Re: Question about Sguil

[Matt Martin <MMartin () jwpepper com>]

Hey Doug, thanks for the reply!

Is security Onion required for Sguil, or just recommended? Because I have Snort already installed on a Dell Poweredge 
Server (*2950 I think is the model...), with 6 HDDs in a RAID5 Array and 8 Intel Xeon cores, . This server was 
previously used for other purposes, but since most of our Servers have gone virtual we had a few servers lying around 
for me to choose from to install Snort on.

From what I read Security Onion it is a OS/Linux Distro in it of itself, based on RedHat. And it comes with Snort, 
Barnyard2, etc already pre-installed... Is that correct?

While I was writing this I was speaking with my manager and we ARE going to give it a try. We are going to use one of 
old email servers (*Dell something...) and we're going to install Security  Onion and give it a go... Sounds promising!

Thanks again for the suggestion!

Thanks Again,
Matt



-----Original Message-----
From: Doug Burks [mailto:doug.burks () gmail com] 
Sent: Friday, June 20, 2014 12:36 PM
To: Matt Martin
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Question about Sguil

Hi Matt,

I'd recommend that you download Security Onion and install it in a VM to get a feel for the Sguil architecture.  In 
just a few minutes you'll have the Sguil client, server, and sensor up and running, along with barnyard2, mysql, 
pulledpork, and lots of other goodies.

http://securityonion.net

On Fri, Jun 20, 2014 at 12:21 PM, Matt Martin <MMartin () jwpepper com> wrote:
> Hello All,
>
>
>
> I am currently using BASE as my frontend for Snort. But I get errors 
> when clicking into lots of stuff on the GUI, so I’m looking into other 
> GUI frontends for Snort. Not to mention mostly every time I click on 
> an “Alert”, when the page loads in the browser it just says in red 
> that “Alert Deleted”… Don’t know why would it be deleting alerts…
>
>
>
> But anyway, I came across Sguil which seems to be a pretty popular 
> choice amongst GUI frontends for Snort. But I am a bit confused by the 
> installation process, so I was hoping someone could explain this question below for me…?
>
>
>
> I downloaded the most recent version of Sguil (*Sguil Version 0.9.0). 
> And reading about the installation process on a number of different 
> sites I am still confused by the Client/Server/Sensor architecture of 
> it. I currently have my Snort installation, along with Barnyard2, 
> MySQL, BASE and Oinkmaster all on the same server (*I downloaded 
> PulledPork because I heard good things, but still need to install it 
> and replace Oinkmaster…). I have had Snort running now on this server 
> for a few weeks and it seems to be going well, except for the frontend...
>
>
>
> So since I have Snort all contained on a single server am I supposed 
> to install Sguil Client, Server, and Sensor on that server as well? If 
> I want to use it simply as a frontend to Snort, do I need all 3 of 
> those? I couldn’t find any installation docs for Sguil for when Snort 
> and it’s MySQL Database are on the same server. All the docs seemed to 
> be for “split” Snort installations, i.e. across multiple servers…
>
>
>
> Could anyone explain to me those 3 different parts to Sguil? And 
> whether or not I need all 3 of them installed?
>
> Any thoughts or suggestions would be much appreciated!
>
>
>
> Thanks in Advance,
>
> Matt
>
>
> ----------------------------------------------------------------------
> -------- HPCC Systems Open Source Big Data Platform from LexisNexis 
> Risk Solutions Find What Matters Most in Your Big Data with HPCC 
> Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration 
> http://p.sf.net/sfu/hpccsystems 
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!



--
Doug Burks
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!