|
|
WIN32
|
|
|
=====
|
|
|
|
|
|
This section describes how to build and run Suricata on Windows. Currently
|
|
|
Windows XP and above are supported and only in the IDS pcap mode.
|
|
|
|
|
|
1. Setup MinGW environment from http://mingw.org
|
|
|
|
|
|
Do not use the automatic installer as it is deprecated. Manually unpack
|
|
|
the following packages to c:\mingw (use newer versions if you like):
|
|
|
|
|
|
* binutils
|
|
|
o binutils-2.20–1-mingw32-bin.tar.gz
|
|
|
* mingw-runtime (dev and dll):
|
|
|
o mingwrt-3.17-mingw32-dll.tar.gz
|
|
|
o mingwrt-3.17-mingw32-dev.tar.gz
|
|
|
* w32api
|
|
|
o w32api-3.14-mingw32-dev.tar.gz
|
|
|
* required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads):
|
|
|
o gmp-4.2.4-mingw32-dll.tar.gz
|
|
|
o libiconv-1.13.1–1-mingw32-dll-2.tar.lzma
|
|
|
o mpfr-2.4.1-mingw32-dll.tar.gz
|
|
|
o pthreads-w32–2.8.0-mingw32-dll.tar.gz
|
|
|
* gcc-core (bin and dll):
|
|
|
o gcc-core-4.4.0-mingw32-bin.tar.gz
|
|
|
o gcc-core-4.4.0-mingw32-dll.tar.gz
|
|
|
* make
|
|
|
o make-3.81–20090914-mingw32-bin.tar.gz
|
|
|
|
|
|
2. Install MSYS
|
|
|
|
|
|
http://sourceforge.net/projects/mingw/files/
|
|
|
|
|
|
MSYS-1.0.11.exe (MSYS Base System)
|
|
|
msysDTK-1.0.1.exe (MSYS Suplementary Tools)
|
|
|
autoconf-2.63–1-msys-1.0.11-bin.tar.lzma
|
|
|
automake-1.11–1-msys-1.0.11-bin.tar.lzma
|
|
|
libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma
|
|
|
|
|
|
MSYS will ask questions during the installation:
|
|
|
Accept Post Install: [y]
|
|
|
MinGW Installed? : [y]
|
|
|
path to MinGW: [c:/MinGW]
|
|
|
|
|
|
3. Get git
|
|
|
|
|
|
Download portable GIT from this URL:
|
|
|
http://code.google.com/p/msysgit/
|
|
|
|
|
|
- unpack to /msys/1.0
|
|
|
- don't forget to edit your ~/.gitconfig to at least give youreself a name :-)
|
|
|
|
|
|
4. Get libpcre
|
|
|
|
|
|
http://www.pcre.org/
|
|
|
|
|
|
./configure --enable-utf8 --disable-cpp --prefix=/mingw
|
|
|
make
|
|
|
make install
|
|
|
|
|
|
5. Get libyaml
|
|
|
|
|
|
http://pyyaml.org/wiki/LibYAML
|
|
|
|
|
|
It does not support mingw compilation. However it works in static mode:
|
|
|
|
|
|
./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC"
|
|
|
make
|
|
|
make install
|
|
|
|
|
|
6. Get libpcap
|
|
|
|
|
|
Guide can be found here:
|
|
|
http://mathieu.carbou.free.fr/wiki/index.php?title=Winpcap_/_Libpcap#Installing_Winpcap_in_MinGW
|
|
|
|
|
|
- Create symlink cc -> gcc
|
|
|
- You can use the precompiled version: http://www.winpcap.org/devel.htm
|
|
|
- Download and install a coresponding installer package (to have the driver in the system)
|
|
|
- Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib
|
|
|
- Rename libwpcap to libpcap
|
|
|
|
|
|
7. Get zlib
|
|
|
|
|
|
http://sourceforge.net/projects/mingw/files/
|
|
|
|
|
|
./configure --prefix=/mingw
|
|
|
make
|
|
|
make install
|
|
|
|
|
|
8. Get and compile Suricata
|
|
|
|
|
|
git clone git://phalanx.openinfosecfoundation.org/oisf.git
|
|
|
cd oisf
|
|
|
./autojunk.sh
|
|
|
./configure CFLAGS="-DYAML_DECLARE_STATIC"
|
|
|
make
|
|
|
|
|
|
If everything goes well, you'll end up with suricata.exe in src/.lib. To test it
|
|
|
you will need libpcre-0.dll and pthreadGC2.dll which you already have somewhere
|
|
|
under c:/mingw or c:/msys. To try it out:
|
|
|
|
|
|
- copy the executable and the DLLs to a dedicated directory
|
|
|
- get there classification.config and suricata.yaml
|
|
|
- edit suricata.yaml (at least set the directories correctly)
|
|
|
- determine your eth device UUID in the registry:
|
|
|
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
|
|
|
- now cross your fingers and do:
|
|
|
suricata.exe -c suricata.yaml -i \DEVICE\{your device uuid}
|