
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">

<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>

</head>

<body dir="ltr">

<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;" dir="ltr">

<p><span style="color: rgb(51, 51, 51); font-family: Arial, sans-serif; font-size: 10.5pt;">cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=/home/<user>/boost_1_60_0/ ../</span><br>

</p>

<div style="color: rgb(0, 0, 0);">

<div>

<div>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif">- No problem. As I recall I had some trouble at this step as well, but ultimately figured it out. </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif"><br>

</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif">Two follow up questions if I could –

</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif">1.  Does it matter what directory you are in when you invoke git for the Hyperscan package?</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif">- No, just as long as you have the requisite permissions.</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif">2.  Does/Should the boost directory be in a specific users’ home directory (like the account that you use to run Suricata), or is it not consequential at all?</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif">- This shouldn't make any difference either, as long as you have permissions. I run pretty much everything out of my home folder when doing this type of work.</span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:11.0pt; font-family:"Calibri",sans-serif"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-family: Calibri, sans-serif; font-size: 11pt;"> </span><br>

</p>

<div>

<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif"> Spransy, Derek [mailto:dsprans@emory.edu]

<br>

<b>Sent:</b> Tuesday, March 28, 2017 12:21 PM<br>

<b>To:</b> Cloherty, Sean E <scloherty@mitre.org>; oisf-users@lists.openinfosecfoundation.org<br>

<b>Subject:</b> Re: Hyperscan on RHEL or CentOS</span></p>

</div>

</div>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

 </p>

<div id="divtagdefaultwrapper">

<p><span style="font-family:"Calibri",sans-serif; color:black">These are my notes from installing HS and pf_ring support on RHEL 7.</span></p>

<h3 id="SuricataDocumentation-snortappprod3-InstallwithIntelHyperscanEnabled" style="margin-bottom: 0.0001pt; margin-right: 0in; margin-left: 0in; font-size: 13.5pt; font-family: "Times New Roman", serif; font-weight: bold;">

<span style="font-size:12.0pt; font-family:"Arial",sans-serif; color:black">Install with Intel Hyperscan Enabled</span></h3>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><u><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">Install pre-requisites</span></u></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">sudo yum install cmake gcc-c++ python-devel</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">Download ragel, unpack, ./configure, make, sudo make install</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<u><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">Download and compile boost headers</span></u><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">Download boost 1.60</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">tar xvzf boost_1_60_0.tar.gz</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">cd boost_1_60_0</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">./bootstrap.sh</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">./b2</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<u><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">Install Hyperscan</span></u><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">git clone <a href="https://github.com/01org/hyperscan" style="color: blue; text-decoration: underline;" id="LPlnk915063" previewremoved="true"><span style="color:#326CA6; text-decoration:none">https://github.com/01org/hyperscan</span></a></span></p>

<div id="LPBorder_GT_14907253191500.525941784736337" style="margin-bottom: 20px; overflow: auto; width: 100%; text-indent: 0px;">

<table id="LPContainer_14907253191460.024547348708132688" role="presentation" cellspacing="0" style="width: 90%; background-color: rgb(255, 255, 255); position: relative; overflow: auto; padding-top: 20px; padding-bottom: 20px; margin-top: 20px; border-top: 1px dotted rgb(200, 200, 200); border-bottom: 1px dotted rgb(200, 200, 200);">

<tbody>

<tr valign="top" style="border-spacing: 0px;">

<td id="ImageCell_14907253191470.35226236125068433" colspan="1" style="width: 250px; position: relative; display: table-cell; padding-right: 20px;">

<div id="LPImageContainer_14907253191470.17915849189600253" style="background-color: rgb(255, 255, 255); height: 250px; position: relative; margin: auto; display: table; width: 250px;">

<a id="LPImageAnchor_14907253191480.4653850397098729" href="https://github.com/01org/hyperscan" target="_blank" style="display: table-cell; text-align: center;"><img aria-label="Preview image with link selected. Double-tap to open the link." id="LPThumbnailImageID_14907253191480.9448262638505014" width="250" height="250" style="display: inline-block; max-width: 250px; max-height: 250px; height: 250px; width: 250px; border-width: 0px; vertical-align: bottom;" src="https://avatars3.githubusercontent.com/u/1635439?v=3&s=400"></a></div>

</td>

<td id="TextCell_14907253191480.039976545536115404" colspan="2" style="vertical-align: top; position: relative; padding: 0px; display: table-cell;">

<div id="LPRemovePreviewContainer_14907253191480.6439680559125385"></div>

<div id="LPTitle_14907253191490.4607019303592852" style="top: 0px; color: rgb(0, 40, 120); font-weight: normal; font-size: 21px; font-family: wf_segoe-ui_light, "Segoe UI Light", "Segoe WP Light", "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; line-height: 21px;">

