Skip to content

VAST 2020.03.26
Compare
Choose a tag to compare
@tobim tobim released this 26 Mar 16:35
2020.03.26
This tag was signed with the committer’s verified signature.
tobim
GPG key ID: F8657E90819A1298
Learn about vigilant mode.
0532d2d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

We are happy to announce VAST 2020.03.26. In this release we mainly worked on bug fixes and UI improvements.

  • Syslog Import. The vast import subcommand now is able to natively import Syslog as defined in RFC 5424. These are produced by popular logging tools such as journald. Thanks to Maximilian Knapperzbusch for the contribution! Max added this new feature as part of the master project for advanced topics in IT security. We have an ongoing collaboration with the security group at the University of Hamburg, led by Prof. Mathias Fischer, and are excited for more contributions of this kind.

  • Documentation Page. We rebuilt our documentation with Docusaurus and relaunched it at docs.tenzir.com. Docusaurus gives us the flexibility to easily add entire documentation sites for our different projects like Threat Bus. The page is updated daily to reflect the latest state of development.

  • User Interface. We introduced a new user-facing log level called verbose, which is an intermediate between the existing user-facing info and developer-facing debug log levels. Additionally, we reworked the behaviour of VAST to not create files in the current working directory every time a command is invoked.

Improvements

  • 🎁 The new vast import syslog command allows importing Syslog messages as defined in RFC 5424. #770

  • 🎁 The hash index has been re-enabled after it was outfitted with a new high-performance hash map implementation that increased performance to the point where it is on par with the regular index, while delivering up to 3x improvement in disk usage. #796

  • 🎁 The option --disable-community-id has been added to the vast import pcap and vast import netflow commands for disabling the automatic computation of Community IDs. #777

  • 🎁 The verbose log level has been added between info and debug. This level is enabled at build time for all build types, making it possible to get more detailed logging output from release builds. #787

  • 🎁 The config option system.log-directory was deprecated and replaced by the new option system.log-file. All logs will now be written to a single file, and by the node only. #803 #806

Changes

  • 🔄 The MRT/bgpdump integrations were temporarily disabled (for now), and will be fixed at a later point in time. #808

  • 🔄 The short option -c for setting the configuration file has been removed. The long option --config= must now be used instead. #781

Bug Fixes

  • 🪲 An under-the-hood change to our parser-combinator framework makes sure that we do not discard possibly invalid input data up to the end of input. #791 #808

  • 🪲 The short option -c now works as expected for continuous exports and imports, and for setting the cutoff for PCAP. #781

  • 🪲 Continuous export processes can now be stopped correctly. #779

As always, see the CHANGELOG for a full list of changes.

Assets 4