[Snort-users] Acid and HSC
michael.boman at ...11827...
Mon Nov 8 02:10:55 EST 2004
On Mon, 08 Nov 2004 17:24:25 +0800, sam wun <sam.wun at ...12627...> wrote:
> Michael Boman wrote:
> >On Mon, 08 Nov 2004 16:07:24 +0800, sam wun <sam.wun at ...12627...> wrote:
> >ACID can analyze packet payload, if you configured the database
> >logging correctly. However, if you want to practice true NSM (Network
> >Security Monitoring) I suggest you to take a look at Sguil
> >(www.sguil.net), which offers a range of features that is of interest
> >when you are investigating a possible intrusion or compromise.
> I have no luck install Sguil in FreeBSD. The compilation is overly
> complicated, especially in the TCL/TK related stuff.
> Here is some error:
> # ./sguild
> ERROR: The sha1 package does NOT appear to be installed on this sysem.
> The sha1 package is part of the tcllib extension. A port/package is
> available for most linux and BSD systems.
> However I don't find sha1 available in the port, only sha does.
> Any other alternative?
FreeBSD (or any BSD) is apparently a bit difficult beast to master (I
am responsible for the Linux RPM's and the Windows installer. You can
check them out at http://download.boseco.com if you decide to switch
platform ;) ).
There are BSD specific instructions available on sguil.net how to get
it working. I am sure Bamm or Richard will reply on this with some
*BSD instructions shortly, but I haven't used BSD myself for the last
4 years so.
More information about the Snort-users