Running the sguil server – Force10 Networks PSeries 100-00055-01 User Manual

48

Network Security Monitoring

•

The rule file you are using should be mentioned in snort.conf file. A sample rule file under rules
directory is already added and commented in snort.conf.

•

Log files are stored in the installation sub-directory .../nsm/sguil/logs.

•

When adding new rules to the file sample.rules, uncomment the line, “include sample.rules”in the file
snort.conf.

•

Snort rule syntax is different from P-Series rule syntax. For example, the following rule is invalid for
Snort, but valid for the P-Series: alert on c1 tcp any any ->any any (msg:”tcp”; sid:100000001;
rev:1;). See

Chapter 9, Writing Rules, on page 63

.

•

The SID rule option is mandatory for Snort rules.

•

Do not specify channel information in Snort rules as it is already specified in P-Series rules
and will yeild a syntax error.

Running the Sguil Server

Scripts are used to perform management tasks such as starting and stopping the server and adding and
deleting users. Run scripts from the bin sub-directory of the installation directory.

Task

Script

Start the server. When the Sguild server is started
for the first time, you are prompted to add a new
user.

./StartMysqlserver.sh
./Startserver.sh

Stop the server.

./Shutdownserver.sh
./ShutdownMysqlserver.sh

Add a new user. You are prompted for a new
username and password.

./ManageSguilserverUser.sh add

Delete a user. You are prompted for your
username and Squil user to be deleted.

./ManageSguilserverUser.sh delete