Skip to content

VAST 2021.09.30
Compare
Choose a tag to compare
@dominiklohmann dominiklohmann released this 30 Sep 09:41
2021.09.30
3544363
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Dear users, we are happy to announce VAST 2021.09.30! This month we’ve made some under-the-hood changes in preparation for upcoming features, and after a two-month experimental stage changed the default store backend to the new segment stores.

Segment Stores

Two months ago we added an opt-in feature that transformed how VAST stores its data. As of this release, segment stores are now the default and the archive store backend is deprecated.

This new system of storing data is much more flexible, and will allow for more selective deletion and transformations in a future release. It also modularized VAST further, and allows for developers to add additional store backends for custom storage solutions. Stay tuned!

Faster Deployments with mdx-regenerate

VAST installations now bundle a new utility binary mdx-regenerate, that allows for regenerating index metadata files for newer VAST versions while VAST is still running.

For particularly large deployments, upgrading to a new VAST version can cause the first restart to take in the range of minutes rather than seconds if the format of the index metadata files changed. We extracted this regeneration into a separate utility so operators can run mdx-regenerate path/to/vast.db while the old version of VAST is still running, which will cause the new VAST version to start instantly. Note that this is optional and only recommended for advanced users that must minimize downtime.

Smaller Things

This month brings a lot of smaller changes and bug fixes. Here’s a selection:

  • The query argument to the export and count commands may now be omitted, which causes the commands to operate on all data. Note that this may be a very expensive operation, so use with caution. #1879
  • Import filter expressions now work correctly with queries using field extractors, e.g., vast import suricata 'event_type == "alert"' < path/to/eve.json. #1885
  • The index now correctly cancels pending queries when the requester dies. #1884
  • The status command no longer occasionally contains garbage keys when the VAST server is under high load. #1872
Assets 4
Loading