This is quick how-to for this OpenNSM Qemu Virtual Appliance including running all the sguil related scripts You will have to enable networking for qemu if you want it to work perfectly(I'm using tap), here's quick setup on FreeBSD, if anyone has much qemu experiences on OpenBSD and Linux, please email me so that I can add more for this section, assuming the physical network interface name I use is fxp0, now I need to create bridge pseudo interface - shell>ifconfig bridge0 create Launching qemu shell>qemu -boot c -hda OpenNSM.img -m 256 -net nic -net tap Bridging both physical network interface and tap interface shell>ifconfig bridge0 addm fxp0 addm tap0 up Thanks to Victorj who has been helpful enough to write the setup of qemu networking for linux(debian) platform that can be found here - http://www.inliniac.net/blog/?p=56 Once you launch the qemu image, you will come into xdm login screen, just enter the following - Username: root Password: OpenNSM Default Network Info Hostname: OpenNSM Network Interface - ne3 IP - 192.168.0.248 Netmask - 255.255.255.0 Gateway - 192.168.0.1 Nameserver - whatever you can use You can tweak the network configuration to suit your network environment so that it can communicate with the hosts in the networks. If you are not familiar with OpenBSD network configuration setting, you can just right click the menu again and click on net-config and it will execute the network configuration script which you can set it easily. Fluxbox window system is running after you login, before you able to login to sguil server(sguild) via sguil client(sguil.tk), there are 4 scripts you need to run in sequence. 1. sguil_components.sh 2. sensor_components.sh 3. barnyard_startup.sh 4. sguil_client.sh All the descriptions are explainned in the scripts itself, thus it is pretty straight forward here. Once you login to the VM, just right click on the window and the menu will pop up, just click on aterm(terminal) and execute the commands below. Please do note that mysql server is started on boot thus no manual startup needed. shell>cd /root/nsm-scripts shell>./sguil_components.sh shell>./sensor_components.sh shell>./barnyard_startup.sh All the tools run in background now, you will only need to run in foreground for debugging purpose. Once you have all the necessary NSM tools running, you can just launch sguil_client.sh by right click on window to get the menu, and click on sguilc. Once sguil client is running, you will see a box pop up and you can enter - Sguild Host: 127.0.0.1 Sguild Port: 7734 Username: sguil Password: sguil Remember to uncheck the Enable OpenSSL box, then click on OK butten and sguil ananalyzt console will launch and you can navigate all the neat features in sguil client by now. Have fun with OpenNSM Qemu Virtual Appliance! Thanks to nikns, and all the lamerz in #snort-gui, you guys just rock. If you are running into any kind of issues or you have any suggestions regarding this virtual appliance, please feel free to contact me (;])- geek00L[at]gmail.com