Snort mailing list archives
Re: Squil - installation on Snort
From: Bamm Visscher <bamm () satx rr com>
Date: Fri, 1 Aug 2003 11:51:22 -0500
Yep, I have it running and others are installing it too (http://screamingelectron.org/phpBB2/viewtopic.php?t=603). No, there are no RPMs available for the install (yet). Rich Bejtlich recently released an updated doc for running sguil-0.2.5 on RedHat 7.3 (http://sguil.sourceforge.net/sguil_install_guide_for_release_0-2-5.pdf). I realize installing sguil and all its components can be complicated, but there are a number of individuals who will gladly help you, including myself. I am not sure what 'demo' you were talking about seeing with the SourceFire rep, but I have a server set up where people can test drive the client and decide if it is something they want to invest their time to completely install the rest of the components (http://marc.theaimsgroup.com/?l=snort-users&m=105847582924634&w=2). You can even test drive the client in a win32 environment by following Rich's instructions in his July 18th post to his blog (http://taosecurity.blogspot.com). I am not sure what is being asked in your second question. Sguil cannot use the snort/ACID DB schema. I know it's annoying, but the topic has been addressed many times in many forums. The current snort DB schema does not scale well. If you already have mysql installed, then it's simple to create another "database" in mysql. On init, sguild can create the DB and tables needed for you. A simple diagram of all the components and how they interact can be found here: http://sguil.sourceforge.net/diagram.txt. Bammkkkk On Fri, Aug 01, 2003 at 08:47:46AM -0700, Tony Martin wrote:
Hi all, Is anyone out there currently running the Squil frontend? If so I have a question or two about the installation. First, I do have the install doc from Sourceforge, but it is starting to look like a bunch of work for something that might not work for me. Has anyone seen any RPM's for this? Secondly, Did you have to add another server the guild server? or did you just run it from the current database server? I am real lost on this, but the frontend looks really cool. I saw a demo of this, well their version of it with a SourceFire rep. Thanks Belthrax --------------------------------- Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo.
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Squil - installation on Snort Tony Martin (Aug 01)
- Re: Squil - installation on Snort Erek Adams (Aug 01)
- Re: Squil - installation on Snort Bamm Visscher (Aug 01)