Documentation

Contents

The following is a list of topics covered in the documentation section.

1. NSMnow Manual
2. Release Notes
3. System Architecture

If you have ever tried to build a sguil server or sensor then you will understand some of the frustration that comes along with it and why we decided to build this tool. Although deploying an NSM framework based on sguil is not too hard it can be extremely frustrating. There are so many steps that you need to do and so many checks that need to be made to ensure that everything is configured correctly. It took us a number of times to get the system up and running without forgetting something along the way only to waste time debugging the system to figure out want was missed.

The objectives of NSMnow include:

1. rapid deployment,
2. consistent build,
3. easy installation and configuration,
4. ease of maintenance, and
5. unified system deployment

For the most part NSMnow has achieved the above objectives. It is still a work in progress although most of the effort will focus on porting it to Perl and adding new features.

The current feature list is quite small but new features are being added, see below:

1. install mysql, if not already, and configure it for sguil,
2. install and configure Tcl/tk,
3. build the sguil tools, snort, barnyard and sancp
4. install other sguil dependancies, if not already, including wireshark, tcpflow, p0f...
5. install and configure each of the sguil components (server, sensor and client)

There are a number of exciting new features to be included in the next release, a couple of teasers include:

1. post installation configuration,
2. post installation debugging, in case you made changes and things have broken
3. un-install option
4. porting to Perl

Styles used throughout documentation

Below are examples, along with a description, of the various ways data will be presented throughout the documentation section.

important information that you need to be aware of.

filenames

comments or remarks