[Oisf-devel] Suricata file-store not logging md5

Victor Julien victor at inliniac.net
Wed May 2 07:25:27 UTC 2012 

Thanks Peter!

On 05/01/2012 07:51 PM, Peter Manev wrote:
> Hi,
> 
> Just updated the wiki page.
> 
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/MD5
> 
> Thanks
> 
> On Tue, May 1, 2012 at 2:56 PM, Mike Cox <mike.cox52 at gmail.com
> <mailto:mike.cox52 at gmail.com>> wrote:
> 
>     Thanks Marcos, et. al.,
> 
>     Passing configure the libnss and libnspr directories did the trick for
>     me too.  We should include this tip in the wiki page for
>     file_extraction;  it looks like it needs a little updating anyway.
> 
>     https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
> 
>     Thanks.
> 
>      -Mike Cox
> 
>     On Mon, Apr 30, 2012 at 1:06 PM, Marcos Rodriguez
>     <marcos.e.rodriguez at gmail.com <mailto:marcos.e.rodriguez at gmail.com>>
>     wrote:
>     >>> Interesting.  I'm running into a similar situation on RHEL6 and
>     Fedora
>     >>> 16.
>     >>>
>     >>>  ./configure --prefix=/data/suricata/suricata-1.3b --enable-dag
>     >>> --enable-debug --enable-debug-validation --enable-profiling
>     >>> --with-libnss-libraries=/usr/lib64
>     --with-libnss-includes=/usr/include/nss3/
>     >>> --with-libnspr-libraries=/usr/lib64
>     >>> --with-libnspr-libraries=/usr/include/nspr4
>     >>>
>     >>> libnss support:                          no
>     >>> libnspr support:                         no
>     >>>
>     >>> When I finish the make && make install process and type
>     ./bin/suricata
>     >>> --build-info, HAVE_NSS is not among the list.
>     >>>
>     >>> Sorry I couldn't help.  At least you're not alone :o)
>     >>>
>     >>> marcos
>     >>>
>     >>>
>     >> Aha!
>     >>
>     >> I only needed to
>     specify --with-libnss-includes=/usr/include/nss3/ and
>     >> --with-libnspr-includes=/usr/include/nspr4, and voila!
>     >>
>     >> Thanks!
>     >>
>     >> marcos
>     >
>     >
>     > Sorry guys, one more spam:
>     >
>     > I'm now using force-md5 on both files-log.json and file store
>     settings.
>     >  Here's a sample of one of my meta files (I removed my IP's):
>     >
>     > TIME:              04/30/2012-14:05:10.914869
>     > SRC IP:            REMOVED
>     > DST IP:            REMOVED
>     > PROTO:             6
>     > SRC PORT:          80
>     > DST PORT:          10753
>     > HTTP URI:
>     >  /edgedl/update2/1.3.21.111/GoogleUpdateSetup.exe?cms_redirect=yes
>     <http://1.3.21.111/GoogleUpdateSetup.exe?cms_redirect=yes>
>     > HTTP HOST:        
>     o-o.preferred.iad09s12.v1.lscache3.c.pack.google.com
>     <http://o-o.preferred.iad09s12.v1.lscache3.c.pack.google.com>
>     > HTTP REFERER:      <unknown>
>     > FILENAME:        
>      /edgedl/update2/1.3.21.111/GoogleUpdateSetup.exe
>     <http://1.3.21.111/GoogleUpdateSetup.exe>
>     > MAGIC:             PE32 executable for MS Windows (GUI) Intel
>     80386 32-bit
>     > STATE:             CLOSED
>     > MD5:               a72bf16320bed66098bf02c618831ff9
>     > SIZE:              739640
>     >
>     >
>     _______________________________________________
>     Oisf-devel mailing list
>     Oisf-devel at openinfosecfoundation.org
>     <mailto:Oisf-devel at openinfosecfoundation.org>
>     http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> 
> 
> 
> 
> -- 
> Regards,
> Peter Manev
> 
> 
> 
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-devel mailing list