[prev in list] [next in list] [prev in thread] [next in thread]
List: sguil-users
Subject: Re: [Sguil-users] gentoo sguil client
From: "CS Lee" <geek00l () gmail ! com>
Date: 2007-06-22 8:38:03
Message-ID: 1bb5dd90706220138l7febf52t631cb0a17528e166 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hey,
To run sguil client on gentoo, it is pretty simple. The solution is gentoo
portage -
shell>eix sguil-client
[I] net-analyzer/sguil-client
Available versions: (~)0.6.1
Installed: 0.6.1(08:50:07 02/15/07)(ssl)
Homepage: http://sguil.sf.net
Description: GUI Console for sguil Network Security Monitoring
emerge it and you are Done ;)
On 6/19/07, sguil-users-request@lists.sourceforge.net <
sguil-users-request@lists.sourceforge.net> wrote:
>
> Send Sguil-users mailing list submissions to
> sguil-users@lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/sguil-users
> or, via email, send a message with subject or body 'help' to
> sguil-users-request@lists.sourceforge.net
>
> You can reach the person managing the list at
> sguil-users-owner@lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Sguil-users digest..."
>
>
> Today's Topics:
>
> 1. Re: A lot of problems installing sguil 0.7.0 under rhel5
> (carlopmart)
> 2. Re: A lot of problems installing sguil 0.7.0 under rhel5
> (Victor Julien)
> 3. Re: A lot of problems installing sguil 0.7.0 under rhel5
> (carlopmart)
> 4. Re: A lot of problems installing sguil 0.7.0 under rhel5
> (Bamm Visscher)
> 5. Re: A lot of problems installing sguil 0.7.0 under rhel5
> (carlopmart)
> 6. Sguil on Gentoo (Zachary Mathis)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 15 Jun 2007 21:01:09 +0200
> From: carlopmart <carlopmart@gmail.com>
> Subject: Re: [Sguil-users] A lot of problems installing sguil 0.7.0
> under rhel5
> To: sguil-users@lists.sourceforge.net
> Message-ID: <4672E1F5.4080407@gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Victor Julien wrote:
> > carlopmart wrote:
> >> Victor Julien wrote:
> >>
> >>>> 2.- Using snort_inline 2.6.1.5 from http://snort-inline.sf.net/.
> Works with
> >>>> sguil 0.7.0???
> >>>>
> >>>>
> >>> Yes, without any problem. It behaves exactly as Snort does. I'm using
> it
> >>> myself with Sguil 0.7-CVS.
> >>>
> >>> Regards,
> >>> Victor
> >>>
> >> Well, if i use snort stand-alone (without sguil) works ok. But sguil
> doesn't
> >> interact with it ...
> >>
> > How are you running Snort and barnyard?
> >
> >> Julien, what script do you use to launch snort with script???
> >>
> >>
> > I use a custom script, but Snort_inline is started like this:
> > /usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -U -Q
> -H0
> >
> > -Q and -H0 are inline specific options which have no relation with
> Sguil.
> >
> > In my snort_inline.conf I have these output configurations:
> > output alert_unified: filename unified.alert
> > output log_unified: filename unified.log
> >
> > Barnyard runs like this:
> > /usr/bin/barnyard -c /etc/barnyard/barnyard.conf -d /var/log/snort/ -f
> > unified.log -g /etc/snort_inline/gen-msg.map -s
> > /etc/snort_inline/sid-msg.map -p
> > /etc/snort_inline/rules/classification.config -w
> /var/log/snort/snort.waldo
> >
> > Regards,
> > Victor
> >
>
> Same here, but barnyard run with sguil user and group snort, and snort
> runs as a
> user snort and group snort.
>
> I think that my problem is with snort_agent-sensor script distributed
> under cvs
> version ... Do I need this script if i use another to launch snort???
>
>
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Sguil-users mailing list
> > Sguil-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/sguil-users
> >
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 15 Jun 2007 21:08:47 +0200
> From: Victor Julien <lists@inliniac.net>
> Subject: Re: [Sguil-users] A lot of problems installing sguil 0.7.0
> under rhel5
> To: sguil-users@lists.sourceforge.net
> Message-ID: <4672E3BF.8060808@inliniac.net>
> Content-Type: text/plain; charset=ISO-8859-1
>
> carlopmart wrote:
> > Victor Julien wrote:
> >
> >> carlopmart wrote:
> >>
> >>> Victor Julien wrote:
> >>>
> >>>
> >>>>> 2.- Using snort_inline 2.6.1.5 from http://snort-inline.sf.net/.
> Works with
> >>>>> sguil 0.7.0???
> >>>>>
> >>>>>
> >>>>>
> >>>> Yes, without any problem. It behaves exactly as Snort does. I'm using
> it
> >>>> myself with Sguil 0.7-CVS.
> >>>>
> >>>> Regards,
> >>>> Victor
> >>>>
> >>>>
> >>> Well, if i use snort stand-alone (without sguil) works ok. But sguil
> doesn't
> >>> interact with it ...
> >>>
> >>>
> >> How are you running Snort and barnyard?
> >>
> >>
> >>> Julien, what script do you use to launch snort with script???
> >>>
> >>>
> >>>
> >> I use a custom script, but Snort_inline is started like this:
> >> /usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -U
> -Q -H0
> >>
> >> -Q and -H0 are inline specific options which have no relation with
> Sguil.
> >>
> >> In my snort_inline.conf I have these output configurations:
> >> output alert_unified: filename unified.alert
> >> output log_unified: filename unified.log
> >>
> >> Barnyard runs like this:
> >> /usr/bin/barnyard -c /etc/barnyard/barnyard.conf -d /var/log/snort/ -f
> >> unified.log -g /etc/snort_inline/gen-msg.map -s
> >> /etc/snort_inline/sid-msg.map -p
> >> /etc/snort_inline/rules/classification.config -w
> /var/log/snort/snort.waldo
> >>
> >> Regards,
> >> Victor
> >>
> >>
> >
> > Same here, but barnyard run with sguil user and group snort, and snort
> runs as a
> > user snort and group snort.
> >
> > I think that my problem is with snort_agent-sensor script distributed
> under cvs
> > version ... Do I need this script if i use another to launch snort???
> >
> >
> >
> If you have both Snort and barnyard running you need to run the
> /usr/local/sguil/sensor/snort_agent.tcl script. I run it like this:
>
> /usr/local/sguil/sensor/snort_agent.tcl -c /etc/sguil/snort_agent.conf
>
> Enable debugging on the sensor by setting DEBUG to 1 like this in the
> configfile:
> set DEBUG 1
>
> You should see it connect to the server 'sguild' and see it process
> events as Snort detects them and as barnyard reports them to the sensor.
>
> If you get any error messages please include them.
>
> Cheers,
> Victor
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Fri, 15 Jun 2007 21:27:36 +0200
> From: carlopmart <carlopmart@gmail.com>
> Subject: Re: [Sguil-users] A lot of problems installing sguil 0.7.0
> under rhel5
> To: sguil-users@lists.sourceforge.net
> Message-ID: <4672E828.4020006@gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Victor Julien wrote:
> > carlopmart wrote:
> >> Victor Julien wrote:
> >>
> >>> carlopmart wrote:
> >>>
> >>>> Victor Julien wrote:
> >>>>
> >>>>
> >>>>>> 2.- Using snort_inline 2.6.1.5 from http://snort-inline.sf.net/.
> Works with
> >>>>>> sguil 0.7.0???
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>> Yes, without any problem. It behaves exactly as Snort does. I'm
> using it
> >>>>> myself with Sguil 0.7-CVS.
> >>>>>
> >>>>> Regards,
> >>>>> Victor
> >>>>>
> >>>>>
> >>>> Well, if i use snort stand-alone (without sguil) works ok. But sguil
> doesn't
> >>>> interact with it ...
> >>>>
> >>>>
> >>> How are you running Snort and barnyard?
> >>>
> >>>
> >>>> Julien, what script do you use to launch snort with script???
> >>>>
> >>>>
> >>>>
> >>> I use a custom script, but Snort_inline is started like this:
> >>> /usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -U
> -Q -H0
> >>>
> >>> -Q and -H0 are inline specific options which have no relation with
> Sguil.
> >>>
> >>> In my snort_inline.conf I have these output configurations:
> >>> output alert_unified: filename unified.alert
> >>> output log_unified: filename unified.log
> >>>
> >>> Barnyard runs like this:
> >>> /usr/bin/barnyard -c /etc/barnyard/barnyard.conf -d /var/log/snort/ -f
> >>> unified.log -g /etc/snort_inline/gen-msg.map -s
> >>> /etc/snort_inline/sid-msg.map -p
> >>> /etc/snort_inline/rules/classification.config -w
> /var/log/snort/snort.waldo
> >>>
> >>> Regards,
> >>> Victor
> >>>
> >>>
> >> Same here, but barnyard run with sguil user and group snort, and snort
> runs as a
> >> user snort and group snort.
> >>
> >> I think that my problem is with snort_agent-sensor script distributed
> under cvs
> >> version ... Do I need this script if i use another to launch snort???
> >>
> >>
> >>
> > If you have both Snort and barnyard running you need to run the
> > /usr/local/sguil/sensor/snort_agent.tcl script. I run it like this:
> >
> > /usr/local/sguil/sensor/snort_agent.tcl -c /etc/sguil/snort_agent.conf
> >
> > Enable debugging on the sensor by setting DEBUG to 1 like this in the
> > configfile:
> > set DEBUG 1
> >
> > You should see it connect to the server 'sguild' and see it process
> > events as Snort detects them and as barnyard reports them to the sensor.
> >
> > If you get any error messages please include them.
> >
> > Cheers,
> > Victor
> >
> >
>
> Thanks Victor, I will try it ...
>
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Sguil-users mailing list
> > Sguil-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/sguil-users
> >
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
>
> ------------------------------
>
> Message: 4
> Date: Fri, 15 Jun 2007 14:09:07 -0600
> From: "Bamm Visscher" <bamm.visscher@gmail.com>
> Subject: Re: [Sguil-users] A lot of problems installing sguil 0.7.0
> under rhel5
> To: sguil-users@lists.sourceforge.net
> Message-ID:
> <27492850706151309s1939b8ddma98e24f81a23f766@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Thanks for testing 0.7.0 alpha, although, if this is your first time
> installing/using Sguil, then it may be more appropriate to start with
> 0.6.1 since there is more documentation available. You should expect
> to run into problems whenever you're beta testing software.
>
> On 6/15/07, carlopmart <carlopmart@gmail.com> wrote:
> > Hi all,
> >
> > I have testing sguil 0.7.0-Alpha version from cvs repository and I
> have a lot
> > of problems to install it. My conclusion is that sguil software under
> > rhel5/centos5,etc .. can not be installed. I think that only valid
> platforms
> > are: BSD, Debian/Ubuntu,etc and almost RHEL 4?
> >
> > My explanation:
> >
> > - SGUIL server installation
> >
> > 1.- I have needed to recompile tcl and tcl-devel packages
> without threads.
> > Why?? What is the reason that sguil doesn't works with threads???
>
> One init, sguild forks two other processes as a type of "poor mans
> threading". The main process handles most of the functionality of
> Sguil and acts as a middle man for the other two. One of the other
> processes handles all DB queries and the other parses SANCP log files
> and loads them into the DB. Sguil uses uses pipes for inter process
> communication and having threading enabled in the tcl interpreter
> breaks that functionality.
>
> > 2.- Tcltls is very very old ( from 2004 year) and I need to
> install from EPEL
> > repository. Is it really necessary this package??? Is it not possible to
> encrypt
> > client/server communications using another technology??
>
> So it's old. It works very well. Why would we need to replace it?
>
> > 3.- Bindig IP address doesn't works from server side, almost
> than I expect it (
> > I have using redhat cluster suite on sguil server). MySQL server is
> installed on
> > a secondary node, and mysql queries generated from sguil server shows
> local ip
> > address host node and not use virtual ip that I assigned. Can I resolve
> this
> > problem using chroot functions???
>
> Binding the IP address is for the listening socket only. Making an
> outbound connection is going to be handled vi the OS.
>
> > 4.- Where is the event table??. Sguil client doesn't shows me
> nothing, only
> > sancp entries. I could post some screenshoots if you desire. (Snort
> sensor
> > works, I have test it with some rules)
>
> Since, 0.6.0, the event table isn't created until the first alert is
> received. This is due to the use of the MERGE engine. Alerts are
> stored in a table based on the sensor name and date. The generic event
> table is a MERGE of all those tables.
>
> With that said, it sounds like you need to debug the communications
> from snort to sguild. Start by making sure snort is creating a unified
> log file and its size is greater than 24 bytes. Then make sure
> barnyard is running, watching the correct directory for unified files,
> and has successfully connected to snort_agent.tcl. I find it best to
> run barnyard and snort_agent in the foreground with debug on until I
> can verify that alerts are making it to sguild.
>
>
> >
> >
> > - SENSOR installation ( a really bad dream)
> >
> > 1.- Startup scripts: doesn't works. I need to reconfigure all.
>
> These were contributed. I have not tested them with CVS.
>
> > 2.- Using snort_inline 2.6.1.5 from http://snort-inline.sf.net/.
> Works with
> > sguil 0.7.0???
>
> Thanks for answering this Victor.
>
> > 3.- Which is the correct form to startup snort sensor: from
> sguil scripts or
> > using startup provided by snort.org?
>
> Good question. I don't use either of those. I think InstantNSM
> includes some startup scripts too. I'd look at the 0.7.0 from there
> and try those.
> http://wiki.sguil.net/index.php?title=Sguil_on_RedHat_HOWTO_0.7.0
>
>
> > 4.- Where are sensor and server logs??? Only writes on
> /var/log/messages ???
>
> For now that is the case. It's either syslog or stdout/stderr.
>
> >
> > Many thanks to all....
> >
> > --
> > CL Martinez
> > carlopmart {at} gmail {d0t} com
>
> Hope this helps and feel free to drop by #snort-gui on
> irc.freenoded.net if you need more detail.
>
> Bammkkkk
>
> --
> sguil - The Analyst Console for NSM
> http://sguil.sf.net
>
>
>
> ------------------------------
>
> Message: 5
> Date: Fri, 15 Jun 2007 23:17:23 +0200
> From: carlopmart <carlopmart@gmail.com>
> Subject: Re: [Sguil-users] A lot of problems installing sguil 0.7.0
> under rhel5
> To: sguil-users@lists.sourceforge.net
> Message-ID: <467301E3.9050405@gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Bamm Visscher wrote:
> > Thanks for testing 0.7.0 alpha, although, if this is your first time
> > installing/using Sguil, then it may be more appropriate to start with
> > 0.6.1 since there is more documentation available. You should expect
> > to run into problems whenever you're beta testing software.
> >
> > On 6/15/07, carlopmart <carlopmart@gmail.com> wrote:
> >> Hi all,
> >>
> >> I have testing sguil 0.7.0-Alpha version from cvs repository and I
> have a lot
> >> of problems to install it. My conclusion is that sguil software under
> >> rhel5/centos5,etc .. can not be installed. I think that only valid
> platforms
> >> are: BSD, Debian/Ubuntu,etc and almost RHEL 4?
> >>
> >> My explanation:
> >>
> >> - SGUIL server installation
> >>
> >> 1.- I have needed to recompile tcl and tcl-devel packages
> without threads.
> >> Why?? What is the reason that sguil doesn't works with threads???
> >
> > One init, sguild forks two other processes as a type of "poor mans
> > threading". The main process handles most of the functionality of
> > Sguil and acts as a middle man for the other two. One of the other
> > processes handles all DB queries and the other parses SANCP log files
> > and loads them into the DB. Sguil uses uses pipes for inter process
> > communication and having threading enabled in the tcl interpreter
> > breaks that functionality.
> >
> >> 2.- Tcltls is very very old ( from 2004 year) and I need to
> install from EPEL
> >> repository. Is it really necessary this package??? Is it not possible
> to encrypt
> >> client/server communications using another technology??
> >
> > So it's old. It works very well. Why would we need to replace it?
> >
> >> 3.- Bindig IP address doesn't works from server side, almost
> than I expect it (
> >> I have using redhat cluster suite on sguil server). MySQL server is
> installed on
> >> a secondary node, and mysql queries generated from sguil server shows
> local ip
> >> address host node and not use virtual ip that I assigned. Can I resolve
> this
> >> problem using chroot functions???
> >
> > Binding the IP address is for the listening socket only. Making an
> > outbound connection is going to be handled vi the OS.
> >
> >> 4.- Where is the event table??. Sguil client doesn't shows me
> nothing, only
> >> sancp entries. I could post some screenshoots if you desire. (Snort
> sensor
> >> works, I have test it with some rules)
> >
> > Since, 0.6.0, the event table isn't created until the first alert is
> > received. This is due to the use of the MERGE engine. Alerts are
> > stored in a table based on the sensor name and date. The generic event
> > table is a MERGE of all those tables.
> >
> > With that said, it sounds like you need to debug the communications
> > from snort to sguild. Start by making sure snort is creating a unified
> > log file and its size is greater than 24 bytes. Then make sure
> > barnyard is running, watching the correct directory for unified files,
> > and has successfully connected to snort_agent.tcl. I find it best to
> > run barnyard and snort_agent in the foreground with debug on until I
> > can verify that alerts are making it to sguild.
> >
> >
> >>
> >> - SENSOR installation ( a really bad dream)
> >>
> >> 1.- Startup scripts: doesn't works. I need to reconfigure all.
> >
> > These were contributed. I have not tested them with CVS.
> >
> >> 2.- Using snort_inline 2.6.1.5 from http://snort-inline.sf.net/.
> Works with
> >> sguil 0.7.0???
> >
> > Thanks for answering this Victor.
> >
> >> 3.- Which is the correct form to startup snort sensor: from
> sguil scripts or
> >> using startup provided by snort.org?
> >
> > Good question. I don't use either of those. I think InstantNSM
> > includes some startup scripts too. I'd look at the 0.7.0 from there
> > and try those.
> http://wiki.sguil.net/index.php?title=Sguil_on_RedHat_HOWTO_0.7.0
> >
> >
> >> 4.- Where are sensor and server logs??? Only writes on
> /var/log/messages ???
> >
> > For now that is the case. It's either syslog or stdout/stderr.
> >
> >> Many thanks to all....
