Thursday, October 10, 2013

New NSM/Setup Packages now available

New versions of the following packages are now available!

Issues Resolved

Issue 376: netsniff-ng: specify ring buffer size
When running Setup and choosing Advanced Setup, you can now specify netsniff-ng's ring buffer size.

Issue 400: Add option to Advanced Setup to enable netsniff-ng mmap I/O
When running Setup and choosing Advanced Setup, you can now enable mmap I/O for netsniff-ng.

Issue 394: syslog-ng memory leak
/etc/cron.d/sensor-newday was doing "syslog-ng reload" which was causing a memory leak.  It now does a full "syslog-ng restart" to avoid the memory leak.

Issue 391: Setup should write log file to /tmp and then copy to /var/log/nsm/sosetup.log when done
While Setup is running, you can monitor /tmp/sosetup.log.  After Setup has completed, you can find the log at /var/log/nsm/sosetup.log.

Issue 377: Move Argus config to argus.conf so that users can change without modifying NSM scripts
Each sensor will now have its own argus.conf at /etc/nsm/HOSTNAME-INTERFACE/argus.conf that you can use to customize your Argus configuration.

Issue 401: ossec_agent.conf should set DAEMON to 0
The default ossec_agent.conf had DAEMON set to 1, but our NSM scripts expect spawned processes to NOT daemonize.  The NSM scripts now set DAEMON to 0 in ossec_agent.conf to avoid this.


netsniff-ng ring buffer

netsniff-ng mmap I/O

Thanks to Jon Schipp for his work on the netsniff-ng configuration!
Thanks to David Edelman for his work on the Argus configuration!
Thanks to JP Bourget and David Zawdie for testing the new packages!

The new packages are now available in our stable repo.  Please see our Upgrade page for full upgrade instructions:

If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

Want to learn more about Log Management?  Join me for SANS SEC434 Log Management In-Depth in Memphis TN on October 16th and 17th!  This class is being held in conjunction with University of Memphis Center for Information Assurance Cyber Security Expo taking place October 18, 2013 at the FedEx Institute of Technology.  Your paid tuition for this SANS course includes registration for the Cyber Security Expo when you register with Discount Code "ISC-Memphis":

Want to learn more about Security Onion?  Sign up for the upcoming 8-hour class in Augusta GA!  Be one of the first 10 students to sign up and you can register at the discounted Early Bird price!  For full details and to register, please see:

No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive