[Oisf-users] Now that I have built Suricata...
Peter Manev
petermanev at gmail.com
Sat Mar 21 10:27:21 UTC 2015
On Fri, Mar 20, 2015 at 10:18 PM, Brian Keefer <chort at effu.se> wrote:
> It looks like your kernel should support multi-threaded AF_PACKET, so you shouldn't need PF_RING.
>
> Only glaring issue is missing libjansson (needed for EVE logging). I would also recommend turning on GCC stack protection (as long as you aren't running inside a VM).
>
> For EVE you need to install the dependencies. I *think* they're covered here (bonus: You'll get control socket support): https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Interacting_via_Unix_Socket.
>
> To enable stack protection, add this to your ./configure arguments: --enable-gccprotect
>
> --
> bk
>
>
>
> On Mar 20, 2015, at 9:46 AM, James Moe <jimoe at sohnen-moe.com> wrote:
>
>> Signed PGP part
>> Hello,
>> opensuse 13.2
>> linux 3.16.7-7-desktop x86_64
>>
>> I have successfully configured Suricata 2.0.7 for building. It would
>> seem, though, a lot of possible functionality is not there.
>> How useful are the missing parts?
Whatever functionality is not there could be conditionally enabled
during build time (having in mind the dependency packages are present
on the system if needed), more info how and what (in your source
directory - below example is using git):
root at LTS-64-1:~/Work/tmp/oisf# ./configure --help
Some tutorials of how to enable certain outputs (and can they be used for):
(Luajit and LUA support)
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_luajit
(Filextraction/MD5)
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/MD5
>>
>> Suricata Configuration:
>> AF_PACKET support: yes
>> PF_RING support: no
>> NFQueue support: no
>> NFLOG support: no
>> IPFW support: no
>> DAG enabled: no
>> Napatech enabled: no
>> Unix socket enabled: no
>> Detection enabled: yes
>>
>> libnss support: no
>> libnspr support: no
>> libjansson support: no
>> Prelude support: no
>> PCRE jit: yes
>> LUA support: no
>> libluajit: no
>> libgeoip: no
>> Non-bundled htp: no
>> Old barnyard2 support: no
>> CUDA enabled: no
>>
>> Suricatasc install: yes
>>
>> Unit tests enabled: no
>> Debug output enabled: no
>> Debug validation enabled: no
>> Profiling enabled: no
>> Profiling locks enabled: no
>> Coccinelle / spatch: no
>>
>> Generic build parameters:
>> Installation prefix (--prefix): /usr/local
>> Configuration directory (--sysconfdir): /usr/local/etc/suricata/
>> Log directory (--localstatedir) : /usr/local/var/log/suricata/
>>
>> Host: x86_64-unknown-linux-gnu
>> GCC binary: gcc
>> GCC Protect enabled: no
>> GCC march native enabled: yes
>> GCC Profile enabled: no
>>
>>
>>
>> --
>> James Moe
>> moe dot james at sohnen-moe dot com
>> 520.743.3936
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Training now available: http://suricata-ids.org/training/
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list