Tuesday, July 9, 2013

New NSM and Setup packages allow for changing the default 90% disk usage threshold

New versions of our securityonion-nsmnow-admin-scripts and securityonion-setup packages are now available that allow you to change our default 90% disk usage threshold.  When you run Setup, it will still default to purging old logs when disk usage hits 90%.  Choosing "Advanced Setup" will prompt you to specify your own disk usage threshold:
Advanced Setup prompts for disk usage threshold
This setting is then written into /etc/nsm/securityonion.conf as CRIT_DISK_USAGE, where it is sourced by /usr/sbin/nsm_sensor_clean when the hourly cronjob runs.

If you've already run Setup and want to change the default 90% disk usage threshold, you can simply set the value in /etc/nsm/securityonion.conf.

These updates resolve the following issues:
Issue 315: Update NSM scripts so that WARN_DISK_USAGE and CRIT_DISK_USAGE are configurable by user
Issue 358: Update Setup so that Advanced Setup asks about CRIT_DISK_USAGE

Thanks to Karolis Cepulis for the nsm_sensor_clean patch!
Thanks to David Zawdie for testing the new package!

The new package is now available in our stable repo.  Please see our Upgrade page for full upgrade instructions:

If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

Want to learn more about Security Onion?  Sign up for the upcoming 8-hour class in Augusta GA!

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive