tag:blogger.com,1999:blog-4088979.post6471170903248706198..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Installing Sguil Using NSMNowRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4088979.post-26690087844705059712010-04-03T20:21:16.215-04:002010-04-03T20:21:16.215-04:00hi mate, i got the same problem. but i found the e...hi mate, i got the same problem. but i found the error. as i remember u need to start nsm manually. <br />/etc/init.d/nsm start<br />then run sguil.tk. hope u got the answer.chamihttps://www.blogger.com/profile/03796751749224776622noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-33016279728676783962009-05-06T08:41:00.000-04:002009-05-06T08:41:00.000-04:00Sorry, this is not a support forum for NSMNow. Pl...Sorry, this is not a support forum for NSMNow. Please contact the developers with questions.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-78434605192787719222009-05-06T08:17:00.000-04:002009-05-06T08:17:00.000-04:00Hi Richard, i would like to add that i'm using nsm...Hi Richard, i would like to add that i'm using nsmnow-1.4.0....lavihttps://www.blogger.com/profile/12305064776886303627noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-83648461640635162822009-05-06T04:45:00.000-04:002009-05-06T04:45:00.000-04:00Hi Richard,
It was very informative, thanx... wel...Hi Richard,<br /><br />It was very informative, thanx... well there are three hurdles i came across and being new to ubuntu, i admit they might be trivial but at the moment they're tricky enough for me... well first one is... <br /><I>"either set the timezone on all machines to UTC or set the<br /> timezone on all machines to the same andremove the $UTC variable from the OPTIONS variable</I> <B>in both /etc/init.d/snortu and /etc/init.d/snortl</B>"<br />both the files aren't available...<br /><br />Secondly when i tried to type this command on the terminal window<br /><br /><B>root@twsu804:/usr/local/src/NSMnow-1.1.1# ./run-init start</B>it says: <B>lavi@ubuntu:/usr/local/src/NSMnow-1.4.0$ ./run-init start<br />bash: ./run-init: No such file or directory</B>Thirdly when i type: sguil.tk<br /><br />i get this:<br /><br /><I>Couldn't determine where the sguil config file is<br />Looked for /home/lavi/sguil.conf and ./sguil.conf.<br />Error in startup script: invalid command name "DisplayUsage"<br /> while executing<br />"DisplayUsage $argv0"<br /> invoked from within<br />"if { ![info exists CONF_FILE] } {<br /> # No conf file specified check the defaults<br /> if { [file exists $env(HOME)/sguil.conf] } {<br /> set CONF_FILE $env(..."<br /> (file "/usr/local/bin/sguil.tk" line 2014)<br /></I>lavihttps://www.blogger.com/profile/12305064776886303627noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-64128621802882223072009-04-08T17:56:00.000-04:002009-04-08T17:56:00.000-04:00"Richard,I love the NSMNow script. It's the only w..."Richard,<BR/><BR/>I love the NSMNow script. It's the only way I've ever been able to get Sguil et al. to play nice. But I have noticed that the current version of NSMNow doesn't grab the latest version of Snort. To fix this, you have to edit NSMnow-1.1.1/libs/snort.pm , and add another entry to @SNORT_PARAMS to include the URL for the latest Snort release."<BR/><BR/><BR/>HOW CAN I DO THAT????Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-8482490807909129422009-01-02T04:29:00.000-05:002009-01-02T04:29:00.000-05:00There are at least two errors installing NSMnow on...There are at least two errors installing NSMnow on Ubuntu 8.10: Snort compilation error and Sguild database creation. I have fixed these problems and uploaded two files "server_stats.c" for Snort and "create_sguildb.sql" for Sguil. Both files are linked in my post: http://www.bufferoverflow.it/2009/01/01/network-security-monitoring-server-con-ubuntu-810-e-nsmnow/<BR/><BR/>Have a good dayMatteohttps://www.blogger.com/profile/04706517169494092159noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-72358562645846150532008-12-31T01:44:00.000-05:002008-12-31T01:44:00.000-05:00Richard,Thanks for the heads up on this configurat...Richard,<BR/><BR/>Thanks for the heads up on this configuration method. I've just tested it on two systems tonight, the first no issues, the second moderate issues.<BR/><BR/>NSMNow is exactly what InstantNSM was supposed to be and will Sguil deployment so much easier.testhttps://www.blogger.com/profile/17843773704349620940noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-19861562876414376172008-12-30T07:43:00.000-05:002008-12-30T07:43:00.000-05:00Man the installation of Sguil sure has come a long...Man the installation of Sguil sure has come a long way. I need to give this a try!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-29332403950602335832008-12-29T23:17:00.000-05:002008-12-29T23:17:00.000-05:00Richard,I love the NSMNow script. It's the only w...Richard,<BR/><BR/>I love the NSMNow script. It's the only way I've ever been able to get Sguil et al. to play nice. But I have noticed that the current version of NSMNow doesn't grab the latest version of Snort. To fix this, you have to edit NSMnow-1.1.1/libs/snort.pm , and add another entry to @SNORT_PARAMS to include the URL for the latest Snort release.<BR/><BR/>I like your books too, by the way.<BR/><BR/>BradAnonymousnoreply@blogger.com