1) NST is self documented. Hovering your mouse over an Action Button should reveal docs and notes for the action.
2) The Sguil Web or Sguil GUI says that the User ID is: "sguil" and the password is the Snort (Sguil) Database access password.
3) This password can be found in file: "/etc/nst.conf". Look for the "NSTCTSNORTPASSWD" entry.
4) This password can be set from the NST WUI: System -> User & Passwords -> NST Password section "Snort (Sguil) Database Access"
rwh
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Wondering if anyone has managed to login - having the same issue. I have changed/verified password, bounced snort and friends. Still stuggling to login to squil web.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Most like you changed the Snort (Sguil) password after you created a sguil database. To correct you can use the "-drop" option with the "Additional Setup Snort Script Options" input field after you settle on your passord. ***Note: This will destroy all previous detected IDS event data.
rwh
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The password in this case would be: Xbech7uad1Qx - it will be different on your system!
You must have root credentials or be part of the root group in order to read the /etc/nst.conf file (that is why the sudo is required). This file is used by the NST web interface when making queries to the vairous services that it sets up. For example, this allows it to display IDS alert counts from the database when you go to the snort page.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have followed all the step that you all mentioned:
1. Change password by using command "nstpasswd" (In root credential)
2. Check the /etc/nst.conf (In root credential)
Tried few times but failed, is there any thing I have missed?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I would suggest the following and start from scratch:
1) Stop the mariadb (mysql) database.
2) Set new mariadb and snort (sguil) passwords on the NST WUI Password page: System -> Users & Passwords -> Nst Password
3) Start up a new fresh mariadb and delete all tables (i.e. use the -d option) Use the MariaDB NST WUI Management page: Database MariaDB (MySQL) -> MariaDB (MySQL) Database Management.
4) Now you have a known state. You can now log into your MariaDB using Adminer: Database MariaDB (MySQL) -> Adminer - Database Manager
5) Now start up a snort instance with sguil.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm unable to log into SGUIL. What's the username and password?
Yes, I've run nstpasswd.
A couple of things here.
1) NST is self documented. Hovering your mouse over an Action Button should reveal docs and notes for the action.
2) The Sguil Web or Sguil GUI says that the User ID is: "sguil" and the password is the Snort (Sguil) Database access password.
3) This password can be found in file: "/etc/nst.conf". Look for the "NSTCTSNORTPASSWD" entry.
4) This password can be set from the NST WUI: System -> User & Passwords -> NST Password section "Snort (Sguil) Database Access"
rwh
Wondering if anyone has managed to login - having the same issue. I have changed/verified password, bounced snort and friends. Still stuggling to login to squil web.
Most like you changed the Snort (Sguil) password after you created a sguil database. To correct you can use the "-drop" option with the "Additional Setup Snort Script Options" input field after you settle on your passord. ***Note: This will destroy all previous detected IDS event data.
rwh
The sguil login/password after setting up snort/sguil from the NST web interface are as follows:
Login as: sguil
Password:
You can get the password that is randomly generated (unless you explicitly set it prior to set up) from the /etc/nst.conf file via:
The password in this case would be: Xbech7uad1Qx - it will be different on your system!
You must have root credentials or be part of the root group in order to read the /etc/nst.conf file (that is why the sudo is required). This file is used by the NST web interface when making queries to the vairous services that it sets up. For example, this allows it to display IDS alert counts from the database when you go to the snort page.
Dear all,
I have followed all the step that you all mentioned:
1. Change password by using command "nstpasswd" (In root credential)
2. Check the /etc/nst.conf (In root credential)
Tried few times but failed, is there any thing I have missed?
The worst thing is even mysql password also not able to login after I changed password by "nstpasswd" command..... =.=""
I would suggest the following and start from scratch:
1) Stop the mariadb (mysql) database.
2) Set new mariadb and snort (sguil) passwords on the NST WUI Password page: System -> Users & Passwords -> Nst Password
3) Start up a new fresh mariadb and delete all tables (i.e. use the -d option) Use the MariaDB NST WUI Management page: Database MariaDB (MySQL) -> MariaDB (MySQL) Database Management.
4) Now you have a known state. You can now log into your MariaDB using Adminer: Database MariaDB (MySQL) -> Adminer - Database Manager
5) Now start up a snort instance with sguil.