[Sguil-users] Re: Sguil 0.6.0 Released
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
[Sguil-users] Re: Sguil 0.6.0 Released
|
From: Bamm V. <bam...@gm...> - 2005-12-02 22:05:37
|
*sigh* I've confirmed a bug that worked its way in during RC4. I recommend people stick with RC3 until I can confirm the right fix and do a 0.6.1 release. I apologize for the inconvienence. Bammkkkk On 12/1/05, Bamm Visscher <bam...@gm...> wrote: > Announcing the release of sguil version 0.6.0. > > Sguil (pronounced sgweel) is built by network security analysts for > network security analysts. Sguil's main component is an intuitive GUI > that provides realtime events from snort/barnyard. It also includes > other components which facilitate the practice of Network Security > Monitoring and event driven analysis of IDS alerts. The sguil client > is written in tcl/tk and can be run on any operating system that > supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32). > > Sguil version 0.6.0 contains two significant differences from previous > versions. The first difference is the use of the Mysql MRG_MyISAM > (MERGE) engine for the sancp, event, *hdr, and data tables. With the > MERGE engine, it is possible to keep hundreds of millions of rows of > data active and online and still be functional (queries to the DB are > reasonably responsive). The use of MERGE and the associated schema > makes backing up and restoring data amazingly simple and quick. The > UPGRADE text in the sguil-0.6.0/doc directory of the source contains > more detail as well as upgrade instructions. > > The second major change was to the sguil output plugin for barnyard > (op_sguil) and the communications structure between the sensors and > sguild. Op_sguil now uses tcl libraries and sends data via localhost > to the sensor's agent. All communications between the sensor and > sguild now flow thru sensor_agent. This means the mysql libraries are > no longer needed on the sensors. Since barnyard does not need to be > compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be > used together without any license conflicts. > > Other changes include: > * Support for the sfportscan preprocessor. > * Sensor status display in the client. > * incident_report.tcl script for creating PHB html reports > > Happy F8ing, > > Bammkkkk > > -- > sguil - The Analyst Console for NSM > http://sguil.sf.net > -- sguil - The Analyst Console for NSM http://sguil.sf.net |