800e4e5443
(www.snort.org), an open source intrusion detection system. The actual interface and GUI server are written in tcl/tk (www.tcl.tk). Sguil also relies on other open source software in order to function properly. The sensor list includes security/barnyard, security/snort, security/sancp, tcpdump (a part of the OS) and devel/tcltls as well as lang/tcl84 and lang/tclX. Care has been taken to ensure that everything you need to build a working sguil operation is in the FreeBSD ports system or part of the OS already. Sguil currently functions as an analysis interface and has no snort sensor or rule management capabilities. WWW: http://sguil.sourceforge.net/index.php pauls@utdallas.edu PR: ports/95018 Submitted by: Paul Schmehl <pauls at utdallas.edu>
30 lines
1 KiB
Text
30 lines
1 KiB
Text
# Conf file for the log_packets script
|
|
# Make sure you verify the location of
|
|
# each of the binaries on your OS
|
|
|
|
HOSTNAME="myhost"
|
|
# Path to snort binary
|
|
SNORT_PATH="/usr/local/bin/snort"
|
|
# Directory to log pcap data to (date dirs will be created in here)
|
|
# Note: The path $HOSTNAME/dailylogs, will be appended to this.
|
|
LOG_DIR="/snort_data"
|
|
# Percentage of disk to try and maintain
|
|
MAX_DISK_USE=90
|
|
# Interface to 'listen' to.
|
|
INTERFACE="eth0"
|
|
# Other options to use when starting snort
|
|
#OPTIONS="-u sguil -g sguil -m 122"
|
|
# Where to store the pid
|
|
PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
|
|
# How do we run ps
|
|
PS="ps awx"
|
|
# Where is grep
|
|
GREP="/usr/bin/grep"
|
|
#Add BPFs here.
|
|
#The below is an example of a filter for ignoring outbound HTTP from my network
|
|
# to the world.
|
|
#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
|
|
|
|
#Some installs may need these
|
|
#LD_LIBRARY_PATH=/usr/local/lib/mysql
|
|
#export LD_LIBRARY_PATH
|