Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] Sguil 0.6.0 Released

from [Bamm Visscher] Network Security [Permanent Link]
Subject: [Snort-users] Sguil 0.6.0 Released
Date: Thu, 1 Dec 2005 10:29:33 -0700 
Announcing the release of sguil version 0.6.0.

Sguil (pronounced sgweel) is built by network security analysts for
network security analysts. Sguil's main component is an intuitive GUI
that provides realtime events from snort/barnyard. It also includes
other components which facilitate the practice of Network Security
Monitoring and event driven analysis of IDS alerts. The sguil client
is written in tcl/tk and can be run on any operating system that
supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

Sguil version 0.6.0 contains two significant differences from previous
versions. The first difference is the use of the Mysql MRG_MyISAM
(MERGE) engine for the sancp, event, *hdr, and data tables.  With the
MERGE engine, it is possible to keep hundreds of millions of rows of
data active and online and still be functional (queries to the DB are
reasonably responsive).  The use of MERGE and the associated schema
makes backing up and restoring data amazingly simple and quick. The
UPGRADE text in the sguil-0.6.0/doc directory of the source contains
more detail as well as upgrade instructions.

The second major change was to the sguil output plugin for barnyard
(op_sguil) and the communications structure between the sensors and
sguild. Op_sguil now uses tcl libraries and sends data via localhost
to the sensor's agent.  All communications between the sensor and
sguild now flow thru sensor_agent. This means the mysql libraries are
no longer needed on the sensors. Since barnyard does not need to be
compiled with mysql support, op_sguil (barnyard) and Mysql 4+ may be
used together without any license conflicts.

Other changes include:
* Support for the sfportscan preprocessor.
* Sensor status display in the client.
* incident_report.tcl script for creating PHB html reports

Happy F8ing,

Bammkkkk

--
sguil - The Analyst Console for NSM
http://sguil.sf.net


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&opÌk
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  RE: Remote IDS Testing, Cojocea, Mike (IST)
Next by Thread:  Re: [Snort-users] Sguil 0.6.0 Released, Paul Schmehl
Indexes:  [Date] [Thread] [Top] [All Lists]