Snort mailing list archives

Re: Question about Sguil

From: Doug Burks <doug.burks () gmail com>
Date: Fri, 20 Jun 2014 13:31:11 -0400

Hi Matt,

Replies inline.

On Fri, Jun 20, 2014 at 1:27 PM, Matt Martin <MMartin () jwpepper com> wrote:

Hey Doug, thanks for the reply!

Is security Onion required for Sguil, or just recommended?


Security Onion is not required, but it's the quickest and easiest way
to get Sguil up and running.

Because I have Snort already installed on a Dell Poweredge Server (*2950 I think is the model...), with 6 HDDs in a 
RAID5 Array and 8 Intel Xeon cores, . This server was previously used for other purposes, but since most of our 
Servers have gone virtual we had a few servers lying around for me to choose from to install Snort on.

From what I read Security Onion it is a OS/Linux Distro in it of itself, based on RedHat.


Yes, Security Onion is a complete Linux distro, but it is based on Ubuntu 12.04.

And it comes with Snort, Barnyard2, etc already pre-installed... Is that correct?


Yes, Security Onion includes Snort, Barnyard2, etc. already pre-installed.

While I was writing this I was speaking with my manager and we ARE going to give it a try. We are going to use one of 
old email servers (*Dell something...) and we're going to install Security  Onion and give it a go... Sounds 
promising!


Excellent, thanks!  If you have any questions or problems regarding
Security Onion, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Thanks,
Doug

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Doug Burks (Jun 20)
  - Re: Question about Sguil Matt Martin (Jun 20)
    - Re: Question about Sguil Doug Burks (Jun 20)
- Re: Question about Sguil Jeremy Hoel (Jun 20)
  - Re: Question about Sguil Matt Martin (Jun 20)
    - Re: Question about Sguil Doug Burks (Jun 20)
    - Re: Question about Sguil Jeremy Hoel (Jun 20)
- Re: Question about Sguil Jaime Nebrera (Jun 20)
  - Re: Question about Sguil Matt Martin (Jun 20)
    - Re: Question about Sguil Jaime Nebrera (Jun 20)
    - Re: Question about Sguil Matt Martin (Jun 20)
    - Re: Question about Sguil Jaime Nebrera (Jun 20)
    - Re: Question about Sguil Matt Martin (Jun 20)

(Thread continues...)