LiFTeR: Changes for September 18, 2015
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.10.2-5.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm -
SiLK is the System for Internet-Level Knowledge, a collection of
traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks.
The SiLK analysis suite has been recompiled to make use of the default UTC time rather than local time. Please be aware of the following changes that will need to be made to any existing analytics or workflows if you would like to continue to make use of local time rather than UTC.
- Any analytic or workflow that makes use of a SiLK tool that outputs time (e.g., rwcut, rwcount, etc.) will need to be changed to use the --timestamp-format=local switch in the SiLK command(s).
- Additionally, the TZ environment variable or system clock will need to be set to the local time zone that is desired.
- Any analytic or workflow that makes use of a SiLK tool that takes time as an input (e.g., rwfilter, rwcount, etc.) will need to be changed to convert local time to UTC. On a *nix system, this can be done by making use of the date(1) program. See the man page for complete documentation.
An example command that can be used to convert a local date time to UTC for use in the --start-date switch is:
date -ud <local date time> +%Y/%m/%dT%H
- silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.10.2-6.{fc17,fc18,fc19,fc20,fc21,fc22}.{i686,x86_64}.rpm and
silk-{analysis,common,devel,flowcap,rwflowappend,rwflowpack,rwpollexec,rwreceiver,rwsender}-3.10.2-6.{el6,el7}.x86_64.rpm -
This release of the SiLK tools can be found in an optional repository that is now part of
cert-forensics-tools-release named forensics-sip, the definition of which can be found in /etc/yum.repos.d/cert-forensics-tools.repo.
This repo is diabled by default and can be enabled by running the script named /usr/bin/EnableSilkWithIPA as root.
These packages have also been recomplied to make use of the default UTC time rather than local time.
See above.
- fmem-kernel-modules-fc22-{i686,x86_64}-1.6-1.12.noarch.rpm - Support for the following kernels were added for
Fmem:
- 4.1.6-201 for FC22
- lime-kernel-modules-fc22-{i686,x86_64}-1.1.r17-12.noarch.rpm - Support for the following kernels were added for
LiME:
- 4.1.6-201 for FC22
- fmem-kernel-modules-el7-x86_64-1.6-1.14.noarch.rpm - Support for the following kernels were added for
Fmem:
- 3.10.0-229.14.1 for EL7
- lime-kernel-modules-el7-x86_64-1.1.r17-14.noarch.rpm - Support for the following kernels were added for
LiME:
- 3.10.0-229.14.1 for EL7