[Oisf-devel] Suricata file-store not logging md5

Victor Julien victor at inliniac.net
Tue May 1 13:39:38 UTC 2012 

On 05/01/2012 02:56 PM, Mike Cox wrote:
> Thanks Marcos, et. al.,
> 
> Passing configure the libnss and libnspr directories did the trick for
> me too.  We should include this tip in the wiki page for
> file_extraction;  it looks like it needs a little updating anyway.

Contributions are very welcome! It's a wiki so feel free to add things.

Cheers,
Victor

> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
> 
> Thanks.
> 
>  -Mike Cox
> 
> On Mon, Apr 30, 2012 at 1:06 PM, Marcos Rodriguez
> <marcos.e.rodriguez at gmail.com> wrote:
>>>> Interesting.  I'm running into a similar situation on RHEL6 and Fedora
>>>> 16.
>>>>
>>>>  ./configure --prefix=/data/suricata/suricata-1.3b --enable-dag
>>>> --enable-debug --enable-debug-validation --enable-profiling
>>>> --with-libnss-libraries=/usr/lib64 --with-libnss-includes=/usr/include/nss3/
>>>> --with-libnspr-libraries=/usr/lib64
>>>> --with-libnspr-libraries=/usr/include/nspr4
>>>>
>>>> libnss support:                          no
>>>> libnspr support:                         no
>>>>
>>>> When I finish the make && make install process and type ./bin/suricata
>>>> --build-info, HAVE_NSS is not among the list.
>>>>
>>>> Sorry I couldn't help.  At least you're not alone :o)
>>>>
>>>> marcos
>>>>
>>>>
>>> Aha!
>>>
>>> I only needed to specify --with-libnss-includes=/usr/include/nss3/ and
>>> --with-libnspr-includes=/usr/include/nspr4, and voila!
>>>
>>> Thanks!
>>>
>>> marcos
>>
>>
>> Sorry guys, one more spam:
>>
>> I'm now using force-md5 on both files-log.json and file store settings.
>>  Here's a sample of one of my meta files (I removed my IP's):
>>
>> TIME:              04/30/2012-14:05:10.914869
>> SRC IP:            REMOVED
>> DST IP:            REMOVED
>> PROTO:             6
>> SRC PORT:          80
>> DST PORT:          10753
>> HTTP URI:
>>  /edgedl/update2/1.3.21.111/GoogleUpdateSetup.exe?cms_redirect=yes
>> HTTP HOST:         o-o.preferred.iad09s12.v1.lscache3.c.pack.google.com
>> HTTP REFERER:      <unknown>
>> FILENAME:          /edgedl/update2/1.3.21.111/GoogleUpdateSetup.exe
>> MAGIC:             PE32 executable for MS Windows (GUI) Intel 80386 32-bit
>> STATE:             CLOSED
>> MD5:               a72bf16320bed66098bf02c618831ff9
>> SIZE:              739640
>>
>>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-devel mailing list