[Snort-users] Sguil 0.6.0 Released

Bamm Visscher bamm.visscher at ...11827...
Fri Dec 2 14:16:06 EST 2005


Yes, until barnyard is released with the new op_sguil, it will require
patching. I need to get a hold of Andrew and see iwhat we can do.

Bammkkkk

On 12/2/05, Paul Schmehl <pauls at ...6838...> wrote:
> Bamm, will this version *require* patching barnyard?  (If it does, I want
> to submit an update to the barnyard port for FreeBSD to patch it when it's
> installed, rather than trying to do it in conjunction with the sguil ports.
>
> --On Thursday, December 01, 2005 10:29:33 -0700 Bamm Visscher
> <bamm.visscher at ...11827...> wrote:
>
> > Announcing the release of sguil version 0.6.0.
> >
> > Sguil (pronounced sgweel) is built by network security analysts for
> > network security analysts. Sguil's main component is an intuitive GUI
> > that provides realtime events from snort/barnyard. It also includes
> > other components which facilitate the practice of Network Security
> > Monitoring and event driven analysis of IDS alerts. The sguil client
> > is written in tcl/tk and can be run on any operating system that
> > supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
> >
> > Sguil version 0.6.0 contains two significant differences from previous
> > versions. The first difference is the use of the Mysql MRG_MyISAM
> > (MERGE) engine for the sancp, event, *hdr, and data tables.  With the
> > MERGE engine, it is possible to keep hundreds of millions of rows of
> > data active and online and still be functional (queries to the DB are
> > reasonably responsive).  The use of MERGE and the associated schema
> > makes backing up and restoring data amazingly simple and quick. The
> > UPGRADE text in the sguil-0.6.0/doc directory of the source contains
> > more detail as well as upgrade instructions.
> >
> > The second major change was to the sguil output plugin for barnyard
> > (op_sguil) and the communications structure between the sensors and
> > sguild. Op_sguil now uses tcl libraries and sends data via localhost
> > to the sensor's agent.  All communications between the sensor and
> > sguild now flow thru sensor_agent. This means the mysql libraries are
> > no longer needed on the sensors. Since barnyard does not need to be
> > compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be
> > used together without any license conflicts.
> >
> > Other changes include:
> > * Support for the sfportscan preprocessor.
> > * Sensor status display in the client.
> > * incident_report.tcl script for creating PHB html reports
> >
> > Happy F8ing,
> >
> > Bammkkkk
> >
> > --
> > sguil - The Analyst Console for NSM
> > http://sguil.sf.net
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > files for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> > http://ads.osdn.com/?ad_idv37&alloc_id?865&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> Paul Schmehl (pauls at ...6838...)
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/ir/security/
>


--
sguil - The Analyst Console for NSM
http://sguil.sf.net




More information about the Snort-users mailing list