Re: HTTP traffic not being scanned after upgrade from 1.9.1 to 2.0.0

[Erek Adams <erek () snort org>]

On Tue, 22 Apr 2003, Kevin Van Der Hart wrote:

> After upgrading from 1.9.1 to 2.0.0, the rules for HTTP traffic such as the
> WEB-IIS and WEB-FRONTPAGE rules are not working. HOME_NET, HTTP_SERVERS, and
> HTTP_PORTS are set properly. Other rules such as DDOS rules are working
> fine. Permissions are set the same on all .rules files and all are included
> in the snort.conf file. I have upgraded 2 separate web servers and both are
> having the same issues. I can look at my web server logs and see several
> frontpage attempts that were getting logged before the upgrade.

Lets be specific.  What SID's are you refering to?  There's a lot of rules
for FrontPage.  :)

Did you think to upgrade your rules when you upgraded?  Along with your
snort.conf?  When upgrading, it's no different that an a standard
install--Except that you want to keep some of the settings from the old
snort.conf file.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users