[Sguil-users] Re: [Snort-users] Sguil 0.6.0 Released
Status: Beta
Brought to you by:
bamm
From: Bamm V. <bam...@gm...> - 2005-12-02 22:15:38
|
Yes, until barnyard is released with the new op_sguil, it will require patching. I need to get a hold of Andrew and see iwhat we can do. Bammkkkk On 12/2/05, Paul Schmehl <pa...@ut...> wrote: > Bamm, will this version *require* patching barnyard? (If it does, I want > to submit an update to the barnyard port for FreeBSD to patch it when it'= s > installed, rather than trying to do it in conjunction with the sguil port= s. > > --On Thursday, December 01, 2005 10:29:33 -0700 Bamm Visscher > <bam...@gm...> wrote: > > > Announcing the release of sguil version 0.6.0. > > > > Sguil (pronounced sgweel) is built by network security analysts for > > network security analysts. Sguil's main component is an intuitive GUI > > that provides realtime events from snort/barnyard. It also includes > > other components which facilitate the practice of Network Security > > Monitoring and event driven analysis of IDS alerts. The sguil client > > is written in tcl/tk and can be run on any operating system that > > supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32). > > > > Sguil version 0.6.0 contains two significant differences from previous > > versions. The first difference is the use of the Mysql MRG_MyISAM > > (MERGE) engine for the sancp, event, *hdr, and data tables. With the > > MERGE engine, it is possible to keep hundreds of millions of rows of > > data active and online and still be functional (queries to the DB are > > reasonably responsive). The use of MERGE and the associated schema > > makes backing up and restoring data amazingly simple and quick. The > > UPGRADE text in the sguil-0.6.0/doc directory of the source contains > > more detail as well as upgrade instructions. > > > > The second major change was to the sguil output plugin for barnyard > > (op_sguil) and the communications structure between the sensors and > > sguild. Op_sguil now uses tcl libraries and sends data via localhost > > to the sensor's agent. All communications between the sensor and > > sguild now flow thru sensor_agent. This means the mysql libraries are > > no longer needed on the sensors. Since barnyard does not need to be > > compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be > > used together without any license conflicts. > > > > Other changes include: > > * Support for the sfportscan preprocessor. > > * Sensor status display in the client. > > * incident_report.tcl script for creating PHB html reports > > > > Happy F8ing, > > > > Bammkkkk > > > > -- > > sguil - The Analyst Console for NSM > > http://sguil.sf.net > > > > > > ------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > > files for problems? Stop! Download the new AJAX search engine that ma= kes > > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > > http://ads.osdn.com/?ad_idv37&alloc_id?865&op=3Dclick > > _______________________________________________ > > Snort-users mailing list > > Sno...@li... > > Go to this URL to change user options or unsubscribe: > > https://lists.sourceforge.net/lists/listinfo/snort-users > > Snort-users list archive: > > http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users > > > > Paul Schmehl (pa...@ut...) > Adjunct Information Security Officer > University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu/ir/security/ > -- sguil - The Analyst Console for NSM http://sguil.sf.net |