Thursday, September 15, 2011

Security Onion 20110914 now available!

Security Onion 20110914 is now available!  This will update the Setup script to use the new config file format and install a daily script to purge old alerts from the database.


PLEASE NOTE!
sguil-db-purge is scheduled to run every day at 5:01 AM. It will do the following:
  • stop sguild
  • purge old events from the database
  • repair the remaining MySQL tables
  • start sguild
The default retention policy for the purge is 365 days. If you would like to change this value, please change the DAYSTOKEEP variable in /etc/nsm/securityonion.conf.

The daily cron job logs its output to /var/log/nsm/sguil-db-purge.log.


Since the purge script will be making changes to the database, it is recommended to backup your MySQL database and/or test the purge script on a non-production system before deploying to production.


In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command 
(if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
Screenshots
Upgrade process


Purge script

No comments:

Search This Blog

Featured Post

State of the Onion 2024

We usually have our State of the Onion at the annual Security Onion Conference, but we had to cancel the conference due to Hurricane Helene ...

Popular Posts

Blog Archive