Security Onion 20110914 now available!

Security Onion 20110914 is now available!  This will update the Setup script to use the new config file format and install a daily script to purge old alerts from the database.


PLEASE NOTE!
sguil-db-purge is scheduled to run every day at 5:01 AM. It will do the following:

• stop sguild
• purge old events from the database
• repair the remaining MySQL tables
• start sguild

The default retention policy for the purge is 365 days. If you would like to change this value, please change the DAYSTOKEEP variable in /etc/nsm/securityonion.conf.

The daily cron job logs its output to /var/log/nsm/sguil-db-purge.log.


Since the purge script will be making changes to the database, it is recommended to backup your MySQL database and/or test the purge script on a non-production system before deploying to production.


In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots

Upgrade process

Purge script