Tuesday, July 28, 2015

New securityonion-setup package allows you to disable Snorby

I've updated the Setup package to resolve several issues, including allowing you to disable Snorby.  It should work as follows:

  • choosing Quick Setup still defaults to enabling Snorby automatically.  It will automatically set SNORBY_ENABLED=yes in /etc/nsm/securityonion.conf and enable the snorby output in /etc/nsm/HOSTNAME-INTERFACE/barnyard2-1.conf.
  • choosing Advanced Setup and then Server will ask if you want to enable or disable Snorby.  If you choose yes, it will set SNORBY_ENABLED=yes in /etc/nsm/securityonion.conf.  Otherwise, it will set SNORBY_ENABLED=no.
  • choosing Advanced Setup and then Standalone will ask if you want to enable or disable Snorby.  If you choose yes, it will set SNORBY_ENABLED=yes in /etc/nsm/securityonion.conf and enable the snorby output in all /etc/nsm/*/barnyard*.conf files.  If you instead choose no, it will set SNORBY_ENABLED=no and disable (comment out) the snorby output in all /etc/nsm/*/barnyard*.conf files.
  • choosing Sensor will check /etc/nsm/securityonion.conf on the master server to see if SNORBY_ENABLED=no and, if so, disable (comment out) the Snorby output in all /etc/nsm/*/barnyard*.conf files.

Snorby is going away in the future and so you should begin transitioning to Squert, Sguil, and/or ELSA.  If you'd like to disable Snorby in your existing deployment, please see:

The new package version is as follows:
securityonion-setup - 20120912-0ubuntu0securityonion155

Issues Resolved

Issue 769: sosetup: allow user to enable/disable Snorby

Issue 596: sosetup: sensor should stop/disable Apache and Snorby worker

Issue 693: sosetup: improve input validation for email address

Issue 764: sosetup: fix typo in sosetup.conf

Issue 605: sosetup: replace tmp with mktemp

Issue 771: sosetup: comment out 2 examples in top.sls

This new package is now available in our stable repo.  Please see the following page for full update instructions:

If you have any questions or problems, please use our security-onion mailing list:

Need training?  Please see:

Commercial Support
Need commercial support?  Please see:

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:


No comments:

Search This Blog

Featured Post

Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!

Our latest video is a sneak peek at a NEW feature coming to our FREE and OPEN Security Onion platform in the upcoming 2.4.70 release! This n...

Popular Posts

Blog Archive