Sguil 0.4.0 Released
Bamm released Sguil 0.4.0 yesterday. The changes are worth reading, but the major addition is the option to replace stream4 keepstats output with John Curry's open source SANCP (Security Analyst Network Connection Profiler) session data. SANCP is much more robust as it can track TCP, UDP, and ICMP, whereas stream4 only watched TCP. In this respect SANCP is like Argus. You can also tell the Sguil components a specified IP address to which they should bind. This facilitates the deployment of Sguil components in FreeBSD jails.