Setup the Sguil Client on Windows
GET THE CLIENT
Download the latest Stable Version of Sguil: http://sguil.sourceforge.net/downloads.html
Unpack the zip file (I put mine in c:\sguil-0.7.0)
INSTALL ActiveTCL v.8.4
Download the client.zip file from http://www.activestate.com
Follow through a couple of the links for ActiveTCL
NOTE: it has been reported that version 8.5 will not work with the sguil client. As of the posting of this page, the 8.4 client was still available.
ActiveTCL license requirements require FirstName, LastName, Email Address, and Company information for a personal use license.
Here is the link I followed: http://downloads.activestate.com/ActiveTcl/Windows/8.4.19/ActiveTcl220.127.116.11.285137-win32-ix86-threaded.exe
Push through the installation with the default install options.
Install TCLTLS v1.6
Download the tls1.6-win(32,64) from http://sourceforge.net/project/showfiles.php?group_id=13248&package_id=21836
Uncompress the tls1.6 directory.
Rename C:/Tcl/lib/tls1.6 to tls1.6-orig.
Copy the newly uncompressed directory to C:/Tcl/lib.
Point sguil.conf to the tls directory:
set TLS_PATH "c:/tcl/lib/tls1.6/tls16.dll"
ASSOCIATE sguil.tk WITH wish.exe
Go into the folder and find sguil.tk. It will be in the upper folders. (In my case c:\sguil-0.7.0\client\sguil.tk)
Double click on sguil.tk. You should be prompted to associate the file with a program.
Use the wish.exe program. (in my case c:\tcl\bin\wish.exe)
RUNNING THE CLIENT
The client should have started up.
The Default values should be preset. (Demo.sguil.net, port:7734)
Enter a user name. (this will be announced to the irc.freenode.net #snort-gui irc channel)
Password is not required.
It can take the client a second or two, in order to connect to the Demo Server. Once connected, you will be prompted to select the network to Monitor. Currently the "DEMO_DMZ" senor is up and running.