Sguil Client on Ubuntu
Inspired by an old post, John Curry, and David Bianco's NSM Wiki, I decided I would install the Sguil client on Ubuntu. It was really easy.
First I edited the /etc/apt/sources.list file to include the "universe" package collections:
Next I updated the apt cache and added the libraries I needed.
When done I downloaded the sguil-client-0.6.1.tar.gz archive, and modified sguil.conf thus:
That's it. I was able to start Sguil and access servers.
First I edited the /etc/apt/sources.list file to include the "universe" package collections:
deb http://us.archive.ubuntu.com/ubuntu/ edgy universe
deb-src http://us.archive.ubuntu.com/ubuntu/ edgy universe
Next I updated the apt cache and added the libraries I needed.
richard@neely:~$ sudo apt-get update
...edited...
richard@neely:~$ sudo apt-get install tclx8.4 tcllib iwidgets4 wireshark
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
itcl3 itk3 libadns1 libpcre3 tcl8.4 tk8.4 wireshark-common
Suggested packages:
itcl3-doc itk3-doc iwidgets4-doc tclreadline tclx8.4-doc
Recommended packages:
libadns1-bin
The following NEW packages will be installed:
itcl3 itk3 iwidgets4 libadns1 libpcre3 tcl8.4 tcllib tclx8.4 tk8.4 wireshark
wireshark-common
0 upgraded, 11 newly installed, 0 to remove and 0 not upgraded.
Need to get 13.0MB of archives.
After unpacking 51.4MB of additional disk space will be used.
Do you want to continue [Y/n]? y
...truncated...
When done I downloaded the sguil-client-0.6.1.tar.gz archive, and modified sguil.conf thus:
set ETHEREAL_PATH /usr/bin/wireshark
That's it. I was able to start Sguil and access servers.
Comments
You could convert the rpm packages to debs using alien and install sguil that way. This of course assumes that the rpms are still maintained.
I used to do this back in college.
-Pete
It is pretty straight forward though :)
http://geek00l.blogspot.com/2005/10/ubuntu-linux-sguil-client-quick-and.html
-Pete