Sguil 0.6.0-RC2 Available

After much development, Sguil 0.6.0-RC2 is now available for download. Several new features appear in 0.6.0, including:

  • MySQL's MERGE storage engine is used. The MERGE storage engine, also known as the MRG_MyISAM engine, is a collection of identical MyISAM tables that can be used as one. All Snort alerts and SANCP session data is now stored in MERGE tables, resulting in better scalability and performance. Sguil author Bamm Visscher reports "I went from being able to keep ~6 million rows to >300 million rows."

  • All sensor communication is performed through sensor_agent.tcl. This allows Sguil to be seemingly one of the few programs that respects the new licensing of MySQL under the GPL.

  • Support for Snort's sfPortscan function has been added. Users no longer need to patch and use the portscan preprocessor.

  • Increased use of tabs for window management provides better access to new information like sensor status.


Barring unforeseen issues, Sguil 0.6.0-RC2 will be released soon as 0.6.0. If you'd like to test the RC2, please download it.

I plan to create a VM image using FreeBSD 6.0 RELEASE and Sguil 0.6.0, suitable for use in VMware Player.

Comments

Anonymous said…
Any idea when Squil will be available via ports?
Anonymous said…
Sweet! I can't wait to get my hands on that VMWare image :) Thanks in advance, Richard.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics