Re: RE: Upgrading Snort - Baffled?

[Alwin Raymundo <alrayworld () yahoo com>]

Hi,

I think you have to update your ruleset (*.rules).  I
exprience the same thing when I try to update my
snort.

step one

you have to know where your snort located.
#rpm -ql snort-mysql or whatever.

Look for /usr/bin/snort or /usr/local/snort something
like that.

Step Two

To diagnose the problem execute the following command.
# /usr/bin/snort -c /etc/snort/snort.conf -i eth0

take note of the eth0 may be you are using eth1 after
you execute the command above and you will see what is
the error all about.




--- chae <chae () hyper net nz> wrote:
> Hi Yah,
>
> This is for the archives in case anyone else had the
> same problem...
>
> Problem:
> "..Decided to upgrade the 1.8.1 to 1.8.7 - copied
> the binary onto the 
> server, stopped snort and issued -Uvh
> snort-1.8.7-1snort.i386.rpm from the 
> folder in which I uploaded the binary. The upgraded
> then came back to me 
> with the following errors about the
> /etc/snort/whatever-ruleset-name 
> snort-1.8.7-1 conflicted with the same ruleset name
> on package 1.8.1."
>
> Solution:
> Tried the remove but it didn't want to play the game
> so I used the --force 
> install; thank you I knew it had to be something
> silly ;)
>
> Anyway once it installed I ran snort and of course
> didn't want to play the 
> game, so did some snooping and on the old version
> the binary was called 
> just snort yet on the new version it was called
> snortd, so I called that up 
> from the command line...
>
> [root@ns init.d]# /etc/rc.d/init.d/snortd start -c
> /etc/snort.conf -D -O -h 
> -N -l /var/log/snort -b
> Starting snort: snort
>
> This is when I noticed it didn't start as usual in
> the daemon mode :(
>
> did a snort status:
>
> [root@ns init.d]# /etc/rc.d/init.d/snort status
> snort dead but subsys locked
>
> bummer couldn't think what that was and again after
> doing some snooping and 
> searching through the archives I read that the newer
> version of snort would 
> read the /etc/snort/snort.conf file where in the old
> version it was reading 
> /etc/snort.conf. Moved the snort.conf into the
> /etc/snort folder and tried 
> again...
>
> [root@ns init.d]# /etc/rc.d/init.d/snortd start -c
> /etc/snort.conf -D -O -h 
> -N -l /var/log/snort -b
> Starting snort:
> [root@ns init.d]# /etc/rc.d/init.d/snort status
> snort (pid 21198) is running...
>
> Now it's running and checked my syslogs and seen
> that it did start in 
> Daemon mode. Now to see what it does at the end of
> play when I call the 
> reports off.
>
> Thanks for all the replies and help
>
> Regards
>
> Chae
-------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or
> unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
Alwin Raymundo

__________________________________________________
Do You Yahoo!?
Yahoo! Autos - Get free new car price quotes
http://autos.yahoo.com


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users