My previous post on installing Insta-Snorby talked about using my mini-ITX board as an IDS. I LOVED Snorby, but it wasn't supported, and has since migrated to "Security Onion."
Security Onion is nice, but on a headless system it is a little harder to use, and not as friendly as Insta-Snorby. You can still log into Squert with a browser, using 'http://ipaddress/squert/squert.php' but you can't get to squil that way.
So I decided to use X11 to forward my screen, and launch Sguil from the ssh console, having the X11 screen show up on my remote box.
I installed Security Onion, having one interface monitoring my network, and the other accessible through another network.
I then use my Mac to log onto the IDS with: ssh -X user@ip
I then launch either sguil or squert with the following:
/usr/bin/firefox 'http://localhost/squert/squert.php' (without the tics... but GoDaddy sux, so I have to put them in my blog or it converts it into a mess)
These port the displays to my Mac, and I can monitor my IDS.
To be honest, I liked Insta-Snorby a lot better than the Security Onion, as I loved the cool outputs it had on the home screen better. But they both rock for IDSs