Running the sguil system, Running the sguil sensor, Writing new rules – Force10 Networks PSeries 100-00055-01 User Manual
Page 47
P-Series Installation and Operation Guide, version 2.3.1.2
47
Running the Sguil System
Running the Sguil Sensor
Start the Sguil sensor using the command
pnic sguil-sensor-start
. Specify the IP address of the Sguil
server, and confirm the action, as shown in
.
Figure 29
root@# pnic sguil-sensor-start
Enter the IP address of the Sguil-Server:192.16.130.246
***********************************************
INTERFACE NAME : pnic0
SGUIL-SERVER IP-ADDRESS : 192.16.130.246
***********************************************
To start Sguil-sensor with the above configuration
Select "Ok"
1) Ok
2) Exit
#? 1
Starting sguil sensor processes...
Info: <InstallDir>/sguil-pids/snort_log-localhost.pid does not exist.
Checking for old process with ps.
No old processes found.
Starting new process anyway...
LogPackets started successfully.
Checking disk space (limited to 90%)...
Current Disk Use: 26%
Done.
Barnyard started successfully.
Snort started successfully.
Sancp started successfully.
Pcap Agent started successfully.
Sancp Agent started successfully.
Snort Agent started successfully.
Sguil-sensor has started successfully.
Starting the Sguil Sensor
Stop the Sguil sensor using the command
pnic sguil-sensor-stop
, as shown in
Figure 30
root@# pnic sguil-sensor-stop
Do you really want to stop the Sguil-sensor application (y/n)? y
LogPackets stopped successfully.
Stopped Pcap Agent successfully
Stopped Sancp Agent successfully
Stopped Snort Agent successfully
Stopped Barnyard successfully
Stopped Snort successfully
Stopped Sancp successfully
Stopped tail of snort.stats successfully
Sguil-sensor application has been stopped.
Stopping the Sguil Sensor
Writing New Rules
•
All rules files are stored in the installation sub-directory .../nsm/sguil/rules.