Wednesday, September 10, 2014

New securityonion-nsmnow-admin-scripts package resolves two issues

securityonion-nsmnow-admin-scripts 20120724-0ubuntu0securityonion83 should resolve the following issues:

Issue 582: NSM: only run "broctl cron" if Bro is enabled

This should avoid the situation described here:

Issue 581: NSM: avoid filling disk if CRIT_DISK_USAGE exceeded in one day

We still have occasional reports of disks filling up with pcaps.  I've addressed this in 3 ways:

1.  sensor-clean used to run every 5 minutes, but has been changed to run *every* minute.

2.  sensor-clean no longer ignores pcaps from the current day.  If all previous days have been removed, then it will go into the current day's directory and remove pcaps one at a time until EITHER disk is no longer critical OR there are no pcaps remaining.

3.  If sensor-clean determines that there are no pcaps remaining to purge but disk is still critical, then it will stop netsniff-ng.

This new package has been tested by David Zawdie (thanks!).

The new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

$400 off the new 3-day Security Onion class in Richmond VA!

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

We especially need help in answering support questions on the mailing list:

We also need help testing new packages:


No comments: