Tuesday, May 11, 2010

Sguil client error with Ubuntu 10.04

After running Ubuntu 10.04 at home for a couple of weeks I decided to go ahead and upgrade my work system. Everything went smooth until I went to launch the Sguil client.

$ ./sguil.tk
ERROR: Cannot fine the Iwidgets extension.
The iwidgets package is part of the incr tcl extension and is
available as a port/package most systems.
See http://www.tcltk.com/iwidgets/ for more info.

Iwidgets was definitely installed so I asked in #snort-gui and qru suggested the following command, which provided some direction:

$ tclsh
% package require Iwidgets
version conflict for package "Tcl": have 8.4, need 8.5

Sguil doesn't support Tcl8.5 so we definitely want to stick with Tcl8.4. This seems to imply we have the "wrong" version of Iwidgets however that's not quite true. Turns out that with Ubuntu Lucid 10.04 we have the "wrong" versions of itcl and itk. Ubuntu Lucid includes the following versions of itcl and itk which require Tcl8.5 and Tk8.5:

itcl3_3.4~b1-2
itk3_3.3-2

The quick and dirty solution is to remove these new versions and grab the .debs from Ubuntu Hardy.

$ sudo apt-get remove tcl8.5
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
java-common
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
itcl3 itk3 iwidgets4 tcl8.5 tk8.5
0 upgraded, 0 newly installed, 5 to remove and 9 not upgraded.
After this operation, 10.0MB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 187845 files and directories currently installed.)
Removing iwidgets4 ...
dpkg: warning: while removing iwidgets4, directory '/usr/share/tcltk/iwidgets4.0.1' not empty so not removed.
Removing itk3 ...
Removing itcl3 ...
Removing tk8.5 ...
Removing tcl8.5 ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for menu ...
Processing triggers for man-db ...

Now grab the .debs for Ubuntu Hardy and install:

http://packages.ubuntu.com/hardy/itk3
http://packages.ubuntu.com/hardy/itcl3

$ sudo dpkg -i itcl3_3.2.1-3.1_amd64.deb

$ sudo dpkg -i itk3_3.2.1-3.1_amd64.deb

Last but not least we need to re-install Iwidgets:

$ sudo apt-get install iwidgets4

That's it, you should once again be able to launch the Sguil client.

11 comments:

Ann said...

COACH is a well-known brand Coach Outlet,Coach has all kinds of handbag designs Coach Handbags,All of these kind of Coach totes,The bow tie was find from ralph lauren polo, This offer has no cash value ralph lauren outlet,There are also various types polo ralph lauren,The pocket is usually slanted lacoste polo,The signature of crocodile is Moncler jackets,This is of classic fit Moncler,As we supply great A quality Moncler coats,We thank you for your attention gold ghd,this was worn by ED Hardy,who work in japan. its original Discount ED Hardy,all the shoes from us ED Hardy Outlet

Richard Bejtlich said...

Thanks -- I ran into this exact problem and your post helped immensely.

rayj00 said...

I need trouble shooting advice on sguil client.

I have sguild installed (NSMnow) on a RHEL5 box and sguil.tk on a remote WindowsXP. I can connect fine but all I see in the sguil client are the sensors UP or DOWN.
No other data.

Ideas?

Thanks.


Ray

JimmytheGeek said...

Ray, did you check that the sensors are actually logging events?

sa_zh said...

Thanks for the instructions, they helped a great deal. I had to download the iwidgets4-package from the hardy repos too though. Ubuntu 10.04.3.

Get it here:
http://packages.ubuntu.com/hardy/iwidgets4

abanicos pintados a mano said...

Artículo interesante. Con la esperanza de que continuará la publicación de un artículo que tenga una información útil.
abanicos para boda

Nadia said...

Gracias por tu post, me ha gustado este post mucho.
accesorios maquinas de coser
patchwork maquinas de bordar
reparacion maquinas de coser

Stickfoots said...

This can also all be done via Synaptic:

1) Remove tcl8.5.

2) Add the Hardy Universal repository (deb http://archive.ubuntu.com/ubuntu hardy universal)

3) Force version itk3 and itcl3 to the Hardy versions and install them

4) Lock itk3 and itcl3 to the currently installed versions

5) Install iwidgets4

6) Profit

Cheers,

CP

Sozana said...

I am facing exact this problem. May be though your blog i solve my problem. So try this.

find doctor

sahib said...

This is my first visit here. I found some really interesting stuff in your blog especially this discussion. Keep up the good work.
wholesale krill oil

sahib said...

Your blog is definitely worth a read if anyone comes across it. I m lucky I did because now I have got a whole new view of this
sleep aid spray

sleep aid supplement

natural sleep aid