VAST 2020.03.26
We are happy to announce VAST 2020.03.26. In this release we mainly worked on bug fixes and UI improvements.
-
Syslog Import. The
vast import
subcommand now is able to natively import Syslog as defined in RFC 5424. These are produced by popular logging tools such as journald. Thanks to Maximilian Knapperzbusch for the contribution! Max added this new feature as part of the master project for advanced topics in IT security. We have an ongoing collaboration with the security group at the University of Hamburg, led by Prof. Mathias Fischer, and are excited for more contributions of this kind. -
Documentation Page. We rebuilt our documentation with Docusaurus and relaunched it at docs.tenzir.com. Docusaurus gives us the flexibility to easily add entire documentation sites for our different projects like Threat Bus. The page is updated daily to reflect the latest state of development.
-
User Interface. We introduced a new user-facing log level called
verbose
, which is an intermediate between the existing user-facinginfo
and developer-facingdebug
log levels. Additionally, we reworked the behaviour of VAST to not create files in the current working directory every time a command is invoked.
Improvements
-
🎁 The new
vast import syslog
command allows importing Syslog messages as defined in RFC 5424. #770 -
🎁 The hash index has been re-enabled after it was outfitted with a new high-performance hash map implementation that increased performance to the point where it is on par with the regular index, while delivering up to 3x improvement in disk usage. #796
-
🎁 The option
--disable-community-id
has been added to thevast import pcap
andvast import netflow
commands for disabling the automatic computation of Community IDs. #777 -
🎁 The
verbose
log level has been added betweeninfo
anddebug
. This level is enabled at build time for all build types, making it possible to get more detailed logging output from release builds. #787 -
🎁 The config option
system.log-directory
was deprecated and replaced by the new optionsystem.log-file
. All logs will now be written to a single file, and by the node only. #803 #806
Changes
-
🔄 The MRT/bgpdump integrations were temporarily disabled (for now), and will be fixed at a later point in time. #808
-
🔄 The short option
-c
for setting the configuration file has been removed. The long option--config=
must now be used instead. #781
Bug Fixes
-
🪲 An under-the-hood change to our parser-combinator framework makes sure that we do not discard possibly invalid input data up to the end of input. #791 #808
-
🪲 The short option
-c
now works as expected for continuous exports and imports, and for setting the cutoff for PCAP. #781 -
🪲 Continuous export processes can now be stopped correctly. #779
As always, see the CHANGELOG for a full list of changes.