Snort mailing list archives
Re: Advice on Snort 2.8.x
From: "Richard Lichvar" <rlichvar () sainc com>
Date: Fri, 21 Aug 2009 14:10:14 -0400
Joel, Finally getting into some documentation! Got the Snort manual open right now. One of the main challenges is I didn't install any of the software we use for this: not CentOS, not Snort/Barnyard, none of it. And the installer didn't leave a whole lot (read that as "none") of configuration management documentation behind on what he did. I can say that mysqld is running (although I haven't checked the version yet). I just went to the isc.sans.org article you apparently wrote and am now convinced we need to upgrade to 2.8.4 (as well as barnyard2). I'm presuming, since CentOS is pretty much a clone of RHEL we can just download the appropriate RPM and use the normal RPM installation process. Will this overwrite anything important or will it simply upgrade the code? The only thing I have to find out, now, is if the DoD client for which we are running this needs to approve the updates before they are done. Still waiting for the response to that one. Also, want to say I really, really appreciate your help and patience and that of the other Snort old-hand users in the forum. It's making my job a lot easier coming up to speed! Rich From: Joel Esler [mailto:jesler () sourcefire com] Sent: Friday, August 21, 2009 1:56 PM To: Richard Lichvar Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Advice on Snort 2.8.x On Fri, Aug 21, 2009 at 1:47 PM, Richard Lichvar <rlichvar () sainc com> wrote: 1. We are on 2.8.0.2 (Build 75). Is there any real advantage to upgrading to 2.8.4? There are always advantages to staying current with software. Check out the changelog between 2.8.0.2 and 2.8.4. Included with 2.8.4. 2. Will upgrading Barnyard2 interfere with 2.8.0.2 or should we upgrade to 2.8.4? Barnyard2 should read the unified output module and input into your output method desire. Unified output hasn't changed in quite some time. 3. We seem to be using PCRE version 6.6. What does this tell us? That you are running PCRE version 6.6. I don't understand what you are asking. 4. I notice there are MySql and other versions of Snort. How do I tell whether we are using the MySQL version or not? (We running on CentOS 5.2.) How did you install Snort? Through the tarball or via RPM? If you installed via the tarball, you would need to check your config.log file. If you installed via the RPM, run the command "rpm -q snort" on the command line. Again, many thanks in advance for helping this Snort newbie. RichLich ------------------------------------------------------------------------ ------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users%0d%0aSnort-use rs> list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -- Joel Esler | Sourcefire | Google Voice: 302-223-5974
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Advice on Snort 2.8.x Richard Lichvar (Aug 21)
- Re: Advice on Snort 2.8.x Joel Esler (Aug 21)
- Re: Advice on Snort 2.8.x Richard Lichvar (Aug 21)
- Re: Advice on Snort 2.8.x Joel Esler (Aug 21)
- Re: Advice on Snort 2.8.x Richard Lichvar (Aug 21)
- Re: Advice on Snort 2.8.x Joel Esler (Aug 21)