Wednesday, November 13, 2013

New Snort, NSM, and sostat packages available

The following software was recently released:


I've packaged Snort and also updated the NSM and sostat packages.  The updated package versions are as follows:
securityonion-daq - 2.0.1-0ubuntu0securityonion2
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion62
securityonion-snort -
securityonion-sostat - 20120722-0ubuntu0securityonion10

The new packages have been tested by the following (thanks!):
JP Bourget
David Zawdie
Matt Gregory

Issues Resolved

Issue 405: Optimize network buffers
This update creates a new file called /etc/sysctl.d/10-securityonion.conf which increases some kernel network buffers.  The settings will be applied at the next boot, or you can apply them immediately with "sudo sysctl -p /etc/sysctl.d/10-securityonion.conf"

Issue 407: Increase frequency of /etc/cron.d/sensor-clean
/etc/cron.d/sensor-clean now runs every 5 minutes.  This should help avoid the disk filling up between hourly purges for some users.

Issue 419: Delete Snorby pid file at boot
/etc/init/securityonion.conf now deletes /opt/snorby/tmp/pids/ before starting the Snorby worker to avoid issues in case the pid file was empty.

Issue 408: Add "broctl netstats" to sostat

Issue 410: sostat should display the count of days archived in pcap and Bro logs

Issue 417: sostat - remove $HOSTNAME-

Issue 422: Bro average packet loss in sostat

Issue 398: Snort


The new packages are now available in our stable repo.  Please see the following page for full update instructions:

The Snort update will back up each of your existing snort.conf files to snort.conf.bak.  You'll then need to do the following:
  • apply your local customizations to the new snort.conf
  • update ruleset and restart Snort using "sudo rule-update"

"sudo soup" update process


Updating ruleset and restarting Snort using "sudo rule-update"
If you have any questions or problems, please use our mailing list:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list and IRC channel.  Thanks!

No comments:

Search This Blog

Featured Post

Celebrating 10 Years of Security Onion Solutions and Announcing Security Onion Pro!

From Doug Burks, Founder and CEO of Security Onion Solutions:  There’s an old saying that it takes ten years to be an overnight success. Tha...

Popular Posts

Blog Archive