My publisher Addison-Wesley authorized me to post chapter 10 of my book The Tao of Network Security Monitoring: Beyond Intrusion Detection online. It's available at the Sguil site in .pdf format. This chapter complements my Sguil installation guide, discussing why Bamm started the Sguil project and how it differs from other monitoring applications.
My book will be on shelves in mid-July. If you'd like to attend live training on network security monitoring, sign up for my Network Security Monitoring with Open Source Tools class at USENIX Security '04 in San Diego. The class will be held on Monday 9 August 2004, and early conference registration ends 16 July. I will give away a limited number of free copies of the book and hope to debut a FreeBSD-based live CD with NSM tools.