<div dir="ltr">Hello<div> I use ubuntu 12.04 and install Suricata from the source and follow the instruction from osif website(for ubuntu user:<a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation" style="font-family:arial">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation</a>), i try to let Suricata work as IPS</div>
<div>here is my configure information:</div><div>./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var</div><div>checking for a BSD-compatible install... /usr/bin/install -c</div><div>checking whether build environment is sane... yes</div>
<div>checking for a thread-safe mkdir -p... /bin/mkdir -p</div><div>checking for gawk... gawk</div><div>checking whether make sets $(MAKE)... yes</div><div>checking for style of include used by make... GNU</div><div>checking for gcc... gcc</div>
<div>checking whether the C compiler works... yes</div><div>checking for C compiler default output file name... a.out</div><div>checking for suffix of executables... </div><div>checking whether we are cross compiling... no</div>
<div>checking for suffix of object files... o</div><div>checking whether we are using the GNU C compiler... yes</div><div>checking whether gcc accepts -g... yes</div><div>checking for gcc option to accept ISO C89... none needed</div>
<div>checking dependency style of gcc... gcc3</div><div>checking for gcc option to accept ISO C99... -std=gnu99</div><div>checking build system type... x86_64-unknown-linux-gnu</div><div>checking host system type... x86_64-unknown-linux-gnu</div>
<div>checking how to print strings... printf</div><div>checking for a sed that does not truncate output... /bin/sed</div><div>checking for grep that handles long lines and -e... /bin/grep</div><div>checking for egrep... /bin/grep -E</div>
<div>checking for fgrep... /bin/grep -F</div><div>checking for ld used by gcc -std=gnu99... /usr/bin/ld</div><div>checking if the linker (/usr/bin/ld) is GNU ld... yes</div><div>checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B</div>
<div>checking the name lister (/usr/bin/nm -B) interface... BSD nm</div><div>checking whether ln -s works... yes</div><div>checking the maximum length of command line arguments... 1572864</div><div>checking whether the shell understands some XSI constructs... yes</div>
<div>checking whether the shell understands "+="... yes</div><div>checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop</div><div>checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop</div>
<div>checking for /usr/bin/ld option to reload object files... -r</div><div>checking for objdump... objdump</div><div>checking how to recognize dependent libraries... pass_all</div><div>checking for dlltool... no</div><div>
checking how to associate runtime and link libraries... printf %s\n</div><div>checking for ar... ar</div><div>checking for archiver @FILE support... @</div><div>checking for strip... strip</div><div>checking for ranlib... ranlib</div>
<div>checking command to parse /usr/bin/nm -B output from gcc -std=gnu99 object... ok</div><div>checking for sysroot... no</div><div>checking for mt... mt</div><div>checking if mt is a manifest tool... no</div><div>checking how to run the C preprocessor... gcc -std=gnu99 -E</div>
<div>checking for ANSI C header files... yes</div><div>checking for sys/types.h... yes</div><div>checking for sys/stat.h... yes</div><div>checking for stdlib.h... yes</div><div>checking for string.h... yes</div><div>checking for memory.h... yes</div>
<div>checking for strings.h... yes</div><div>checking for inttypes.h... yes</div><div>checking for stdint.h... yes</div><div>checking for unistd.h... yes</div><div>checking for dlfcn.h... yes</div><div>checking for objdir... .libs</div>
<div>checking if gcc -std=gnu99 supports -fno-rtti -fno-exceptions... no</div><div>checking for gcc -std=gnu99 option to produce PIC... -fPIC -DPIC</div><div>checking if gcc -std=gnu99 PIC flag -fPIC -DPIC works... yes</div>