> >>
> >> --
> >> CL Martinez
> >> carlopmart {at} gmail {d0t} com
> >
> > Hope this helps and feel free to drop by #snort-gui on
> > irc.freenoded.net if you need more detail.
> >
> > Bammkkkk
> >
> Many thanks Bamm to clarify me this questions. I have resolved snort &
> sguil
> startup ... And I am trying to debug sguil at this moment ....
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 19 Jun 2007 10:09:48 +0900
> From: Zachary Mathis <zmathis@cmuj.jp>
> Subject: [Sguil-users] Sguil on Gentoo
> To: sguil-users@lists.sourceforge.net
> Message-ID: <46772CDC.1000204@cmuj.jp>
> Content-Type: text/plain; charset=ISO-2022-JP
>
> Hello all,
>
> I have searched the inter-web but to much distress i have not found any
> solution to my problem.
> So i am hoping that one of you may have the answer. Thanks in advance
> for your time...
>
> I am trying to get Sguil working on Gentoo, but i have a problem getting
> the client running.
>
> It complains that wishx is not found.
> localhost cmuj # sguil.tk
> /usr/bin/sguil.tk: line 3: exec: wishx: not found
>
> I found an old post on the gentoo forums:
> http://forums.gentoo.org/viewtopic.php?t=13413
> It said to update to the new tclx version which will install wishx.
>
> I have tclx 8.4-r1 installed but no wishx comes with it.
> I tried to install the 8.3.5 package but it craps out and doesn't
> compile due to a incompatibility with the new glibc or so i hear.
>
> If anyone knows why wishx is not installed or how to get the client up
> and running on gentoo, please let me know.
>
> (I did try creating a sym. link from wish to wishx, in which the client
> booted up but when i put in username & password and hit connect,
> it just froze up)
>
> Cheers
>
>
>
>
> ------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
>
> ------------------------------
>
> _______________________________________________
> Sguil-users mailing list
> Sguil-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sguil-users
>
>
> End of Sguil-users Digest, Vol 13, Issue 3
> ******************************************
>
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
[Attachment #5 (text/html)]
Hey,<br><br>To run sguil client on gentoo, it is pretty simple. The solution is \
gentoo portage -<br><br><span style="font-weight: bold;">shell>eix \
sguil-client</span><br>[I] net-analyzer/sguil-client<br> \
Available versions: (~)0.6.1 <br> \
Installed: 0.6.1(08:50:07 \
02/15/07)(ssl)<br> \
Homepage: <a \
href="http://sguil.sf.net">http://sguil.sf.net</a><br> \
Description: GUI Console for sguil \
Network Security Monitoring <br><br>emerge it and you are Done \
;)<br><br><br><div><span class="gmail_quote">On 6/19/07, <b \
class="gmail_sendername"><a \
href="mailto:sguil-users-request@lists.sourceforge.net">sguil-users-request@lists.sourceforge.net</a>
</b> <<a href="mailto:sguil-users-request@lists.sourceforge.net">sguil-users-request@lists.sourceforge.net</a>> \
wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, \
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Send Sguil-users mailing \
list submissions to<br> <a \
href="mailto:sguil-users@lists.sourceforge.net">sguil-users@lists.sourceforge.net</a><br><br>To \
subscribe or unsubscribe via the World Wide Web, \
visit<br> <a \
href="https://lists.sourceforge.net/lists/listinfo/sguil-users">https://lists.sourceforge.net/lists/listinfo/sguil-users</a><br>or, \
via email, send a message with subject or body 'help' \
to<br> <a \
href="mailto:sguil-users-request@lists.sourceforge.net"> \
sguil-users-request@lists.sourceforge.net</a><br><br>You can reach the person \
managing the list at<br> <a \
href="mailto:sguil-users-owner@lists.sourceforge.net">sguil-users-owner@lists.sourceforge.net</a><br><br>When \
replying, please edit your Subject line so it is more specific <br>than "Re: \
Contents of Sguil-users digest..."<br><br><br>Today's \
Topics:<br><br> 1. Re: A lot of problems installing sguil 0.7.0 under \
rhel5<br> (carlopmart)<br> 2. Re: A \
lot of problems installing sguil 0.7.0 under \
rhel5<br> (Victor Julien)<br> 3. Re: A \
lot of problems installing sguil 0.7.0 under \
rhel5<br> (carlopmart)<br> 4. Re: A \
lot of problems installing sguil 0.7.0 \
under rhel5<br> (Bamm \
Visscher) <br> 5. Re: A lot of problems installing sguil 0.7.0 under \
rhel5<br> (carlopmart)<br> 6. Sguil on \
Gentoo (Zachary Mathis)<br><br><br>----------------------------------------------------------------------<br><br>Message: \
1 <br>Date: Fri, 15 Jun 2007 21:01:09 +0200<br>From: carlopmart <<a \
href="mailto:carlopmart@gmail.com">carlopmart@gmail.com</a>><br>Subject: Re: \
[Sguil-users] A lot of problems installing sguil \
0.7.0<br> under rhel5 <br>To: <a \
href="mailto:sguil-users@lists.sourceforge.net">sguil-users@lists.sourceforge.net</a><br>Message-ID: \
<<a href="mailto:4672E1F5.4080407@gmail.com">4672E1F5.4080407@gmail.com</a>><br>Content-Type: \
text/plain; charset=ISO-8859-1; format=flowed <br><br>Victor Julien wrote:<br>> \
carlopmart wrote:<br>>> Victor Julien \
wrote:<br>>><br>>>>> 2.- Using snort_inline \
<a href="http://2.6.1.5">2.6.1.5</a> from <a href="http://snort-inline.sf.net/"> \
http://snort-inline.sf.net/</a>. Works with<br>>>>> sguil \
0.7.0???<br>>>>><br>>>>><br>>>> Yes, without any \
problem. It behaves exactly as Snort does. I'm using it<br>>>> myself \
with Sguil 0.7-CVS.<br>>>><br>>>> Regards,<br>>>> \
Victor<br>>>><br>>> Well, if i use snort stand-alone (without sguil) \
works ok. But sguil doesn't<br>>> interact with it ...<br>>> <br>> \
How are you running Snort and barnyard?<br>><br>>> Julien, what script do \
