[Oisf-users] Hyperscan on RHEL or CentOS
Viiret, Justin
justin.viiret at intel.com
Tue Mar 28 22:19:31 UTC 2017
Hi all,
(I work on the Hyperscan project at Intel)
Hyperscan's dependency on Boost is a "header-only" dependency - that is, we don't use any of the small number of Boost libraries that require it to be compiled. You should just be able to copy or symlink the Boost headers into <hyperscan-source>/include/boost without having to go through its build process.
You can find some information in the "Very Quick Start" section of our documentation here:
http://01org.github.io/hyperscan/dev-reference/getting_started.html#boost-headers
Hope that helps!
Regards,
Justin
From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Cloherty, Sean E
Sent: Wednesday, March 29, 2017 6:48 AM
To: Spransy, Derek <dsprans at emory.edu>; oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Hyperscan on RHEL or CentOS
Further but not there yet. Boost ended with this -
...failed updating 2 targets...
...skipped 6 targets...
...updated 1126 targets...
Scrolling back I did find these errors but I am not sure if they are relevant or not -
...failed gcc.compile.c++ bin.v2/libs/sync/build/gcc-4.8.5/release/link-static/threading-multi/tss_pthread.o...
...skipped <pbin.v2/libs/sync/build/gcc-4.8.5/release/threading-multi>libboost_sync.so.1.63.0 for lack of <pbin.v2/libs/sync/build/gcc-4.8.5/release/threading-multi>tss_pthread.o...
From: Spransy, Derek [mailto:dsprans at emory.edu]
Sent: Tuesday, March 28, 2017 14:24 PM
To: Cloherty, Sean E <scloherty at mitre.org<mailto:scloherty at mitre.org>>; oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>
Subject: Re: Hyperscan on RHEL or CentOS
cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=/home/<user>/boost_1_60_0/ ../
- No problem. As I recall I had some trouble at this step as well, but ultimately figured it out.
Two follow up questions if I could -
1. Does it matter what directory you are in when you invoke git for the Hyperscan package?
- No, just as long as you have the requisite permissions.
2. Does/Should the boost directory be in a specific users' home directory (like the account that you use to run Suricata), or is it not consequential at all?
- This shouldn't make any difference either, as long as you have permissions. I run pretty much everything out of my home folder when doing this type of work.
From: Spransy, Derek [mailto:dsprans at emory.edu]
Sent: Tuesday, March 28, 2017 12:21 PM
To: Cloherty, Sean E <scloherty at mitre.org<mailto:scloherty at mitre.org>>; oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>
Subject: Re: Hyperscan on RHEL or CentOS
These are my notes from installing HS and pf_ring support on RHEL 7.
Install with Intel Hyperscan Enabled
Install pre-requisites
sudo yum install cmake gcc-c++ python-devel
Download ragel, unpack, ./configure, make, sudo make install
Download and compile boost headers
Download boost 1.60
tar xvzf boost_1_60_0.tar.gz
cd boost_1_60_0
./bootstrap.sh
./b2
Install Hyperscan
git clone https://github.com/01org/hyperscan
[https://avatars3.githubusercontent.com/u/1635439?v=3&s=400]<https://github.com/01org/hyperscan>
GitHub - 01org/hyperscan: High-performance regular ...<https://github.com/01org/hyperscan>
github.com
README.md Hyperscan. Hyperscan is a high-performance multiple regex matching library. It follows the regular expression syntax of the commonly-used libpcre library ...
cd hyperscan
mkdir build
cd build
cmake -DBUILD_STATIC_AND_SHARED=1 -DBOOST_ROOT=/home/<user>/boost_1_60_0/ ../
make
sudo make install
Compile Suricate with HS and PF_RING support
./configure --prefix=/usr --sysconfdir=/etc --enable-pfring --with-libpfring-includes=/usr/local/include --with-libpfring-libraries=/usr/local/lib --with-libnspr-includes=/usr/include/nspr4/ --with-libnspr-libraries=/usr/include/nspr4/ --with-libcap_ng-libraries=/usr/local/lib --with-libhs-includes=/usr/local/include/hs/ --with-libhs-libraries=/usr/local/lib/
mpm-algo and spm-algo values in suricata.yaml must be set to 'auto' or 'hs'
________________________________
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org<mailto:oisf-users-bounces at lists.openinfosecfoundation.org>> on behalf of Cloherty, Sean E <scloherty at mitre.org<mailto:scloherty at mitre.org>>
Sent: Tuesday, March 28, 2017 12:15 PM
To: oisf-users at lists.openinfosecfoundation.org<mailto:oisf-users at lists.openinfosecfoundation.org>
Subject: [Oisf-users] Hyperscan on RHEL or CentOS
Has anyone got instructions for installing Hyperscan on RHEL/CentOS? I've tried a few times now and it seems like I get fairly close, but I've not been able to compile Suricata with Hyperscan. I know that it is something I am completing incorrectly but have not been able to figure it out. Are there files or configuration changes that I can check at the end of the install to see if it was completed correctly prior to compiling Suricata?
Thanks.
Sean Cloherty
InfoSec Engineer/Scientist, Lead
MITRE Corporation
office (781) 271-3707
cell (781) 697-8043
________________________________
This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.
If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170328/e9fa5e2a/attachment-0002.html>
More information about the Oisf-users
mailing list