Super Mediator Binary Package

To install Super Mediator via a pre-built RPM, see Install Super Mediator from the CERT Linux Forensics Tools Repository on the Super Mediator installation and dependencies page.

super_mediator Release 1.9.0, 2022-Jun-8

Downloads

super_mediator-1.9.0.tar.gz (870.5KiB)

(SHA256=a5547967eaa87afabdd0f2419f6149ea248ac26c85d44ce2369785a8ae42e685)

Changelog

  • Added support for labeling records based on data from a SiLK IPSet or a SiLK Prefix Map.
  • Added support for labeling records with a sensor and flowtype similar to SiLK's rwflowpack tool.
  • Added support for OpenSSL 3.0.1.
  • Changed JSON output of SSL records for unknown sslObjectType values: For unknown value X, key sslCertObjectIDX is replaced by sslCertIssuerObjectIdX or sslCertSubObjectIdX. When X is 1, EmailAddress is used (e.g., sslCertIssuerEmailAddress) and when X is 25 DomainComponent is used.
  • Changed the super_mediator.spec file to configure the build using --with FEATURE options to rpmbuild.
  • Fixed a small bug in JSON output of rewritten SSL certificates.
  • Fixed bugs in TEXT export of very old YAF SSL data.
  • Changed the template scopes for the YAF stats template and Tombstone template to match those used by YAF.
  • Fixed a bug in MAC address printing where a trailing ":" appeared.

super_mediator Release 2.0.0.alpha1, 2022-Feb-24

Downloads

super_mediator-2.0.0.alpha1.tar.gz (645.3KiB)

(SHA256=c460effe17b044847bd4e40934cb74d12fabc0aba1e455d195d33c2d6393b3da)

Changelog

  • Increased the flexibility of super_mediator by eliminating most internal template definitions and having it use the incoming template definitions instead.
  • Changed the syntax of the configuration file; previous versions of the files need to be updated.
  • Made changes to the command line parsing and eliminated several options. The configuration file is the preferred way to configure super_mediator.
  • Enhanced statistics for types of records read from a collector and written to an exporter.
  • Temporarily disabled SiLK IPset and MySQL support.
  • Note: Exporting as delimited TEXT is lightly tested and contains bugs.
  • Updated the fixbuf requirement to libfixbuf-3.0.0.

super_mediator Release 1.8.0, 2020-Dec-22

Downloads

super_mediator-1.8.0.tar.gz (743.1KiB)

(SHA256=d42ce8b1b0f830b384b031cc29d3dd08fff61adf408a76fb5b5088e63b10a688)

Changelog

  • Added a new switch, --rewrite-ssl-certs, which restructures the template used for TLS/SSL certificates for IPFIX exporters. The template uses specific IEs for some fields in an SSL certificate. The --rewrite-ssl-certs switch also allows a super_mediator to read the new SSL template from an upstream super_mediator. Deduplication of the rewritten certificates is not supported.
  • Added the ability to read the new SMTP DPI records exported by YAF 2.12.0.
  • Added the observation domain ID to JSON output.

super_mediator Release 1.7.1, 2019-Oct-24

Downloads

super_mediator-1.7.1.tar.gz (728.8KiB)

(SHA256=42f95148bc0301555ba0b3f4ff46246e12904e7d5f9d7851ed04b847a9df6473)

Changelog

  • Added ability to preserve observation domain of incoming records.
  • Changed scope of Tombstone records to 3 for consistency with YAF.
  • Fixed a crash when TCP collector and CLI --input are used concurrently.

super_mediator Release 1.7.0, 2019-Mar-18

Downloads

super_mediator-1.7.0.tar.gz (729.2KiB)

(SHA256=b4c8949df6791f34b614b5bd2bbf1631ca5c2510d14e551b12c859f9943341fb)

Changelog

  • Support for FixBuf 2.3.0 added, and is now required.
  • New YAF stats messages supported.
  • New Tombstone format supported.
  • Race condition addressed when exporter configured to GZIP and MOVE files.
  • Dynamically generated dedup template names added.
  • Option record bug fixes.

super_mediator Release 1.6.0, 2018-Apr-30

Downloads

super_mediator-1.6.0.tar.gz (724.1KiB)

(SHA256=eec12b7cab5164cb7e110c24931989e645c7ef59691d2b6937f4cc26c3ae508d)

