SGUIL Sancp Issue on Agent Status Tab

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Sguil-users mailing list
Sguil-users@...
https://lists.sourceforge.net/lists/listinfo/sguil-users

sguil client, most current event in the group visibly, how?

Hi Bamm, all
Bamm i see in the event Group "only" the first Event and not the newest.
Thus it is to be found with difficulty out, which current event became to receive now (Client).
How can i guarantee that the most current events are visible always (Event Group an single Event)? 

Thanks for your time and help.

Stefan

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

New interesting problem with tcpflow-1.2.3

So I'm standing up a new sguild server and I was grabbing tcpflow from
http://afflib.org/downloads/tcpflow.tar.gz.  Right now when that comes
down it's version 1.2.3.  It compiles like normal and installs and
runs fine, but the xcript doesn't seem to be able to use it when
pulling down transcripts/pcaps/etc.

I was able to roll back to the 1.1.0 version (tarball from the other
server) and it began to work like normal.

The afflib site lists 1.1.0 as the latest, but 1.2.3 is what comes down.

------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second 
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev

Sguil-0.8.0 client Wireshark TMP dir error

Hello Everyone,
I'm upgrading from sguil 7 to sguil 8 and so far so good.  I've ran
into snag with the sguil 8 client and wireshark.  The situation is
when I try to pull the pcap data with wireshark,  I get an error
"Permission Denied" to C:\tmp  or it never return any errors.  It's
the strangest thing because the directory is there and worked fine
with the sguil 7 client.  I've even changed the directory to a new
folder and completely opened up the security permissions for that
folder and I still get the same errors.  Using the transcripts options
works fine and I can see the raw packet on the archive folder.

Has anyone else experienced this problem?  If so, how do you fix it.

Thanks
-Leo

------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure

What's log_packets.sh for?

Hi guys,

I don't really know what is the function of log_packets.sh in
sguil-sensor. What does this script do exactly? Why do you need to add
it to cron in order to run it periodically?

Thanks in advance,

Kindly

Paul

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Request for pcap already in queue. Pls try again later

Hi Guys...

I tried to export an alert's full session to Wireshark and it never show
it. Then i tried it again and the sguil client showed me the following
message: "Request for pcap already in queue. Pls try again later"

After that i tried to export the full session again several times and i
still got the same message.

How can i fix this? I have already tried restarting the sguil-sensor
agents as well sguild and i am still getting the same message. What else
should i check?

Kindly,

Paul

------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/

Sguil 0.8 on RHEL 6 setup guide available

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Sguil-users mailing list
Sguil-users@...
https://lists.sourceforge.net/lists/listinfo/sguil-users

SANCP and Sguil

Hi guys,

I am running sancp 1.6.1 and it has been set up to run in conjuction
with sguil 0.8.0. I installed sancp from source and followed the
instructions at http://nsmwiki.org/Sguil_on_RedHat_HOWTO#SANCP

I can see the sancp data being generated and also being saved into the
DB by sancp_agent.

I know that SANCP is used for recording TCP sessions but i don't know
where this data can bee seen through sguil client.

Sincerely, i don't see clearly the role of sancp in sguil since there is
already a transcript function being done by pcap_agent through which you
can have access to the TCP sessions.

I have also noticed that there is a tool called cxtracker that can
replace sancp. Do you guys recommend doing this? What are the advantages?

Thanks in advance for your help,

Kindly,

Paul

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

CC field in client doesn't seem to work well

We did some testing this morning and if you do a Report -> Send Event
Detail via E-mail  and enter some addresses in the CC field, those do
not get sent.

Is there an open bug tracker somewhere to add these, or is this list
the best place.

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

icmphdr tables

What's supposed to feed information into this set of tables?  From the
name it's icmp data, but all the sancp stuff goes to the sancp tables.
 Is this supposed to be filled from portscan data?  MIne seem to be
empty.

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

Need help - pads not working on RHEL 6 64-bit server

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Sguil-users mailing list
Sguil-users@...
https://lists.sourceforge.net/lists/listinfo/sguil-users