Force10 Networks 100-00055-01 manual Running the Sguil System, Running the Sguil Sensor

Running the Sguil System

Running the Sguil Sensor

Start the Sguil sensor using the command pnic sguil-sensor-start. Specify the IP address of the Sguil server, and confirm the action, as shown in Figure 29.

Figure 29 Starting the Sguil Sensor

root@# pnic sguil-sensor-start

Enter the IP address of the Sguil-Server:192.16.130.246

***********************************************

INTERFACE NAME: pnic0

SGUIL-SERVER IP-ADDRESS : 192.16.130.246

***********************************************

To start Sguil-sensor with the above configuration

Select "Ok"

1)Ok

2)Exit #? 1

Starting sguil sensor processes...

Info: <InstallDir>/sguil-pids/snort_log-localhost.pid does not exist. Checking for old process with ps.

No old processes found. Starting new process anyway...

LogPackets started successfully. Checking disk space (limited to 90%)...

Current Disk Use: 26% Done.

Barnyard started successfully. Snort started successfully. Sancp started successfully.

Pcap Agent started successfully. Sancp Agent started successfully. Snort Agent started successfully. Sguil-sensor has started successfully.

Stop the Sguil sensor using the command pnic sguil-sensor-stop, as shown in Figure 30.

Figure 30 Stopping the Sguil Sensor

root@# pnic sguil-sensor-stop

Do you really want to stop the Sguil-sensor application (y/n)? y

LogPackets stopped successfully.

Stopped Pcap Agent successfully

Stopped Sancp Agent successfully

Stopped Snort Agent successfully

Stopped Barnyard successfully

Stopped Snort successfully

Stopped Sancp successfully

Stopped tail of snort.stats successfully

Sguil-sensor application has been stopped.

Writing New Rules

•All rules files are stored in the installation sub-directory .../nsm/sguil/rules.