[Snort-users] Sguil 0.6.0 Released

Paul Schmehl pauls at ...6838...
Fri Dec 2 15:32:05 EST 2005


OK.  In the meantime, I can patch barnyard by fetching the squil port, 
extracting the patches for barnyard from it and applying them to barnyard 
before the build.

I'll take a look at it this weekend.

--On Friday, December 02, 2005 15:15:33 -0700 Bamm Visscher 
<bamm.visscher at ...11827...> wrote:

> Yes, until barnyard is released with the new op_sguil, it will require
> patching. I need to get a hold of Andrew and see iwhat we can do.
>
> Bammkkkk
>
> On 12/2/05, Paul Schmehl <pauls at ...6838...> wrote:
>> Bamm, will this version *require* patching barnyard?  (If it does, I want
>> to submit an update to the barnyard port for FreeBSD to patch it when
>> it's installed, rather than trying to do it in conjunction with the
>> sguil ports.
>>
>> --On Thursday, December 01, 2005 10:29:33 -0700 Bamm Visscher
>> <bamm.visscher at ...11827...> wrote:
>>
>> > Announcing the release of sguil version 0.6.0.
>> >
>> > Sguil (pronounced sgweel) is built by network security analysts for
>> > network security analysts. Sguil's main component is an intuitive GUI
>> > that provides realtime events from snort/barnyard. It also includes
>> > other components which facilitate the practice of Network Security
>> > Monitoring and event driven analysis of IDS alerts. The sguil client
>> > is written in tcl/tk and can be run on any operating system that
>> > supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
>> >
>> > Sguil version 0.6.0 contains two significant differences from previous
>> > versions. The first difference is the use of the Mysql MRG_MyISAM
>> > (MERGE) engine for the sancp, event, *hdr, and data tables.  With the
>> > MERGE engine, it is possible to keep hundreds of millions of rows of
>> > data active and online and still be functional (queries to the DB are
>> > reasonably responsive).  The use of MERGE and the associated schema
>> > makes backing up and restoring data amazingly simple and quick. The
>> > UPGRADE text in the sguil-0.6.0/doc directory of the source contains
>> > more detail as well as upgrade instructions.
>> >
>> > The second major change was to the sguil output plugin for barnyard
>> > (op_sguil) and the communications structure between the sensors and
>> > sguild. Op_sguil now uses tcl libraries and sends data via localhost
>> > to the sensor's agent.  All communications between the sensor and
>> > sguild now flow thru sensor_agent. This means the mysql libraries are
>> > no longer needed on the sensors. Since barnyard does not need to be
>> > compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be
>> > used together without any license conflicts.
>> >
>> > Other changes include:
>> > * Support for the sfportscan preprocessor.
>> > * Sensor status display in the client.
>> > * incident_report.tcl script for creating PHB html reports
>> >
>> > Happy F8ing,
>> >
>> > Bammkkkk
>> >
>> > --
>> > sguil - The Analyst Console for NSM
>> > http://sguil.sf.net
>> >
>> >
>> > -------------------------------------------------------
>> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>> > files for problems?  Stop!  Download the new AJAX search engine that
>> > makes searching your log files as easy as surfing the  web.  DOWNLOAD
>> > SPLUNK! http://ads.osdn.com/?ad_idv37&alloc_id?865&op=click
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>>
>> Paul Schmehl (pauls at ...6838...)
>> Adjunct Information Security Officer
>> University of Texas at Dallas
>> AVIEN Founding Member
>> http://www.utdallas.edu/ir/security/
>>
>
>
> --
> sguil - The Analyst Console for NSM
> http://sguil.sf.net



Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/




More information about the Snort-users mailing list