users@lists.sourceforge.net>
Subject: Re: [Snort-users] How do I upgrade Snort to the latest version?

i'd just back up your configuration first, but yep, that's essentially=20
how it's done :)

On Jun 4, 2004, at 7:20 AM, Lance Boon wrote:

> I want to upgrade to the latest version of snort and was wondering how
> to go about doing it. I've looked through the online users manual and
> can't find anything telling how to upgrade or update snort. I've got
6
> snort sensors on Fedora core1 logging to a centralized mysql server
so
> any assistance would be greatly appreciated.
>
> This is what I'm thinking
>
> /etc/rc5.d/S99snort stop
>
> tar -xvzf snort-2.1.3.tar.gz
> cd snort-2.1.3
> ./configure --with-mysql=3D/usr/local/mysql &&make &&make install
>
> Installing the rules and conf file:
> (From the Snort installation directory)
> cd rules
> cp * /etc/snort/rules
> cd ../etc
> cp *.conf /etc/snort
> cp *.config /etc/snort
> cp *.map /etc/snort
>
> Then modify my snort.conf file accordingly?
>
> Am I on the right track or has my train completely derailed.
>
> I'm pretty sure this was covered in the Snort 2.0 Intrusion Detection
> book but I don't have it with me and can't run out and get it right=20
> now.
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
> installation-authoring solution that does it all. Learn more and
> evaluate today! http://www.installshield.com/Dev2Dev/0504
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...st=3Dort-users
>

Doug Nordwall
Unix Administrator
EMSL Computer and Network Support
Phone: (509)376-4308; Fax: (509)376-0420



-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...=3Dsnort-users


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users