you use to launch snort with script???<br>>><br>>><br>> I use a custom \
script, but Snort_inline is started like this: <br>> /usr/local/bin/snort_inline \
-c /etc/snort_inline/snort_inline.conf -U -Q -H0<br>><br>> -Q and -H0 are \
inline specific options which have no relation with Sguil.<br>><br>> In my \
snort_inline.conf I have these output configurations: <br>> output alert_unified: \
filename unified.alert<br>> output log_unified: filename \
unified.log<br>><br>> Barnyard runs like this:<br>> /usr/bin/barnyard -c \
/etc/barnyard/barnyard.conf -d /var/log/snort/ -f <br>> unified.log -g \
/etc/snort_inline/gen-msg.map -s<br>> /etc/snort_inline/sid-msg.map -p<br>> \
/etc/snort_inline/rules/classification.config -w \
/var/log/snort/snort.waldo<br>><br>> Regards,<br>> Victor \
<br>><br><br>Same here, but barnyard run with sguil user and group snort, and \
snort runs as a<br>user snort and group snort.<br><br>I think that my problem is with \
snort_agent-sensor script distributed under cvs<br>version ... Do I need this script \
if i use another to launch snort??? <br><br><br>><br>> \
-------------------------------------------------------------------------<br>> \
This SF.net email is sponsored by DB2 Express<br>> Download DB2 Express C - the \
FREE version of DB2 express and take <br>> control of your XML. No limits. Just \
data. Click to get it now.<br>> <a \
href="http://sourceforge.net/powerbar/db2/">http://sourceforge.net/powerbar/db2/</a><br>> \
_______________________________________________ <br>> Sguil-users mailing \
list<br>> <a href="mailto:Sguil-users@lists.sourceforge.net">Sguil-users@lists.sourceforge.net</a><br>> \
<a href="https://lists.sourceforge.net/lists/listinfo/sguil-users">https://lists.sourceforge.net/lists/listinfo/sguil-users
</a><br>><br><br><br>--<br>CL Martinez<br>carlopmart {at} gmail {d0t} \
com<br><br><br><br>------------------------------<br><br>Message: 2<br>Date: Fri, 15 \
Jun 2007 21:08:47 +0200<br>From: Victor Julien <<a \
href="mailto:lists@inliniac.net"> lists@inliniac.net</a>><br>Subject: Re: \
[Sguil-users] A lot of problems installing sguil \
0.7.0<br> under rhel5<br>To: <a \
href="mailto:sguil-users@lists.sourceforge.net">sguil-users@lists.sourceforge.net</a><br>Message-ID: \
< <a href="mailto:4672E3BF.8060808@inliniac.net">4672E3BF.8060808@inliniac.net</a>><br>Content-Type: \
text/plain; charset=ISO-8859-1<br><br>carlopmart wrote:<br>> Victor Julien \
wrote:<br>><br>>> carlopmart wrote: <br>>><br>>>> Victor \
Julien wrote:<br>>>><br>>>><br>>>>>> 2.- \
Using snort_inline <a href="http://2.6.1.5">2.6.1.5</a> from <a \
href="http://snort-inline.sf.net/">http://snort-inline.sf.net/ </a>. Works \
with<br>>>>>> sguil \
0.7.0???<br>>>>>><br>>>>>><br>>>>>><br>>>>> \
Yes, without any problem. It behaves exactly as Snort does. I'm using it \
<br>>>>> myself with Sguil \
0.7-CVS.<br>>>>><br>>>>> Regards,<br>>>>> \
Victor<br>>>>><br>>>>><br>>>> Well, if i use snort \
stand-alone (without sguil) works ok. But sguil doesn't <br>>>> interact \
with it ...<br>>>><br>>>><br>>> How are you running Snort and \
barnyard?<br>>><br>>><br>>>> Julien, what script do you use to \
launch snort with script??? \
<br>>>><br>>>><br>>>><br>>> I use a custom script, \
but Snort_inline is started like this:<br>>> /usr/local/bin/snort_inline -c \
/etc/snort_inline/snort_inline.conf -U -Q -H0<br>>> <br>>> -Q and -H0 are \
inline specific options which have no relation with Sguil.<br>>><br>>> In \
my snort_inline.conf I have these output configurations:<br>>> output \
alert_unified: filename unified.alert <br>>> output log_unified: filename \
unified.log<br>>><br>>> Barnyard runs like this:<br>>> \
/usr/bin/barnyard -c /etc/barnyard/barnyard.conf -d /var/log/snort/ -f<br>>> \
unified.log -g /etc/snort_inline/gen- msg.map -s<br>>> \
/etc/snort_inline/sid-msg.map -p<br>>> \
/etc/snort_inline/rules/classification.config -w \
/var/log/snort/snort.waldo<br>>><br>>> Regards,<br>>> \
Victor<br>>><br>>><br> ><br>> Same here, but barnyard run with \
sguil user and group snort, and snort runs as a<br>> user snort and group \
snort.<br>><br>> I think that my problem is with snort_agent-sensor script \
distributed under cvs <br>> version ... Do I need this script if i use another to \
launch snort???<br>><br>><br>><br>If you have both Snort and barnyard \
running you need to run the<br>/usr/local/sguil/sensor/snort_agent.tcl script. I run \
it like this: <br><br>/usr/local/sguil/sensor/snort_agent.tcl -c \
/etc/sguil/snort_agent.conf<br><br>Enable debugging on the sensor by setting DEBUG to \
1 like this in the<br>configfile:<br>set DEBUG 1<br><br>You should see it connect to \
the server 'sguild' and see it process <br>events as Snort detects them and \
as barnyard reports them to the sensor.<br><br>If you get any error messages please \
include them.<br><br>Cheers,<br>Victor<br><br><br><br><br>------------------------------<br><br>Message: \
3 <br>Date: Fri, 15 Jun 2007 21:27:36 +0200<br>From: carlopmart <<a \
href="mailto:carlopmart@gmail.com">carlopmart@gmail.com</a>><br>Subject: Re: \
[Sguil-users] A lot of problems installing sguil \
0.7.0<br> under rhel5 <br>To: <a \
href="mailto:sguil-users@lists.sourceforge.net">sguil-users@lists.sourceforge.net</a><br>Message-ID: \
<<a href="mailto:4672E828.4020006@gmail.com">4672E828.4020006@gmail.com</a>><br>Content-Type: \
text/plain; charset=ISO-8859-1; format=flowed <br><br>Victor Julien wrote:<br>> \
carlopmart wrote:<br>>> Victor Julien wrote:<br>>><br>>>> \
carlopmart wrote:<br>>>><br>>>>> Victor Julien \
wrote:<br>>>>><br>>>>> \
