Sunday, March 24, 2013

New PRADS package available

I've packaged a new version of PRADS which changes the way that byte counts are reported.  PRADS will now report total IP bytes, which matches up with the way that NetworkMiner reports byte counts.  It also matches the byte counts in Bro's conn.log in the orig_ip_bytes and resp_ip_bytes fields.  For more details, please see:
https://github.com/gamelinux/prads/issues/30


The new package is now available in our stable repo. You can initiate the upgrade process using the graphical Update Manager or using the following one-liner:
sudo apt-get update && sudo apt-get dist-upgrade
After upgrading, you'll need to manually restart PRADS as follows:
sudo nsm_sensor_ps-restart --only-prads
Here's an example using traffic from testmyids.com:
Byte counts in Sguil (provided by PRADS)

Byte counts in NetworkMiner

Byte counts in Bro's conn.log (orig_ip_bytes and resp_ip_bytes fields)

Feedback
If you have any questions or problems, please use our mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.