$ mysql -u root -p 
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 546 to server version: 3.23.55

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> CREATE DATABASE SGUIL;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON SGUIL.* TO sguil IDENTIFIED BY 'sguilpass' WITH GRANT OPTION;
Query OK, 0 rows affected (0.06 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.06 sec)

mysql>
-------------------------
$ mysql -u root -p SGUIL < create_sguildb.sql
-------------------------
$ tcl
tcl>package require Tclx
8.3
tcl>package require mysqltcl
3.02
tcl>
-------------------------
$ tcl
tcl>package require tls
1.40
tcl>
-------------------------
# mkdir /etc/sguild
# cd server
# cp autocat.conf sguild.conf sguild.queries sguild.users /etc/sguild
-------------------------
set DBNAME SGUIL
set DBPASS sguilpass
set DBHOST localhost
set DBPORT 3389
set DBUSER sguil
-------------------------
set RULESDIR /etc/snort/rules
-------------------------
set LOCAL_LOG_DIR /var/log/snort/archive
-------------------------
set TCPFLOW "/usr/bin/tcpflow"
set P0F_PATH "/usr/sbin/p0f"
-------------------------
# sguild -adduser andrew
Please enter a passwd for andrew: 
Retype passwd: 
User 'andrew' added successfully
-------------------------
set OPENSSL 1
set TLS_PATH /usr/lib/tls1.4/libtls1.4.so
-------------------------
$ cd ~/snort-2.4.4/src/preprocessors
$ patch spp_portscan.c < ~/sguil-0.6.1/sensor/snort_mods/2_1/spp_portscan_sguil.patch
patching file spp_portscan.c
Hunk #4 succeeded at 1252 (offset 2 lines).
Hunk #6 succeeded at 1285 (offset 2 lines).
Hunk #8 succeeded at 1416 (offset 2 lines).
$ patch spp_stream4.c < ~/sguil-0.6.1/sensor/snort_mods/2_1/spp_stream4_sguil.patch
patching file spp_stream4.c
Hunk #1 succeeded at 72 with fuzz 1 (offset 39 lines).
Hunk #3 succeeded at 197 (offset 47 lines).
Hunk #4 succeeded at 254 with fuzz 2 (offset 32 lines).
Hunk #5 succeeded at 300 (offset -12 lines).
Hunk #6 succeeded at 421 (offset 46 lines).
Hunk #7 succeeded at 419 with fuzz 2 (offset -8 lines).
Hunk #8 succeeded at 1069 with fuzz 1 (offset 82 lines).
Hunk #9 succeeded at 1117 (offset 14 lines).
Hunk #10 succeeded at 3609 (offset 296 lines).
Hunk #11 succeeded at 3361 (offset 14 lines).
Hunk #12 succeeded at 4002 (offset 327 lines).
-------------------------
preprocessor portscan: $HOME_NET 4 3 /var/log/snort/portscans gw-ext0
preprocessor stream4: detect_scans, disable_evasion_alerts, keepstats db /var/log/snort/ssn_logs
-------------------------
output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128
-------------------------
00 0-23/1 * * * /usr/local/bin/log_packets.sh restart
-------------------------
$ cd ~/barnyard-0.2.0
$ cp ~/sguil-0.6.1/sensor/barnyard_mods/configure.in .
$ ./autojunk.sh
$ cd src/output-plugins/
$ cp ~/sguil-0.6.1/sensor/barnyard_mods/op_* .
$ patch op_plugbase.c < op_plugbase.c.patch
-------------------------
set SERVER_HOST localhost
set SERVER_PORT 7736
set HOSTNAME gw-ext0
set LOGDIR /var/log/snort
-------------------------
$ sguild -O /usr/lib/tls1.4/libtls1.4.so
-------------------------
$ sensor_agent.tcl -o -O /usr/lib/tls1.4/libtls1.4.so
