Snort mailing list archives
Re: Question about Sguil
From: Jaime Nebrera <jnebrera () redborder org>
Date: Fri, 20 Jun 2014 20:12:26 +0200
Haha, no problem In essence redBorder started as a Snorby on steroids (adding all the rule workflow and probe management side) but it's current code base differs completely. Our initial focus was to add enterprise type capabilities, while new ones insist more in scalability and intelligence capabilities The public version is a bit old and still SQL based but new one is fully big data based. Hope to make this one public soon, but we have to nail some stuff in place yet If you want to see the what the 3.x interface looks like here you have a video http://youtu.be/TqQBIRagEl0 It mixes information from the IPS and Flow (traffic visibility) but you get the idea Enjoy Hey Jaime, thanks for the reply as well, much appreciated! No I haven’t heard of that one before… I’ll have to do some reading on that. Thanks Again, Matt *Matthew Martin* *Network Administrator* Systems Architecture and Integration *J.W. Pepper & Son, Inc.* 191 Sheree Blvd. Exton, PA 19341 610-648-0500 **ext. 2233* mmartin () jwpepper com *From:* Jaime Nebrera [mailto:jnebrera () redborder org] *Sent:* Friday, June 20, 2014 12:30 PM *To:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Question about Sguil Hi Matt, Have you given www.redBorder.org a look? It will enable you to manage events as well as the probes themselves (rule workflow) El 20/06/2014 18:22, "Matt Martin" <MMartin () jwpepper com> escribió: Hello All, I am currently using BASE as my frontend for Snort. But I get errors when clicking into lots of stuff on the GUI, so I’m looking into other GUI frontends for Snort. Not to mention mostly every time I click on an “Alert”, when the page loads in the browser it just says in red that “Alert Deleted”… Don’t know why would it be deleting alerts… But anyway, I came across Sguil which seems to be a pretty popular choice amongst GUI frontends for Snort. But I am a bit confused by the installation process, so I was hoping someone could explain this question below for me…? I downloaded the most recent version of Sguil *(*Sguil Version 0.9.0)*. And reading about the installation process on a number of different sites I am still confused by the Client/Server/Sensor architecture of it. I currently have my Snort installation, along with Barnyard2, MySQL, BASE and Oinkmaster all on the same server *(*I downloaded PulledPork because I heard good things, but still need to install it and replace Oinkmaster…).* I have had Snort running now on this server for a few weeks and it seems to be going well, except for the frontend... So since I have Snort all contained on a single server am I supposed to install Sguil Client, Server, and Sensor on that server as well? If I want to use it simply as a frontend to Snort, do I need all 3 of those? I couldn’t find any installation docs for Sguil for when Snort and it’s MySQL Database are on the same server. All the docs seemed to be for *“split”* Snort installations, i.e. across multiple servers… Could anyone explain to me those 3 different parts to Sguil? And whether or not I need all 3 of them installed? Any thoughts or suggestions would be much appreciated! Thanks in Advance, Matt ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Doug Burks (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Doug Burks (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Jeremy Hoel (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Doug Burks (Jun 20)
- Re: Question about Sguil Jeremy Hoel (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Jaime Nebrera (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Jaime Nebrera (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Jaime Nebrera (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Jaime Nebrera (Jun 21)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Doug Burks (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)
- Re: Question about Sguil Doug Burks (Jun 20)
- Re: Question about Sguil Matt Martin (Jun 20)