[Snort-users] Sguil 0.6.0 Released
pauls at ...6838...
Fri Dec 2 14:09:37 EST 2005
Bamm, will this version *require* patching barnyard? (If it does, I want
to submit an update to the barnyard port for FreeBSD to patch it when it's
installed, rather than trying to do it in conjunction with the sguil ports.
--On Thursday, December 01, 2005 10:29:33 -0700 Bamm Visscher
<bamm.visscher at ...11827...> wrote:
> Announcing the release of sguil version 0.6.0.
> Sguil (pronounced sgweel) is built by network security analysts for
> network security analysts. Sguil's main component is an intuitive GUI
> that provides realtime events from snort/barnyard. It also includes
> other components which facilitate the practice of Network Security
> Monitoring and event driven analysis of IDS alerts. The sguil client
> is written in tcl/tk and can be run on any operating system that
> supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
> Sguil version 0.6.0 contains two significant differences from previous
> versions. The first difference is the use of the Mysql MRG_MyISAM
> (MERGE) engine for the sancp, event, *hdr, and data tables. With the
> MERGE engine, it is possible to keep hundreds of millions of rows of
> data active and online and still be functional (queries to the DB are
> reasonably responsive). The use of MERGE and the associated schema
> makes backing up and restoring data amazingly simple and quick. The
> UPGRADE text in the sguil-0.6.0/doc directory of the source contains
> more detail as well as upgrade instructions.
> The second major change was to the sguil output plugin for barnyard
> (op_sguil) and the communications structure between the sensors and
> sguild. Op_sguil now uses tcl libraries and sends data via localhost
> to the sensor's agent. All communications between the sensor and
> sguild now flow thru sensor_agent. This means the mysql libraries are
> no longer needed on the sensors. Since barnyard does not need to be
> compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be
> used together without any license conflicts.
> Other changes include:
> * Support for the sfportscan preprocessor.
> * Sensor status display in the client.
> * incident_report.tcl script for creating PHB html reports
> Happy F8ing,
> sguil - The Analyst Console for NSM
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users