<div>checking if gcc -std=gnu99 static flag -static works... yes</div><div>checking if gcc -std=gnu99 supports -c -o file.o... yes</div><div>checking if gcc -std=gnu99 supports -c -o file.o... (cached) yes</div><div>checking whether the gcc -std=gnu99 linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes</div>
<div>checking whether -lc should be explicitly linked in... no</div><div>checking dynamic linker characteristics... GNU/Linux ld.so</div><div>checking how to hardcode library paths into programs... immediate</div><div>checking whether stripping libraries is possible... yes</div>
<div>checking if libtool supports shared libraries... yes</div><div>checking whether to build shared libraries... yes</div><div>checking whether to build static libraries... yes</div><div>checking gcc version... 4.6</div>
<div>checking for gawk... (cached) gawk</div><div>checking for gcc... (cached) gcc</div><div>checking whether we are using the GNU C compiler... (cached) yes</div><div>checking whether gcc accepts -g... (cached) yes</div>
<div>checking for gcc option to accept ISO C89... (cached) none needed</div><div>checking dependency style of gcc... (cached) gcc3</div><div>checking how to run the C preprocessor... gcc -std=gnu99 -E</div><div>checking whether ln -s works... yes</div>
<div>checking whether make sets $(MAKE)... (cached) yes</div><div>checking for pkg-config... /usr/bin/pkg-config</div><div>checking for spatch... /usr/bin/spatch</div><div>checking for python... /usr/bin/python</div><div>
checking arpa/inet.h usability... yes</div><div>checking arpa/inet.h presence... yes</div><div>checking for arpa/inet.h... yes</div><div>checking assert.h usability... yes</div><div>checking assert.h presence... yes</div>
<div>checking for assert.h... yes</div><div>checking ctype.h usability... yes</div><div>checking ctype.h presence... yes</div><div>checking for ctype.h... yes</div><div>checking errno.h usability... yes</div><div>checking errno.h presence... yes</div>
<div>checking for errno.h... yes</div><div>checking fcntl.h usability... yes</div><div>checking fcntl.h presence... yes</div><div>checking for fcntl.h... yes</div><div>checking for inttypes.h... (cached) yes</div><div>checking getopt.h usability... yes</div>
<div>checking getopt.h presence... yes</div><div>checking for getopt.h... yes</div><div>checking limits.h usability... yes</div><div>checking limits.h presence... yes</div><div>checking for limits.h... yes</div><div>checking netdb.h usability... yes</div>
<div>checking netdb.h presence... yes</div><div>checking for netdb.h... yes</div><div>checking netinet/in.h usability... yes</div><div>checking netinet/in.h presence... yes</div><div>checking for netinet/in.h... yes</div>
<div>checking poll.h usability... yes</div><div>checking poll.h presence... yes</div><div>checking for poll.h... yes</div><div>checking sched.h usability... yes</div><div>checking sched.h presence... yes</div><div>checking for sched.h... yes</div>
<div>checking signal.h usability... yes</div><div>checking signal.h presence... yes</div><div>checking for signal.h... yes</div><div>checking stdarg.h usability... yes</div><div>checking stdarg.h presence... yes</div><div>
checking for stdarg.h... yes</div><div>checking for stdint.h... (cached) yes</div><div>checking stdio.h usability... yes</div><div>checking stdio.h presence... yes</div><div>checking for stdio.h... yes</div><div>checking for stdlib.h... (cached) yes</div>
<div>checking for string.h... (cached) yes</div><div>checking sys/ioctl.h usability... yes</div><div>checking sys/ioctl.h presence... yes</div><div>checking for sys/ioctl.h... yes</div><div>checking syslog.h usability... yes</div>
<div>checking syslog.h presence... yes</div><div>checking for syslog.h... yes</div><div>checking sys/prctl.h usability... yes</div><div>checking sys/prctl.h presence... yes</div><div>checking for sys/prctl.h... yes</div><div>
checking sys/socket.h usability... yes</div><div>checking sys/socket.h presence... yes</div><div>checking for sys/socket.h... yes</div><div>checking for sys/stat.h... (cached) yes</div><div>checking sys/syscall.h usability... yes</div>
