mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
3.0 KiB
Plaintext
120 lines
3.0 KiB
Plaintext
Autogenerated on 2012-11-29
|
|
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PCRE-JIT
|
|
|
|
|
|
Installation from GIT with PCRE-JIT
|
|
|
|
In this guide will be explained how to install and use the most recent code of
|
|
Suricata on Ubuntu together with PCRE with JIT 8.20-RC1 support. The goal of
|
|
PCRE-JIT is to improve the pcre pattern matching performance of the pcre
|
|
library.
|
|
The easiest way to see performance difference is to create a couple of pcre
|
|
only rules or use for example the SSN rules from ET, and compare the
|
|
performance statistics for rules.
|
|
Installing from GIT on other operating systems is basically the same, except
|
|
that some commands are Ubuntu-specific (like sudo and apt-get). In case you are
|
|
using another operating system, you should replace those commands by your
|
|
operating-specific commands.
|
|
|
|
Pre-installation requirements
|
|
|
|
Before you can build Suricata with PCRE-JIT for your system, run the following
|
|
command to ensure that you have everything you need for the installation.
|
|
|
|
sudo apt-get -y install build-essential autoconf automake \
|
|
libtool libpcap-dev libnet1-dev libyaml-0-2 libyaml-dev \
|
|
zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
|
|
make g++
|
|
sudo apt-get install git-core
|
|
|
|
Depending on the current status of your system, it may take a while to complete
|
|
this process.
|
|
|
|
PCRE with JIT support
|
|
|
|
Enter the following commands for PCRE JIT installation:
|
|
|
|
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/pcre-8.20-
|
|
RC1.tar.gz
|
|
tar -xzvf pcre-8.20-RC1.tar.gz
|
|
cd pcre-8.20-RC1
|
|
./configure --enable-jit
|
|
|
|
Make sure you see that JIT compiling support is enabled, see example:
|
|
|
|
make
|
|
sudo make install
|
|
|
|
|
|
|
|
HTP
|
|
|
|
|
|
HTP is bundled with Suricata and installed automatically. If you need to
|
|
install HTP manually for other reasons, instructions can be found at HTP
|
|
library_installation.
|
|
|
|
|
|
IPS
|
|
|
|
|
|
By default, Suricata works as an IDS. If you want to use it as a IDS and IPS
|
|
program, enter:
|
|
|
|
sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1
|
|
libnfnetlink-dev libnfnetlink0
|
|
|
|
|
|
Suricata
|
|
|
|
First, it is convenient to create a directory for Suricata. Name it 'suricata'
|
|
for example. Open the terminal and enter:
|
|
|
|
mkdir suricata
|
|
|
|
Followed by:
|
|
|
|
cd suricata
|
|
|
|
Next, enter the following line in the terminal:
|
|
|
|
git clone git://phalanx.openinfosecfoundation.org/oisf.git
|
|
cd oisf
|
|
|
|
Followed by:
|
|
|
|
./autogen.sh
|
|
|
|
|
|
Compile and install
|
|
|
|
To configure, please enter:
|
|
|
|
./configure --enable-pcre-jit \
|
|
--with-libpcre-includes=/usr/local/include \
|
|
--with-libpcre-libraries=/usr/local/lib
|
|
|
|
After entering the previous, make sure that your screen looks like the
|
|
following example and you have PCRE with JIT support:
|
|
|
|
make
|
|
sudo make install
|
|
|
|
sudo ldconfig
|
|
|
|
To check the build information you can enter:
|
|
|
|
suricata --build-info
|
|
|
|
Please continue with Basic_Setup.
|
|
In case you have already made a map for the most recent code, downloaded the
|
|
code into that map, and want to download recent code again, please enter:
|
|
|
|
cd suricata/oisf
|
|
|
|
next, enter:
|
|
|
|
git pull
|
|
|
|
After that, you start again at running autogen.
|