--- /dev/null
+Upgrading
+=========
+
+General instructions
+--------------------
+
+Suricata can be upgraded by simply installing the new version to the same
+locations as the already installed version. When installing from source,
+this means passing the same ``--prefix``, ``--sysconfdir``,
+``--localstatedir`` and ``--datadir`` options to ``configure``.
+
+::
+
+ $ suricata --build-info|grep -A 3 '\-\-prefix'
+ --prefix /usr
+ --sysconfdir /etc
+ --localstatedir /var
+ --datarootdir /usr/share
+
+
+Configuration Updates
+~~~~~~~~~~~~~~~~~~~~~
+
+New versions of Suricata will occationally include updated config files:
+``classification.config`` and ``reference.config``. Since the Suricata
+installation will not overwrite these if they exist, they should be manually
+updated. If there are no local modifications they can simply be overwritten
+by the ones Suricata supplies.
+
+Major updates include new features, new default settings and often also
+remove features.
+
+
+Upgrading 4.1 to 5.0
+--------------------
+
+Major changes
+~~~~~~~~~~~~~
+- New protocols enabled by default: snmp (new config only)
+- New protocols disabled by default: rdp, sip
+- New defaults for protocols: nfs, smb, tftp, krb5 ntp are all enabled
+ by default (new config only)
+- VXLAN decoder enabled by default. To disable, set
+ ``decoder.vxlan.enabled`` to ``false``.
+- HTTP LZMA support enabled by default. To disable, set ``lzma-enabled``
+ to ``false`` in each of the ``libhtp`` configurations in use.
+- classification.config updated. ET 5.0 ruleset will use this.
+- decoder event counters use 'decoder.event' as prefix now. This can
+ be controlled using the ``stats.decoder-events-prefix`` setting.
+
+Removals
+~~~~~~~~
+- ``dns-log``, the text dns log. Use EVE.dns instead.
+- ``file-log``, the non-EVE JSON file log. Use EVE.files instead.
+
+See https://suricata-ids.org/about/deprecation-policy/
projects / thirdparty / suricata.git / commitdiff
