mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
2.2 KiB
ReStructuredText
65 lines
2.2 KiB
ReStructuredText
Upgrading
|
|
=========
|
|
|
|
General instructions
|
|
--------------------
|
|
|
|
Suricata can be upgraded by simply installing the new version to the same
|
|
locations as the already installed version. When installing from source,
|
|
this means passing the same ``--prefix``, ``--sysconfdir``,
|
|
``--localstatedir`` and ``--datadir`` options to ``configure``.
|
|
|
|
::
|
|
|
|
$ suricata --build-info|grep -A 3 '\-\-prefix'
|
|
--prefix /usr
|
|
--sysconfdir /etc
|
|
--localstatedir /var
|
|
--datarootdir /usr/share
|
|
|
|
|
|
Configuration Updates
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
New versions of Suricata will occasionally include updated config files:
|
|
``classification.config`` and ``reference.config``. Since the Suricata
|
|
installation will not overwrite these if they exist, they should be manually
|
|
updated. If there are no local modifications they can simply be overwritten
|
|
by the ones Suricata supplies.
|
|
|
|
Major updates include new features, new default settings and often also
|
|
remove features.
|
|
|
|
Upgrading 5.0 to 6.0
|
|
--------------------
|
|
- SIP now enabled by default
|
|
- EDP now enabled by default
|
|
|
|
Removals
|
|
~~~~~~~~
|
|
- File-store v1 has been removed. If using file extraction, the file-store configuration will need to be updated to version 2. See :ref:`filestore-update-v1-to-v2`.
|
|
|
|
Upgrading 4.1 to 5.0
|
|
--------------------
|
|
|
|
Major changes
|
|
~~~~~~~~~~~~~
|
|
- New protocols enabled by default: snmp (new config only)
|
|
- New protocols disabled by default: rdp, sip
|
|
- New defaults for protocols: nfs, smb, tftp, krb5 ntp are all enabled
|
|
by default (new config only)
|
|
- VXLAN decoder enabled by default. To disable, set
|
|
``decoder.vxlan.enabled`` to ``false``.
|
|
- HTTP LZMA support enabled by default. To disable, set ``lzma-enabled``
|
|
to ``false`` in each of the ``libhtp`` configurations in use.
|
|
- classification.config updated. ET 5.0 ruleset will use this.
|
|
- decoder event counters use 'decoder.event' as prefix now. This can
|
|
be controlled using the ``stats.decoder-events-prefix`` setting.
|
|
|
|
Removals
|
|
~~~~~~~~
|
|
- ``dns-log``, the text dns log. Use EVE.dns instead.
|
|
- ``file-log``, the non-EVE JSON file log. Use EVE.files instead.
|
|
|
|
See https://suricata-ids.org/about/deprecation-policy/
|