Wednesday, December 14, 2011

Security Onion 20111214 now available!


Security Onion 20111214 is now available!  This resolves the following issue:

The previous purging method only removed old pcaps from the dailylogs directories.  The new method removes old pcaps but also purges old argus, httpry, and unified2 files.  

For those running multiple sensors on the same /nsm, the previous purging method would have deleted all pcaps from the first sensor before beginning to purge the second sensor.  The new method tries to delete more evenly across the sensors.

New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Screenshots
Upgrade Process
Purging
/etc/cron.d/sensor-clean contains a cronjob that runs the purge hourly.  You can manually run the purge as follows:
sudo /usr/local/sbin/nsm --sensor --clean
sudo /usr/local/sbin/nsm --sensor --clean

2 comments:

Unknown said...

Hi, I want to change the default log path to another directory, because I have another HD with 1TB can you show me which file I need to change to complete that?

Doug Burks said...

Hi Paulo,

Please see our FAQ:

https://code.google.com/p/security-onion/wiki/FAQ#What_do_I_need_to_modify_in_order_to_have_the_log_files_stored_o

Search This Blog

Featured Post

1-month End Of Life (EOL) reminder for Security Onion 2.3

In October of last year, we announced the End Of Life (EOL) date for Security Onion 2.3: https://blog.securityonion.net/2023/10/6-month-eol-...

Popular Posts

Blog Archive