Documentation

Contents

The following is a list of topics covered in the documentation section.

  1. NSMnow Manual
  2. NSM Administration Manual
  3. Release Notes
  4. System Architecture


Background

If you have ever tried to build a sguil server or sensor then you will understand some of the frustration that comes along with it and why we decided to build this tool. Although deploying an NSM framework based on sguil is not too hard it can, as previously mentioned, be extremely frustrating. There are so many steps that you need to do and so many checks that need to be conducted to ensure that everything is configured just right. It took us a considerable number of times to get an NSM system up and running without forgetting something along the way only to waste time debugging the system for the slight configuration typo.


Objectives

The objectives of NSMnow include:

  1. rapid deployment,
  2. consistent build,
  3. easy installation and configuration,
  4. ease of maintenance, and
  5. unified system deployment.

For the most part NSMnow has achieved the above objectives.


Features

The current feature list is as follows:

  1. install mysql, if not already, and configure it for sguil,
  2. install and configure Tcl/tk,
  3. build the sguil tools, snort, barnyard and sancp
  4. install other sguil dependancies, if not already, including wireshark, tcpflow, and p0f,
  5. install and configure each of the sguil components (server, sensor and client),
  6. install an adminstrative framework that allows for full maintenance and process control of all NSM components, and
  7. an uninstall option, that still is a little temperamental.


Future

NSMnow is now in a feature freeze. All future updates will be related to bug fixes and stability issues.


Styles used throughout documentation

Below are examples, along with a description, of the various ways data will be presented throughout the documentation section.

important information that you need to be aware of.

filenames

comments or remarks

text in these windows are executed at the console

commands executed as root.

commands executed as a normal user.

File: configuration filename
updates/changes or details to a file
text to be input to forms or control windows
Powered by Xen Powered by Apache Written with VIM Best viewed with Firefox Managed by git