Monday, February 11, 2019

New Setup and NSM packages now available for Security Onion!

The following packages are now available:
securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion199
securityonion-setup - 20120912-0ubuntu0securityonion285

This should resolve the following issues:

Setup: update setup conf files #1417

Setup: Fix bug where the regex in sed disables incorrect interfaces #1427

Setup: add logger node to Bro node.cfg #1420

Setup: configure Bro cluster mode for AF_PACKET #1421

Setup: configure Suricata for AF_PACKET #1432

NSM: Improve the method of updating thread count in suricata.yaml #1230

NSM: support running Suricata using AF_PACKET #1431

As an overview, these updates will cause new installations to configure Bro and Suricata to collect network traffic via AF_PACKET (instead of PF_RING as we've done for the last few years).  Installations already configured for PF_RING will continue to use PF_RING.  Please see the links above for background information and config changes.

Thanks to Wes Lambert for testing!

Please see the following page for full update instructions:

We have 4-day Security Onion training classes coming up in San Antonio TX, Atlanta GA, and Columbia MD!  If you can't make it to one of these onsite classes, we have a new online training platform!  For more information and other training options, please see:

We now offer hardware appliances!  For more information, please see:

We've started moving our documentation to!  Please let us know if anything needs to be updated.

Need support?  Please see:


No comments:

Search This Blog

Featured Post

Quick Malware Analysis: WORD MACRO --> SSLOAD --> COBALT STRIKE pcap from 2024-04-18

Thanks to Brad Duncan for sharing this pcap from 2024-04-18 on his malware traffic analysis site! Due to issues with Google flagging a warni...

Popular Posts

Blog Archive