Friday, March 09, 2007

Sguil Current - Demo Server

You may have noticed that the Sguil demo server that I run in dead state for quite sometimes. With some clues from Bamm, I able to get Sguil in CVS up and running, all of you are welcomed to test it out again, however you need sguil client in latest CVS as well in order to connect the Sguil demo server.

The Sguil demo server details are shown below -

Hostname: nsm.kicks-ass.org

Port:7734

Username: ninja

Password: blank

If you have sguil client crashes when playing around with it, please do save the error messages to the log and send it to sguil mailing list.

Here's the quick screenshots, you may notice that now all the agents are separated. The biggest feature in the Sguil Current should be PADS integration, you may see the PADS entries in the third pane.

New sguil client console

Sguil server and sensor Agents processes

Have fun!

Cheers :]

4 comments:

Anonymous said...

Looks pretty cool, especially the PADS alerts. Just out of curiosity, what resolution are you using? I'm using 1024x768 on a 17' monitor and I can't see all of the fields without readjusting them. I have to remove the Date/Time, Sensor, and Src IP fields just to be able to see some of the Event Message. I also have to almost eliminate the lower left window to see everything in the lower right window. Constantly readjusting things is annoying, and looking at your screenshot you don't have that problem.

geek00L said...

anonymous,

I'm using 1024x768 on 12'1 lcd screen which is my thinkpad laptop, usually I just launch the sguil client and everything is aligned properly using the default font. I have the same problem like you stated if I change it to other font type.

Anonymous said...

Thanks for the reply. I haven't changed the font so maybe it's a Windows problem or just me. I'll post on the mailing list about it sometime, maybe someone there has had the same problem with the default font.

Anonymous said...

Hi, I have a basic but practical question in using SGUIL...How could it be used in a ISP network with huge amount of traffic (e.g. with 200MBps per minute) ? We need to have a huge disk for data storage if we are going to use SGUIL for intrusion monitoring and analysis over a few days for example.Thanks