[Oisf-devel] Suricata file-store not logging md5
Marcos Rodriguez
marcos.e.rodriguez at gmail.com
Mon Apr 30 18:06:22 UTC 2012
>
> Interesting. I'm running into a similar situation on RHEL6 and Fedora 16.
>>
>> ./configure --prefix=/data/suricata/suricata-1.3b --enable-dag
>> --enable-debug --enable-debug-validation --enable-profiling
>> --with-libnss-libraries=/usr/lib64
>> --with-libnss-includes=/usr/include/nss3/
>> --with-libnspr-libraries=/usr/lib64
>> --with-libnspr-libraries=/usr/include/nspr4
>>
>> libnss support: no
>> libnspr support: no
>>
>> When I finish the make && make install process and type ./bin/suricata
>> --build-info, HAVE_NSS is not among the list.
>>
>> Sorry I couldn't help. At least you're not alone :o)
>>
>> marcos
>>
>>
>> Aha!
>
> I only needed to specify --with-libnss-includes=/usr/include/nss3/ and
> --with-libnspr-includes=/usr/include/nspr4, and voila!
>
> Thanks!
>
> marcos
>
Sorry guys, one more spam:
I'm now using force-md5 on both files-log.json and file store settings.
Here's a sample of one of my meta files (I removed my IP's):
TIME: 04/30/2012-14:05:10.914869
SRC IP: REMOVED
DST IP: REMOVED
PROTO: 6
SRC PORT: 80
DST PORT: 10753
HTTP URI: /edgedl/update2/
1.3.21.111/GoogleUpdateSetup.exe?cms_redirect=yes
HTTP HOST: o-o.preferred.iad09s12.v1.lscache3.c.pack.google.com
HTTP REFERER: <unknown>
FILENAME: /edgedl/update2/1.3.21.111/GoogleUpdateSetup.exe
MAGIC: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
STATE: CLOSED
MD5: a72bf16320bed66098bf02c618831ff9
SIZE: 739640
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120430/000dd160/attachment-0002.html>
More information about the Oisf-devel
mailing list