[Snort-users] Sguil 0.6.0 Released

Paul Schmehl pauls at ...6838...
Fri Dec 2 14:09:37 EST 2005


Bamm, will this version *require* patching barnyard?  (If it does, I want 
to submit an update to the barnyard port for FreeBSD to patch it when it's 
installed, rather than trying to do it in conjunction with the sguil ports.

--On Thursday, December 01, 2005 10:29:33 -0700 Bamm Visscher 
<bamm.visscher at ...11827...> wrote:

> Announcing the release of sguil version 0.6.0.
>
> Sguil (pronounced sgweel) is built by network security analysts for
> network security analysts. Sguil's main component is an intuitive GUI
> that provides realtime events from snort/barnyard. It also includes
> other components which facilitate the practice of Network Security
> Monitoring and event driven analysis of IDS alerts. The sguil client
> is written in tcl/tk and can be run on any operating system that
> supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
>
> Sguil version 0.6.0 contains two significant differences from previous
> versions. The first difference is the use of the Mysql MRG_MyISAM
> (MERGE) engine for the sancp, event, *hdr, and data tables.  With the
> MERGE engine, it is possible to keep hundreds of millions of rows of
> data active and online and still be functional (queries to the DB are
> reasonably responsive).  The use of MERGE and the associated schema
> makes backing up and restoring data amazingly simple and quick. The
> UPGRADE text in the sguil-0.6.0/doc directory of the source contains
> more detail as well as upgrade instructions.
>
> The second major change was to the sguil output plugin for barnyard
> (op_sguil) and the communications structure between the sensors and
> sguild. Op_sguil now uses tcl libraries and sends data via localhost
> to the sensor's agent.  All communications between the sensor and
> sguild now flow thru sensor_agent. This means the mysql libraries are
> no longer needed on the sensors. Since barnyard does not need to be
> compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be
> used together without any license conflicts.
>
> Other changes include:
> * Support for the sfportscan preprocessor.
> * Sensor status display in the client.
> * incident_report.tcl script for creating PHB html reports
>
> Happy F8ing,
>
> Bammkkkk
>
> --
> sguil - The Analyst Console for NSM
> http://sguil.sf.net
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> files for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_idv37&alloc_id?865&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-users mailing list