Sguil Client on Ubuntu

Inspired by an old post, John Curry, and David Bianco's NSM Wiki, I decided I would install the Sguil client on Ubuntu. It was really easy.

First I edited the /etc/apt/sources.list file to include the "universe" package collections:

deb http://us.archive.ubuntu.com/ubuntu/ edgy universe
deb-src http://us.archive.ubuntu.com/ubuntu/ edgy universe

Next I updated the apt cache and added the libraries I needed.

richard@neely:~$ sudo apt-get update
...edited...
richard@neely:~$ sudo apt-get install tclx8.4 tcllib iwidgets4 wireshark
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
itcl3 itk3 libadns1 libpcre3 tcl8.4 tk8.4 wireshark-common
Suggested packages:
itcl3-doc itk3-doc iwidgets4-doc tclreadline tclx8.4-doc
Recommended packages:
libadns1-bin
The following NEW packages will be installed:
itcl3 itk3 iwidgets4 libadns1 libpcre3 tcl8.4 tcllib tclx8.4 tk8.4 wireshark
wireshark-common
0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 13.0MB of archives.
After unpacking 51.4MB of additional disk space will be used.
Do you want to continue [Y/n]? y
...truncated...

When done I downloaded the sguil-client-0.6.1.tar.gz archive, and modified sguil.conf thus:

set ETHEREAL_PATH /usr/bin/wireshark

That's it. I was able to start Sguil and access servers.

Comments

Anonymous said…
Rich,

You could convert the rpm packages to debs using alien and install sguil that way. This of course assumes that the rpms are still maintained.

I used to do this back in college.

-Pete
C.S.Lee said…
Rich,

It is pretty straight forward though :)

http://geek00l.blogspot.com/2005/10/ubuntu-linux-sguil-client-quick-and.html
Anonymous said…
Not disagreeing I'm just saying that it's good practice to have everything managed with the systems native package management.

-Pete
Anonymous said…
This comment has been removed by a blog administrator.
Note Sguil 0.7.0 requires tcltls too.
Anonymous said…
If only OS X were as easy as debian...

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics