Thursday, September 15, 2011

Security Onion 20110914 now available!

Security Onion 20110914 is now available!  This will update the Setup script to use the new config file format and install a daily script to purge old alerts from the database.

sguil-db-purge is scheduled to run every day at 5:01 AM. It will do the following:
  • stop sguild
  • purge old events from the database
  • repair the remaining MySQL tables
  • start sguild
The default retention policy for the purge is 365 days. If you would like to change this value, please change the DAYSTOKEEP variable in /etc/nsm/securityonion.conf.

The daily cron job logs its output to /var/log/nsm/sguil-db-purge.log.

Since the purge script will be making changes to the database, it is recommended to backup your MySQL database and/or test the purge script on a non-production system before deploying to production.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command 
(if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L > ~/ && bash ~/"
Upgrade process

Purge script

No comments:

Search This Blog

Featured Post

Top 5 Reasons to Sign Up for our 4-day Security Onion Fundamentals for Analysts & Admins Class in June 2024

Security Onion Solutions has been teaching Security Onion classes since 2014. Since that time, we've taught students around the globe to...

Popular Posts

Blog Archive