<br>>>>>>> 2.- Using snort_inline <a \
href="http://2.6.1.5">2.6.1.5</a> from <a \
href="http://snort-inline.sf.net/">http://snort-inline.sf.net/</a>. Works \
with<br>>>>>>> sguil 0.7.0???<br> \
>>>>>><br>>>>>>><br>>>>>>><br>>>>>> \
Yes, without any problem. It behaves exactly as Snort does. I'm using \
it<br>>>>>> myself with Sguil \
0.7-CVS.<br>>>>>><br>>>>>> \
Regards,<br>>>>>> \
Victor<br>>>>>><br>>>>>><br>>>>> Well, if i \
use snort stand-alone (without sguil) works ok. But sguil doesn't \
<br>>>>> interact with it \
...<br>>>>><br>>>>><br>>>> How are you running Snort \
and barnyard?<br>>>><br>>>><br>>>>> Julien, what script \
do you use to launch snort with script??? \
<br>>>>><br>>>>><br>>>>><br>>>> I use a \
custom script, but Snort_inline is started like this:<br>>>> \
/usr/local/bin/snort_inline -c /etc/snort_inline/snort_inline.conf -U -Q -H0 \
<br>>>><br>>>> -Q and -H0 are inline specific options which have no \
relation with Sguil.<br>>>><br>>>> In my snort_inline.conf I have \
these output configurations:<br>>>> output alert_unified: filename \
unified.alert<br>>>> output log_unified: filename \
unified.log<br>>>><br>>>> Barnyard runs like this:<br>>>> \
/usr/bin/barnyard -c /etc/barnyard/barnyard.conf -d /var/log/snort/ \
-f<br>>>> unified.log -g /etc/snort_inline/gen-msg.map -s<br>>>> \
/etc/snort_inline/sid-msg.map -p<br>>>> \
/etc/snort_inline/rules/classification.config -w \
/var/log/snort/snort.waldo<br>>>><br>>>> Regards, <br>>>> \
Victor<br>>>><br>>>><br>>> Same here, but barnyard run with \
sguil user and group snort, and snort runs as a<br>>> user snort and group \
snort.<br>>><br>>> I think that my problem is with snort_agent-sensor \
script distributed under cvs <br>>> version ... Do I need this script if i use \
another to launch snort???<br>>><br>>><br>>><br>> If you have \
both Snort and barnyard running you need to run the<br>> \
/usr/local/sguil/sensor/snort_agent.tcl script. I run it like this: <br>><br>> \
/usr/local/sguil/sensor/snort_agent.tcl -c \
/etc/sguil/snort_agent.conf<br>><br>> Enable debugging on the sensor by setting \
DEBUG to 1 like this in the<br>> configfile:<br>> set DEBUG 1<br>> <br>> \
You should see it connect to the server 'sguild' and see it process<br>> \
events as Snort detects them and as barnyard reports them to the \
sensor.<br>><br>> If you get any error messages please include them. \
<br>><br>> Cheers,<br>> Victor<br>><br>><br><br>Thanks Victor, I will \
try it ...<br><br>> \
-------------------------------------------------------------------------<br>> \
This SF.net email is sponsored by DB2 Express <br>> Download DB2 Express C - the \
FREE version of DB2 express and take<br>> control of your XML. No limits. Just \
data. Click to get it now.<br>> <a \
href="http://sourceforge.net/powerbar/db2/">http://sourceforge.net/powerbar/db2/ \
</a><br>> _______________________________________________<br>> Sguil-users \
mailing list<br>> <a \
href="mailto:Sguil-users@lists.sourceforge.net">Sguil-users@lists.sourceforge.net</a><br>> \
<a href="https://lists.sourceforge.net/lists/listinfo/sguil-users"> \
https://lists.sourceforge.net/lists/listinfo/sguil-users</a><br>><br><br><br>--<br>CL \
Martinez<br>carlopmart {at} gmail {d0t} \
com<br><br><br><br>------------------------------<br><br>Message: 4<br>Date: Fri, 15 \
Jun 2007 14:09:07 -0600 <br>From: "Bamm Visscher" <<a \
href="mailto:bamm.visscher@gmail.com">bamm.visscher@gmail.com</a>><br>Subject: Re: \
[Sguil-users] A lot of problems installing sguil \
0.7.0<br> under \
rhel5<br>To: <a href="mailto:sguil-users@lists.sourceforge.net"> \
sguil-users@lists.sourceforge.net</a><br>Message-ID:<br> <<a \
href="mailto:27492850706151309s1939b8ddma98e24f81a23f766@mail.gmail.com">27492850706151309s1939b8ddma98e24f81a23f766@mail.gmail.com</a>><br>Content-Type: \
text/plain; charset=ISO-8859-1; format=flowed <br><br>Thanks for testing 0.7.0 alpha, \
although, if this is your first time<br>installing/using Sguil, then it may be more \
appropriate to start with<br>0.6.1 since there is more documentation available. You \
0.7.0-Alpha version from cvs repository and I have a lot<br>> of problems to \
install it. My conclusion is that sguil software under<br>> rhel5/centos5,etc .. \
can not be installed. I think that only valid platforms<br> > are: BSD, \
Debian/Ubuntu,etc and almost RHEL 4?<br>><br>> My \
explanation:<br>><br>> - SGUIL server \
installation<br>><br>> 1.- I \
have needed to recompile tcl and tcl-devel packages without threads. <br>> Why?? \
What is the reason that sguil doesn't works with threads???<br><br>One init, \
sguild forks two other processes as a type of "poor mans<br>threading". The \
main process handles most of the functionality of <br>Sguil and acts as a middle man \
for the other two. One of the other<br>processes handles all DB queries and the other \
parses SANCP log files<br>and loads them into the DB. Sguil uses uses \
pipes for inter process<br>communication and having threading enabled in the tcl \
interpreter <br>breaks that \
functionality.<br><br>> 2.- Tcltls \
is very very old ( from 2004 year) and I need to install from EPEL<br>> \
repository. Is it really necessary this package??? Is it not possible to encrypt<br> \
> client/server communications using another technology??<br><br>So it's old. \
It works very well. Why would we need to replace \
it?<br><br>> 3.- Bindig IP address \
doesn't works from server side, almost than I expect it ( <br>> I have using \
redhat cluster suite on sguil server). MySQL server is installed on<br>> a \
