Snort mailing list archives

Re: Acid and HSC

From: Michael Boman <michael.boman () gmail com>
Date: Mon, 8 Nov 2004 17:58:29 +0800

On Mon, 08 Nov 2004 17:24:25 +0800, sam wun <sam.wun () authtec net> wrote:

Michael Boman wrote:

On Mon, 08 Nov 2004 16:07:24 +0800, sam wun <sam.wun () authtec net> wrote:


ACID can analyze packet payload, if you configured the database
logging correctly. However, if you want to practice true NSM (Network
Security Monitoring) I suggest you to take a look at Sguil
(www.sguil.net), which offers a range of features that is of interest
when you are investigating a possible intrusion or compromise.

I have no luck install Sguil in FreeBSD. The compilation is overly
complicated, especially in the TCL/TK related stuff.
Here is some error:
# ./sguild
ERROR: The sha1 package does NOT appear to be installed on this sysem.
The sha1 package is part of the tcllib extension. A port/package is
available for most linux and BSD systems.
Exiting...
However I don't find sha1 available in the port, only sha does.

Any other alternative?


FreeBSD (or any BSD) is apparently a bit difficult beast to master (I
am responsible for the Linux RPM's and the Windows installer. You can
check them out at http://download.boseco.com if you decide to switch
platform ;) ).

There are BSD specific instructions available on sguil.net how to get
it working. I am sure Bamm or Richard will reply on this with some
*BSD instructions shortly, but I haven't used BSD myself for the last
4 years so.

Best regards
 Michael Boman


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Acid and HSC sam wun (Nov 08)
- Re: Acid and HSC Michael Boman (Nov 08)
  - Re: Acid and HSC sam wun (Nov 08)
    - Re: Acid and HSC Michael Boman (Nov 08)
    - Re: Acid and HSC Paul Schmehl (Nov 08)
    - Re: Acid and HSC Bamm Visscher (Nov 08)
- Re: Acid and HSC Edin Dizdarevic (Nov 08)
  - Message not available
    - Re: Acid and HSC Edin Dizdarevic (Nov 08)
- RE: Acid and HSC Jeff Dell (Nov 08)
- <Possible follow-ups>
- Re: Acid and HSC Richard Bejtlich (Nov 10)