<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
Hi there
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
There seems to be some confusion here. Some unanswered questions first;
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
Why do you need 4.1.4? As someone new to IDS just play with 3.2.1 and if you need all that's in 4.1.4 you can worry about updating.
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
If that's not good then you need to appreciate that while previously you were installing from a specific deb package, now you are trying to compile from source. This can be tricky but possible if you have all the right libs/Versions thereof and configure it correctly in the first place.
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
As for the make error, make sure you have run 'configure' first and run 'make' in the directory of your Suricata source file. Here is an example cut out of one of my Makefiles. Replace the variables as per your directories.
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<div class="default-style" style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
CONFFLAGS= --prefix=/usr \
<br> --bindir=\$$\{exec_prefix\}/sbin \
<br> --mandir=\$$\{exec_prefix\}/share/man \
<br> --enable-nfqueue \
<br> --enable-geoip \
<br> --disable-gccmarch-native \
<br> --sysconfdir=/etc \
<br> --localstatedir=/var
</div>
<div class="default-style" style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>build : init
<br> cd build/$(SURICATA) && ./configure $(CONFFLAGS)
<br> cd build/$(SURICATA) && make
</div>
<div class="default-style" style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
init :
<br> mkdir build
<br> tar -zxf download/suricata/$(SURICATA).tar.gz -C build
<br>
</div>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
Have you asked within Raspberry forum if someone has already compiled the latest Suri for your OS?
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
Or try Ubuntu Mate ( if no other implications)
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
In the interim explore 3.2.1; it does a lot!
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
Amar Rathore
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
CounterSnipe for Suricata Driven IDS
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;">
<br>
</div>
<blockquote type="cite">
On August 19, 2019 at 6:15 PM 419telegraph298@protonmail.com wrote:
<br>
<br>
<div>
I should note that I downloaded the tar file and did not install directly using apt-get because that method does not install the latest version...
<br>
</div>
<div>
<br>
</div>
<div class="ox-69f1874fa7-protonmail_signature_block">
<div class="ox-69f1874fa7-protonmail_signature_block-user">
Sent from
<a href="https://protonmail.ch">ProtonMail</a>, encrypted email based in Switzerland.
<br>
</div>
<div>
<br>
</div>
<div class="ox-69f1874fa7-protonmail_signature_block-proton">
Sent with
<a href="https://protonmail.com" target="_blank" rel="noopener">ProtonMail</a> Secure Email.
<br>
</div>
</div>
<div>
<br>
</div>
<div>
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
<br>
</div>
<div>
On Monday, August 19, 2019 2:48 PM, <419telegraph298@protonmail.com> wrote:
<br>
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
What would everyone recommend doing for installation once the tar file is unzipped?
<br>
</div>
<div>
<br>
</div>
<div>
I tried install instructions for Ubuntu and Debian but they don't work on the pi for me.
<br>
</div>
<div>
<br>
</div>
<p>make: *** No targets specified and no makefile found. Stop.<br></p>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div class="ox-69f1874fa7-protonmail_signature_block">
<div class="ox-69f1874fa7-protonmail_signature_block-user">
Sent from
<a href="https://protonmail.ch">ProtonMail</a>, encrypted email based in Switzerland.
<br>
</div>
<div>
<br>
</div>
<div class="ox-69f1874fa7-protonmail_signature_block-proton">
Sent with
<a href="https://protonmail.com" target="_blank" rel="noopener">ProtonMail</a> Secure Email.
<br>
</div>
</div>
<div>
<br>
</div>
<div>
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
<br>
</div>
<div>
On Friday, August 16, 2019 3:23 PM, <419telegraph298@protonmail.com> wrote:
<br>
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
wget works thanks!
<br>
</div>
<div>
<br>
</div>
<div class="ox-69f1874fa7-protonmail_signature_block">
<div class="ox-69f1874fa7-protonmail_signature_block-user">
Sent from
<a href="https://protonmail.ch">ProtonMail</a>, encrypted email based in Switzerland.
<br>
</div>
<div>
<br>
</div>
<div class="ox-69f1874fa7-protonmail_signature_block-proton">
Sent with
<a href="https://protonmail.com" target="_blank" rel="noopener">ProtonMail</a> Secure Email.
<br>
</div>
</div>
<div>
<br>
</div>
<div>
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
<br>
</div>
<div>
On Friday, August 16, 2019 2:09 PM, Leonard Jacobs <ljacobs@netsecuris.com> wrote:
<br>
</div>
<div>
<br>
</div>
<blockquote type="cite">
<div>
You could download the Suricata file to your PC then SCP or SFTP the file over to the Pi after you install the os on the pi. Or try using wget instead of curl.
<br>
</div>
<div>
<br>
</div>
<div>
<div>
<strong>From: </strong> <419telegraph298@protonmail.com>
<br>
</div>
<div>
<strong>To: </strong> "oisf-users@lists.openinfosecfoundation.org" <oisf-users@lists.openinfosecfoundation.org>
<br>
</div>
<div>
<strong>Sent: </strong> 8/16/2019 1:04 PM
<br>
</div>
<div>
<strong>Subject: </strong> [Oisf-users] Installing the latest Suricata on a Pi
<br>
</div>
<div>
<br>
</div>
<blockquote>
<div>
Hi everyone - I've looked around online for an answer to this but didn't find anything - I'm trying to install
<strong>4.1.4 on a Pi but using sudo-apt-get install only installs </strong>3.2.1. I tried to curl
<a href="https://www.openinfosecfoundation.org/download/suricata-4.1.4.tar.gz" target="_blank" rel="noopener">https://www.openinfosecfoundation.org/download/suricata-4.1.4.tar.gz</a> but the file would not download it just printed streams of random characters on the screen.
<br>
</div>
<div>
<br>
</div>
<div>
I tried this tutorial but it still only installed suricata 3.2.1 -
<a href="https://www.sothis.tech/en/detecting-intruders-at-home-ii/" target="_blank" rel="noopener">https://www.sothis.tech/en/detecting-intruders-at-home-ii/</a>
<br>
</div>
<div>
<br>
</div>
<div>
My OS - Linux raspberrypi 4.14.50-v7+ #1122 SMP Tue Jun 19 12:26:26 BST 2018 armv7l GNU/Linux
<br>
</div>
<div>
<br>
</div>
<div>
Sorry if the answer is obvious I am still a noob with IDS...
<br>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div class="ox-69f1874fa7-mcntprotonmail_signature_block">
<div class="ox-69f1874fa7-mcntprotonmail_signature_block-user">
Sent from
<a href="https://protonmail.ch" target="_blank" rel="noopener">ProtonMail</a>, encrypted email based in Switzerland.
<br>
</div>
<div>
<br>
</div>
<div class="ox-69f1874fa7-mcntprotonmail_signature_block-proton">
Sent with
<a href="https://protonmail.com" target="_blank" rel="noopener">ProtonMail</a> Secure Email.
<br>
</div>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
_______________________________________________
<br>
</div>
<div>
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
<br>
</div>
<div>
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
<br>
</div>
<div>
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
<br>
</div>
<div>
<br>
</div>
<div>
Conference: https://suricon.net
<br>
</div>
<div>
Trainings: https://suricata-ids.org/training/
<br>
</div>
</blockquote>
</div>
</blockquote>
</blockquote>
<div>
<br>
</div>
</blockquote>
<div>
<br>
</div>_______________________________________________
<br>Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
<br>Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
<br>List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
<br>
<br>Conference: https://suricon.net
<br>Trainings: https://suricata-ids.org/training/
</blockquote>
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;" class="default-style">
<br>
</div>
<div class="io-ox-signature">
<div style="font-size: 12pt; font-family: arial, helvetica, sans-serif; color: #000080;" class="default-style">
<div>
Kind regards
<br>
<br>
</div>
<div>
Amar Rathore
<br>
</div>
<div>
Tel: +1 617 765 0633 -
<span style="color: #ff0000;">PLEASE NOTE CHANGED TELEPHONE NUMBER</span>
<br>Mobile: +91 8800 596506
</div>
<div>
<br>
</div>
</div>
</div>
</body>
</html>