From owner-freebsd-net@FreeBSD.ORG  Fri Feb 14 07:21:32 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 888EFEA8
 for <freebsd-net@freebsd.org>; Fri, 14 Feb 2014 07:21:32 +0000 (UTC)
Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com
 [IPv6:2a00:1450:400c:c03::22b])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 23E891798
 for <freebsd-net@freebsd.org>; Fri, 14 Feb 2014 07:21:31 +0000 (UTC)
Received: by mail-we0-f171.google.com with SMTP id u56so8575852wes.30
 for <freebsd-net@freebsd.org>; Thu, 13 Feb 2014 23:21:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=7WQu4+Nz1RCAcYV0Cy1XckFTNRSKyevJaoY6jjkszvc=;
 b=v3nb5ZcUjBfKPoyh3o7d4rL/yLJ4J/0fysWLNJ8PIpWBdVdZgR5cvsMoIEe8dR+ZNL
 nkNocvkWaVPeszLbkf/ZChRP7ReuO+HGArsKvnFyUApzpVRZPa76fZd0RrA/EVFwxYf7
 Fq8xg2DPZ55ZCohyATrxU15CrelkZNFcVOQncrPOUFlQ1+Wng2a3rmKPyDwXVxjawiMF
 G7Y1m/AVIHEKQphPFQlGvyu1hwVdDbGFOF7JbwAW8h/mPFjFv9/GX7gfoO4hyHHfZD7T
 DNV1say9yIQxGhl1+tNZP9X+6r7vyzdBIilZ+XqirLNzDn3EQA4PICxExSQS9OKQB1/D
 TPsA==
MIME-Version: 1.0
X-Received: by 10.194.6.164 with SMTP id c4mr535207wja.38.1392362490622; Thu,
 13 Feb 2014 23:21:30 -0800 (PST)
Received: by 10.194.29.163 with HTTP; Thu, 13 Feb 2014 23:21:30 -0800 (PST)
In-Reply-To: <1392304466.63673.23.camel@btw.pki2.com>
References: <CAEjQA5L=hCo56SLMgK-wKH-CzOpDN2vHYwP_ySd1QEK5HccM6Q@mail.gmail.com>
 <1392304466.63673.23.camel@btw.pki2.com>
Date: Fri, 14 Feb 2014 07:21:30 +0000
Message-ID: <CAEjQA5+KT3y3Y0C9r1uK=7JshT4OcJhEPw3Oztqpbh6x==HBHg@mail.gmail.com>
Subject: Re: Recommendations for packet capture
From: "C. L. Martinez" <carlopmart@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2014 07:21:32 -0000

On Thu, Feb 13, 2014 at 3:14 PM, Dennis Glatting <dg@pki2.com> wrote:
> On Thu, 2014-02-13 at 09:14 +0000, C. L. Martinez wrote:
>> Hi all,
>>
>>  I need to setup some FreeBSD (or Linux, it depends) hosts to use as a
>> packet capture sensors for our infrastrucutre.
>>
>>  Searching about software that I could use under FreeBSD, I only find
>> these ones:
>>
>> a) daemonlogger
>> b) streamdb
>>
>>  For Linux, it seems exits more alternatives. Any suggestions??
>>
>>  I need to monitor 1 GiB networks.
>>
>
> I've not (yet) used these:
>
> /usr/ports/security/sguil-client
> /usr/ports/security/sguil-sensor
> /usr/ports/security/sguil-server
>
>
>>  Thanks.

Thanks Dennis, but Sguil is not a packet capture componente. Sguil
needs daemonlogger to show you captured data.