Setup the Sguil Client on Windows

From NSMWiki
Jump to: navigation, search

GET THE CLIENT

Download the latest Stable Version of Sguil: http://sguil.sourceforge.net/downloads.html

Unpack the zip file (I put mine in c:\sguil-0.7.0)



INSTALL ActiveTCL v.8.4

Download the client.zip file from http://www.activestate.com

Follow through a couple of the links for ActiveTCL

NOTE: it has been reported that version 8.5 will not work with the sguil client. As of the posting of this page, the 8.4 client was still available.


ActiveTCL license requirements require FirstName, LastName, Email Address, and Company information for a personal use license.

Here is the link I followed: http://downloads.activestate.com/ActiveTcl/Windows/8.4.19/ActiveTcl8.4.19.0.285137-win32-ix86-threaded.exe

Push through the installation with the default install options.


Install TCLTLS v1.6

Download the tls1.6-win(32,64) from http://sourceforge.net/project/showfiles.php?group_id=13248&package_id=21836

Uncompress the tls1.6 directory.

Rename C:/Tcl/lib/tls1.6 to tls1.6-orig.

Copy the newly uncompressed directory to C:/Tcl/lib.

Point sguil.conf to the tls directory:

 set TLS_PATH "c:/tcl/lib/tls1.6/tls16.dll"

ASSOCIATE sguil.tk WITH wish.exe

Go into the folder and find sguil.tk. It will be in the upper folders. (In my case c:\sguil-0.7.0\client\sguil.tk)

Double click on sguil.tk. You should be prompted to associate the file with a program.

Use the wish.exe program. (in my case c:\tcl\bin\wish.exe)



RUNNING THE CLIENT

The client should have started up.

The Default values should be preset. (Demo.sguil.net, port:7734)

Enter a user name. (this will be announced to the irc.freenode.net #snort-gui irc channel)

Password is not required.

Submit


It can take the client a second or two, in order to connect to the Demo Server. Once connected, you will be prompted to select the network to Monitor. Currently the "DEMO_DMZ" senor is up and running.