To see our progress over the last few months, please see the previous announcements:
Highlights of this Beta 3 Release
- Upgraded from Elastic 5.6.4 to 5.6.5
- changes in preparation for Elastic 6:
- stop using _all
- single mapping type (change type: to event_type:)
- load Kibana settings via new API
- load Kibana dashboards via new API
- logstash config now includes a beats input
- so-allow now allows you to send to logstash from external IP addresses
- lots of cleanup and fixes
Issue 1172: Elastic Stack Beta 3
Issue 1173: 14.04.5.6 ISO image
For known issues, please see the todo list for our next release:
This new ISO image has been tested by Wes Lambert. Thanks, Wes!
We've updated the Verify_ISO page for the new ISO image:
Please remember to verify the signature of the downloaded ISO image using the instructions on that page.
Please note! This ISO image includes the EXPERIMENTAL Elastic stack!
The Elastic components are included in the ISO image and Setup gives you an option of Stable Setup (ELSA) or Experimental Setup (Elastic). If you do not want to try the new Elastic stack, you can choose Stable Setup. If you choose Experimental Setup, the usual disclaimers and warnings apply!
- Experimental Setup is BLEEDING EDGE and TOTALLY UNSUPPORTED!
- If this breaks your system, you get to keep both pieces!
- This is a work in progress and is in constant flux.
- This is intended to build a quick prototype proof of concept so you can see what our ultimate Elastic configuration might look like. This configuration will change drastically over time leading up to the final release.
- Do NOT run this on a system that you care about!
- Do NOT run this on a system that has data that you care about!
- This should only be run on a TEST box with TEST data!
- Experimental Setup may result in nausea, vomiting, or a burning sensation.
For more about this Elastic Beta 3 release, please see https://securityonion.net/wiki/elastic and the Screenshot tour at the bottom of this blog post.
Please note the following minimum hardware requirements for the Elastic stack:
If you would prefer an ISO image with no Elastic components at all, you have a few options:
- Install the older Security Onion 14.04.5.2 ISO image and then run "sudo soup"
We want to hear from you! What works well? What could be improved? Please send feedback to our mailing list and include "Elastic Beta 3" in the Subject:
If you have existing ELSA installations based on a previous 14.04 ISO image, there is no need to download this new ISO image. You can simply continue using our standard update process to install updated packages as they are made available:
If you have existing Elastic installations (Technology Previews, Alpha, or Beta), we don't officially support upgrading to newer releases. You can try running "sudo soup" but if that fails, you can perform a fresh installation using this Beta 3 ISO image.
For more information about this release, please see:
Want to show your support for Security Onion?
Security Onion t-shirts are available in our CafePress store!
We offer onsite and online training! For more information, please see:
Need support? Please see: