Feature Request: Catagorize from SQueRT

Question

Feature Request: Catagorize from SQueRT

Closed this issue 11 years ago · 7 comments

Yea...it's a beefy request ;) Reason is, the sguil client runs TERRIBLE on Mac...I think it's due to how tcl is implemented on Mac...but it's pretty bad. The more database manipulation I can do, the better.

Answer 1 · 2011-10-07T15:57:54.000Z

I am working on it. It is a busy time of year right now though so I can't give any concrete dates.

Answer 2 · 2011-10-07T19:07:23.000Z

I am working on it. It is a busy time of year right now though so I can't
give any concrete dates.

Reply to this email directly or view it on GitHub:
https://github.com/SQueRT/squert/issues/20#issuecomment-2323371

I totally understand Paul...thanks for all the hard work on this.

James

Answer 3 · 2013-04-11T01:01:15.000Z

So according to the homepage for this project, classification should be working, no?

Event classification is complete and can be used in both grouped and exploded views. This should (hopefully) play well with TCL clients.
Not sure exactly how to go about it. Am I supposed to be hitting the function keys or can I click on them or what? The UI doesn't seem to react to me clicking them or pressing function keys.

OS: OS X 10.8.3
Browser: Chrome 26.0.1410.43

Besides this, I think the new rewrite is excellent! Really enjoying the new design, we're actually replacing Snorby with this since we haven't been able to get it (Snorby) to authenticate via LDAP/AD (looked into devise_ldap_authenticatable, but there are conflicting dependencies with Snorby).

Answer 4 · 2013-04-11T10:34:57.000Z

Odd. Just tested on 10.7.5, 26.0.1410.65
Did you set the sguild info in .inc/config.php:

$sgVer = "SGUIL-0.8.0 OPENSSL ENABLED";
$sgHost = "1.2.3.4";
$sgPort = "7734";
$sgUser = "a_valid_sguil_user";
$sgPass = "applesauce";

Answer 5 · 2013-04-11T16:30:58.000Z

Yes, our sguild section looks like:

$sgVer = "SGUIL-0.8.0 OPENSSL ENABLED";
$sgHost = "127.0.0.1";
$sgPort = "7734";
$sgUser = "squert";
$sgPass = "squert";

After selecting the events I want to categorize and then trying to categorize them as NA, it simply says "0 events categorized". Every time I do this as well, the following is output to my apache2/error.log:

sh: 1: ../.scripts/clicat.tcl: not found

Also in there as well is:
[Thu Apr 11 16:15:12 2013] [error] [client 1.2.3.4] PHP Notice: Undefined variable: _SESSION in /var/www/squert/.inc/callback.php on line 482, referer: https://1.2.3.5/squert/index.php?id=be0b014f56b8be8d0c40899d30578993
[Thu Apr 11 16:15:09 2013] [error] [client 1.2.3.4] PHP Notice: Undefined variable: todayLink in /var/www/squert/index.php on line 86, referer: https://1.2.3.5/squert/login.php

But I do not believe they are related, as the clicat.tcl error occurs every time I try to categorize an event, while those just appear.

Answer 6 · 2013-04-11T16:54:48.000Z

ahh.. I bet it's a path issue in clicat. Take a look at line1 of clicat.tcl and make sure it matches the location of tclsh on your system. Those other 2 errors are remnants of something I was trying ;/ I have fixed and will push out later today. Looks like your chart is in the wrong spot as well. I can't seem to reproduce that with what I have on hand but will take a closer look.

Answer 7 · 2013-04-11T17:26:26.000Z

Yep, that fixed it! Our tclsh path was /usr/bin/tclsh as opposed to the location in the script, /usr/local/bin/tclsh. Events are now categorizing correctly.

As for the graphs being misplaced, I will look into that myself. It occurs in both Chrome and Safari on this computer so it could be something with our configuration, will test on others and see if I can dig anything up.

Thanks for the quick response.