<a id="LPUrlAnchor_14907253191490.7697620366637976" href="https://github.com/01org/hyperscan" target="_blank" style="text-decoration: none;">GitHub - 01org/hyperscan: High-performance regular ...</a></div>

<div id="LPMetadata_14907253191490.5829615333255154" style="margin: 10px 0px 16px; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 14px;">

github.com</div>

<div id="LPDescription_14907253191500.6612632107399623" style="display: block; color: rgb(102, 102, 102); font-weight: normal; font-family: wf_segoe-ui_normal, "Segoe UI", "Segoe WP", Tahoma, Arial, sans-serif; font-size: 14px; line-height: 20px; max-height: 100px; overflow: hidden;">

README.md Hyperscan. Hyperscan is a high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library ...</div>

</td>

</tr>

</tbody>

</table>

</div>

<br>

</span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span>

<p></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">cd hyperscan</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">mkdir build</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">cd build</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=/home/<user>/boost_1_60_0/ ../</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">make</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">sudo make install</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<u><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">Compile Suricate with HS and PF_RING support</span></u><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">./</span></span><span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">configure</span></span><span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"> --prefix=/usr

 --sysconfdir=/etc --enable-pfring --with-libpfring-includes=/usr/local/include --with-libpfring-libraries=/usr/local/lib --with-libnspr-includes=/usr/include/nspr4/ --with-libnspr-libraries=/usr/include/nspr4/ --with-libcap_ng-libraries=/usr/local/lib --with-libhs-includes=/usr/local/include/hs/

 --with-libhs-libraries=/usr/local/lib/</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333">mpm-algo and spm-algo values in suricata.yaml must be set to 'auto' or 'hs'</span></span><span style="font-size:10.5pt; font-family:"Arial",sans-serif; color:#333333"></span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-family:"Calibri",sans-serif; color:black"> </span></p>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-family:"Calibri",sans-serif; color:black"> </span></p>

<div>

<div align="center" style="text-align: center; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-family:"Calibri",sans-serif; color:black">

<hr size="2" width="98%" align="center">

</span></div>

<div id="divRplyFwdMsg">

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">From:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> Oisf-users <<a href="mailto:oisf-users-bounces@lists.openinfosecfoundation.org" style="color: blue; text-decoration: underline;">oisf-users-bounces@lists.openinfosecfoundation.org</a>>

 on behalf of Cloherty, Sean E <<a href="mailto:scloherty@mitre.org" style="color: blue; text-decoration: underline;">scloherty@mitre.org</a>><br>

<b>Sent:</b> Tuesday, March 28, 2017 12:15 PM<br>

<b>To:</b> <a href="mailto:oisf-users@lists.openinfosecfoundation.org" style="color: blue; text-decoration: underline;">

oisf-users@lists.openinfosecfoundation.org</a><br>

<b>Subject:</b> [Oisf-users] Hyperscan on RHEL or CentOS</span><span style="font-family:"Calibri",sans-serif; color:black">

</span></p>

<div>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-family:"Calibri",sans-serif; color:black"> </span></p>

</div>

</div>

<div>

<div>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">Has anyone got instructions for installing Hyperscan on RHEL/CentOS?  I’ve tried a few times now and it seems like I get fairly close, but I’ve not been able to compile Suricata

 with Hyperscan.  I know that it is something I am completing incorrectly but have not been able to figure it out.   Are there files or configuration changes that I can check at the end of the install to see if it was completed correctly prior to compiling

 Suricata?</span></p>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> </span></p>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">Thanks.</span></p>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> </span></p>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">Sean Cloherty</span></p>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">InfoSec Engineer/Scientist, Lead</span></p>

<p><span style="font-size:11.0pt; font-family:MITRE; color:#2E74B5">MITRE</span><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> Corporation</span></p>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">office (781) 271-3707</span></p>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black">cell      (781) 697-8043</span></p>

<p><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:black"> </span></p>

</div>

</div>

</div>

</div>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

 </p>

<div align="center" style="text-align: center; margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<hr size="2" width="100%" align="center">

</div>

<p style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman", serif;">

<span style="font-size:7.5pt; font-family:"Arial",sans-serif; color:gray"><br>

This e-mail message (including any attachments) is for the sole use of<br>

the intended recipient(s) and may contain confidential and privileged<br>

information. If the reader of this message is not the intended<br>

recipient, you are hereby notified that any dissemination, distribution<br>

or copying of this message (including any attachments) is strictly<br>

prohibited.<br>

<br>

If you have received this message in error, please contact<br>

the sender by reply e-mail message and destroy all copies of the<br>

original message (including attachments).</span></p>

</div>

</div>

</div>

</div>

</body>

</html>