[Oisf-devel] Suricata file-store not logging md5
Mike Cox
mike.cox52 at gmail.com
Tue May 1 12:56:46 UTC 2012
Thanks Marcos, et. al.,
Passing configure the libnss and libnspr directories did the trick for
me too. We should include this tip in the wiki page for
file_extraction; it looks like it needs a little updating anyway.
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
Thanks.
-Mike Cox
On Mon, Apr 30, 2012 at 1:06 PM, Marcos Rodriguez
<marcos.e.rodriguez at gmail.com> wrote:
>>> Interesting. I'm running into a similar situation on RHEL6 and Fedora
>>> 16.
>>>
>>> ./configure --prefix=/data/suricata/suricata-1.3b --enable-dag
>>> --enable-debug --enable-debug-validation --enable-profiling
>>> --with-libnss-libraries=/usr/lib64 --with-libnss-includes=/usr/include/nss3/
>>> --with-libnspr-libraries=/usr/lib64
>>> --with-libnspr-libraries=/usr/include/nspr4
>>>
>>> libnss support: no
>>> libnspr support: no
>>>
>>> When I finish the make && make install process and type ./bin/suricata
>>> --build-info, HAVE_NSS is not among the list.
>>>
>>> Sorry I couldn't help. At least you're not alone :o)
>>>
>>> marcos
>>>
>>>
>> Aha!
>>
>> I only needed to specify --with-libnss-includes=/usr/include/nss3/ and
>> --with-libnspr-includes=/usr/include/nspr4, and voila!
>>
>> Thanks!
>>
>> marcos
>
>
> Sorry guys, one more spam:
>
> I'm now using force-md5 on both files-log.json and file store settings.
> Here's a sample of one of my meta files (I removed my IP's):
>
> TIME: 04/30/2012-14:05:10.914869
> SRC IP: REMOVED
> DST IP: REMOVED
> PROTO: 6
> SRC PORT: 80
> DST PORT: 10753
> HTTP URI:
> /edgedl/update2/1.3.21.111/GoogleUpdateSetup.exe?cms_redirect=yes
> HTTP HOST: o-o.preferred.iad09s12.v1.lscache3.c.pack.google.com
> HTTP REFERER: <unknown>
> FILENAME: /edgedl/update2/1.3.21.111/GoogleUpdateSetup.exe
> MAGIC: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
> STATE: CLOSED
> MD5: a72bf16320bed66098bf02c618831ff9
> SIZE: 739640
>
>
More information about the Oisf-devel
mailing list