Snort Package 3.2.9.6_1 Notes
-
Users of Snort will notice an update for the package to version 3.2.9.6_1. This update only includes a binary fix for users of the Netgate SG-3100 appliance. There are no GUI changes and no binary changes for Intel x86-based users.
So unless you want to run Snort on the SG-3100 appliance from Netgate, there is no compelling reason to upgrade to the 3.2.9.6_1 Snort package.
Bill
-
During update …
You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.Only the one with the unicode.map file seems to be wrong…
FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'. -
During update …
You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.Only the one with the unicode.map file seems to be wrong…
FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.Something got really messed up with your install/uninstall process. Those notes from pkg indicate it thinks you manually modified some files (or at least the checksums are different from the originals). I would remove the Snort package, manually remove any snort directories and their contents you find in /usr/local/etc, /usr/local/pkg, /usr/local/www and /usr/local/lib. After this manual cleanup, install the Snort package again from Package Manager.
Bill
-
During update …
You may need to manually remove /usr/local/etc/snort/classification.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/gen-msg.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/decoder.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/preprocessor.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/preproc_rules/sensitive-data.rules if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/reference.config if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/snort.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/threshold.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/unicode.map if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/file_magic.conf if it is no longer needed.
You may need to manually remove /usr/local/etc/snort/attribute_table.dtd if it is no longer needed.Only the one with the unicode.map file seems to be wrong…
FATAL ERROR: /usr/local/etc/snort/snort_54482_igb1/snort.conf(169) => Unable to open the IIS Unicode Map file '/usr/local/etc/snort/unicode.map'.Something got really messed up with your install/uninstall process. Those notes from pkg indicate it thinks you manually modified some files (or at least the checksums are different from the originals). I would remove the Snort package, manually remove any snort directories and their contents you find in /usr/local/etc, /usr/local/pkg, /usr/local/www and /usr/local/lib. After this manual cleanup, install the Snort package again from Package Manager.
Bill
Hi Bill, just for a point of reference, mine had the same "manually remove" messages from above when I ran the update to 3.2.9.6_1.
Vidmo -
+1. I too encountered the "manual remove" messages and I never touched the automated installation. I do not recall whether I had the fatal error. Snort seems to work just fine but I may follow the instruction to remove and reinstall for good measure.