[Snort-users] Question about Sguil
MMartin at ...16693...
Fri Jun 20 13:27:15 EDT 2014
Hey Doug, thanks for the reply!
Is security Onion required for Sguil, or just recommended? Because I have Snort already installed on a Dell Poweredge Server (*2950 I think is the model...), with 6 HDDs in a RAID5 Array and 8 Intel Xeon cores, . This server was previously used for other purposes, but since most of our Servers have gone virtual we had a few servers lying around for me to choose from to install Snort on.
From what I read Security Onion it is a OS/Linux Distro in it of itself, based on RedHat. And it comes with Snort, Barnyard2, etc already pre-installed... Is that correct?
While I was writing this I was speaking with my manager and we ARE going to give it a try. We are going to use one of old email servers (*Dell something...) and we're going to install Security Onion and give it a go... Sounds promising!
Thanks again for the suggestion!
From: Doug Burks [mailto:doug.burks at ...11827...]
Sent: Friday, June 20, 2014 12:36 PM
To: Matt Martin
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Question about Sguil
I'd recommend that you download Security Onion and install it in a VM to get a feel for the Sguil architecture. In just a few minutes you'll have the Sguil client, server, and sensor up and running, along with barnyard2, mysql, pulledpork, and lots of other goodies.
On Fri, Jun 20, 2014 at 12:21 PM, Matt Martin <MMartin at ...16693...> wrote:
> Hello All,
> I am currently using BASE as my frontend for Snort. But I get errors
> when clicking into lots of stuff on the GUI, so I’m looking into other
> GUI frontends for Snort. Not to mention mostly every time I click on
> an “Alert”, when the page loads in the browser it just says in red
> that “Alert Deleted”… Don’t know why would it be deleting alerts…
> But anyway, I came across Sguil which seems to be a pretty popular
> choice amongst GUI frontends for Snort. But I am a bit confused by the
> installation process, so I was hoping someone could explain this question below for me…?
> I downloaded the most recent version of Sguil (*Sguil Version 0.9.0).
> And reading about the installation process on a number of different
> sites I am still confused by the Client/Server/Sensor architecture of
> it. I currently have my Snort installation, along with Barnyard2,
> MySQL, BASE and Oinkmaster all on the same server (*I downloaded
> PulledPork because I heard good things, but still need to install it
> and replace Oinkmaster…). I have had Snort running now on this server
> for a few weeks and it seems to be going well, except for the frontend...
> So since I have Snort all contained on a single server am I supposed
> to install Sguil Client, Server, and Sensor on that server as well? If
> I want to use it simply as a frontend to Snort, do I need all 3 of
> those? I couldn’t find any installation docs for Sguil for when Snort
> and it’s MySQL Database are on the same server. All the docs seemed to
> be for “split” Snort installations, i.e. across multiple servers…
> Could anyone explain to me those 3 different parts to Sguil? And
> whether or not I need all 3 of them installed?
> Any thoughts or suggestions would be much appreciated!
> Thanks in Advance,
> -------- HPCC Systems Open Source Big Data Platform from LexisNexis
> Risk Solutions Find What Matters Most in Your Big Data with HPCC
> Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
More information about the Snort-users