CounterSnipe APD and Management Console v2.2

• Features added or enhanced in this release
• Bugs fixed in this release
• Upgrade instructions
• Assistance

• The display of recent system log entries on each Device summary page has been replaced with a viewer that allows viewing the last 24 hours of log entries for all managed devices and the ability to filter the list by date range, source device(s) and source program(s).
• It is now possible both to reboot and to power down any managed device via the web interface.
• The embedded Snort and Barnyard components have been upgraded to 2.2 and 0.2 respectively.
• Policies (default actions) can now be specified that apply globally (for all devices) to all signatures in a signature group.
• The backup and restore processes have been encapsulated into menu entries on the device's console (non-web) menu.
• Numerous usability improvements including:
  • The ability to create an incident directly from a set of events.
  • User documentation is now available through the web interface.
  • Screens showing "traffic lights" are now automatically refreshed every 20 seconds.
  • The dashboard can optionally show only devices in a selected group, rather than all devices.
  • Signatures containing references to web-accessible third-party security databases are now presented with clickable links directly to the relevant web pages.
  • Devices no longer have seperate names and hostnames, instead they only have a hostname.

• The backup instructions contained a typo. This has now been rendered moot by the encapsulation of this process.

• Be aware that this upgrade process is both more complex and potentially more time consuming than previous upgrades. You are advised to schedule at least an hour's downtime for the device and that that hour be in your support organisation's office hours to allow rapid access to expert support should it be required.
• Ensure that each device is already at 2.1-6. To do this, visit each device's summary page in the web interface and look for its cs-agent version. If any of your devices are not at 2.1-6, then do not proceed with these upgrade instructions; call for support immediately.
• As usual, log onto each device in turn via ssh (or local keyboard and screen, or local serial port) and:
  - Select upgrade from the menu.
  - Note that the removal of packages named oidentd, snort and snort-rules-default is intentional.
  - You will most likely be asked "Enable the iptables init.d script?".
  Answer "No".
  - You may find that the process pauses with a message about an event backlog being cleared before the upgrade can proceed. If this occurs and the spinner at the bottom of the screen is not turning then no progress is being made and you'll be waiting indefinitely; call for support if this occurs.
  If the spinner is turning and you are willing to wait, then by all means wait. If the spinner is turning, but is taking longer than you are willing to wait, then call for support.
  - Verify that the upgrade operation runs to completion without reporting an error.
  
• Login to the web interface, open the default device group and press Deploy Configurations.
• Once all of the Configuration Status traffic lights have turned green again, visit each device's summary page in turn, select Reboot Device and press Submit.
• Be aware that the new syslog viewer may be confused by malformed entries in your existing system log. This will show up as some entries being presented in red and lots of unreasonable program names appearing next to checkboxes at the bottom of the page. This problem will dissappear once all kernel-generated entries in the syslog have "kernel: " prepended to them, which will be the case within 24 hours of the upgrade being applied. So, if you see this problem, ignore it for 24 hours. In the unlikely event that it persists, call for support.