[Snort-users] Question about Sguil

Doug Burks doug.burks at ...11827...
Fri Jun 20 13:31:11 EDT 2014

Hi Matt,

Replies inline.

On Fri, Jun 20, 2014 at 1:27 PM, Matt Martin <MMartin at ...16693...> wrote:
> Hey Doug, thanks for the reply!
> Is security Onion required for Sguil, or just recommended?

Security Onion is not required, but it's the quickest and easiest way
to get Sguil up and running.

> Because I have Snort already installed on a Dell Poweredge Server (*2950 I think is the model...), with 6 HDDs in a RAID5 Array and 8 Intel Xeon cores, . This server was previously used for other purposes, but since most of our Servers have gone virtual we had a few servers lying around for me to choose from to install Snort on.
> From what I read Security Onion it is a OS/Linux Distro in it of itself, based on RedHat.

Yes, Security Onion is a complete Linux distro, but it is based on Ubuntu 12.04.

> And it comes with Snort, Barnyard2, etc already pre-installed... Is that correct?

Yes, Security Onion includes Snort, Barnyard2, etc. already pre-installed.

> While I was writing this I was speaking with my manager and we ARE going to give it a try. We are going to use one of old email servers (*Dell something...) and we're going to install Security  Onion and give it a go... Sounds promising!

Excellent, thanks!  If you have any questions or problems regarding
Security Onion, please use our security-onion mailing list:


More information about the Snort-users mailing list