[Snort-users] Test Drive Sguil-0.2.5

Bamm Visscher bamm at ...539...
Thu Jul 17 13:24:11 EDT 2003

We recently released sguil-0.2.5 (http://sguil.sf.net).  As a way to provide interested parties a way to test drive sguil without going through the hassle of installing all the required components, I have made a sguil server publicly available. 

To use, first install the correct tcl libraries on your workstation (for example: Redhat 7.3 -> tclx-8.3-67, itcl-3.2-67, tcl-8.3.3-67, tcllib-1.0-67 OR win32 http://www.activestate.com/Products/ActiveTcl/). 

Second, download and install the sguil-client-0.2.5 tarball or zip archive from http://sourceforge.net/project/showfiles.php?group_id=71220&release_id=172069.

Next, edit the included sguil.conf to point towards bamm.dyndns.org (set SERVERHOST bamm.dyndns.org) using the default sguil ports.

Finally, launch the GUI (sguil.tk). The client will look for a 'wish' interpreter using the users PATH in a *NIX environment. If you are using a win32 platform, then either associate the .tk extension with the wish84 binary provided by the ActiveState libs, or access the wish84 shell directly and use `dir /path/to/sguil-0.2.5/client; source ./sguil.tk` from the wish command prompt.

As the project matures, I expect the install will get easier. The barnyard output plugin (op_sguil) will hopefully find its way into the barnyard source tree soon. We are planning on moving the session stats out of stream4 and working with spp_portscan in hopes that we can get those patches into the snort source tree at some point too.

Once connected, you will be able to chat in the "User Messages" tab where we can answer any questions and give assistance. I'll keep the system up as long as my ISP lets me and assuming my precious dual-flop p133 can handle the load.


More information about the Snort-users mailing list