Re: [Snort-users] Sguil 0.6.0 Released

Yes, until barnyard is released with the new op_sguil, it will require
patching. I need to get a hold of Andrew and see iwhat we can do.

Bammkkkk

On 12/2/05, Paul Schmehl <pauls@utdallas.edu> wrote:
> Bamm, will this version *require* patching barnyard? (If it does, I want
> to submit an update to the barnyard port for FreeBSD to patch it when it'=
s
> installed, rather than trying to do it in conjunction with the sguil port=
s.
>
> --On Thursday, December 01, 2005 10:29:33 -0700 Bamm Visscher
> <bamm.visscher@gmail.com> wrote:
>
> > Announcing the release of sguil version 0.6.0.
> >
> > Sguil (pronounced sgweel) is built by network security analysts for
> > network security analysts. Sguil's main component is an intuitive GUI
> > that provides realtime events from snort/barnyard. It also includes
> > other components which facilitate the practice of Network Security
> > Monitoring and event driven analysis of IDS alerts. The sguil client
> > is written in tcl/tk and can be run on any operating system that
> > supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).
> >
> > Sguil version 0.6.0 contains two significant differences from previous
> > versions. The first difference is the use of the Mysql MRG_MyISAM
> > (MERGE) engine for the sancp, event, *hdr, and data tables. With the
> > MERGE engine, it is possible to keep hundreds of millions of rows of
> > data active and online and still be functional (queries to the DB are
> > reasonably responsive). The use of MERGE and the associated schema
> > makes backing up and restoring data amazingly simple and quick. The
> > UPGRADE text in the sguil-0.6.0/doc directory of the source contains
> > more detail as well as upgrade instructions.
> >
> > The second major change was to the sguil output plugin for barnyard
> > (op_sguil) and the communications structure between the sensors and
> > sguild. Op_sguil now uses tcl libraries and sends data via localhost
> > to the sensor's agent. All communications between the sensor and
> > sguild now flow thru sensor_agent. This means the mysql libraries are
> > no longer needed on the sensors. Since barnyard does not need to be
> > compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be
> > used together without any license conflicts.
> >
> > Other changes include:
> > * Support for the sfportscan preprocessor.
> > * Sensor status display in the client.
> > * incident_report.tcl script for creating PHB html reports
> >
> > Happy F8ing,
> >
> > Bammkkkk
> >
> > --
> > sguil - The Analyst Console for NSM
> > http://sguil.sf.net
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > files for problems? Stop! Download the new AJAX search engine that ma=
kes
> > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> > http://ads.osdn.com/?ad_idv37&alloc_id?865&op=3Dclick
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/...fo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users
>
>
>
> Paul Schmehl (pauls@utdallas.edu)
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/ir/security/
>


--
sguil - The Analyst Console for NSM
http://sguil.sf.net


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users