[Snort-users] Sguil 0.6.0 Released
pauls at ...6838...
Fri Dec 2 15:32:05 EST 2005
OK. In the meantime, I can patch barnyard by fetching the squil port,
extracting the patches for barnyard from it and applying them to barnyard
before the build.
I'll take a look at it this weekend.
--On Friday, December 02, 2005 15:15:33 -0700 Bamm Visscher
<bamm.visscher at ...11827...> wrote:
> Yes, until barnyard is released with the new op_sguil, it will require
> patching. I need to get a hold of Andrew and see iwhat we can do.
> On 12/2/05, Paul Schmehl <pauls at ...6838...> wrote:
>> Bamm, will this version *require* patching barnyard? (If it does, I want
>> to submit an update to the barnyard port for FreeBSD to patch it when
>> it's installed, rather than trying to do it in conjunction with the
>> sguil ports.
>> --On Thursday, December 01, 2005 10:29:33 -0700 Bamm Visscher
>> <bamm.visscher at ...11827...> wrote:
>> > Announcing the release of sguil version 0.6.0.
>> > Sguil (pronounced sgweel) is built by network security analysts for
>> > network security analysts. Sguil's main component is an intuitive GUI
>> > that provides realtime events from snort/barnyard. It also includes
>> > other components which facilitate the practice of Network Security
>> > Monitoring and event driven analysis of IDS alerts. The sguil client
>> > is written in tcl/tk and can be run on any operating system that
>> > supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
>> > Sguil version 0.6.0 contains two significant differences from previous
>> > versions. The first difference is the use of the Mysql MRG_MyISAM
>> > (MERGE) engine for the sancp, event, *hdr, and data tables. With the
>> > MERGE engine, it is possible to keep hundreds of millions of rows of
>> > data active and online and still be functional (queries to the DB are
>> > reasonably responsive). The use of MERGE and the associated schema
>> > makes backing up and restoring data amazingly simple and quick. The
>> > UPGRADE text in the sguil-0.6.0/doc directory of the source contains
>> > more detail as well as upgrade instructions.
>> > The second major change was to the sguil output plugin for barnyard
>> > (op_sguil) and the communications structure between the sensors and
>> > sguild. Op_sguil now uses tcl libraries and sends data via localhost
>> > to the sensor's agent. All communications between the sensor and
>> > sguild now flow thru sensor_agent. This means the mysql libraries are
>> > no longer needed on the sensors. Since barnyard does not need to be
>> > compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be
>> > used together without any license conflicts.
>> > Other changes include:
>> > * Support for the sfportscan preprocessor.
>> > * Sensor status display in the client.
>> > * incident_report.tcl script for creating PHB html reports
>> > Happy F8ing,
>> > Bammkkkk
>> > --
>> > sguil - The Analyst Console for NSM
>> > http://sguil.sf.net
>> > -------------------------------------------------------
>> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>> > files for problems? Stop! Download the new AJAX search engine that
>> > makes searching your log files as easy as surfing the web. DOWNLOAD
>> > SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id?865&op=click
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> Paul Schmehl (pauls at ...6838...)
>> Adjunct Information Security Officer
>> University of Texas at Dallas
>> AVIEN Founding Member
> sguil - The Analyst Console for NSM
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users