tag:blogger.com,1999:blog-4088979.post3032043698267511249..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Notes on Installing Sguil Using FreeBSD 7.1 PackagesRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-4088979.post-79178187945438542062010-04-10T12:00:52.297-04:002010-04-10T12:00:52.297-04:00Hello Richard Again,
I am seend your scheduled and...Hello Richard Again,<br />I am seend your scheduled and I will wise assit the event but I supposse that it is very later.<br />I will try to inform me the next year.<br />Please, Is there any e-mail for information?<br />Regards<br />L.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-40015055119991869382010-04-10T11:29:28.214-04:002010-04-10T11:29:28.214-04:00Hello Richard,
Ok, I will try the next year, in Ba...Hello Richard,<br />Ok, I will try the next year, in Barcelona or Madird.<br />Thanks you<br />LuisAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-56963452681820496952010-04-10T08:39:22.364-04:002010-04-10T08:39:22.364-04:00Sorry, I only teach in Washington, DC; this year i...Sorry, I only teach in Washington, DC; this year in Barcelona; and in Las Vegas, NV -- all for Black Hat.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-55933525279400985902010-04-10T06:07:52.768-04:002010-04-10T06:07:52.768-04:00Hello Richard,
My city is 400 Km from BCN, sorry b...Hello Richard,<br />My city is 400 Km from BCN, sorry but I can not to go your training.<br />Please, Is it possible that you go to Madrid this year and impart the training.<br />Madrid is closer than BCN.<br />RegardsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-76350487614462752002010-04-09T07:24:02.722-04:002010-04-09T07:24:02.722-04:00Anonymous, if you can't attend my class then I...Anonymous, if you can't attend my class then I don't have any recommendations on NSM training. Sorry.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-16191465076829781872010-04-09T01:57:31.119-04:002010-04-09T01:57:31.119-04:00Hello Richard,
I am not form BCN (Barcelona) and I...Hello Richard,<br />I am not form BCN (Barcelona) and I can not go to BCN the next week. Please, Could you possible to contact with you and try to explain what is my neccessary formation? (by e-mail o telephone number)<br />RegradsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-60176623990993896392010-04-08T15:53:31.349-04:002010-04-08T15:53:31.349-04:00Hello anonymous,
Please post any Sguil questions ...Hello anonymous,<br /><br />Please post any Sguil questions to the sguil-users list at<br /><br />https://lists.sourceforge.net/lists/listinfo/sguil-users<br /><br />I'm teaching NSM in Barcelona next week:<br /><br />http://www.blackhat.com/html/bh-eu-10/training/bh-eu-10-training_TS-tcpip.htmlRichard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-59494867141964961172010-04-08T15:44:33.048-04:002010-04-08T15:44:33.048-04:00Hello again,
I have another question. I am from Sp...Hello again,<br />I have another question. I am from Spain and I have learning thinks about NSM. Please, I need your recomendation about a training (formation) about NSM in Spain with LABS, etc.<br />Regards and thanks youAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-33776137346668064362010-04-08T15:41:39.647-04:002010-04-08T15:41:39.647-04:00Hello,
Please, I need your help. I have installed ...Hello,<br />Please, I need your help. I have installed sguil but when I restart my Ubuntu desktop I can not to run sguil.tk. I have received a message:<br />luis@luis-9-10:/var/log/nsm/server100$ cat sguild.log<br />Executing: sguild -c /etc/nsm/server100/sguild.conf -a /etc/nsm/server100/autocat.conf -u /etc/nsm/server100/sguild.users -g /etc/nsm/server100/sguild.queries -A /etc/nsm/server100/sguild.access -C /etc/nsm/server100/certs<br />pid(1945) Loading access list: /etc/nsm/server100/sguild.access<br />pid(1945) Sensor access list set to ALLOW ANY.<br />pid(1945) Client access list set to ALLOW ANY.<br />pid(1945) Connecting to localhost on 3306 as sguil<br />pid(1945) MySQL Version: version 5.1.37-1ubuntu5.1<br />pid(1945) SguilDB Version: 0.12<br /><br />*************************************************************<br /><br /> ERROR: You appear to be using an old version of the<br /> sguil database schema that does not support the MERGE tables<br /> Please use the migrate_event.tcl script and see the CHANGES <br /> document for more information<br /><br />. Table event returned status => event MRG_MYISAM 10 Dynamic 23 377 2972 0 0 0 {} {} {} {} latin1_swedish_ci {} {} {}<br /> *************************************************************<br /><br />SGUILD: Exiting...<br /><br />Please, I need your help.<br />regardsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-26590630610188198412009-10-24T14:50:24.987-04:002009-10-24T14:50:24.987-04:00Hi Scott,
We consider SANCP and Barnyard to be re...Hi Scott,<br /><br />We consider SANCP and Barnyard to be required elements for NSM. P0f is optional.<br /><br />You can see architectural diagrams here:<br /><br />http://nsmwiki.org/Sguil<br /><br />My latest scripts are available at:<br /><br />http://taosecurity.cvs.sourceforge.net/viewvc/taosecurity/taosecurity_sguil_scripts/Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-87946572297809483422009-10-24T14:15:14.802-04:002009-10-24T14:15:14.802-04:00Mr. Bejtlich,
My new weekend hobby is working on m...Mr. Bejtlich,<br />My new weekend hobby is working on making all the pieces-parts of sguil work on a FreeBSD-CURRENT (7.2) machine - preferably using packages since it's a slow machine that's laying around. This post was invaluable (although I don't have it running yet, feels like I'm getting close). Thanks for that.<br /><br />A couple things that might really help the novice / hobbyist user: 1. Differentiating between what's actually required for sguil, and what's a "nice to have" (Are sancp, p0f and barnyard actually required for any install of sguil, or just interesting additions to an nsm?) <br />2. a diagram of how all the pieces communicate (in visio, powerpoint jpeg, or ascii) would be extraordinarily useful - I guess most users of snort understand somewhat how it works, but to understand all the additional tools' roles would be invaluable. <br />3. Your script repository on sourceforge was extremely helpful in understanding part of what's going on. I realize they're for older versions, but it might be really useful to link that here.<br /><br />Back to it. Thanks again,<br />ScottScott Sparehttps://www.blogger.com/profile/08927244783228770263noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-24971293644220251492009-02-03T13:51:00.000-05:002009-02-03T13:51:00.000-05:00wxs, Paul emailed me, although he might want to ta...wxs, Paul emailed me, although he might want to talk to you anyway.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-31535611846236379942009-02-03T13:50:00.000-05:002009-02-03T13:50:00.000-05:00If the maintainer doesn't respond in a week or two...If the maintainer doesn't respond in a week or two feel free to ping me and I can address some of the problems you describe.wxshttps://www.blogger.com/profile/07893705452384421196noreply@blogger.com