Re: Question about Sguil

[Doug Burks <doug.burks () gmail com>]

Hi Matt,

I'd recommend that you download Security Onion and install it in a VM
to get a feel for the Sguil architecture.  In just a few minutes
you'll have the Sguil client, server, and sensor up and running, along
with barnyard2, mysql, pulledpork, and lots of other goodies.

http://securityonion.net

On Fri, Jun 20, 2014 at 12:21 PM, Matt Martin <MMartin () jwpepper com> wrote:
> Hello All,
>
>
>
> I am currently using BASE as my frontend for Snort. But I get errors when
> clicking into lots of stuff on the GUI, so I’m looking into other GUI
> frontends for Snort. Not to mention mostly every time I click on an “Alert”,
> when the page loads in the browser it just says in red that “Alert Deleted”…
> Don’t know why would it be deleting alerts…
>
>
>
> But anyway, I came across Sguil which seems to be a pretty popular choice
> amongst GUI frontends for Snort. But I am a bit confused by the installation
> process, so I was hoping someone could explain this question below for me…?
>
>
>
> I downloaded the most recent version of Sguil (*Sguil Version 0.9.0). And
> reading about the installation process on a number of different sites I am
> still confused by the Client/Server/Sensor architecture of it. I currently
> have my Snort installation, along with Barnyard2, MySQL, BASE and Oinkmaster
> all on the same server (*I downloaded PulledPork because I heard good
> things, but still need to install it and replace Oinkmaster…). I have had
> Snort running now on this server for a few weeks and it seems to be going
> well, except for the frontend...
>
>
>
> So since I have Snort all contained on a single server am I supposed to
> install Sguil Client, Server, and Sensor on that server as well? If I want
> to use it simply as a frontend to Snort, do I need all 3 of those? I
> couldn’t find any installation docs for Sguil for when Snort and it’s MySQL
> Database are on the same server. All the docs seemed to be for “split” Snort
> installations, i.e. across multiple servers…
>
>
>
> Could anyone explain to me those 3 different parts to Sguil? And whether or
> not I need all 3 of them installed?
>
> Any thoughts or suggestions would be much appreciated!
>
>
>
> Thanks in Advance,
>
> Matt
>
>
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!



-- 
Doug Burks

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!