Wednesday, September 10, 2014

New securityonion-nsmnow-admin-scripts package resolves two issues

securityonion-nsmnow-admin-scripts 20120724-0ubuntu0securityonion83 should resolve the following issues:

Issue 582: NSM: only run "broctl cron" if Bro is enabled
https://code.google.com/p/security-onion/issues/detail?id=582

This should avoid the situation described here:
https://groups.google.com/d/topic/security-onion/Fo4xQ7VDIyY/discussion

Issue 581: NSM: avoid filling disk if CRIT_DISK_USAGE exceeded in one day
https://code.google.com/p/security-onion/issues/detail?id=581

We still have occasional reports of disks filling up with pcaps.  I've addressed this in 3 ways:

1.  sensor-clean used to run every 5 minutes, but has been changed to run *every* minute.

2.  sensor-clean no longer ignores pcaps from the current day.  If all previous days have been removed, then it will go into the current day's directory and remove pcaps one at a time until EITHER disk is no longer critical OR there are no pcaps remaining.

3.  If sensor-clean determines that there are no pcaps remaining to purge but disk is still critical, then it will stop netsniff-ng.



This new package has been tested by David Zawdie (thanks!).

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
$400 off the new 3-day Security Onion class in Richmond VA!
http://blog.securityonion.net/2014/09/400-off-our-new-3-day-security-onion.html

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

No comments:

Search This Blog

Featured Post

Security Onion 2.4.111 now available!

In October, we released version 2.4.110: https://blog.securityonion.net/2024/10/security-onion-24110-hurricane-helene.html Last week, Surica...

Popular Posts

Blog Archive