Snort 2.9.16.0 now available for Security Onion!

The following packages are now available for Security Onion:

securityonion-daq - 2.0.7-1ubuntu1securityonion2
securityonion-snort - 2.9.16.0-1ubuntu1securityonion1

These packages resolve the following issue:

Snort 2.9.16.0 #1755
https://github.com/Security-Onion-Solutions/security-onion/issues/1755

Thanks
Thanks to Cisco for Snort 2.9.16.0!
Thanks to Wes Lambert for testing!

Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade

Support
Need support?  Please see:
https://securityonion.net/docs/Support

Documentation
We've got a new documentation site!  Please let us know if anything needs to be updated:
https://securityonion.net/docs

Also, we're now offering a printed copy of our official documentation with foreword by Richard Bejtlich and proceeds going to Rural Technology Fund:
https://securityonion.net/book

Training
Security Onion Solutions is the only official authorized training provider for Security Onion and we have 4-day Basic and 4-day Advanced onsite training classes.  We also offer online classes as well.  For more information, please see:
https://securityonionsolutions.com

Appliances
We now offer hardware appliances!  For more information, please see:
https://securityonionsolutions.com

Thanks!

Snort 2.9.7.5 now available for Security Onion!

Snort 2.9.7.5 was recently released:
http://blog.snort.org/2015/07/snort-2975-is-now-available-on-snortorg.html

I've updated our Snort packages:
securityonion-snort - 2.9.7.5-0ubuntu0securityonion1
securityonion-daq - 2.0.6-0ubuntu0securityonion1

These new packages resolve the following issues:

Issue 784: Snort 2.9.7.5
https://github.com/Security-Onion-Solutions/security-onion/issues/784

Issue 788: DAQ 2.0.6
https://github.com/Security-Onion-Solutions/security-onion/issues/788

These new packages have been tested by James Taylor and Jeff Tehovnik (thanks!).

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

These updates will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

• re-apply any other local customizations to your snort.conf files
• update ruleset and restart Snort as follows:
  sudo rule-update

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  Please see:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Snort 2.9.7.3 now available!

Snort 2.9.7.3 was recently released:
http://blog.snort.org/2015/05/snort-2973-is-now-available.html

I've updated our Snort packages:
securityonion-snort - 2.9.7.3-0ubuntu0securityonion3
securityonion-daq - 2.0.5-0ubuntu0securityonion1

These new packages resolve the following issues:

Issue 730: Snort 2.9.7.3
https://github.com/Security-Onion-Solutions/security-onion/issues/730

Issue 731: Snort DAQ 2.0.5
https://github.com/Security-Onion-Solutions/security-onion/issues/731

These new packages have been tested by Jeff Tehovnik (thanks!).

Updating
These new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Upgrade

These updates will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables.  You'll then need to do the following:

• re-apply any other local customizations to your snort.conf files
• update ruleset and restart Snort as follows:
• sudo rule-update

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://github.com/Security-Onion-Solutions/security-onion/wiki/MailingLists

Training
Need training?  Please see:
http://securityonionsolutions.com

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://github.com/Security-Onion-Solutions/security-onion/wiki/TeamMembers

Thanks!

Snort 2.9.7 and Daq 2.0.4 now available!

Snort 2.9.7 and Daq 2.0.4 were recently released:
http://blog.snort.org/2014/10/snort-297-has-been-released.html

I've updated our packages:
securityonion-daq - 2.0.4-0ubuntu0securityonion2
securityonion-pfring-daq - 20121107-0ubuntu0securityonion9
securityonion-snort - 2.9.7.0-0ubuntu0securityonion4

These new packages should resolve the following issues:

Issue 636: Snort 2.9.7.0
https://code.google.com/p/security-onion/issues/detail?id=636

Issue 637: Snort DAQ 2.0.4
https://code.google.com/p/security-onion/issues/detail?id=637

Issue 648: Rebuild securityonion-pfring-daq for new DAQ
https://code.google.com/p/security-onion/issues/detail?id=648

The new packages have been tested by the following (thanks!):
Eddy Simons
Ronny Vaningh
David Zawdie

Updating
The new packages are now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

These updates will back up each of your existing snort.conf files to snort.conf.bak.  You'll then need to do the following:

• re-apply any local customizations to your snort.conf files
• update ruleset and restart Snort/Suricata as follows:

sudo rule-update

If you get an error like the following:

ERROR: The dynamic detection library "/usr/local/lib/snort_dynamicrules/chat.so" version 1.0 compiled with dynamic engine library version 2.1 isn't compatible with the current dynamic engine library "/usr/lib/snort_dynamicengine/libsf_engine.so" version 2.4.

then please see:
https://code.google.com/p/security-onion/wiki/FAQ#I_just_updated_Snort_and_it's_now_saying_'ERROR:_The_d

Screenshots

"sudo soup" will ask you to check/update your snort.conf file(s)

"sudo rule-update" will download the updated ruleset and restart Snort

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Need training?  Please see:
https://security-onion-class-20141215.eventbrite.com/

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

Security Onion 20111028 now available!

Security Onion 20111028 is now available!  This resolves Issue 135 by updating the NSM scripts to start Snort with the AFPACKET DAQ for higher performance.  For more information about the AFPACKET DAQ, please see:

http://manual.snort.org/node7.html
http://vrt-blog.snort.org/2010/08/snort-29-essentials-daq.html

In-place Upgrade

Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):

sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"

Screenshots

Upgrade Process