Wednesday, May 03, 2006

Latest Sguil with PADS

Thanks to Scottder and Bamm, I finally get Sguil with PADS working after some tries, it's a bit tricky at first but after some tinkering it is just work, my fault to bug Bamm and thanks for the reply. Here's the lovely screenshot and you may notice PADS in third pane of Sguil Analyst Console. One thing I found lacking would be the signatures of PADS, I will start to write some sigs and may contribute back since I'm using it. F34R the power of PADS .....


The pop-up menu shows the PADS table in the Sguil DB.

Peace :]

4 comments:

Anonymous said...

Hi geek00l,

Can you answer my question on Snort Rules below:-

http://forum.mydefcon.org/viewtopic.php?p=3874#3874

Joel Esler said...

Feel free to post Snort rule questions in the Snort Rule forum on snort.org/forums

Unknown said...

A little tinkering is right. I have PADS working and the sguil sensor for pads is running and seeing entries to the fifo. The agent connects up to the sguil server but never sends any information to it! There isn't even a date/time in the 'last' column in the agent status tab. however it is listed as 'up'.

Anonymous said...

For Walker and others:
you need pads patched for sguil-sensor. It can be found at http://demo.sguil.net/downloads/