Tag Archive | release candidate

Suricata Ubuntu PPA updated to 2.0rc3

We have updated the official Ubuntu PPA to Suricata 2.0rc3. To use this PPA read our docs here.

If you’re using this PPA, updating is as simple as:

apt-get update && apt-get upgrade

The PPA Ubuntu packages have IPS mode through NFQUEUE enabled.

Suricata 2.0rc3 Available!

Photo by Eric Leblond

The OISF development team is proud to announce Suricata 2.0rc3, the third release candidate for Suricata 2.0.

Download

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0rc3.tar.gz

All closed tickets

  • Bug #1127: logstash & suricata parsing issue
  • Bug #1128: Segmentation fault – live rule reload
  • Bug #1129: pfring cluster & ring initialization
  • Bug #1130: af-packet flow balancing problems
  • Bug #1131: eve-log: missing user agent reported inconsistently
  • Bug #1133: eve-log: http depends on regular http log
  • Bug #1135: 2.0rc2 release doesn’t set optimization flag on GCC
  • Bug #1138: alert fastlog drop info missing

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Ken Steele — Tilera
  • Luca Deri and Alfredo Cardigliano — ntop
  • Victor Serbu

Known issues & missing features

This is a “release candidate”-quality release so the stability should be good although unexpected corner cases might happen. If you encounter one, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata Ubuntu PPA updated to 2.0rc2

We have updated the official Ubuntu PPA to Suricata 2.0rc2. To use this PPA read our docs here.

If you’re using this PPA, updating is as simple as:

apt-get update && apt-get upgrade

The PPA Ubuntu packages have IPS mode through NFQUEUE enabled.

Suricata 2.0rc2 Windows Installer Available

The Windows MSI installer of the Suricata 2.0rc2 release is now available.

Download it here: Suricata-2.0rc2-1-32bit.msi

After downloading, double click the file to launch the installer. The installer is now signed.

If you have a previous version installed, please remove that first.

Suricata 2.0rc2 Available!

Photo by Eric Leblond

The OISF development team is proud to announce Suricata 2.0rc2, the second release candidate for Suricata 2.0.

Notable changes

  • eve-log is now enabled by default
  • SSH parser is re-enabled
  • SSH logging was added to ‘eve-log’
  • bundled libhtp was updated to 0.5.10

Download

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0rc2.tar.gz

All closed tickets

  • Feature #952: Add VLAN tag ID to all outputs
  • Feature #953: Add QinQ tag ID to all outputs
  • Feature #1012: Introduce SSH log
  • Feature #1118: app-layer protocols http memcap – info in verbose mode (-v)
  • Feature #1119: restore SSH protocol detection and parser
  • Bug #611: fp: rule with ports matching on portless proto
  • Bug #985: default config generates rule warnings and errors
  • Bug #1021: 1.4.6: conf_filename not checked before use
  • Bug #1089: SMTP: move depends on uninitialised value
  • Bug #1090: FTP: Memory Leak
  • Bug #1091: TLS-Handshake: Uninitialized value
  • Bug #1092: HTTP: Memory Leak
  • Bug #1108: suricata.yaml config parameter – segfault
  • Bug #1109: PF_RING vlan handling
  • Bug #1110: Can have the same Pattern ID (pid) for the same pattern but different case flags
  • Bug #1111: capture stats at exit incorrect
  • Bug #1112: tls-events.rules file missing
  • Bug #1115: nfq: exit stats not working
  • Bug #1120: segv with pfring/afpacket and eve-log enabled
  • Bug #1121: crash in eve-log
  • Bug #1124: ipfw build broken

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Ken Steele — Tilera
  • Jason Ish — Endace/Emulex
  • Tom Decanio — nPulse
  • Jack Flemming
  • Mark Ashley
  • Marc-Andre Heroux

Known issues & missing features

This is a “release candidate”-quality release so the stability should be good although unexpected corner cases might happen. If you encounter one, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.

Suricata 2.0rc1 Windows Installer Available

The Windows MSI installer of the Suricata 2.0rc1 release is now available.

