Re: [Sguil-devel] More power, please?
Status: Beta
Brought to you by:
bamm
From: Bamm V. <ba...@sa...> - 2003-02-19 23:20:45
|
Actually, sguild loads the portscan data into the db. If you then highlight a portscan event in sguil.tk, the packet information will be replaced by a portscan display. Sguild queries the db for the data based on the src_ip and date of the scan. An older screen shot of this can be seen here: http://www.satexas.com/~bamf/sguil/images/sguil_ps_win.png Bammkkkk On Thu, Feb 20, 2003 at 03:05:34AM +0800, Jeffrey wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thursday 20 February 2003 02:35, Michael Boman wrote: > > > > PS > > Does sguild do anything more with portscan data except populating the > > database server? > > DS > > at this point I think it doesnt - although i'm not too sure about plans for > the future. > > The agent sends the portscan over, and then sguild attempts to upload the data > into the db, failing which it will leave a copy of the portscan on the hd. > > - -jf |