Vortex News

Revision 59 has been uploaded which has some small additions to the documentation including clarification on derivative works and references to vortex related contributions from the community.

For those who don't want to download, the diff is below:

--- linux_sensors/vortex/rpm/vortex.README 2011/09/15 13:42:26 2456
+++ linux_sensors/vortex/rpm/vortex.README 2011/09/16 13:54:33 2457
@@ -21,6 +21,9 @@
The libraries to which Vortex links are distributed under the terms of their own licenses.
Please see those libraries for their applicable licenses.... read more

Martin Holste has contributed the following patch and instructions on compiling vortex on BSD. This disables some features that aren't frequently used and aren't very portable (prioritization and CPU affinity). Hopefully this is helpful to others:

Ok, I got it to compile on FreeBSD 8.1 with the following minor patch to add a BSD define flag to disable CPU affinity:

52,55d51
< #ifdef BSD
< #include <limits.h>
< #define SIZE_MAX _POSIX_SSIZE_MAX
< #else
57d52
< #endif
73d67
< #ifndef BSD
76d69
< #endif
692d684
< #ifndef BSD
709d700
< #endif
775,776c766
<
< #ifndef BSD
---
>
794d783
< #endif
960d948
< #ifndef BSD
978d965
< #endif
1927,1928c1914
<
< #ifndef BSD
---
>
1947d1932
< #endif... read more

The StreamDB Project has recently been announced: http://code.google.com/p/streamdb/
StreamDB is a high-performance framework for storing network streams. The current version uses Vortex IDS to read the streams from a file or network interface and saves them to an indexed DB and data file....

A new .tgz for vortex 2.9.0 has been released. This should fix the compilation issue that was occuring for some platforms. This download also includes xpipes, the exclusion of which was an oversight.

The RPMs are unaffected. No changes to functionality were made.

Some users are reporting trouble compiling vortex 2.9.0 on some platforms, including ubuntu. It appears the easiest fix is to change the include from <linux/limits.h> to <limits.h>. It should also be noted that people who are interested in performance should consider enabling optimization in their compiler. The RPM versions are compiled with the red hat default flags which include -O2.... read more

Version 2.9.0 is available for download. This release includes various fixes, huge performance improvements, better debugging/error reporting/statistics, removal of arbitrary 2GB limits, and even a new feature when replaying from capture files where output files have their timestamps set the to the appropriate times from the pcap.

Happy Holidays!

Changlog is as follows:

* Wed Dec 15 2010 Charles Smutz <opensource.tools.security@lmco.com> 2.9.0-57
- Rebuild for public distribution... read more

Vortex has been included on Security Onion Live, http://code.google.com/p/security-onion/, an ubuntu based LiveCD devoted to IDS. See http://securityonion.blogspot.com/2010/10/security-onion-live-20101010-edition.html for the announcement.

SmuSec has posted another entry in their vortex howto series: http://smusec.blogspot.com/search/label/vortex%20howto

RPMs for vortex built against libnids 1.24 are available for download. Look for the RPMs with revision number 51. Previous RPMs, including revision 49, were all built against 1.23. Hence, the difference between vortex-2.8.1-51.el5.x86_64.rpm and vortex-2.8.1-49.el5.x86_64.rpm is the version of libnids required.

Vortex has found itself in a few blogs lately.
Securityfu has an introduction to and overview of vortex. http://securityfu.blogspot.com/2010/02/vortex-ids-get-super-snagadocious-on.html
SmuSec is running a series of howtos on vortex. http://smusec.blogspot.com/2010/03/vortex-howto-series-network.html

Version 1.24 of libnids has been released. http://libnids.sourceforge.net/ This update includes a fix for a remotely triggerable bug. Vortex users will want to consider using this new version of libnids. Many thanks to Rafal for continuing to maintain a truly excellent utility!

Version 2.8.1 includes a utility, xpipes, that facilitates highly parallel analysis using analyzer programs designed for the vortex interface. A few improvements to documentation are included also.

We've released version 2.8.0. The biggest changes are some defaults which have changed. We've also tried to improve usability through more warning and printing of stats/errors on exit. Byte counts are now included in performance statistics. There is a little more documentation. The -v option allows for dumping of empty streams (requested feature). A bug that exhibited itself when data was collected in both directions and which was exacerbated by low collection size limits has been fixed.
Happy Holidays!

2.7.1 Adds a fix for the threading model which enables the previously implemented but bypassed lockless ring buffer and separate lower priority thread for data output. There are also minor fixes such as file name output (no more double //).

We've released V2.7. The main improvement is the addition of the "-K" option to specify an idle timeout for TCP connections. This addresses a long standing apparent memory leak caused by unterminated or otherwise incomplete connections.

The downloads area has been reorganized, separating libbsf from vortex. Tarballs are posted in addition to srpms and rpms. V2.6 released!

As promised, source and binary RPMS have been posted.

Look for the first public release of vortex to be uploaded by the end of March, hopefully sooner!