This release of NSMnow is primarily an update for the links to barnyard2 and Snort (due to it’s new site structure).

A bug with the automatic process management of  multiple sensors has been addressed and patched accordingly, thanks to Jon. B. Bayer for finding that one for us.

Some of the team will be looking at the adminstration a little closer over the next few months so if there are any pressing administrative features you believe should be included then be sure to let the dev team know about them.

Until then, grab the latest copy from the NSMnow download page and give it a spin.

With the end of the month nearing and all submitted bugs quashed we though it time to push out a final release of 1.5.

A number of beta’s were released throughout this cycle and we are very grateful to those who have taken the time to test the patches to make this push possible. Given the improved quality of response to this format we will continue to follow this for future releases.

A quick summary of the inclusions for the 1.5 series is:

1. all, but one (alert_sf_socket), Snort plugins supported
2. Snort 2.8.4.1 alignment
3. reference system configuration
4. updated PID file handling
5. improved spo_database handling of mysql server connection drop outs.

Grab the latest from the barnyard2 download page.

Enjoy!

This third beta release introduces a few subtle improvements along with the usual bug fixes that have been reported to date.

The following improvements have made their way in:

1. a more robust solution with MySQL reconnection issues.
2. updated map structures to improve future scalability.
3. experimental RPM spec support (courtesy Jason Haar)

The kinks are slowly being worked out and should a reasonably stable release should be out soon!

We’ve just released a second beta of 1.5 to fill a number of gaps (read omissions) that have appeared since the first release.

Some of these were plain silly such as missing header files, missing initialisation functions and missing configure parameters. A few though were some interesting corner situations that I’ve never come across with my unified2 files.

The feedback being provided and the bug reports are certainly ironing out the wrinkles for which we are very grateful.

Grab the beta while it’s HOT!

It is reassuring to hear (or should that be read) a lot of positive feedback and encouragement to continue our development.

So we have taken the comments on board and ran with it for this next beta release. We’ve decided to release this and consider it a beta given the large amount of code that hasn’t been fully soak tested. What is all this not fully tested code? Well as of this release we have integrated all of Snort’s plugins except for one (alert_sf_socket).

This was made available due to the large amount of refactoring in the spooler to centralise unified2 record processing and removing the large amount of duplication that was required in the output plugins.

All output plugins are aligned with those as of snort 2.8.4.1, with the new output plugins integrated in this release being:

1. spo_alert_arrubaaction
2. spo_alert_full
3. spo_alert_prelude
4. spo_alert_unixsock
5. spo_csv
6. spo_log_ascii
7. spo_log_null
8. spo_log_tcpdump

This should now allow a lot more users to begin trialling barnyard2 with unified2 logs and get this release stabilised.