Monday, January 26, 2015

New version of sguil-db-purge helps prevent Sguil uncategorized events from getting out of control

We have a new version of sguil-db-purge which should help prevent your Sguil uncategorized events from getting out of control.  sguil-db-purge now adds a new configuration parameter to /etc/nsm/securityonion.conf called UNCAT_MAX (and sets it to 100000 by default).  If the number of Sguil uncategorized events is higher than UNCAT_MAX, then sguil-db-purge will categorize the oldest events until UNCAT_MAX is reached.

I've packaged this new version and it has been tested by David Zawdie (thanks!).

The new package version is:
 securityonion-sguil-db-purge - 20120722-0ubuntu0securityonion10

Issues Resolved

Issue 672: sguil-db-purge: check for UNCAT_MAX

The new package is now available in our stable repo.  Please see the following page for full update instructions:


The next time sguil-db-purge runs, it adds UNCAT_MAX=100000 to /etc/nsm/securityonion.conf

If there are less than UNCAT_MAX uncategorized events, no action is necessary

If we set UNCAT_MAX to a number smaller than our number of uncategorized events...

...then sguil-db-purge categorizes the oldest events until we get down to UNCAT_MAX

If you have any questions or problems, please use our security-onion mailing list:

Commercial Support
Need training and/or commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:


No comments:

Search This Blog

Featured Post

Security Onion 2.3 has reached End Of Life

On 10/6/2023, we announced a 6-month EOL notice for Security Onion 2.3:

Popular Posts

Blog Archive