Thursday, September 15, 2011

Security Onion 20110914 now available!

Security Onion 20110914 is now available!  This will update the Setup script to use the new config file format and install a daily script to purge old alerts from the database.


PLEASE NOTE!
sguil-db-purge is scheduled to run every day at 5:01 AM. It will do the following:
  • stop sguild
  • purge old events from the database
  • repair the remaining MySQL tables
  • start sguild
The default retention policy for the purge is 365 days. If you would like to change this value, please change the DAYSTOKEEP variable in /etc/nsm/securityonion.conf.

The daily cron job logs its output to /var/log/nsm/sguil-db-purge.log.


Since the purge script will be making changes to the database, it is recommended to backup your MySQL database and/or test the purge script on a non-production system before deploying to production.


In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command 
(if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
Upgrade process


Purge script

No comments:

Search This Blog

Featured Post

Security Onion 2.4.130 now available including Elastic 8.17.3 and much more!

Security Onion 2.4.130 is now available including Elastic 8.17.3 and much more! Elastic 8.17.3 The main focus of this release is upgrading t...

Popular Posts

Blog Archive