Sguil 0.7.0

Sguil (pronounced sgweel) is a network analysis tool.
Sguil (pronounced sgweel) is built by network security analysts for network security analysts. Sguil's main component is an intuitive GUI that provides access to realtime events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis. The Sguil client is written in tcl/tk and can be run on any operating system that supports tcl/tk (including Linux, *BSD, Solaris, MacOS, and Win32).

Requirements:

barnyard
tcl/tk
mysql
ethereal
tcpflow
awhois.sh

What's New in This Release:

It has been a couple of years of changes and bugfixes since the last release.
The biggest change is the replacement of the sensor agent with individual components for each collection type. The new agents are called snort_agent.tcl, pcap_agent.tcl, and sancp_agent.tcl. By splitting out the agents, collection for these different data types can be placed on separate hardware and still be correlated via their "NET_NAME".
A new collection agent for PADS is also included in this release although it is still considered beta.
Also included is an example_agent.tcl script that documents how custom agents can be created.
Other agents have been written for ModSecurity and OSSEC.

last updated on:
March 26th, 2008, 15:59 GMT
price:
FREE!
developed by:
Bamm Visscher
license type:
GPL (GNU General Public License) 
category:
ROOT \ System \ Monitoring

FREE!

In a hurry? Add it to your Download Basket!

user rating 13

UNRATED
3.2/5
 

0/5

Add your review!

SUBMIT