Wednesday, February 4, 2015

New NSM and ossec_agent.tcl packages resolve several issues

Brian Kellogg submitted a patch for ossec_agent.tcl that allows you to enable or disable DNS lookups.  Thanks, Brian!  I've packaged this and also updated the NSM package to resolve several issues.

The new packages are as follows:

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion114
securityonion-sguil-agent-ossec - 20120726-0ubuntu0securityonion7

These new packages should resolve the following issues:

Issue 684: NSM: nsm_server_ps-start needs to create /var/log/sguild/ if it doesn't already exist

Issue 686: NSM: nsm_server_ps-start needs to set permissions on /var/log/nsm/so-elsa/ properly

Issue 687: NSM: nsm_sensor_ps-start should set permissions on /var/log/nsm/HOSTNAME-INTERFACE/ properly

Issue 689: NSM: add USE_DNS option to ossec_agent.conf

Issue 688: ossec_agent: add option to disable DNS lookups

These new packages have been tested by David Zawdie (thanks!).

Release Notes
After updating to the new packages, the next time that the NSM scripts start ossec_agent.tcl, they will add a new USE_DNS option to /etc/nsm/ossec/ossec_agent.conf and default it to 0 (disabled).  This results in much better performance for ossec_agent.tcl.

If you need to revert to the previous behavior of DNS lookups enabled and don't mind the additional lookup delay, you can change USE_DNS to 1 (enabled) and then restart ossec_agent.tcl:
sudo nsm_sensor_ps-restart --only-ossec-agent
Also note that these packages move ossec_agent.tcl to /usr/bin/.

The new packages are now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

Commercial Support
Need training and/or commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:

Want to show your support for Security Onion?
Several folks have asked about Security Onion t-shirts and they are now available in our CafePress store!


No comments:

Search This Blog

Featured Post

New Security Onion Online Training Class - Detection Engineering with Security Onion!

We've just added an exciting new course to our online Security Onion 2.4 training catalog! It's called "Detection Engineering w...

Popular Posts

Blog Archive