<div>checking sys/syscall.h presence... yes</div><div>checking for sys/syscall.h... yes</div><div>checking sys/time.h usability... yes</div><div>checking sys/time.h presence... yes</div><div>checking for sys/time.h... yes</div>
<div>checking time.h usability... yes</div><div>checking time.h presence... yes</div><div>checking for time.h... yes</div><div>checking for unistd.h... (cached) yes</div><div>checking for sys/ioctl.h... (cached) yes</div>
<div>checking linux/if_ether.h usability... yes</div><div>checking linux/if_ether.h presence... yes</div><div>checking for linux/if_ether.h... yes</div><div>checking linux/if_packet.h usability... yes</div><div>checking linux/if_packet.h presence... yes</div>
<div>checking for linux/if_packet.h... yes</div><div>checking linux/filter.h usability... yes</div><div>checking linux/filter.h presence... yes</div><div>checking for linux/filter.h... yes</div><div>checking for sys/socket.h... (cached) yes</div>
<div>checking for net/if.h... yes</div><div>checking for sys/mman.h... yes</div><div>checking for linux/if_arp.h... yes</div><div>checking for windows.h... no</div><div>checking for winsock2.h... no</div><div>checking for ws2tcpip.h... no</div>
<div>checking for w32api/winbase.h... no</div><div>checking for inline... inline</div><div>checking for pid_t... yes</div><div>checking for size_t... yes</div><div>checking for int32_t... yes</div><div>checking for uint16_t... yes</div>
<div>checking for uint32_t... yes</div><div>checking for uint64_t... yes</div><div>checking for uint8_t... yes</div><div>checking for stdbool.h that conforms to C99... yes</div><div>checking for _Bool... yes</div><div>checking for stdlib.h... (cached) yes</div>
<div>checking for GNU libc compatible malloc... yes</div><div>checking for stdlib.h... (cached) yes</div><div>checking for GNU libc compatible realloc... yes</div><div>checking for gettimeofday... yes</div><div>checking for memset... yes</div>
<div>checking for strcasecmp... yes</div><div>checking for strchr... yes</div><div>checking for strdup... yes</div><div>checking for strerror... yes</div><div>checking for strncasecmp... yes</div><div>checking for strtol... yes</div>
<div>checking for strtoul... yes</div><div>checking for memchr... yes</div><div>checking for special C compiler options needed for large files... no</div><div>checking for _FILE_OFFSET_BITS value needed for large files... no</div>
<div>checking host os... installation for x86_64-unknown-linux-gnu OS... ok</div><div>checking pcre.h usability... yes</div><div>checking pcre.h presence... yes</div><div>checking for pcre.h... yes</div><div>checking for pcre_get_substring in -lpcre... yes</div>
<div>checking for pcre_dfa_exec in -lpcre... yes</div><div>checking for PCRE JIT support... no</div><div>checking yaml.h usability... yes</div><div>checking yaml.h presence... yes</div><div>checking for yaml.h... yes</div>
<div>checking for yaml_parser_initialize in -lyaml... yes</div><div>checking for pthread_create in -lpthread... yes</div><div>checking jansson.h usability... no</div><div>checking jansson.h presence... no</div><div>checking for jansson.h... no</div>
<div>checking libnfnetlink/libnfnetlink.h usability... yes</div><div>checking libnfnetlink/libnfnetlink.h presence... yes</div><div>checking for libnfnetlink/libnfnetlink.h... yes</div><div>checking for nfnl_fd in -lnfnetlink... yes</div>
<div>checking libnetfilter_queue/libnetfilter_queue.h usability... yes</div><div>checking libnetfilter_queue/libnetfilter_queue.h presence... yes</div><div>checking for libnetfilter_queue/libnetfilter_queue.h... yes</div>
<div>checking for nfq_open in -lnetfilter_queue... yes</div><div>checking for nfq_set_queue_maxlen in -lnetfilter_queue... yes</div><div>checking for nfq_set_verdict2 in -lnetfilter_queue... no</div><div>checking for nfq_set_queue_flags in -lnetfilter_queue... no</div>
<div>checking for signed nfq_get_payload payload argument... yes</div><div>checking for libnet.h version 1.1.x... yes</div><div>checking for libnet_write in -lnet... yes</div><div>checking for libnet_build_icmpv6_unreach in -lnet... no</div>
