Issue 582: NSM: only run "broctl cron" if Bro is enabled
https://code.google.com/p/security-onion/issues/detail?id=582
This should avoid the situation described here:
https://groups.google.com/d/topic/security-onion/Fo4xQ7VDIyY/discussion
Issue 581: NSM: avoid filling disk if CRIT_DISK_USAGE exceeded in one day
https://code.google.com/p/security-onion/issues/detail?id=581
We still have occasional reports of disks filling up with pcaps. I've addressed this in 3 ways:
1. sensor-clean used to run every 5 minutes, but has been changed to run *every* minute.
2. sensor-clean no longer ignores pcaps from the current day. If all previous days have been removed, then it will go into the current day's directory and remove pcaps one at a time until EITHER disk is no longer critical OR there are no pcaps remaining.
3. If sensor-clean determines that there are no pcaps remaining to purge but disk is still critical, then it will stop netsniff-ng.
This new package has been tested by David Zawdie (thanks!).
Updating
The new package is now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
No comments:
Post a Comment