Download it here: Suricata-2.0rc1-1-32bit.msi

After downloading, double click the file to launch the installer. The installer is now signed.

If you have a previous version installed, please remove that first.

Suricata Ubuntu PPA updated to 2.0rc1

We have updated the official Ubuntu PPA to Suricata 2.0rc1. To use this PPA read our docs here.

If you’re using this PPA, updating is as simple as:

apt-get update && apt-get upgrade

The PPA Ubuntu packages have IPS mode through NFQUEUE enabled.

Suricata 2.0rc1 Available!

Photo by Eric Leblond

The OISF development team is proud to announce Suricata 2.0rc1. This is the first release candidate for Suricata 2.0. This release improves performance, stability and accuracy, in addition to adding exciting new features.

Get the new release here: http://www.openinfosecfoundation.org/download/suricata-2.0rc1.tar.gz

Notable changes

  • unified JSON output for almost all log types (eve-log). Written by Tom Decanio of nPulse Technologies
  • QinQ VLAN handling
  • Alerting over PCIe bus (Tilera only), by Ken Steel of Tilera
  • Add –set commandline option to override any YAML option, by Jason Ish of Emulex
  • Various scalability improvements, clean ups and fixes by Ken Steel of Tilera
  • ICMPv6 handling improvements by Jason Ish of Emulex
  • memcaps for DNS and HTTP handling were added
  • Several fixes and improvements of AF_PACKET and PF_RING
  • NSM runmode, where detection engine is disabled. Development supported by nPulse Technologies

All closed tickets

  • Feature #424: App layer registration cleanup – Support specifying same alproto names in rules for different ip protocols
  • Feature #542: TLS JSON output
  • Feature #597: case insensitive fileext match
  • Feature #772: JSON output for alerts
  • Feature #814: QinQ tag flow support
  • Feature #894: clean up output
  • Feature #921: Override conf parameters
  • Feature #1007: united output
  • Feature #1040: Suricata should compile with -Werror
  • Feature #1067: memcap for http inside suricata
  • Feature #1086: dns memcap
  • Feature #1093: stream: configurable segment pools
  • Feature #1102: Add a decoder.QinQ stats in stats.log
  • Feature #1105: Detect icmpv6 on ipv4
  • Bug #839: http events alert multiple times
  • Bug #954: VLAN decoder stats with AF Packet get written to the first thread only – stats.log
  • Bug #980: memory leak in http buffers at shutdown
  • Bug #1066: logger API’s for packet based logging and tx based logging
  • Bug #1068: format string issues with size_t + qa not catching them
  • Bug #1072: Segmentation fault in 2.0beta2: Custom HTTP log segmentation fault
  • Bug #1073: radix tree lookups are not thread safe
  • Bug #1075: CUDA 5.5 doesn’t compile with 2.0 beta 2
  • Bug #1079: Err loading rules with variables that contain negated content.
  • Bug #1080: segfault – 2.0dev (rev 6e389a1)
  • Bug #1081: 100% CPU utilization with suricata 2.0 beta2+
  • Bug #1082: af-packet vlan handling is broken
  • Bug #1103: stats.log not incrementing decoder.ipv4/6 stats when reading in QinQ packets
  • Bug #1104: vlan tagged fragmentation
  • Bug #1106: Git compile fails on Ubuntu Lucid
  • Bug #1107: flow timeout causes decoders to run on pseudo packets

Special thanks

We’d like to thank the following people and corporations for their contributions and feedback:

  • Ken Steele — Tilera
  • Jason Ish — Endace/Emulex
  • Tom Decanio — nPulse
  • Duarte Silva
  • Alessandro Guido
  • Petr Chmelar

Known issues & missing features

This is a “release candidate”-quality release so the stability should be good although unexpected corner cases might happen. If you encounter one, please let us know! As always, we are doing our best to make you aware of continuing development and items within the engine that are not yet complete or optimal.  With this in mind, please notice the list we have included of known items we are working on.

See issues for an up to date list and to report new issues. See Known_issues for a discussion and time line for the major issues.

About Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF, its supporting vendors and the community.