<div>checking pcap.h usability... yes</div><div>checking pcap.h presence... yes</div><div>checking for pcap.h... yes</div><div>checking for pcap.h... (cached) yes</div><div>checking pcap/pcap.h usability... yes</div><div>
checking pcap/pcap.h presence... yes</div><div>checking for pcap/pcap.h... yes</div><div>checking pcap/bpf.h usability... yes</div><div>checking pcap/bpf.h presence... yes</div><div>checking for pcap/bpf.h... yes</div><div>
checking for pcap_open_live in -lpcap... yes</div><div>checking for pcap_activate in -lpcap... yes</div><div>checking for pcap-config... /usr/bin/pcap-config</div><div>checking for pcap_set_buffer_size in -lpcap... yes</div>
<div>checking whether TPACKET_V2 is declared... yes</div><div>checking whether PACKET_FANOUT is declared... yes</div><div>checking for pkg-config... /usr/bin/pkg-config</div><div>checking pkg-config is at least version 0.9.0... yes</div>
<div>checking cap-ng.h usability... yes</div><div>checking cap-ng.h presence... yes</div><div>checking for cap-ng.h... yes</div><div>checking for capng_clear in -lcap-ng... yes</div><div>checking nspr.h usability... no</div>
<div>checking nspr.h presence... no</div><div>checking for nspr.h... no</div><div>checking sechash.h usability... no</div><div>checking sechash.h presence... no</div><div>checking for sechash.h... no</div><div>checking magic.h usability... yes</div>
<div>checking magic.h presence... yes</div><div>checking for magic.h... yes</div><div>checking for magic_open in -lmagic... yes</div><div>checking for git... /usr/bin/git</div><div>configure: creating ./config.status</div>
<div>config.status: creating Makefile</div><div>config.status: creating src/Makefile</div><div>config.status: creating qa/Makefile</div><div>config.status: creating qa/coccinelle/Makefile</div><div>config.status: creating rules/Makefile</div>
<div>config.status: creating doc/Makefile</div><div>config.status: creating contrib/Makefile</div><div>config.status: creating contrib/file_processor/Makefile</div><div>config.status: creating contrib/file_processor/Action/Makefile</div>
<div>config.status: creating contrib/file_processor/Processor/Makefile</div><div>config.status: creating suricata.yaml</div><div>config.status: creating scripts/Makefile</div><div>config.status: creating scripts/suricatasc/Makefile</div>
<div>config.status: creating scripts/suricatasc/suricatasc</div><div>config.status: creating config.h</div><div>config.status: config.h is unchanged</div><div>config.status: executing depfiles commands</div><div>config.status: executing libtool commands</div>
<div>=== configuring in libhtp (/home/sbw983/Tools/suricata/suricata-1.4.4/libhtp)</div><div>configure: running /bin/bash ./configure --disable-option-checking '--prefix=/usr' '--enable-nfqueue' '--sysconfdir=/etc' '--localstatedir=/var' --cache-file=/dev/null --srcdir=.</div>
<div>checking for a BSD-compatible install... /usr/bin/install -c</div><div>checking whether build environment is sane... yes</div><div>checking for a thread-safe mkdir -p... /bin/mkdir -p</div><div>checking for gawk... gawk</div>
<div>checking whether make sets $(MAKE)... yes</div><div>checking for gcc... gcc</div><div>checking whether the C compiler works... yes</div><div>checking for C compiler default output file name... a.out</div><div>checking for suffix of executables... </div>
<div>checking whether we are cross compiling... no</div><div>checking for suffix of object files... o</div><div>checking whether we are using the GNU C compiler... yes</div><div>checking whether gcc accepts -g... yes</div>
<div>checking for gcc option to accept ISO C89... none needed</div><div>checking for style of include used by make... GNU</div><div>checking dependency style of gcc... gcc3</div><div>checking build system type... x86_64-unknown-linux-gnu</div>
<div>checking host system type... x86_64-unknown-linux-gnu</div><div>checking how to print strings... printf</div><div>checking for a sed that does not truncate output... /bin/sed</div><div>checking for grep that handles long lines and -e... /bin/grep</div>
