This release is primarily a bug fix for Fedora, CentOS and RHEL installations that attempted to explicitly define the client package.

Thanks for Rami Labib and his team for picking that one up for us.

We took a few extra days to all so test out the initial upgrade framework for NSMnow. Upon an installation the actual NSMnow core script along with the component/package libraries will be installed similarly to the NSM administration scripts. This will provide the ability at later stages (fingers crossed) to perform updates using a command similar to:

# NSMnow -U

We’ll wait for the next release to see just how well that goes

Enjoy!

This release marks a major overhaul of the NSMnow code. Yes, major!

The core is no longer written in PERL but rather BASH. The reason for this change was two fold: remove the dependencies and unify the NSMnow core with the NSMadministration scripts.

Some benefits of this are that we no longer require the plethora of distribution specific checks just to get a simple install. It should also allow for a smoother transition onto the *BSD distributions.

Due to the recent release of Snort 2.8.5, we’ve decided to leave a few features out and get the 1.6.x branch a little more stable before we implement them. We have done some considerable testing but like most things I’m sure there’s plenty of room for bugs. So if you see them be sure to report them. Consequently we have marked the initial 1.6.0 release as beta.

Enjoy!

As you may, or may not, have noticed … Snort 2.8.5 has finally arrived! This has introduced some interesting things into the unified2 file format most notably of which is recording of vlan id tags when compiled with the appropriate flags.

In order to support the best support these new features, we’ve taken the time to merge all pertitent changes from the Snort 2.8.4.1 to 2.8.5 transition into our code base.

There is bound to be some form of breakage because it’s hard to test every compiler/argument/config option combination, until I finally get around to writing the unit testing framework. Fortunately, you guys are quick to point out any issues so I’m happy to get things moving.

Grab the latest beta and let us know how you go!

This beta 3 release was a little later than anticipated and I blame the Oktoberfest for that.

In short this beta release has the following:

1. Some issues with the tcpdump logging output addressed and ready for testing.
2. A new RPM spec has been applied thanks to Tom McLaughlin.
3. Initial packet/event caching mechanism to better handle reading alerts based on streams (to be completed by 1.7 stable).

With the snort 2.8.5 just released we will be extending the 1.7 beta to align the codebase to the new version and also sort out the aforementioned item 3 and hopefully make Jonathan a happy man.

You know the drill – download, use, abuse, flame