[Oisf-users] file extraction didn't work on Ubuntu 12.04/Suri-2.0

Peter Manev petermanev at gmail.com
Sun Mar 30 18:24:00 UTC 2014 

On Sun, Mar 30, 2014 at 7:27 PM, Shawn <citypw at gmail.com> wrote:
> On Sun, Mar 30, 2014 at 3:47 PM, Peter Manev <petermanev at gmail.com> wrote:
>>
>> Can you please post the output of :
>> suircata --build-info
>>
> This is Suricata version 2.0 RELEASE
> Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET
> HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK
> SIMD support: SSE_4_2 SSE_4_1 SSE_3
> Atomic intrisics: 1 2 4 8 16 byte(s)
> 64-bits, Little-endian architecture
> GCC version 4.6.3, C version 199901
> compiled with -fstack-protector
> compiled with _FORTIFY_SOURCE=2
> L1 cache line size (CLS)=64
> compiled with LibHTP v0.5.10, linked against LibHTP v0.5.10
> Suricata Configuration:
>   AF_PACKET support:                       yes
>   PF_RING support:                         no
>   NFQueue support:                         yes
>   IPFW support:                            no
>   DAG enabled:                             no
>   Napatech enabled:                        no
>   Unix socket enabled:                     no
>   Detection enabled:                       yes
>
>   libnss support:                          no
>   libnspr support:                         no
>   libjansson support:                      no
>   Prelude support:                         no
>   PCRE jit:                                no
>   libluajit:                               no
>   libgeoip:                                no
>   Non-bundled htp:                         no
>   Old barnyard2 support:                   no
>   CUDA enabled:                            no
>
>   Suricatasc install:                      yes
>
>   Unit tests enabled:                      no
>   Debug output enabled:                    no
>   Debug validation enabled:                no
>   Profiling enabled:                       no
>   Profiling locks enabled:                 no
>   Coccinelle / spatch:                     yes
>
> Generic build parameters:
>   Installation prefix (--prefix):          /usr/local/suricata
>   Configuration directory (--sysconfdir):  /usr/local/suricata/etc/suricata/
>   Log directory (--localstatedir) :        /usr/local/suricata/var/log/suricata/
>
>   Host:                                    x86_64-unknown-linux-gnu
>   GCC binary:                              gcc
>   GCC Protect enabled:                     yes
>   GCC march native enabled:                yes
>   GCC Profile enabled:                     no
>
>
>
>> These values in your yaml -
>> request-body-minimal-inspect-size: 320kb
>> request-body-inspect-window: 409kb
>> response-body-minimal-inspect-size: 320kb
>> response-body-inspect-window: 400kb
>>
>> Can you please put them back to the default values and try again?
>>
> hey Peter, I tried it again and it doesn't work still. Thanks.
>


Could you please do the following:

apt-get install libnss3-dev libnspr4-dev libjansson4 libjansson-dev

recompile and add to the config line like so:

./configure --with-libnss-libraries=/usr/lib
--with-libnss-includes=/usr/include/nss/
--with-libnspr-libraries=/usr/lib
--with-libnspr-includes=/usr/include/nspr
... plus anything else if you add to it


Run the tests again and please let us know ....

P.S
Do you have only one Suricata binary installed?


-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list