29 May 2011 - Sguil 0.8.0 Released!
Okay, new direction. Time has been escaping me and Sguil development has suffered. When I do have time to spend on Sguil, I would rather be adding new features and fixing bugs versus testing installs and writing documentation. So starting with this release, I am going to focus on getting code out the door and hope our small community will document their experiences through blogs, wikis, mailing lists, tweets, and #snort-gui.
Go out and download Sguil 0.8.0. Install it. Test it. Break it. And find some bad guys.
25 January 2010 - I'm not dead yet
But the demo server is. Well, it is not dead, just in an unpacked box (we moved from
Colorado to Western Michigan recently). Seriously. I apologize for the lack updates
over the last two years (ouch). The project is not dead, just on hiatus. I have been
busy with a huge deployment (over 100 sensors on ~80 appliances) and cannot wait to
add what we have learned. Stay tuned.
26 March 2008 - Updated Modsec2Sguil
Victor Julien writes:
I've updated the Modsec2sguil agent to work with the latest release. Also, it contains support for ModSecurity 2.5.x contributed by Ryan Cummings.
Get it here: http://www.inliniac.net/modsec2sguil/
26 March 2008 - Bugs!
Well, that didn't take too long. Found a bug with the way the client parses messages for display in the "User Messages" tab. It has been fixed in CVS and a simple diff can be found here. A patched release will follow.
25 March 2008 - Sguil Version 0.7.0 Released
It has been a couple of years of changes and bugfixes since the last
release. The biggest change is the replacement of the sensor agent
with individual components for each collection type. The new agents
are called snort_agent.tcl, pcap_agent.tcl, and sancp_agent.tcl. By
splitting out the agents, collection for these different data types
can be placed on separate hardware and still be correlated via their
A new collection agent for PADS is also included in this release although it is still considered beta. Also included is an example_agent.tcl script that documents how custom agents can be created. Other agents have been written for ModSecurity and OSSEC.
As always, help can be found on the sguil-users mailing list or in IRC on #snort-gui via irc.freenode.net.
David Bianco has provided a great HOWTO and Rich Fifarek has created a yum repository that should be updated soon.
Thanks for everyone's help and happy F8ing,
21 March 2007 - Modsec2Sguil 0.7 Released
Victor Julien released version 0.7 of Modsec2sguil recently. Modsec2Sguil is a set of perl scripts to feed ModSecurity alerts to the Sguil NSM system. The main change of this release is that it adds support for alerts produced by ModSecurity 2.x, while 1.9.x remains to be supported. Next to this the conversion between ModSecurity’s severity and Snort’s priority was fixed, so alerts should show up in the right pane in Sguil again.
In future releases, we plan to add the capability for other projects to easily send events to Sguil.
19 March 2007 - Website Updated!
After a much too long hiatus, the Sguil website has been updated. We are using an open source template from Andreas Viklund. Also, Sguil version 0.7.0 is currently being tested in CVS and we plan to get a release candidate out soon!
24 March 2006 - Sguil 0.6.1 VM
13 February 2006 - Sguil 0.6.1 Released
Sguil-0.6.1 has been released. This release adds support for snort statistics, UNION queries, and GUI enhancements.
06 January 2006 - Sguil Client VM
30 December 2005 - First Sguil VM
Richard Bejtlich of TaoSecurity has started creating virtual machines suitable for use in VMware Player. You can read about the creation of the first Sguil VM in Richard's blog. We've added a page on VMs for future work. The first VM is available here.