[Oisf-users] Suricata 2.0rc1 Available!

Phil Daws uxbod at splatnix.net
Fri Feb 14 10:42:39 UTC 2014 

----- Original Message -----
From: "Jason Ish" <lists at unx.ca>
To: "Phil Daws" <uxbod at splatnix.net>
Cc: "Peter Manev" <petermanev at gmail.com>, "Victor Julien" <victor at inliniac.net>, oisf-users at lists.openinfosecfoundation.org
Sent: Thursday, 13 February, 2014 4:06:15 PM
Subject: Re: [Oisf-users] Suricata 2.0rc1 Available!

It compiled for me using RPM pfring-5.6.3-7303.x86_64.  I did have to
install numactl-devel and use "LIBS=-lnuma ./configure ..." though.

On Thu, Feb 13, 2014 at 8:35 AM, Phil Daws <uxbod at splatnix.net> wrote:
> ----- Original Message -----
> From: "Peter Manev" <petermanev at gmail.com>
> To: "Phil Daws" <uxbod at splatnix.net>
> Cc: "Victor Julien" <victor at inliniac.net>, oisf-users at lists.openinfosecfoundation.org
> Sent: Thursday, 13 February, 2014 2:30:36 PM
> Subject: Re: [Oisf-users] Suricata 2.0rc1 Available!
>
> On Thu, Feb 13, 2014 at 3:28 PM, Phil Daws <uxbod at splatnix.net> wrote:
>>
>> ----- Original Message -----
>> From: "Victor Julien" <victor at inliniac.net>
>> To: "Phil Daws" <uxbod at splatnix.net>
>> Cc: oisf-users at lists.openinfosecfoundation.org
>> Sent: Thursday, 13 February, 2014 1:31:50 PM
>> Subject: Re: [Oisf-users] Suricata 2.0rc1 Available!
>>
>> On 02/13/2014 02:27 PM, Phil Daws wrote:
>>> Upgrading from 2.0beta produced the following with latest rules:
>>>
>>> <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server; app-layer-event:dns.not_a_request; sid:2240004; rev:1;)" from file /usr/local/etc/suricata/rules/dns-events.rules at line 7
>>> ...
>>
>> Could you (privately) share your yaml? The problem seems to go away if
>> you use the yaml from 2.0rc1/git. Would like to make sure it also works
>> with older yamls.
>>
>> --
>>
>> Also when trying to compile in PF_RING using:
>>
>> ./configure --enable-nfqueue \
>> --enable-geoip \
>> --enable-pfring \
>> --with-libpfring-libraries=/usr/local/pfring/lib \
>> --with-libpfring-includes=/usr/local/pfring/include \
>> --with-libpcap-libraries=/usr/local/pfring/lib \
>> --with-libpcap-includes=/usr/local/pfring/include
>>
>> am seeing:
>>
>> ERROR! --enable-pfring was passed but the library was not found or version is >4, go get it
>>    from http://www.ntop.org/PF_RING.html
>>
>> That is with PF_RING version 5.6.2 plus trying LIBS=-lrt
>>
>
>
> What OS is that?
>
>
> --
>
>
> CentOS 6.5
>
> P.

Can confirm that by the addition of LIBS=-lnuma it allowed Suricata to be compiled with PFRING support.  Many thanks Jason.

-- 
Phil

More information about the Oisf-users mailing list