secondary node, and mysql queries generated from sguil server shows local ip<br>> \
address host node and not use virtual ip that I assigned. Can I resolve this <br>> \
problem using chroot functions???<br><br>Binding the IP address is for the listening \
socket only. Making an<br>outbound connection is going to be handled vi the \
OS.<br><br>> 4.- Where is the \
event table??. Sguil client doesn't shows me nothing, only <br>> sancp \
entries. I could post some screenshoots if you desire. (Snort sensor<br>> works, I \
have test it with some rules)<br><br>Since, 0.6.0, the event table isn't created \
until the first alert is<br>received. This is due to the use of the MERGE \
engine. Alerts are <br>stored in a table based on the sensor name and \
date. The generic event<br>table is a MERGE of all those tables.<br><br>With that \
said, it sounds like you need to debug the communications<br>from snort to sguild. \
Start by making sure snort is creating a unified <br>log file and its size is greater \
than 24 bytes. Then make sure<br>barnyard is running, watching the correct directory \
for unified files,<br>and has successfully connected to snort_agent.tcl. I find it \
best to<br>run barnyard and snort_agent in the foreground with debug on until I \
<br>can verify that alerts are making it to \
sguild.<br><br><br>><br>><br>> - SENSOR installation \
( a really bad dream)<br>><br>> \
1.- Startup scripts: doesn't works. I need to reconfigure all. <br><br>These were \
contributed. I have not tested them with \
CVS.<br><br>> 2.- Using \
snort_inline <a href="http://2.6.1.5">2.6.1.5</a> from <a \
href="http://snort-inline.sf.net/">http://snort-inline.sf.net/</a>. Works with \
<br>> sguil 0.7.0???<br><br>Thanks for answering this \
Victor.<br><br>> 3.- Which is the \
correct form to startup snort sensor: from sguil scripts or<br>> using startup \
provided by <a href="http://snort.org"> snort.org</a>?<br><br>Good question. I \
don't use either of those. I think InstantNSM<br>includes some startup scripts \
too. I'd look at the 0.7.0 from there<br>and try those. <a \
href="http://wiki.sguil.net/index.php?title=Sguil_on_RedHat_HOWTO_0.7.0"> \
http://wiki.sguil.net/index.php?title=Sguil_on_RedHat_HOWTO_0.7.0</a><br><br><br>> \
4.- Where are sensor and server logs??? Only writes on /var/log/messages \
???<br><br>For now that is the case. It's either syslog or stdout/stderr. \
<br><br>><br>> Many thanks to all....<br>><br>> --<br>> CL \
Martinez<br>> carlopmart {at} gmail {d0t} com<br><br>Hope this helps and feel free \
to drop by #snort-gui on<br><a href="http://irc.freenoded.net"> irc.freenoded.net</a> \
if you need more detail.<br><br>Bammkkkk<br><br>--<br>sguil - The Analyst Console for \
NSM<br><a href="http://sguil.sf.net">http://sguil.sf.net</a><br><br><br><br>------------------------------<br><br>
Message: 5<br>Date: Fri, 15 Jun 2007 23:17:23 +0200<br>From: carlopmart <<a \
href="mailto:carlopmart@gmail.com">carlopmart@gmail.com</a>><br>Subject: Re: \
[Sguil-users] A lot of problems installing sguil \
0.7.0<br> under rhel5 <br>To: <a \
href="mailto:sguil-users@lists.sourceforge.net">sguil-users@lists.sourceforge.net</a><br>Message-ID: \
<<a href="mailto:467301E3.9050405@gmail.com">467301E3.9050405@gmail.com</a>><br>Content-Type: \
text/plain; charset=ISO-8859-1; format=flowed <br><br>Bamm Visscher wrote:<br>> \
Thanks for testing 0.7.0 alpha, although, if this is your first time<br>> \
installing/using Sguil, then it may be more appropriate to start with<br>> 0.6.1 \
since there is more documentation available. You should expect <br>> to run into \
problems whenever you're beta testing software.<br>><br>> On 6/15/07, \
carlopmart <<a href="mailto:carlopmart@gmail.com">carlopmart@gmail.com</a>> \
wrote:<br>>> Hi all,<br>>> <br>>> I have testing sguil \
0.7.0-Alpha version from cvs repository and I have a lot<br>>> of problems to \
install it. My conclusion is that sguil software under<br>>> rhel5/centos5,etc \
.. can not be installed. I think that only valid platforms <br>>> are: BSD, \
Debian/Ubuntu,etc and almost RHEL 4?<br>>><br>>> My \
explanation:<br>>><br>>> - SGUIL server \
installation<br>>><br>>> \
1.- I have needed to recompile tcl and tcl-devel packages without threads. \
<br>>> Why?? What is the reason that sguil doesn't works with \
threads???<br>><br>> One init, sguild forks two other processes as a type of \
"poor mans<br>> threading". The main process handles most of the \
functionality of <br>> Sguil and acts as a middle man for the other two. One of \
the other<br>> processes handles all DB queries and the other parses SANCP log \
files<br>> and loads them into the DB. Sguil uses uses pipes for inter \
process <br>> communication and having threading enabled in the tcl \
interpreter<br>> breaks that \
functionality.<br>><br>>> \
2.- Tcltls is very very old ( from 2004 year) and I need to install from \
EPEL<br>>> repository. Is it really necessary this package??? Is it not \
possible to encrypt <br>>> client/server communications using another \
technology??<br>><br>> So it's old. It works very well. Why would we need \
to replace it?<br>><br>>> \
3.- Bindig IP address doesn't works from server side, almost than I expect it ( \
<br>>> I have using redhat cluster suite on sguil server). MySQL server is \
installed on<br>>> a secondary node, and mysql queries generated from sguil \
server shows local ip<br>>> address host node and not use virtual ip that I \
assigned. Can I resolve this <br>>> problem using chroot \
functions???<br>><br>> Binding the IP address is for the listening socket only. \
