[Oisf-users] Hyperscan on RHEL or CentOS

Spransy, Derek dsprans at emory.edu
Tue Mar 28 16:20:47 UTC 2017

These are my notes from installing HS and pf_ring support on RHEL 7.

Install with Intel Hyperscan Enabled

Install pre-requisites

sudo yum install cmake gcc-c++ python-devel

Download ragel, unpack, ./configure, make, sudo make install

Download and compile boost headers

Download boost 1.60

tar xvzf boost_1_60_0.tar.gz

cd boost_1_60_0



Install Hyperscan

git clone https://github.com/01org/hyperscan

cd hyperscan

mkdir build

cd build

cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=/home/<user>/boost_1_60_0/ ../


sudo make install

Compile Suricate with HS and PF_RING support

./configure --prefix=/usr --sysconfdir=/etc --enable-pfring --with-libpfring-includes=/usr/local/include --with-libpfring-libraries=/usr/local/lib --with-libnspr-includes=/usr/include/nspr4/ --with-libnspr-libraries=/usr/include/nspr4/ --with-libcap_ng-libraries=/usr/local/lib --with-libhs-includes=/usr/local/include/hs/ --with-libhs-libraries=/usr/local/lib/

mpm-algo and spm-algo values in suricata.yaml must be set to 'auto' or 'hs'

From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> on behalf of Cloherty, Sean E <scloherty at mitre.org>
Sent: Tuesday, March 28, 2017 12:15 PM
To: oisf-users at lists.openinfosecfoundation.org
Subject: [Oisf-users] Hyperscan on RHEL or CentOS

Has anyone got instructions for installing Hyperscan on RHEL/CentOS?  I’ve tried a few times now and it seems like I get fairly close, but I’ve not been able to compile Suricata with Hyperscan.  I know that it is something I am completing incorrectly but have not been able to figure it out.   Are there files or configuration changes that I can check at the end of the install to see if it was completed correctly prior to compiling Suricata?


Sean Cloherty

InfoSec Engineer/Scientist, Lead

MITRE Corporation

office (781) 271-3707

cell      (781) 697-8043


This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170328/01621739/attachment-0002.html>

More information about the Oisf-users mailing list