<div>checking for egrep... /bin/grep -E</div><div>checking for fgrep... /bin/grep -F</div><div>checking for ld used by gcc... /usr/bin/ld</div><div>checking if the linker (/usr/bin/ld) is GNU ld... yes</div><div>checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B</div>
<div>checking the name lister (/usr/bin/nm -B) interface... BSD nm</div><div>checking whether ln -s works... yes</div><div>checking the maximum length of command line arguments... 1572864</div><div>checking whether the shell understands some XSI constructs... yes</div>
<div>checking whether the shell understands "+="... yes</div><div>checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop</div><div>checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop</div>
<div>checking for /usr/bin/ld option to reload object files... -r</div><div>checking for objdump... objdump</div><div>checking how to recognize dependent libraries... pass_all</div><div>checking for dlltool... no</div><div>
checking how to associate runtime and link libraries... printf %s\n</div><div>checking for ar... ar</div><div>checking for archiver @FILE support... @</div><div>checking for strip... strip</div><div>checking for ranlib... ranlib</div>
<div>checking command to parse /usr/bin/nm -B output from gcc object... ok</div><div>checking for sysroot... no</div><div>checking for mt... mt</div><div>checking if mt is a manifest tool... no</div><div>checking how to run the C preprocessor... gcc -E</div>
<div>checking for ANSI C header files... yes</div><div>checking for sys/types.h... yes</div><div>checking for sys/stat.h... yes</div><div>checking for stdlib.h... yes</div><div>checking for string.h... yes</div><div>checking for memory.h... yes</div>
<div>checking for strings.h... yes</div><div>checking for inttypes.h... yes</div><div>checking for stdint.h... yes</div><div>checking for unistd.h... yes</div><div>checking for dlfcn.h... yes</div><div>checking for objdir... .libs</div>
<div>checking if gcc supports -fno-rtti -fno-exceptions... no</div><div>checking for gcc option to produce PIC... -fPIC -DPIC</div><div>checking if gcc PIC flag -fPIC -DPIC works... yes</div><div>checking if gcc static flag -static works... yes</div>
<div>checking if gcc supports -c -o file.o... yes</div><div>checking if gcc supports -c -o file.o... (cached) yes</div><div>checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes</div>
<div>checking whether -lc should be explicitly linked in... no</div><div>checking dynamic linker characteristics... GNU/Linux ld.so</div><div>checking how to hardcode library paths into programs... immediate</div><div>checking whether stripping libraries is possible... yes</div>
<div>checking if libtool supports shared libraries... yes</div><div>checking whether to build shared libraries... yes</div><div>checking whether to build static libraries... yes</div><div>checking whether build environment is sane... yes</div>
<div>checking zlib.h usability... yes</div><div>checking zlib.h presence... yes</div><div>checking for zlib.h... yes</div><div>checking for inflate in -lz... yes</div><div>checking for -z relro... yes</div><div>checking host os... ok</div>
<div>checking for -z now... yes</div><div>configure: creating ./config.status</div><div>config.status: creating Makefile</div><div>config.status: creating htp.pc</div><div>config.status: creating htp/Makefile</div><div>config.status: creating test/Makefile</div>
<div>config.status: creating config.h</div><div>config.status: config.h is unchanged</div><div>config.status: executing depfiles commands</div><div>config.status: executing libtool commands</div><div><br></div><div>Suricata Configuration:</div>
<div> AF_PACKET support: yes</div><div> PF_RING support: no</div><div> NFQueue support: yes</div><div> IPFW support: no</div>
<div> DAG enabled: no</div><div> Napatech enabled: no</div><div> Unix socket enabled: no</div><div><br></div><div> libnss support: no</div>
<div> libnspr support: no</div><div> libjansson support: no</div><div> Prelude support: no</div><div> PCRE jit: no</div>
<div> libluajit: no</div><div> libgeoip: no</div><div> Non-bundled htp: no</div><div> Old barnyard2 support: no</div>
<div> CUDA enabled: no</div><div><br></div><div> Suricatasc install: yes</div><div><br></div><div> Unit tests enabled: no</div><div> Debug output enabled: no</div>
<div> Debug validation enabled: no</div><div> Profiling enabled: no</div><div> Profiling locks enabled: no</div><div><br></div><div>Generic build parameters:</div><div>
Installation prefix (--prefix): /usr</div><div> Configuration directory (--sysconfdir): /etc/suricata/</div><div> Log directory (--localstatedir) : /var/log/suricata/</div><div><br></div><div> Host: x86_64-unknown-linux-gnu</div>
<div> GCC binary: gcc</div><div> GCC Protect enabled: no</div><div> GCC march native enabled: yes</div><div> GCC Profile enabled: no</div>
<div><br></div><div>To build and install run 'make' and 'make install'.</div><div><br></div><div>You can run 'make install-conf' if you want to install initial configuration</div><div>files to /etc/suricata/. Running 'make install-full' will install configuration</div>
<div>and rules and provide you a ready-to-run suricata.</div><div><br></div><div>To install Suricata into /usr/bin/suricata, have the config in</div><div>/etc/suricata and use /var/log/suricata as log dir, use:</div><div>
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/</div><div><br></div><div><br></div><div>but after install i run it show this information:<br></div><div><div>suricata --build-info</div><div>This is Suricata version 1.4.3 RELEASE</div>
<div>Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW </div><div>64-bits, Little-endian architecture</div><div>
GCC version 4.6.3, C version 199901</div><div> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1</div><div> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2</div><div> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4</div><div> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8</div>
<div> __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16</div><div>compiled with -fstack-protector</div><div>compiled with _FORTIFY_SOURCE=2</div><div>compiled with libhtp 0.2.13, linked against 0.2.13</div><div>Suricata Configuration:</div>
<div> AF_PACKET support: yes</div><div> PF_RING support: no</div><div> NFQueue support: no</div><div> IPFW support: no</div>
<div> DAG enabled: no</div><div> Napatech enabled: no</div><div> Unix socket enabled: no</div><div><br></div><div> libnss support: no</div>
<div> libnspr support: no</div><div> libjansson support: no</div><div> Prelude support: no</div><div> PCRE jit: no</div>
<div> libluajit: no</div><div> libgeoip: no</div><div> Non-bundled htp: no</div><div> Old barnyard2 support: no</div>
<div> CUDA enabled: no</div><div><br></div><div> Suricatasc install: yes</div><div><br></div><div> Unit tests enabled: no</div><div> Debug output enabled: no</div>
<div> Debug validation enabled: no</div><div> Profiling enabled: no</div><div> Profiling locks enabled: no</div><div><br></div><div>Generic build parameters:</div><div>
Installation prefix (--prefix): /usr/local</div><div> Configuration directory (--sysconfdir): /usr/local/etc/suricata/</div><div> Log directory (--localstatedir) : /usr/local/var/log/suricata/</div><div>
<br></div><div> Host: x86_64-unknown-linux-gnu</div><div> GCC binary: gcc</div><div> GCC Protect enabled: no</div><div> GCC march native enabled: yes</div>
<div> GCC Profile enabled: no</div></div><div><br></div><div>it show that <span style="font-family:arial">NFQueue</span><span style="font-family:arial"> not enable, Pls. tell me how to make </span><span style="font-family:arial">NFQueue</span><span style="font-family:arial"> enable and so I can use </span> Suricata as IPS</div>
<div><br></div><div><br></div><h1 class="" style="margin:0px;padding:0px;font-weight:normal;font-size:36px;line-height:36px;color:rgb(0,161,196);letter-spacing:-1px"><br></h1></div>