Making an<br>> outbound connection is going to be handled vi the \
OS.<br>><br>>> 4.- Where is \
the event table??. Sguil client doesn't shows me nothing, only <br>>> sancp \
entries. I could post some screenshoots if you desire. (Snort sensor<br>>> \
works, I have test it with some rules)<br>><br>> Since, 0.6.0, the event table \
isn't created until the first alert is <br>> received. This is due to the use \
of the MERGE engine. Alerts are<br>> stored in a table based on the \
sensor name and date. The generic event<br>> table is a MERGE of all those \
tables.<br>><br>> With that said, it sounds like you need to debug the \
communications <br>> from snort to sguild. Start by making sure snort is creating \
a unified<br>> log file and its size is greater than 24 bytes. Then make \
sure<br>> barnyard is running, watching the correct directory for unified files, \
<br>> and has successfully connected to snort_agent.tcl. I find it best to<br>> \
run barnyard and snort_agent in the foreground with debug on until I<br>> can \
verify that alerts are making it to sguild.<br>><br> \
><br>>><br>>> - SENSOR installation ( a really \
bad dream)<br>>><br>>> \
1.- Startup scripts: doesn't works. I need to reconfigure all.<br>><br>> \
These were contributed. I have not tested them with CVS. \
<br>><br>>> 2.- Using \
snort_inline <a href="http://2.6.1.5">2.6.1.5</a> from <a \
href="http://snort-inline.sf.net/">http://snort-inline.sf.net/</a>. Works \
with<br>>> sguil 0.7.0???<br>><br>> Thanks for answering this Victor. \
<br>><br>>> 3.- Which is the \
correct form to startup snort sensor: from sguil scripts or<br>>> using startup \
provided by <a href="http://snort.org">snort.org</a>?<br>><br>> Good question. \
I don't use either of those. I think InstantNSM <br>> includes some startup \
scripts too. I'd look at the 0.7.0 from there<br>> and try those. <a \
href="http://wiki.sguil.net/index.php?title=Sguil_on_RedHat_HOWTO_0.7.0">http://wiki.sguil.net/index.php?title=Sguil_on_RedHat_HOWTO_0.7.0
</a><br>><br>><br>>> 4.- \
Where are sensor and server logs??? Only writes on /var/log/messages \
???<br>><br>> For now that is the case. It's either syslog or \
stdout/stderr.<br>><br>>> Many thanks to all.... \
<br>>><br>>> --<br>>> CL Martinez<br>>> carlopmart {at} gmail \
{d0t} com<br>><br>> Hope this helps and feel free to drop by #snort-gui \
on<br>> <a href="http://irc.freenoded.net">irc.freenoded.net </a> if you need more \
detail.<br>><br>> Bammkkkk<br>><br>Many thanks Bamm to clarify me this \
questions. I have resolved snort & sguil<br>startup ... And I am trying to debug \
sguil at this moment ....<br><br>-- <br>CL Martinez<br>carlopmart {at} gmail {d0t} \
com<br><br><br><br>------------------------------<br><br>Message: 6<br>Date: Tue, 19 \
Jun 2007 10:09:48 +0900<br>From: Zachary Mathis <<a \
href="mailto:zmathis@cmuj.jp">zmathis@cmuj.jp </a>><br>Subject: [Sguil-users] \
Sguil on Gentoo<br>To: <a \
href="mailto:sguil-users@lists.sourceforge.net">sguil-users@lists.sourceforge.net</a><br>Message-ID: \
<<a href="mailto:46772CDC.1000204@cmuj.jp">46772CDC.1000204@cmuj.jp \
</a>><br>Content-Type: text/plain; charset=ISO-2022-JP<br><br>Hello all,<br><br>I \
have searched the inter-web but to much distress i have not found any<br>solution to \
my problem.<br>So i am hoping that one of you may have the answer. Thanks in advance \
<br>for your time...<br><br>I am trying to get Sguil working on Gentoo, but i have a \
problem getting<br>the client running.<br><br>It complains that wishx is not \
found.<br>localhost cmuj # <a href="http://sguil.tk">sguil.tk \
</a><br>/usr/bin/sguil.tk: line 3: exec: wishx: not found<br><br>I found an old post \
on the gentoo forums:<br><a \
href="http://forums.gentoo.org/viewtopic.php?t=13413">http://forums.gentoo.org/viewtopic.php?t=13413</a><br>
It said to update to the new tclx version which will install wishx.<br><br>I have \
tclx 8.4-r1 installed but no wishx comes with it.<br>I tried to install the 8.3.5 \
package but it craps out and doesn't<br>compile due to a incompatibility with the \
new glibc or so i hear. <br><br>If anyone knows why wishx is not installed or how to \
get the client up<br>and running on gentoo, please let me know.<br><br>(I did try \
creating a sym. link from wish to wishx, in which the client<br>booted up but when i \
put in username & password and hit connect, <br>it just froze \
up)<br><br>Cheers<br><br><br><br><br>------------------------------<br><br>-------------------------------------------------------------------------<br>This \
SF.net email is sponsored by DB2 Express<br>Download DB2 Express C - the FREE version \
of DB2 express and take <br>control of your XML. No limits. Just data. Click to get \
it now.<br><a href="http://sourceforge.net/powerbar/db2/">http://sourceforge.net/power \
bar/db2/</a><br><br>------------------------------<br><br>_______________________________________________
<br>Sguil-users mailing list<br><a \
href="mailto:Sguil-users@lists.sourceforge.net">Sguil-users@lists.sourceforge.net</a><br><a \
href="https://lists.sourceforge.net/lists/listinfo/sguil-users">https://lists.sourceforge.net/lists/listinfo/sguil-users
</a><br><br><br>End of Sguil-users Digest, Vol 13, Issue \
3<br>******************************************<br></blockquote></div><br><br \
clear="all"><br>-- <br>Best Regards,<br><br>CS Lee<geekooL[at]gmail.com>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Sguil-users mailing list
Sguil-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sguil-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic