1.9.0, 2022-Jun-8 2.0.0.alpha1, 2022-Feb-24 1.8.0, 2020-Dec-22 1.7.1, 2019-Oct-24 1.7.0, 2019-Mar-18 1.6.0, 2018-Apr-30 1.5.3.1, 2018-Oct-29 1.5.3, 2017-Oct-19 1.5.2, 2017-Mar-8 1.5.1, 2017-Mar-6 1.5.0, 2017-Jan-5 1.4.0, 2016-Oct-4 1.3.0, 2016-Mar-8 | 1.2.2, 2016-Jan-7 1.2.1, 2015-Dec-29 1.2.0, 2015-Dec-22 1.1.3, 2015-Dec-7 1.1.2, 2015-Oct-28 1.1.1, 2015-Jul-1 1.1.0, 2015-Jun-26 1.0.2, 2014-Oct-15 1.0.1, 2014-Aug-12 1.0.0, 2014-Jun-13 0.4.0, 2014-Mar-4 0.3.0, 2013-May-3 0.2.2, 2013-Feb-26 | 0.2.1, 2013-Feb-8 0.2.0, 2013-Jan-16 0.1.9, 2012-Dec-6 0.1.8, 2012-Oct-26 0.1.7, 2012-Oct-9 0.1.6, 2012-Sep-10 0.1.5, 2012-Jul-31 0.1.4, 2012-Jun-12 0.1.3, 2012-May-7 0.1.2, 2012-Apr-3 0.1.1, 2012-Mar-28 0.1.0, 2012-Mar-1 |
Downloads
(SHA256=a5547967eaa87afabdd0f2419f6149ea248ac26c85d44ce2369785a8ae42e685)
Changelog
- Added support for labeling records based on data from a SiLK IPSet or a SiLK Prefix Map.
- Added support for labeling records with a sensor and flowtype similar to SiLK's rwflowpack tool.
- Added support for OpenSSL 3.0.1.
- Changed JSON output of SSL records for unknown sslObjectType values: For unknown value X, key sslCertObjectIDX is replaced by sslCertIssuerObjectIdX or sslCertSubObjectIdX. When X is 1, EmailAddress is used (e.g., sslCertIssuerEmailAddress) and when X is 25 DomainComponent is used.
- Changed the super_mediator.spec file to configure the build using --with FEATURE options to rpmbuild.
- Fixed a small bug in JSON output of rewritten SSL certificates.
- Fixed bugs in TEXT export of very old YAF SSL data.
- Changed the template scopes for the YAF stats template and Tombstone template to match those used by YAF.
- Fixed a bug in MAC address printing where a trailing ":" appeared.
Downloads
(SHA256=c460effe17b044847bd4e40934cb74d12fabc0aba1e455d195d33c2d6393b3da)
Changelog
- Increased the flexibility of super_mediator by eliminating most internal template definitions and having it use the incoming template definitions instead.
- Changed the syntax of the configuration file; previous versions of the files need to be updated.
- Made changes to the command line parsing and eliminated several options. The configuration file is the preferred way to configure super_mediator.
- Enhanced statistics for types of records read from a collector and written to an exporter.
- Temporarily disabled SiLK IPset and MySQL support.
- Note: Exporting as delimited TEXT is lightly tested and contains bugs.
- Updated the fixbuf requirement to libfixbuf-3.0.0.
Downloads
(SHA256=d42ce8b1b0f830b384b031cc29d3dd08fff61adf408a76fb5b5088e63b10a688)
Changelog
- Added a new switch, --rewrite-ssl-certs, which restructures the template used for TLS/SSL certificates for IPFIX exporters. The template uses specific IEs for some fields in an SSL certificate. The --rewrite-ssl-certs switch also allows a super_mediator to read the new SSL template from an upstream super_mediator. Deduplication of the rewritten certificates is not supported.
- Added the ability to read the new SMTP DPI records exported by YAF 2.12.0.
- Added the observation domain ID to JSON output.
Downloads
(SHA256=42f95148bc0301555ba0b3f4ff46246e12904e7d5f9d7851ed04b847a9df6473)
Changelog
- Added ability to preserve observation domain of incoming records.
- Changed scope of Tombstone records to 3 for consistency with YAF.
- Fixed a crash when TCP collector and CLI --input are used concurrently.
Downloads
(SHA256=b4c8949df6791f34b614b5bd2bbf1631ca5c2510d14e551b12c859f9943341fb)
Changelog
- Support for FixBuf 2.3.0 added, and is now required.
- New YAF stats messages supported.
- New Tombstone format supported.
- Race condition addressed when exporter configured to GZIP and MOVE files.
- Dynamically generated dedup template names added.
- Option record bug fixes.
Downloads
(SHA256=eec12b7cab5164cb7e110c24931989e645c7ef59691d2b6937f4cc26c3ae508d)
Changelog
- Support for FixBuf 2.0.0 added, and is now required.
- Derive information elements from included XML files.
- Support for tombstone records added.
- Fixed flow output bugs where information elements were transposed.
- Support for cmake build removed.
Downloads
(SHA256=ee04201170017f5123fa7ffc30972ad080b633a1c25edc070f1a0848b46ef2cc)
Changelog
- Maintenance release for 1.5.3
- Fix race condition resulting from using GZIP_FILES and MOVE
Downloads
(SHA256=4f46dcff1646cc211446477ee70794c15a0b01fe9d3907cad5462b45b36103c9)
Changelog
- Added template metadata (name and description) record output (libfixbuf 1.8.0 or greater required).
Downloads
(SHA256=1a76a1e6a8a4e4fe4fd84f6110566b32ffcd8b987ea50d64d47190c1a31e3d26)
Changelog
- Fix compile error introduced in version 1.5.1
Downloads
(SHA256=d17614b592734d1f60380315c073df769f60ae66f67acb7025d8afc7a560f0dd)
Changelog
- Add --become-user and --become-group command line options
- Bug Fix for compiling on Alpine Linux
Changelog
- Add support for adding VLAN/Observation IDs to deduplication keys
- Changed format of DEDUP Exporters (added flow start time associated with flow key hash)
- Add ability to insert EXPORTER name in deduplication output records
- Add ability to read gzip'd IPFIX files
- Other Bug Fixes
Changelog
- Add support for multiple protocol deduplication for IPFIX/JSON exporters
- Add post move file option for exporters
- Add PAYLOAD, RPAYLOAD export options to custom field lists
- Empty files are now removed by default
- Bug Fix for uploading MULTI_FILES files to a MySQL database
- Other Bug Fixes
Changelog
- Add file compression support for EXPORTERS
- Add Base64 Encode support for full certificate export
- Changed default file extension for JSON files to .json
- Bug Fix for ESCAPE_CHARS keyword for DNS_DEDUP Exporters
- Fix bug when command line arguments and config file are present
- Other Bug Fixes
Changelog
- Bug Fixes for JSON exporters
Changelog
- Add JSON output option to --output-mode switch
- Bug Fix for JSON exporters (DNS output)
Changelog
- Remove support for fixbuf releases prior to libfixbuf-1.7.0
- Collect and export sslServerName
- Collect, decode, and export full X.509 Certificates
- MD5 hashing of X.509 Certificates with OpenSSL support
- SHA1 hashing of X.509 Certificates with OpenSSL support
- Collect and export list of DHCP options
- Bug Fixes
Changelog
- Bug Fix for logging to syslog
- DNS Deduplication JSON export bug fix
- Update RPM spec file
Changelog
- Bug Fix for TCP/UDP collector(s) that receive minimal data
Changelog
- Bug Fix for Custom Field List Text Exporters
- Bug Fix for configuring SSL De-duplication MAX_HIT_COUNT and FLUSH_TIME
- super_table_creator will now create de-duplication tables
- Documentation updates
Changelog
- Requires libfixbuf 1.4.0 or greater
- SSL Certificate De-duplication
- Advanced SSL field export configuration
- Configurable De-duplication of any DPI Fields
- JSON file export
- Export of unnested DNS Resource Records
- New option to only export DNS Responses
- Add the ability to rotate and compress logs given a valid file directory
- New option to de-duplicate on only particular DNS resource record types
- MULTI_FILES CSV format change
- MySQL schema change for MULTI_FILES
- Bug Fix for Spread Collectors when daemon terminates
- Bug Fixes
Changelog
- Add support for escaping control characters and the delimiter character in DPI strings
- Bug Fix for DNP 3.0 text export
- Other Minor Bug Fixes.
Changelog
- Add support for multiple collectors
- Add support for naming collectors and exporters
- Collector name included in default flow text export
Changelog
- Added SCADA protocol and RTP DPI collection
- Added MySQL automatic reconnection capability
- Syslog logging capability
- Added ability to collect, print, and export MPLS labels
- Added ability to collect, print, and export Type of Service fields
- Incoming IPFIX records that use Delta counters will export the same fields
- Bug Fix for variable redeclaration on some operating systems
- Bug Fix for DNS deduplication timeout
- Other Bug Fixes
Changelog
- Added the ability to define new information elements for collection
- New filter fields: INGRESS and EGRESS
- Added the ability to "AND" filters
- Added New YAF 2.4.0 information elements
- Bug Fixes
Changelog
- Bug Fix for GLib version 2.32 or greater
- Added statistics timeout option for logging super_mediator stats
- Bug Fixes
Changelog
- Added Custom DPI Field List for Text Exporters
- Added --fields switch to command line arguments
- Bug Fix for Time output on some platforms
- Bug Fix for SSL/TLS Text Export
Changelog
- Retry exporter connections when lost
- Keep export statistics per exporter
- Bug Fix for polling directory for IPFIX files
- Bug Fix for moving collector files
Changelog
- Added Custom Field Lists for Text Exporters
- Bug Fix for reading from stdin
- Other Bug Fixes
Changelog
- Added ability to filter by IP in IPset (requires SiLK IPset library)
- DNS IPFIX export bug fix.
- Add Max TTL Field to DNS Deduplicated IPFIX output
Changelog
- Added Automatic import into MySQL database
- Bug Fixes
Changelog
- Added DNSSEC awareness.
- Added New SSL Information Elements.
- Added flow stats elements from YAF 2.3.0.
- Added DHCP Fingerprinting Elements.
- Enhancements for uploading CSV files to a database.
- Bug Fixes.
Changelog
- Added option to timestamp rolling DPI CSV files.
- Added option to print flow "index" with DPI data.
- Bug Fixes.
Changelog
- Enhanced DPI to CSV export.
- Bug Fixes.
Changelog
- Bug Fix for multiple exporters.
- Bug Fix for 64 bit OS for text exporters.
Changelog
- Option to remove empty output files
- Improved Logging
- Bug Fix for de-duplication of DNS NXDomain Records
- Other Bug Fixes.