Wednesday, December 14, 2011

Security Onion 20111214 now available!


Security Onion 20111214 is now available!  This resolves the following issue:

The previous purging method only removed old pcaps from the dailylogs directories.  The new method removes old pcaps but also purges old argus, httpry, and unified2 files.  

For those running multiple sensors on the same /nsm, the previous purging method would have deleted all pcaps from the first sensor before beginning to purge the second sensor.  The new method tries to delete more evenly across the sensors.

New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Screenshots
Upgrade Process
Purging
/etc/cron.d/sensor-clean contains a cronjob that runs the purge hourly.  You can manually run the purge as follows:
sudo /usr/local/sbin/nsm --sensor --clean
sudo /usr/local/sbin/nsm --sensor --clean

2 comments:

Paulo Espinosa said...

Hi, I want to change the default log path to another directory, because I have another HD with 1TB can you show me which file I need to change to complete that?

Doug Burks said...

Hi Paulo,

Please see our FAQ:

https://code.google.com/p/security-onion/wiki/FAQ#What_do_I_need_to_modify_in_order_to_have_the_log_files_stored_o