[Oisf-users] Recommend version of 'file/libmagic' for suricata?

Cooper F. Nelson cnelson at ucsd.edu
Wed Jul 10 23:10:08 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I thought I would try building suricata against file v.4.17

libmagic was built and all relevant files copied to /opt/libmagic.
Suricata was compiled against the libmagic libraries/headers in this
directory.

Checking the binary, it appears its still linked against the system library:

>  ldd /usr/bin/suricata
>         linux-vdso.so.1 (0x00007fffdaba4000)
>         libhtp-0.2.so.1 => /usr/lib64/libhtp-0.2.so.1 (0x00007f4099b9c000)
>         libmagic.so.1 => /usr/lib64/libmagic.so.1 (0x00007f4099980000)

Am I doing something wrong?  It's been awhile since I tried to do this.

On 7/10/2013 3:04 PM, Cooper F. Nelson wrote:
> Hi all,
> 
> I've encountered an issue similar to the one described in this bug-report:
> 
> https://redmine.openinfosecfoundation.org/issues/437
> 
> In my case, file extraction does not seem to work at all with the
> version of file/libmagic that ships with the current Gentoo release
> (currently "file 5.12").
> 
> I noticed that suricata can be configured using a static/local version
> of libmagic via these flags:
> 
>>   --with-libmagic-includes=DIR  libmagic include directory
>>   --with-libmagic-libraries=DIR    libmagic library directory
> 
> So, is there a recommend version of file to statically link to suricata
> to enable file extraction?  And if so, what version is it and where can
> I find the source?
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
> 

- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJR3enQAAoJEKIFRYQsa8FWQPIH/RRILwDnplcJNZa2S8u3YV4o
o6w98DFb6WZrTMLeZb8cQWkTLLYGpadisdG5/fCjp9qrEF3tpaF64P0kPktrA0Oj
GsE99UOhtx8pKKctxrsI12BAVGlA8VNu8+8jy6Fd/qpyfd8jtouGMIVap5+bemQi
1980ha/lXzsEOdPmIvyl5W1xpVj8lsTU7gvcH0A/WMML1K8no6/Y8ivCe7PQqoOp
yK+6c3EYZJzTrEJrU9QS8INcqZ8Ne2ViGX270x3/i95zftmMV9Ph80cplp6Y9MaZ
JBoWZ7ZmBE89RtvNRTVSDFSJ4uFG6D7HUzZpYa4ULj4s+OQSZh4dijO8bh/m7dk=
=MmYI
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list