Changelog

  • Support for FixBuf 2.0.0 added, and is now required.
  • Derive information elements from included XML files.
  • Support for tombstone records added.
  • Fixed flow output bugs where information elements were transposed.
  • Support for cmake build removed.

super_mediator Release 1.5.3.1, 2018-Oct-29

Downloads

super_mediator-1.5.3.1.tar.gz (700.7KiB)

(SHA256=ee04201170017f5123fa7ffc30972ad080b633a1c25edc070f1a0848b46ef2cc)

Changelog

  • Maintenance release for 1.5.3
  • Fix race condition resulting from using GZIP_FILES and MOVE

super_mediator Release 1.5.3, 2017-Oct-19

Downloads

super_mediator-1.5.3.tar.gz (699.7KiB)

(SHA256=4f46dcff1646cc211446477ee70794c15a0b01fe9d3907cad5462b45b36103c9)

Changelog

  • Added template metadata (name and description) record output (libfixbuf 1.8.0 or greater required).

super_mediator Release 1.5.2, 2017-Mar-8

Downloads

super_mediator-1.5.2.tar.gz (691.8KiB)

(SHA256=1a76a1e6a8a4e4fe4fd84f6110566b32ffcd8b987ea50d64d47190c1a31e3d26)

Changelog

  • Fix compile error introduced in version 1.5.1

super_mediator Release 1.5.1, 2017-Mar-6

Downloads

super_mediator-1.5.1.tar.gz (691.8KiB)

(SHA256=d17614b592734d1f60380315c073df769f60ae66f67acb7025d8afc7a560f0dd)

Changelog

  • Add --become-user and --become-group command line options
  • Bug Fix for compiling on Alpine Linux

super_mediator Release 1.5.0, 2017-Jan-5

Changelog

  • Add support for adding VLAN/Observation IDs to deduplication keys
  • Changed format of DEDUP Exporters (added flow start time associated with flow key hash)
  • Add ability to insert EXPORTER name in deduplication output records
  • Add ability to read gzip'd IPFIX files
  • Other Bug Fixes

super_mediator Release 1.4.0, 2016-Oct-4

Changelog

  • Add support for multiple protocol deduplication for IPFIX/JSON exporters
  • Add post move file option for exporters
  • Add PAYLOAD, RPAYLOAD export options to custom field lists
  • Empty files are now removed by default
  • Bug Fix for uploading MULTI_FILES files to a MySQL database
  • Other Bug Fixes

super_mediator Release 1.3.0, 2016-Mar-8

Changelog

  • Add file compression support for EXPORTERS
  • Add Base64 Encode support for full certificate export
  • Changed default file extension for JSON files to .json
  • Bug Fix for ESCAPE_CHARS keyword for DNS_DEDUP Exporters
  • Fix bug when command line arguments and config file are present
  • Other Bug Fixes

super_mediator Release 1.2.2, 2016-Jan-7

Changelog

  • Bug Fixes for JSON exporters

super_mediator Release 1.2.1, 2015-Dec-29

Changelog

  • Add JSON output option to --output-mode switch
  • Bug Fix for JSON exporters (DNS output)

super_mediator Release 1.2.0, 2015-Dec-22

Changelog

  • Remove support for fixbuf releases prior to libfixbuf-1.7.0
  • Collect and export sslServerName
  • Collect, decode, and export full X.509 Certificates
  • MD5 hashing of X.509 Certificates with OpenSSL support
  • SHA1 hashing of X.509 Certificates with OpenSSL support
  • Collect and export list of DHCP options
  • Bug Fixes

super_mediator Release 1.1.3, 2015-Dec-7

Changelog

  • Bug Fix for logging to syslog
  • DNS Deduplication JSON export bug fix
  • Update RPM spec file

super_mediator Release 1.1.2, 2015-Oct-28

Changelog

  • Bug Fix for TCP/UDP collector(s) that receive minimal data

super_mediator Release 1.1.1, 2015-Jul-1

Changelog

  • Bug Fix for Custom Field List Text Exporters
  • Bug Fix for configuring SSL De-duplication MAX_HIT_COUNT and FLUSH_TIME
  • super_table_creator will now create de-duplication tables
  • Documentation updates

