Re: [PLUG] OpenSuse Firewall Monitor

Gordon Dexter on 20 Dec 2009 11:01:00 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OpenSuse Firewall Monitor

From: Gordon Dexter <gordon@texasdex.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] OpenSuse Firewall Monitor

Date: Sun, 20 Dec 2009 14:00:46 -0500

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.23 (X11/20090817)

I just tried Sguil last week and yes, it is. I barely got it running using a pre-made BSD vmware image of an older version, from 2005. It's a snort-based monitor, but it also requires data feeds from several different processes, so you have to install and configure those, and make sure they're funneling data to Sguil, etc. And then you have to install TCL, because the GUI (and parts of the backend) are written in TCL. Also, it hasn't been updated in almost 2 years, so a lot of the documentation is outdated. I found a tutorial for installing the GUI frontend on Windows and it looked very simple, but because the base software (e.g. TCL) has changed so much since then, it was very painful. I can give you more details about what I did if you want, but frankly I don't suggest you use it. I ended up just using BASE, which displays Snort alerts in a web interface. It doesn't have the correlation power that Sguil does, but unless you really need that I'm thinking just go for Snort/BASE. --Gordon Brian Vagnoni wrote: > Looking for an GUI to monitor firewall activity on my OpenSuse 11 system. Any suggestions, free or paid? Sguil looks very intimidating to get up and running. > > > -------------------------------------------------- > Brian Vagnoni > PGP Digital Fingerprint > F076 6EEE 06E5 BEEF EBBD BD36 F29E 850D FC32 3955 > -------------------------------------------------- > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] OpenSuse Firewall Monitor
From: "Brian Vagnoni" <bvagnoni@v-system.net>

Prev by Date: Re: [PLUG] Recovering data from dead laptop hard drive

Next by Date: Re: [PLUG] Recovering data from dead laptop hard drive

Previous by thread: [PLUG] OpenSuse Firewall Monitor

Next by thread: [PLUG] Recovering data from dead laptop hard drive

Index(es):

Date

Thread