If you ask me this is way overdue, but we’ve finally bitten the bullet and have a new host provider. As a result this weekend you may experience some unavailability as we transition.
We ask that you please bare with us and we definitely try to minimise the downtime.
Everything should be humming along by Sunday night! If you don’t here from me by then you know something went terribly wrong! 
That is the question, and apparently the NSM sensors would be a little temperamental when it came to doing exactly what they were told.
A fix has been applied to the NSM adminstration scripts which ensures sensors log in UTC mode when it is configured to do so. In addition a small bug with the detection of mysql has been addressed when restarting a server component.
A small regression was introduced with the feature freeze of 1.3 which was preventing sancp data from showing up in the sguil client.
To cut a long story short the sancp_agent was looking for data in one location whilst sancp was reporting it in another. This has been fixed.
Another small fix was with some distributions cleaning up the /var/run directory on reboot. This directory as well as /var/log are now dynamically created as appropriate prior to starting a particular service.
This update does not require a full NSMnow re-install, but rather you can take advantage of just downloading the NSMadministration tarball and overwriting the existing NSM Adminstration scripts and library files in /usr/local/sbin and /usr/local/lib respectively.
Thanks go to Doug for identifying these pesky bugs.
Well it’s been a roller-coaster couple of weeks but we are happy with the position that NSMnow is now in. Particularly with the major inclusion of the NSM administration scripts that are designed to begin to standardise the maintenance and control of NSM components.
This version signifies a feature freeze on our behalf, so that we can move onto our next project. If you look closely most of our recent projects have been designed around better enabling the deployment of existing NSM components (currently based on sguil). NSMnow for the installation, NSM administration for the maintenance, and the GPL’d barnyard2 to enable sguil to move to the imminent Snort 3.X (SSP) platforms which will use the new unified2 format and deprecate the old unified log/alert formats.
With a lot of the foundation established we are will now be focussing our efforts towards the components themselves. We will be base-lining from existing solutions, but building from ground up. It will be challenging but not without its rewards I’m sure. Of course, like always, we will accept all constructive feedback and input along the way.
So for NSMnow, we will continue to push out stability/bug fixes as they arise. We have a Securix-NSM release just around the corner built on the 1.3 branch, that has a few extra little tidbits as well, and then onto the exciting stuff.
Stay tuned!
With all the feedback over the last few days and the number of tweaks that have arisen as a result, we’re finally getting pretty comfortable with how stable the 1.2.x branch has become. The NSM administration scripts added a lot of new technology that required us to just get it out there and get some air time.
We probably could have announced a beta and such for each individual version, but we’re pretty much of the opinion that the entire 1.x branch is beta.
So back to this update, there was an issue with deleting servers whereby the associated database was not removed. This could be an issue when deleting a server of name “XXX” and then at some later stage adding a server of the same name “XXX”. The add action would fail because the previously associated database had not been removed.
Suffice to say, it’s now fixed. This update will also be pushed into the upcoming Securix-NSM 1.2 release that is only just around the corner.
As always, keep the feedback coming in.
With all the feedback being received, it’s very humbling to know that people appreciate our efforts in attempting to standardise the NSM concept to make it more comprehendable to all.
This rapid update, provides some further polish to the scripts as well as some additional documentation to get started.
I’ll try to leave you all alone now for at least a couple of days before posting something new, at least then you’ll get a chance to have some play time.
On some more thorough testing we’ve identified a few quirks that detracted from the simplicity and intuitive approach that the administration scripts are suppose to provide.
You may or may not have come across these, but if you’ve been frustrated when editing some details of an NSM server or sensor then chances are this update is what you’ve been waiting for.
It’s on the download page ready and waiting …
What better way to start the new year than with some more updates.
This NSMnow release has had some significant changes under the hood along with some excellent technology to standardise and ease the administrative burden of maintaining sensors and servers.
It doesn’t stop there, also with the release of our Barnyard2-1.0 last month we’ve updated the appropriate links to the installation process to ensure you grab this latest version.
Finally we’ve added an uninstallation feature that will uninstall all files added by the NSMnow installer.
A lot of work has gone into the new features of this release, so please head to the project page, use, abuse and let us know how you get on.
Enjoy the rest of your 2009!
