[Snort-users] Question about Sguil

Doug Burks doug.burks at ...11827...
Fri Jun 20 12:36:11 EDT 2014


Hi Matt,

I'd recommend that you download Security Onion and install it in a VM
to get a feel for the Sguil architecture.  In just a few minutes
you'll have the Sguil client, server, and sensor up and running, along
with barnyard2, mysql, pulledpork, and lots of other goodies.

http://securityonion.net

On Fri, Jun 20, 2014 at 12:21 PM, Matt Martin <MMartin at ...16693...> wrote:
> Hello All,
>
>
>
> I am currently using BASE as my frontend for Snort. But I get errors when
> clicking into lots of stuff on the GUI, so I’m looking into other GUI
> frontends for Snort. Not to mention mostly every time I click on an “Alert”,
> when the page loads in the browser it just says in red that “Alert Deleted”…
> Don’t know why would it be deleting alerts…
>
>
>
> But anyway, I came across Sguil which seems to be a pretty popular choice
> amongst GUI frontends for Snort. But I am a bit confused by the installation
> process, so I was hoping someone could explain this question below for me…?
>
>
>
> I downloaded the most recent version of Sguil (*Sguil Version 0.9.0). And
> reading about the installation process on a number of different sites I am
> still confused by the Client/Server/Sensor architecture of it. I currently
> have my Snort installation, along with Barnyard2, MySQL, BASE and Oinkmaster
> all on the same server (*I downloaded PulledPork because I heard good
> things, but still need to install it and replace Oinkmaster…). I have had
> Snort running now on this server for a few weeks and it seems to be going
> well, except for the frontend...
>
>
>
> So since I have Snort all contained on a single server am I supposed to
> install Sguil Client, Server, and Sensor on that server as well? If I want
> to use it simply as a frontend to Snort, do I need all 3 of those? I
> couldn’t find any installation docs for Sguil for when Snort and it’s MySQL
> Database are on the same server. All the docs seemed to be for “split” Snort
> installations, i.e. across multiple servers…
>
>
>
> Could anyone explain to me those 3 different parts to Sguil? And whether or
> not I need all 3 of them installed?
>
> Any thoughts or suggestions would be much appreciated!
>
>
>
> Thanks in Advance,
>
> Matt
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!



-- 
Doug Burks




More information about the Snort-users mailing list