There’s not a lot to gloat about in the initial beta for the 1.9 cycle except for the inclusion of SSL connections for PostgreSQL databases. This compliments the addition of SSL connections for MySQL databases in the 1.8 cycle and is a good sign for those who don’t have the luxury of a dedicated management network and are pushing there alert information in band.

There was some also minor internal updates that will in time facilitate an as yet undisclosed side project but more on that shortly

Hooray!

The 1.8 beta series seems to have flushed out a few bugs, courtesy of the excellent feedback that has been provided by users. A special thanks to both Markus Lude and Jason Wallace for their valuable feedback in this development cycle.

We are pleased to release the 1.8 final, which wraps up a number of changes, including:

1. Removed compilation warnings.
2. Improved sanity of exit codes.
3. Fixed duplication issue in the sguil output plugin.
4. Support SSL connections to mysql.
5. Support for spooler event caching.
6. Fixed the “-l” logging parameter.

Any feedback is greatly appreciated. Happy hacking!

Arguably this release has been cooking for a little longer than necessary. However, like most people I have other jobs that actually pay the bills … Now how many open source projects pull that one out?!

Clearly I’m no exception

Still, as long as the masses keep requesting we’ll keep answering and if we ever get paid to do this the updates will come quicker.

So onto the good stuff, nothing will jump out at you in the release because quite frankly there’s nothing of real significance. The big fix is that Ubuntu Karmic installs should now work and CentOS 5.4 should be recognised. The rest of the updates of which there was about 15 to 20 little fixes, were focussed on internal error checking.

Feedback is always welcomed.

Enjoy!

Not a lot of significant change in this beta release, but a few bugs were squished and that can only be a good thing. Right?!

Most of the work was involved with the spooler where the event caching has been reworked to improve the flexibility in the near future.

I’ll give this release about a two week grace period and depending on the feedback the next release will be a full stable release.

Any feedback is greatly appreciated. Happy hacking!

Whilst this release feels a little overdue, we feel there is now sufficient fixes to warrant a new beta. Plus it makes a nice little gift before Christmas. You can find inside the following number of fixes and tweaks:

1. Removed compilation warnings (courtesy of Markus Lude)
2. Improved sanity of exit codes.
3. Fixed duplication issue in the sguil output plugin.
4. Support SSL connections to mysql (experimental)

The SSL support for mysql needs to be compiled in using the “–enable-mysql-ssl-support”.

You know the drill. Download, Compile, Install, Run, Break, and send in your Bug Reports

It may be a little overdue but we’ve finally got around to establishing some mailing lists that should for the most part provide a suitable forum for notifying of new releases, gathering user feedback and providing community support.

A single list per project has been established which can be seen at the summary page.

If you have any problems, comments or further suggestions then be sure to let us know. Now where did I put that TODO list …

The last week or so has been spent polishing up the rough edges and removing those little nuances that people had reported.

We’re quietly confident that the code is in a position for a final release of 1.7 and am prepared to set it free upon the world.

The 1.7 series culminates in a lot of changes from the 1.6 series and more importantly aligns to the most recent version of Snort 2.8.5.1. You are likely to have seen the last of the major core changes for some time with future releases being dedicated to stability and minor improvements.

The provided configuration file should explain the updated syntax sufficiently and where it does not be sure to let me know and we’ll make sure it is updated accordingly.

A big thanks goes to all the feedback that fed the 1.7 development process and we look forward to the next cycle.

On a final note, go grab the final and let us know how you go!

This release is primarily a bug fix for Fedora, CentOS and RHEL installations that attempted to explicitly define the client package.

Thanks for Rami Labib and his team for picking that one up for us.

We took a few extra days to all so test out the initial upgrade framework for NSMnow. Upon an installation the actual NSMnow core script along with the component/package libraries will be installed similarly to the NSM administration scripts. This will provide the ability at later stages (fingers crossed) to perform updates using a command similar to:

# NSMnow -U

We’ll wait for the next release to see just how well that goes

Enjoy!

This release marks a major overhaul of the NSMnow code. Yes, major!

The core is no longer written in PERL but rather BASH. The reason for this change was two fold: remove the dependencies and unify the NSMnow core with the NSMadministration scripts.

Some benefits of this are that we no longer require the plethora of distribution specific checks just to get a simple install. It should also allow for a smoother transition onto the *BSD distributions.

Due to the recent release of Snort 2.8.5, we’ve decided to leave a few features out and get the 1.6.x branch a little more stable before we implement them. We have done some considerable testing but like most things I’m sure there’s plenty of room for bugs. So if you see them be sure to report them. Consequently we have marked the initial 1.6.0 release as beta.

Enjoy!

As you may, or may not, have noticed … Snort 2.8.5 has finally arrived! This has introduced some interesting things into the unified2 file format most notably of which is recording of vlan id tags when compiled with the appropriate flags.

In order to support the best support these new features, we’ve taken the time to merge all pertitent changes from the Snort 2.8.4.1 to 2.8.5 transition into our code base.

There is bound to be some form of breakage because it’s hard to test every compiler/argument/config option combination, until I finally get around to writing the unit testing framework. Fortunately, you guys are quick to point out any issues so I’m happy to get things moving.

Grab the latest beta and let us know how you go!