suricata/doc/Windows.txt

Autogenerated on 2012-01-11
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows


Windows


Preparing the build environment

The instructions below should be followed in the order they appear. If your
configuration requires unique actions to compile the package and/or you
significantly modify the configure shell script, please e-mail the details of
your requirements and/or solution to bugreports@openinfosecfoundation.org.
Set up MinGW environment from http://mingw.org/
Do not use the automatic installer, as it is deprecated. Instead, manually
unpack the following packages to c:\mingw (you may use newer versions if you
prefer):


  * binutils
      o binutils-2.20-1-mingw32-bin.tar.gz
  * mingw-runtime (dev and dll)
      o mingwrt-3.17-mingw32-dll.tar.gz
      o mingwrt-3.17-mingw32-dev.tar.gz
  * w32api
      o w32api-3.14-mingw32-dev.tar.gz
  * Required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads)
      o gmp-4.2.4-mingw32-dll.tar.gz
      o libiconv-1.13.1-1-mingw32-dll-2.tar.lzma
      o mpfr-2.4.1-mingw32-dll.tar.gz
      o pthreads-w32-2.8.0-mingw32-dll.tar.gz
  * gcc-core (bin and dll)
      o gcc-core-4.4.0-mingw32-bin.tar.gz
      o gcc-core-4.4.0-mingw32-dll.tar.gz
  * make
      o make-3.81-20090914-mingw32-bin.tar.gz
  * zlib
      o libz-1.2.3-1-mingw32-dll-1.tar.gz
      + libz-1.2.3-1-mingw32-dev.tar.gz


Download MSYS

Get MSYS from http://sourceforge.net/projects/mingw/files/ and install

  MSYS-1.0.11.exe (MSYS Base System)
  msysDTK-1.0.1.exe (MSYS Suplementary Tools)
  autoconf-2.63-1-msys-1.0.11-bin.tar.lzma
  automake-1.11-1-msys-1.0.11-bin.tar.lzma
  libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma

MSYS will ask the following questions during installation.

  Accept Post Install: [y]
  MinGW Installed? : [y]
  path to MinGW: [c:/MinGW]


Download pkg-config

Install pkg-config taken from http://wiki.videolan.org/Win32CompileMSYSNew#PKG-
CONFIG
Download and extract the following into c:\Msys\1.0

     http://ftp.gnome.org/pub/GNOME/binaries/win32/glib/2.18/glib_2.18.2-
  1_win32.zip
     ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config_0.23-
  3_win32.zip
     ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config-
  dev_0.23-3_win32.zip


  Set PKG_CONFIG_PATH=/win32/lib/pkgconfig

(e.g. by adding the Windows environment variable PKG_CONFIG_PATH in "Control
Panel"->"System"->"Advanced System Settings"->"Environment Variables" and
setting the value to /win32/lib/pkgconfig)

Download Git sources

Get Git sources from http://code.google.com/p/msysgit/
Unpack to /msys/1.0
Remember to edit ~/.gitconfig to set your username

Download libpcre

Get libpcre from http://www.pcre.org/

  ./configure --enable-utf8 --disable-cpp --prefix=/mingw
  make
  make install


Download libyaml

Download libyaml from http://pyyaml.org/wiki/LibYAML
Though libyaml does not support mingw compilation, it does work in static mode.

  ./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC"
  make
  make install


Download libpcap

Download the developer pack from http://www.winpcap.org/devel.htm
To have the driver in the system, download and install a corresponding
installer package from http://www.winpcap.org/install/default.htm
Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib
Rename libwpcap.a to libpcap.a

Get and compile Suricata


  git clone git://phalanx.openinfosecfoundation.org/oisf.git
  cd oisf

Because of an autotools port bug, you will need to do the following:

  dos2unix.exe libhtp/configure.ac
  dos2unix.exe libhtp/htp.pc.in
  dos2unix.exe libhtp/Makefile.am

  ./autogen.sh
  ./configure CFLAGS="-DYAML_DECLARE_STATIC"

Add --enable-nfqueue as a configurable parameter to enable inline mode.

  make

If the full installation is successful, suricata.exe will be located in
src/.lib. To test your build, you will need libpcre-0.dll, libz-1.dll, and
pthreadGC2.dll, all of which should already be installed under c:/mingw or c:/
msys.
preparing the runtime environment.
To prepare the runtime environment, you must copy the executable and DLLs to a
dedicated directory. Get the classification.config and suricata.yaml, and then
edit suricata.yaml to ensure the directories are correctly identified.
pcap mode
If you have not already done so, install winpcap runtime and its driver. Then,
determine your eth device UUID in the registry:

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
  suricata.exe -c suricata.yaml -i \device\

In the example above, device should be replaced with your device uuid.

Inline mode

To operate in inline mode, you must download, compile and install
netfilterforwin, which is the netfilter.sys driver and Windows port of the
libnetfilter_queue library.
Download and install the Windows Driver Kit from Microsoft
http://www.microsoft.com/downloads/
details.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff
Download netfilterforwin from http://sourceforge.net/projects/netfilterforwin/
Unpack it so the netfilterforwin directory is beside the oisf directory. You
must omit the version from its name.
Compile the driver
Open the correct build environment from your Start menu
Start > All Programs > Windows Driver Kits > WDK xxxx.yyyy.z > Build
Environments > Windows Server 2003 > x86 Free Build Environment
At your command line prompt, enter the following:

  cd netfilterforwin/netfilter
  nmake

Install the driver
Copy inf/* files and the freshly built netfilter.sys to a separate directory,
and then open the network connections.
Right-click an interface, then select Properties
Click install...
Select Service
Click Add
Click Have disk...
Browse to the directory with the inf files and netfilter.sys, select
netfilter.inf, and then click Ok.
Confirm everything
The driver is now installed.
Run Suricata in inline mode

        suricata.exe -c suricata.yaml -q 0