Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NSM: replace pcap ls with find #1654

Closed
dougburks opened this issue Oct 16, 2019 · 3 comments
Projects

Comments

@dougburks dougburks added this to To do in 16.04.6.3 via automation Oct 16, 2019
dougburks added a commit to Security-Onion-Solutions/securityonion-nsmnow-admin-scripts that referenced this issue Oct 18, 2019
@dougburks dougburks moved this from To do to In progress in 16.04.6.3 Oct 18, 2019
@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Oct 18, 2019

securityonion-nsmnow-admin-scripts - 20120724-0ubuntu0securityonion208 is now ready for testing!

Please test/verify as follows:

  • start with a current ISO installation

  • run through Setup, choosing Evaluation Mode

  • snapshot the VM if possible

  • add the test PPA:

sudo add-apt-repository -y ppa:securityonion/test
  • install all updates:
sudo soup -y
  • replay some traffic:
for i in `seq 1 10`; do sudo so-test; done
  • determine current disk usage:
df -h
  • watch log file:
tail -f /var/log/nsm/sensor_clean.log
  • edit /etc/nsm/securityonion.conf and set CRIT_DISK_USAGE to just under your current disk usage

  • wait for next run of cron job and watch log file to ensure it's deleting properly

  • anything else we missed?

Thanks in advance for your time and effort!

@dougburks dougburks moved this from In progress to In Testing in 16.04.6.3 Oct 18, 2019
@weslambert

This comment has been minimized.

Copy link
Collaborator

@weslambert weslambert commented Oct 18, 2019

Looks good from my testing 👍

@dougburks dougburks moved this from In Testing to Tested in 16.04.6.3 Oct 18, 2019
@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Oct 22, 2019

@dougburks dougburks closed this Oct 22, 2019
16.04.6.3 automation moved this from Tested to Done Oct 22, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
16.04.6.3
  
Done
2 participants
You can’t perform that action at this time.