This may be a difficult task, and you may want to experiment by running the Live version of the NST first.

Here is what I would recommend:

- Determine if the NST's web interface was used to setup snort on the original v1.6 machine and what interfaces were being monitored (eth0, eth1, ...).

- Boot a Live version of the new NST distribution (or make a save point in a VMware boot) - to practice.

- Use the NST WUI and setup snort on the same interfaces as the original v1.6 machine, but don't start snort yet.

- Tar up the following directories on the v1.6 machine and then untar them on the new machine:

  cd / && tar czf snort-cfg.tar.gz etc/snort etc/snort_* var/nst/snort

- Transfer the configuration tar file to the v2.11 machine and untar it:

  cd / && tar xzf snort-cfg.tar.gz

- Start up snort on the v2.11 machine and see what happens.

- If the process works on the live instance, repeat the process on your new server.

This may not work, as I don't know how your original configuration was setup on the v1.6 machine and there have been many changes in snort and the NST since the v1.6 release, but at least it is something you can try.

Good Luck,
Paul


On Wed, Aug 25, 2010 at 12:58 AM, Sung Kim <skim@90meter.com> wrote:
Hello,
I'm new to NST and snort as well.
I've inherited an NST box that's currenty on v1.6 which is actually a VM image that was downloaded from the NST site.
 
I've downloaded the latest NST VM image v2.11.
Is there a way to copy the configurations such as the snort's configuration from the old v1.6 to the new v2.11 so the tuned settings within snort are retained?
 
Is that's possible, how would I go about doing that (what directories do I need to copy and  what files to edit if any)? 
 
Thanks!

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
nst-cvs mailing list
nst-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nst-cvs




--
Paul Blankenbaker
paul.blankenbaker@redali.com
317-644-0529