[Snort-users] "And now for something Completely Different!" Or 'How to Upgrade'

From: Erek Adams <erek(at)snort.org>
Date: Fri Mar 28 2003 - 10:32:23 EST

With a 2.0 release coming up, I _know_ this one will come up at least once--If not dozens of times. :)

This is set of basic ideas for you to think about when you make an upgrade from one version to another. It's a fairly "high level", with not much detail. If you need something more specific, check the archives [0] for more detailed information. Some of these are _really_ basic, almost common sense. Others come from the recesses of my twisted little mind. I'm sure other folks can offer some suggestions as well. Anyway, enough with that, And now for something Completely Different.

Considerations:

• Is this a Major update? (1.8.x -> 1.9.x -> 2.0) If so, you _really_ want to take the time to put this up and working in a test setup before going live. If you can't do that, at least install in parallel trees, use 'merged' configs and test while your current one is running. Don't use your DB for this, unless you can create a new instance for the new version.
• Update everything. <snordir>/etc/*, <snortdir>/rules/* are critical files that have to be updated.
• Don't assume things will work the same. Minor changes in the code could have a major impact on what you get.

Basic Steps:

1. Unpack, configure, build.
2. Backup all old configs, rules, sid*, *.config, and snort binary.
3. Merge old changes into new snort.conf
4. Merge local changes/additions of rules into the new versions rules.
5. Test that config with the new snort:

        src/snort -T -c etc/snort.conf.new

6) Run it on a test box and see... If you can't, run it in parallel to compare info from the old and the new version. 7) If you're satisfied with the setup--Install it. :) Place it in what ever directory structre you're using.
8) Kill the old version, move the old data files to somewhere else 9) Restart the snort process.

That's it in a nutshell. Anyone have anything to suggest?

Cheers!

---

Erek Adams

   "When things get weird, the weird turn pro." H.S. Thompson

---

This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Fri Mar 28 10:47:47 2003