Thursday, December 29, 2011

Security Onion 20111229 now available!

Security Onion 20111229 is now available!  This resolves the following issues:
Issue 109:  Optional PADS or PRADS
Issue 115:  edit nsm_sensor_edit
Issue 162:  Process watchdog
Issue 164:  No sensor status info then server is down
Issue 173:  nsm_sensor_clean cronjob should output date to logfile

Thanks to Karolis for his work on integrating PADS into the distro!

  • The PADS configuration file (/etc/nsm/SENSOR-NAME/pads.conf) contains a "network" variable which defaults to:,,
    You will need to change this variable if you're monitoring public IP space.
  • The new process watchdog runs every 5 minutes and will restart any sensor process that has crashed.  It will move the process's old log file to PROCESS.log.TIMESTAMP so that you can determine why the process crashed. 
New Users
New users can download and install the 20111103 ISO image using the instructions here.  The step marked "Install Security Onion updates" will automatically install this update.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L > ~/ && bash ~/"
Note that the upgrade script is cumulative and will upgrade any older version of Security Onion to the most recent version (including any updates in between).

Upgrade Process

PADS events in Sguil

If you're a fan of Security Onion, please vote for it for 2011 Toolsmith Tool of the Year!

No comments:

Search This Blog

Featured Post

Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!

Our latest video is a sneak peek at a NEW feature coming to our FREE and OPEN Security Onion platform in the upcoming 2.4.70 release! This n...

Popular Posts

Blog Archive