Snort mailing list archives
Re: Acid and HSC
From: Richard Bejtlich <taosecurity () gmail com>
Date: Wed, 10 Nov 2004 14:09:45 -0500
sam wun wrote:
I have no luck install Sguil in FreeBSD. The compilation is overly complicated, especially in the TCL/TK related stuff.
Hi Sam, I agree that a complete Sguil installation can be complicated. We are working on ways to make this easier. We've worked to make Linux simpler to install. My Sguil installation guide is developed on FreeBSD and was just updated for FreeBSD 5.3 REL and the upcoming Sguil 0.5.3. [0] The FreeBSD ports tree makes installing software simple, except when the ports have conflicting dependencies. For example, the Sguil server (sguild) requires MySQLTcl along with MySQL client libraries. Unfortunately, the MySQLTcl port as currently implemented lists mysql323-client as a required library. [1] If you're trying to install sguild on a server with the MySQL 4.x libraries, there's no sense letting the FreeBSD port system install MySQL 3.23. Another problem involves Incrtcl and Iwidgets, needed by the Sguil client, sguil.tk [2]. The best way to obtain these extensions for UNIX requires checking them out via CVS, since neither have cut a packaged UNIX release for several years. [3] ActiveState's Tcl package offers much of the required code to run the Sguil client, perhaps perversely making Windows the easiest way to use the Sguil client. [4] The e-fense crowd offer a live CD called Helix with a Sguil client, too. [5] When you install Sguil you are not just implementing a way to see the contents of the Snort alert file in a GUI. Sguil is developing into an enterprise-grade network security monitoring (NSM) suite. It may not be as robust as some offerings. Sguil is still in pre-1.0 status and is developed by a group numbering in the single digits. Still, Sguil is not a Web-based alerts browser. It is a collection system for, and an interface to, intrusion data in alert, session, and full content form. For more information on Sguil and NSM, I recommend checking out the ever-increasing excerpts from my book on NSM. [6] (My publishers seem to leak a new chapter onto the Web every few months!) Sincerely, Richard http://www.taosecurity.com [0] http://sguil.sourceforge.net/index.php?page=documentation [1] http://www.freshports.org/databases/mysqltcl/ [2] http://incrtcl.sourceforge.net/ [3] http://sourceforge.net/project/showfiles.php?group_id=13244 [4] http://www.activestate.com/Products/ActiveTcl/ [5] http://www.e-fense.com/helix/ [6] http://www.taosecurity.com/books.html ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid and HSC sam wun (Nov 08)
- Re: Acid and HSC Michael Boman (Nov 08)
- Re: Acid and HSC sam wun (Nov 08)
- Re: Acid and HSC Michael Boman (Nov 08)
- Re: Acid and HSC Paul Schmehl (Nov 08)
- Re: Acid and HSC Bamm Visscher (Nov 08)
- Re: Acid and HSC sam wun (Nov 08)
- Re: Acid and HSC Michael Boman (Nov 08)
- Re: Acid and HSC Edin Dizdarevic (Nov 08)
- Message not available
- Re: Acid and HSC Edin Dizdarevic (Nov 08)
- Message not available
- <Possible follow-ups>
- Re: Acid and HSC Richard Bejtlich (Nov 10)