Security Onion Blog

Wednesday, November 5, 2008

Barnyard2, SanCP, Snort, and Sguil using NSMnow

In my last post, I mentioned that I was working on integrating BASE into the Security Onion LiveCD. I chose BASE because I wanted a quick and easy GUI for Snort until I could get Sguil up and running. Little did I know that there was a quick and easy way to get Sguil up and running (even easier than installing BASE).

The stars aligned and I stumbled upon NSMnow. This is an amazing little project that will analyze your system; download and install Barnyard2, SanCP, Snort, and Sguil; and automatically configure the whole thing! I ran NSMnow in a terminal chrooted into the Security Onion LiveCD build environment (courtesy of Reconstructor) and a few minutes later it was done. I generated a new ISO, booted it, ran the init script, and fired up the Sguil client. That was too easy!

at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Security Onion Documentation printed book now updated for Security Onion 2.4.120!

We've been offering our Security Onion documentation in book form on Amazon for a few years and it's now been updated for the recent...

Popular Posts

  • Security Onion 2.4 Base OS
    Introduction Recent events have forced us to change course on the base operating system (OS) for Security Onion 2.4.  On 6/21/2023, Red Hat ...
  • Security Advisory for Squert
    Introduction Jeffrey Medsger reported several command injection and SQL injection vulnerabilities in Squert.  Wes Lambert also discovered s...
  • Community Webinars featuring Security Onion
    Thanks to all who attended the Zeek webinar on May 27! For those weren't able to join, the recording should be available soon and we wi...

Blog Archive