[Oisf-users] Recommend version of 'file/libmagic' for suricata?

Peter Manev petermanev at gmail.com
Thu Jul 11 06:57:17 UTC 2013


Hi,

What does your configure line looks like?
What is the output of suricata --build-info ?

thanks


On Thu, Jul 11, 2013 at 1:10 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I thought I would try building suricata against file v.4.17
>
> libmagic was built and all relevant files copied to /opt/libmagic.
> Suricata was compiled against the libmagic libraries/headers in this
> directory.
>
> Checking the binary, it appears its still linked against the system library:
>
>>  ldd /usr/bin/suricata
>>         linux-vdso.so.1 (0x00007fffdaba4000)
>>         libhtp-0.2.so.1 => /usr/lib64/libhtp-0.2.so.1 (0x00007f4099b9c000)
>>         libmagic.so.1 => /usr/lib64/libmagic.so.1 (0x00007f4099980000)
>
> Am I doing something wrong?  It's been awhile since I tried to do this.
>
> On 7/10/2013 3:04 PM, Cooper F. Nelson wrote:
>> Hi all,
>>
>> I've encountered an issue similar to the one described in this bug-report:
>>
>> https://redmine.openinfosecfoundation.org/issues/437
>>
>> In my case, file extraction does not seem to work at all with the
>> version of file/libmagic that ships with the current Gentoo release
>> (currently "file 5.12").
>>
>> I noticed that suricata can be configured using a static/local version
>> of libmagic via these flags:
>>
>>>   --with-libmagic-includes=DIR  libmagic include directory
>>>   --with-libmagic-libraries=DIR    libmagic library directory
>>
>> So, is there a recommend version of file to statically link to suricata
>> to enable file extraction?  And if so, what version is it and where can
>> I find the source?
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJR3enQAAoJEKIFRYQsa8FWQPIH/RRILwDnplcJNZa2S8u3YV4o
> o6w98DFb6WZrTMLeZb8cQWkTLLYGpadisdG5/fCjp9qrEF3tpaF64P0kPktrA0Oj
> GsE99UOhtx8pKKctxrsI12BAVGlA8VNu8+8jy6Fd/qpyfd8jtouGMIVap5+bemQi
> 1980ha/lXzsEOdPmIvyl5W1xpVj8lsTU7gvcH0A/WMML1K8no6/Y8ivCe7PQqoOp
> yK+6c3EYZJzTrEJrU9QS8INcqZ8Ne2ViGX270x3/i95zftmMV9Ph80cplp6Y9MaZ
> JBoWZ7ZmBE89RtvNRTVSDFSJ4uFG6D7HUzZpYa4ULj4s+OQSZh4dijO8bh/m7dk=
> =MmYI
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list