how do you list all uncategorized events from sguil database
455 views
Skip to first unread message
Mark Moore
Nov 11, 2013, 4:36:31 PM11/11/13
to securit...@googlegroups.com
What is the query statement to use if I want to see the list of uncategorized events? When I ran the sudo sostat command, I see there are a little over 100,000 uncategorized events.
Thx in advance for any help given.
Doug Burks
Nov 11, 2013, 4:52:47 PM11/11/13
to securit...@googlegroups.com
Hi Mark,
One option would be just to log into the Sguil client. Its RealTime
Events tab will automatically show you all uncategorized events.
Another option would be a SQL query like this:
mysql -uroot -Dsecurityonion_db -e 'SELECT count(*),signature FROM
event WHERE status=0 GROUP BY signature ORDER BY count(*);'
On Mon, Nov 11, 2013 at 4:36 PM, Mark Moore <tornado...@gmail.com> wrote:
> What is the query statement to use if I want to see the list of uncategorized events? When I ran the sudo sostat command, I see there are a little over 100,000 uncategorized events.
>
> Thx in advance for any help given.
>
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Doug Burks
http://securityonion.blogspot.com
One option would be just to log into the Sguil client. Its RealTime
Events tab will automatically show you all uncategorized events.
Another option would be a SQL query like this:
mysql -uroot -Dsecurityonion_db -e 'SELECT count(*),signature FROM
event WHERE status=0 GROUP BY signature ORDER BY count(*);'
On Mon, Nov 11, 2013 at 4:36 PM, Mark Moore <tornado...@gmail.com> wrote:
> What is the query statement to use if I want to see the list of uncategorized events? When I ran the sudo sostat command, I see there are a little over 100,000 uncategorized events.
>
> Thx in advance for any help given.
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Doug Burks
http://securityonion.blogspot.com
Mark Moore
Nov 11, 2013, 4:56:03 PM11/11/13
to securit...@googlegroups.com
On Monday, November 11, 2013 4:36:31 PM UTC-5, Mark Moore wrote:
> What is the query statement to use if I want to see the list of uncategorized events? When I ran the sudo sostat command, I see there are a little over 100,000 uncategorized events.
>
> Thx in advance for any help given.
> What is the query statement to use if I want to see the list of uncategorized events? When I ran the sudo sostat command, I see there are a little over 100,000 uncategorized events.
>
> Thx in advance for any help given.
Thx for the response!!
Pedro Simoes
Nov 11, 2013, 6:53:23 PM11/11/13
to securit...@googlegroups.com
Or Squert. Default view of queued events = uncategorized events
Reply all
Reply to author
Forward
0 new messages