Arguably this release has been cooking for a little longer than necessary. However, like most people I have other jobs that actually pay the bills … Now how many open source projects pull that one out?!

Clearly I’m no exception

Still, as long as the masses keep requesting we’ll keep answering and if we ever get paid to do this the updates will come quicker.

So onto the good stuff, nothing will jump out at you in the release because quite frankly there’s nothing of real significance. The big fix is that Ubuntu Karmic installs should now work and CentOS 5.4 should be recognised. The rest of the updates of which there was about 15 to 20 little fixes, were focussed on internal error checking.

Feedback is always welcomed.

Enjoy!

Not a lot of significant change in this beta release, but a few bugs were squished and that can only be a good thing. Right?!

Most of the work was involved with the spooler where the event caching has been reworked to improve the flexibility in the near future.

I’ll give this release about a two week grace period and depending on the feedback the next release will be a full stable release.

Any feedback is greatly appreciated. Happy hacking!

Whilst this release feels a little overdue, we feel there is now sufficient fixes to warrant a new beta. Plus it makes a nice little gift before Christmas. You can find inside the following number of fixes and tweaks:

1. Removed compilation warnings (courtesy of Markus Lude)
2. Improved sanity of exit codes.
3. Fixed duplication issue in the sguil output plugin.
4. Support SSL connections to mysql (experimental)

The SSL support for mysql needs to be compiled in using the “–enable-mysql-ssl-support”.

You know the drill. Download, Compile, Install, Run, Break, and send in your Bug Reports

It may be a little overdue but we’ve finally got around to establishing some mailing lists that should for the most part provide a suitable forum for notifying of new releases, gathering user feedback and providing community support.

A single list per project has been established which can be seen at the summary page.

If you have any problems, comments or further suggestions then be sure to let us know. Now where did I put that TODO list …

The last week or so has been spent polishing up the rough edges and removing those little nuances that people had reported.

We’re quietly confident that the code is in a position for a final release of 1.7 and am prepared to set it free upon the world.

The 1.7 series culminates in a lot of changes from the 1.6 series and more importantly aligns to the most recent version of Snort 2.8.5.1. You are likely to have seen the last of the major core changes for some time with future releases being dedicated to stability and minor improvements.

The provided configuration file should explain the updated syntax sufficiently and where it does not be sure to let me know and we’ll make sure it is updated accordingly.

A big thanks goes to all the feedback that fed the 1.7 development process and we look forward to the next cycle.

On a final note, go grab the final and let us know how you go!

This release is primarily a bug fix for Fedora, CentOS and RHEL installations that attempted to explicitly define the client package.

Thanks for Rami Labib and his team for picking that one up for us.

We took a few extra days to all so test out the initial upgrade framework for NSMnow. Upon an installation the actual NSMnow core script along with the component/package libraries will be installed similarly to the NSM administration scripts. This will provide the ability at later stages (fingers crossed) to perform updates using a command similar to:

# NSMnow -U

We’ll wait for the next release to see just how well that goes

Enjoy!

This release marks a major overhaul of the NSMnow code. Yes, major!

The core is no longer written in PERL but rather BASH. The reason for this change was two fold: remove the dependencies and unify the NSMnow core with the NSMadministration scripts.

Some benefits of this are that we no longer require the plethora of distribution specific checks just to get a simple install. It should also allow for a smoother transition onto the *BSD distributions.

Due to the recent release of Snort 2.8.5, we’ve decided to leave a few features out and get the 1.6.x branch a little more stable before we implement them. We have done some considerable testing but like most things I’m sure there’s plenty of room for bugs. So if you see them be sure to report them. Consequently we have marked the initial 1.6.0 release as beta.

Enjoy!

As you may, or may not, have noticed … Snort 2.8.5 has finally arrived! This has introduced some interesting things into the unified2 file format most notably of which is recording of vlan id tags when compiled with the appropriate flags.

In order to support the best support these new features, we’ve taken the time to merge all pertitent changes from the Snort 2.8.4.1 to 2.8.5 transition into our code base.

There is bound to be some form of breakage because it’s hard to test every compiler/argument/config option combination, until I finally get around to writing the unit testing framework. Fortunately, you guys are quick to point out any issues so I’m happy to get things moving.

Grab the latest beta and let us know how you go!

This beta 3 release was a little later than anticipated and I blame the Oktoberfest for that.

In short this beta release has the following:

1. Some issues with the tcpdump logging output addressed and ready for testing.
2. A new RPM spec has been applied thanks to Tom McLaughlin.
3. Initial packet/event caching mechanism to better handle reading alerts based on streams (to be completed by 1.7 stable).

With the snort 2.8.5 just released we will be extending the 1.7 beta to align the codebase to the new version and also sort out the aforementioned item 3 and hopefully make Jonathan a happy man.

You know the drill – download, use, abuse, flame

The last month has seen some interesting additions to the code base (motivated by Doug Burks) which will ultimately aid are non-Debian brethren. The 1.5 series sees the initial completed feature set for Fedora, RHEL and CentOS systems. This is excellent news for those who have wanted to have, use, test an NSM configuration for themselves but were daunted by the process of doing from scratch.

With this being initial release for support to Fedora, RHEL, and CentOS systems there is bound to be some teething problems. So as long as you submit the bug reports, we will fix them and NSMnow will continue to get even better, if that’s possible.

Happy NSM’ing!