[Oisf-users] Now that I have built Suricata...

Brian Keefer chort at effu.se
Fri Mar 20 21:18:13 UTC 2015 

It looks like your kernel should support multi-threaded AF_PACKET, so you shouldn't need PF_RING.

Only glaring issue is missing libjansson (needed for EVE logging). I would also recommend turning on GCC stack protection (as long as you aren't running inside a VM).

For EVE you need to install the dependencies. I *think* they're covered here (bonus: You'll get control socket support): https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket.

To enable stack protection, add this to your ./configure arguments: --enable-gccprotect

--
bk



On Mar 20, 2015, at 9:46 AM, James Moe <jimoe at sohnen-moe.com> wrote:

> Signed PGP part
> Hello,
> opensuse 13.2
> linux 3.16.7-7-desktop x86_64
> 
>   I have successfully configured Suricata 2.0.7 for building. It would
> seem, though, a lot of possible functionality is not there.
>   How useful are the missing parts?
> 
> Suricata Configuration:
>   AF_PACKET support:                       yes
>   PF_RING support:                         no
>   NFQueue support:                         no
>   NFLOG support:                           no
>   IPFW support:                            no
>   DAG enabled:                             no
>   Napatech enabled:                        no
>   Unix socket enabled:                     no
>   Detection enabled:                       yes
> 
>   libnss support:                          no
>   libnspr support:                         no
>   libjansson support:                      no
>   Prelude support:                         no
>   PCRE jit:                                yes
>   LUA support:                             no
>   libluajit:                               no
>   libgeoip:                                no
>   Non-bundled htp:                         no
>   Old barnyard2 support:                   no
>   CUDA enabled:                            no
> 
>   Suricatasc install:                      yes
> 
>   Unit tests enabled:                      no
>   Debug output enabled:                    no
>   Debug validation enabled:                no
>   Profiling enabled:                       no
>   Profiling locks enabled:                 no
>   Coccinelle / spatch:                     no
> 
> Generic build parameters:
>   Installation prefix (--prefix):          /usr/local
>   Configuration directory (--sysconfdir):  /usr/local/etc/suricata/
>   Log directory (--localstatedir) :        /usr/local/var/log/suricata/
> 
>   Host:                                    x86_64-unknown-linux-gnu
>   GCC binary:                              gcc
>   GCC Protect enabled:                     no
>   GCC march native enabled:                yes
>   GCC Profile enabled:                     no
> 
> 
> 
> --
> James Moe
> moe dot james at sohnen-moe dot com
> 520.743.3936
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150320/5baa02bc/attachment.sig>

More information about the Oisf-users mailing list