Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Squil - installation on Snort

From: Bamm Visscher <bamm () satx rr com>
Date: Fri, 1 Aug 2003 11:51:22 -0500
Yep, I have it running and others are installing it too (http://screamingelectron.org/phpBB2/viewtopic.php?t=603).

No, there are no RPMs available for the install (yet). Rich Bejtlich recently released an updated doc for running 
sguil-0.2.5 on RedHat 7.3 (http://sguil.sourceforge.net/sguil_install_guide_for_release_0-2-5.pdf). I realize 
installing sguil and all its components can be complicated, but there are a number of individuals who will gladly help 
you, including myself. I am not sure what 'demo' you were talking about seeing with the SourceFire rep, but I have a 
server set up where people can test drive the client and decide if it is something they want to invest their time to 
completely install the rest of the components (http://marc.theaimsgroup.com/?l=snort-users&m=105847582924634&w=2).  You 
can even test drive the client in a win32 environment by following Rich's instructions in his July 18th post to his 
blog (http://taosecurity.blogspot.com).

I am not sure what is being asked in your second question. Sguil cannot use the snort/ACID DB schema. I know it's 
annoying, but the topic has been addressed many times in many forums. The current snort DB schema does not scale well. 
If you already have mysql installed, then it's simple to create another "database" in mysql.  On init, sguild can 
create the DB and tables needed for you. A simple diagram of all the components and how they interact can be found 
here: http://sguil.sourceforge.net/diagram.txt.


Bammkkkk

On Fri, Aug 01, 2003 at 08:47:46AM -0700, Tony Martin wrote:

Hi all,
 
Is anyone out there currently running the Squil frontend? If so I have a question or two about the installation. 
 
First, I do have the install doc from Sourceforge, but it is starting to look like a bunch of work for something that 
might not work for me. Has anyone seen any RPM's for this? Secondly, Did you have to add another server the guild 
server? or did you just run it from the current database server? I am real lost on this, but the frontend looks 
really cool. I saw a demo of this, well their version of it with a SourceFire rep.
 
Thanks
 
Belthrax


---------------------------------
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: