Setup the Sguil Client on Windows

From NSMWiki
Jump to: navigation, search


Download the latest Stable Version of Sguil:

Unpack the zip file (I put mine in c:\sguil-0.7.0)

INSTALL ActiveTCL v.8.4

Download the file from

Follow through a couple of the links for ActiveTCL

NOTE: it has been reported that version 8.5 will not work with the sguil client. As of the posting of this page, the 8.4 client was still available.

ActiveTCL license requirements require FirstName, LastName, Email Address, and Company information for a personal use license.

Here is the link I followed:

Push through the installation with the default install options.

Install TCLTLS v1.6

Download the tls1.6-win(32,64) from

Uncompress the tls1.6 directory.

Rename C:/Tcl/lib/tls1.6 to tls1.6-orig.

Copy the newly uncompressed directory to C:/Tcl/lib.

Point sguil.conf to the tls directory:

 set TLS_PATH "c:/tcl/lib/tls1.6/tls16.dll"


Go into the folder and find It will be in the upper folders. (In my case c:\sguil-0.7.0\client\

Double click on You should be prompted to associate the file with a program.

Use the wish.exe program. (in my case c:\tcl\bin\wish.exe)


The client should have started up.

The Default values should be preset. (, port:7734)

Enter a user name. (this will be announced to the #snort-gui irc channel)

Password is not required.


It can take the client a second or two, in order to connect to the Demo Server. Once connected, you will be prompted to select the network to Monitor. Currently the "DEMO_DMZ" senor is up and running.