Snort mailing list archives
Re: HTTP traffic not being scanned after upgrade from 1.9.1 to 2.0.0
From: Erek Adams <erek () snort org>
Date: Wed, 23 Apr 2003 11:55:05 -0400 (EDT)
On Tue, 22 Apr 2003, Kevin Van Der Hart wrote:
After upgrading from 1.9.1 to 2.0.0, the rules for HTTP traffic such as the WEB-IIS and WEB-FRONTPAGE rules are not working. HOME_NET, HTTP_SERVERS, and HTTP_PORTS are set properly. Other rules such as DDOS rules are working fine. Permissions are set the same on all .rules files and all are included in the snort.conf file. I have upgraded 2 separate web servers and both are having the same issues. I can look at my web server logs and see several frontpage attempts that were getting logged before the upgrade.
Lets be specific. What SID's are you refering to? There's a lot of rules for FrontPage. :) Did you think to upgrade your rules when you upgraded? Along with your snort.conf? When upgrading, it's no different that an a standard install--Except that you want to keep some of the settings from the old snort.conf file. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HTTP traffic not being scanned after upgrade from 1.9.1 to 2.0.0 Kevin Van Der Hart (Apr 23)
- Re: HTTP traffic not being scanned after upgrade from 1.9.1 to 2.0.0 Erek Adams (Apr 23)