Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sguil 0.6.0 Released

From: Bamm Visscher <bamm.visscher () gmail com>
Date: Fri, 2 Dec 2005 15:15:33 -0700
Yes, until barnyard is released with the new op_sguil, it will require
patching. I need to get a hold of Andrew and see iwhat we can do.

Bammkkkk

On 12/2/05, Paul Schmehl <pauls () utdallas edu> wrote:

Bamm, will this version *require* patching barnyard?  (If it does, I want
to submit an update to the barnyard port for FreeBSD to patch it when it's
installed, rather than trying to do it in conjunction with the sguil ports.

--On Thursday, December 01, 2005 10:29:33 -0700 Bamm Visscher
<bamm.visscher () gmail com> wrote:


Announcing the release of sguil version 0.6.0.

Sguil (pronounced sgweel) is built by network security analysts for
network security analysts. Sguil's main component is an intuitive GUI
that provides realtime events from snort/barnyard. It also includes
other components which facilitate the practice of Network Security
Monitoring and event driven analysis of IDS alerts. The sguil client
is written in tcl/tk and can be run on any operating system that
supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

Sguil version 0.6.0 contains two significant differences from previous
versions. The first difference is the use of the Mysql MRG_MyISAM
(MERGE) engine for the sancp, event, *hdr, and data tables.  With the
MERGE engine, it is possible to keep hundreds of millions of rows of
data active and online and still be functional (queries to the DB are
reasonably responsive).  The use of MERGE and the associated schema
makes backing up and restoring data amazingly simple and quick. The
UPGRADE text in the sguil-0.6.0/doc directory of the source contains
more detail as well as upgrade instructions.

The second major change was to the sguil output plugin for barnyard
(op_sguil) and the communications structure between the sensors and
sguild. Op_sguil now uses tcl libraries and sends data via localhost
to the sensor's agent.  All communications between the sensor and
sguild now flow thru sensor_agent. This means the mysql libraries are
no longer needed on the sensors. Since barnyard does not need to be
compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be
used together without any license conflicts.

Other changes include:
* Support for the sfportscan preprocessor.
* Sensor status display in the client.
* incident_report.tcl script for creating PHB html reports

Happy F8ing,

Bammkkkk

--
sguil - The Analyst Console for NSM
http://sguil.sf.net


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id?865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




--
sguil - The Analyst Console for NSM
http://sguil.sf.net


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: