Sguil Version 0.7.0 has been released! [0]
It has been a couple of years of changes and bugfixes since the last
release. The biggest change is the replacement of the sensor agent
with individual components for each collection type. The new agents
are called snort_agent.tcl, pcap_agent.tcl, and sancp_agent.tcl. By
splitting out the agents, collection for these different data types
can be placed on separate hardware and still be correlated via their
"NET_NAME".
A new collection agent for PADS (http://passive.sourceforge.net) is
also included in this release although it is still considered beta.
Also included is an example_agent.tcl script that documents how custom
agents can be created. Other agents have been written for ModSecurity
[1] and OSSEC [2].
As always, help can be found on the sguil-users mailing list or in IRC
on #snort-gui via irc.freenode.net.
David Bianco has provided a great HOWTO [3] and Rich Fifarek has
created a yum repository [4] that should be updated soon.
Thanks for everyone's help and happy F8ing,
Bammkkkk
[0]
http://sourceforge.net/project/showfiles.php?group_id=71220&package_id=70722&release_id=587132
[1]
http://www.inliniac.net/blog/2007/08/14/first-modsec2sguil-release-for-sguil-07-cvs.html
[2] http://www.ossec.net/ossec-list/2007-October/msg00064.html
[3] http://www.vorant.com/nsmwiki/index.php?title=Sguil_on_RedHat_HOWTO
[4] http://synfulpacket.net/sguil/
--
sguil - The Analyst Console for NSM
http://sguil.sf.net
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
