The new packages are as follows:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion114
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion7
These new packages should resolve the following issues:
Issue 684: NSM: nsm_server_ps-start needs to create /var/log/sguild/ if it doesn't already exist
Issue 687: NSM: nsm_sensor_ps-start should set permissions on /var/log/nsm/HOSTNAME-INTERFACE/ properly
Issue 688: ossec_agent: add option to disable DNS lookups
These new packages have been tested by David Zawdie (thanks!).
After updating to the new packages, the next time that the NSM scripts start ossec_agent.tcl, they will add a new USE_DNS option to /etc/nsm/ossec/ossec_agent.conf and default it to 0 (disabled). This results in much better performance for ossec_agent.tcl.
If you need to revert to the previous behavior of DNS lookups enabled and don't mind the additional lookup delay, you can change USE_DNS to 1 (enabled) and then restart ossec_agent.tcl:
sudo nsm_sensor_ps-restart --only-ossec-agentAlso note that these packages move ossec_agent.tcl to /usr/bin/.
The new packages are now available in our stable repo. Please see the following page for full update instructions:
If you have any questions or problems, please use our security-onion mailing list:
Need training and/or commercial support? Please see:
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are now available in our CafePress store!