super_mediator Release 1.1.0, 2015-Jun-26

Changelog

  • Requires libfixbuf 1.4.0 or greater
  • SSL Certificate De-duplication
  • Advanced SSL field export configuration
  • Configurable De-duplication of any DPI Fields
  • JSON file export
  • Export of unnested DNS Resource Records
  • New option to only export DNS Responses
  • Add the ability to rotate and compress logs given a valid file directory
  • New option to de-duplicate on only particular DNS resource record types
  • MULTI_FILES CSV format change
  • MySQL schema change for MULTI_FILES
  • Bug Fix for Spread Collectors when daemon terminates
  • Bug Fixes

super_mediator Release 1.0.2, 2014-Oct-15

Changelog

  • Bug Fix for Collectors

super_mediator Release 1.0.1, 2014-Aug-12

Changelog

  • Add support for escaping control characters and the delimiter character in DPI strings
  • Bug Fix for DNP 3.0 text export
  • Other Minor Bug Fixes.

super_mediator Release 1.0.0, 2014-Jun-13

Changelog

  • Add support for multiple collectors
  • Add support for naming collectors and exporters
  • Collector name included in default flow text export

super_mediator Release 0.4.0, 2014-Mar-4

Changelog

  • Added SCADA protocol and RTP DPI collection
  • Added MySQL automatic reconnection capability
  • Syslog logging capability
  • Added ability to collect, print, and export MPLS labels
  • Added ability to collect, print, and export Type of Service fields
  • Incoming IPFIX records that use Delta counters will export the same fields
  • Bug Fix for variable redeclaration on some operating systems
  • Bug Fix for DNS deduplication timeout
  • Other Bug Fixes

super_mediator Release 0.3.0, 2013-May-3

Changelog

  • Added the ability to define new information elements for collection
  • New filter fields: INGRESS and EGRESS
  • Added the ability to "AND" filters
  • Added New YAF 2.4.0 information elements
  • Bug Fixes

super_mediator Release 0.2.2, 2013-Feb-26

Changelog

  • Bug Fix for GLib version 2.32 or greater
  • Added statistics timeout option for logging super_mediator stats
  • Bug Fixes

super_mediator Release 0.2.1, 2013-Feb-8

Changelog

  • Added Custom DPI Field List for Text Exporters
  • Added --fields switch to command line arguments
  • Bug Fix for Time output on some platforms
  • Bug Fix for SSL/TLS Text Export

super_mediator Release 0.2.0, 2013-Jan-16

Changelog

  • Retry exporter connections when lost
  • Keep export statistics per exporter
  • Bug Fix for polling directory for IPFIX files
  • Bug Fix for moving collector files

super_mediator Release 0.1.9, 2012-Dec-6

Changelog

  • Added Custom Field Lists for Text Exporters
  • Bug Fix for reading from stdin
  • Other Bug Fixes

super_mediator Release 0.1.7, 2012-Oct-9

Changelog

  • Added ability to filter by IP in IPset (requires SiLK IPset library)
  • DNS IPFIX export bug fix.
  • Add Max TTL Field to DNS Deduplicated IPFIX output

super_mediator Release 0.1.6, 2012-Sep-10

Changelog

  • Added Automatic import into MySQL database
  • Bug Fixes

super_mediator Release 0.1.5, 2012-Jul-31

Changelog

  • Added DNSSEC awareness.
  • Added New SSL Information Elements.
  • Added flow stats elements from YAF 2.3.0.
  • Added DHCP Fingerprinting Elements.
  • Enhancements for uploading CSV files to a database.
  • Bug Fixes.

super_mediator Release 0.1.4, 2012-Jun-12

Changelog

  • Added option to timestamp rolling DPI CSV files.
  • Added option to print flow "index" with DPI data.
  • Bug Fixes.

super_mediator Release 0.1.3, 2012-May-7

Changelog

  • Enhanced DPI to CSV export.
  • Bug Fixes.

super_mediator Release 0.1.2, 2012-Apr-3

Changelog

  • Bug Fix for multiple exporters.
  • Bug Fix for 64 bit OS for text exporters.

super_mediator Release 0.1.1, 2012-Mar-28

Changelog

  • Option to remove empty output files
  • Improved Logging
  • Bug Fix for de-duplication of DNS NXDomain Records
  • Other Bug Fixes.