|  |  | WIN32
 | 
						
						
						
							|  |  | =====
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | This section describes how to build and run Suricata on Windows. Currently
 | 
						
						
						
							|  |  | Windows XP and above are supported and only in the IDS pcap mode.
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | 1. Setup MinGW environment from http://mingw.org
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | Do not use the automatic installer as it is deprecated. Manually unpack
 | 
						
						
						
							|  |  | the following packages to c:\mingw (use newer versions if you like):
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     * binutils
 | 
						
						
						
							|  |  |           o binutils-2.20–1-mingw32-bin.tar.gz
 | 
						
						
						
							|  |  |     * mingw-runtime (dev and dll):
 | 
						
						
						
							|  |  |           o mingwrt-3.17-mingw32-dll.tar.gz
 | 
						
						
						
							|  |  |           o mingwrt-3.17-mingw32-dev.tar.gz
 | 
						
						
						
							|  |  |     * w32api
 | 
						
						
						
							|  |  |           o w32api-3.14-mingw32-dev.tar.gz
 | 
						
						
						
							|  |  |     * required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads):
 | 
						
						
						
							|  |  |           o gmp-4.2.4-mingw32-dll.tar.gz
 | 
						
						
						
							|  |  |           o libiconv-1.13.1–1-mingw32-dll-2.tar.lzma
 | 
						
						
						
							|  |  |           o mpfr-2.4.1-mingw32-dll.tar.gz
 | 
						
						
						
							|  |  |           o pthreads-w32–2.8.0-mingw32-dll.tar.gz
 | 
						
						
						
							|  |  |     * gcc-core (bin and dll):
 | 
						
						
						
							|  |  |           o gcc-core-4.4.0-mingw32-bin.tar.gz
 | 
						
						
						
							|  |  |           o gcc-core-4.4.0-mingw32-dll.tar.gz
 | 
						
						
						
							|  |  |     * make
 | 
						
						
						
							|  |  |           o make-3.81–20090914-mingw32-bin.tar.gz
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | 2. Install MSYS
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     http://sourceforge.net/projects/mingw/files/
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     MSYS-1.0.11.exe (MSYS Base System)
 | 
						
						
						
							|  |  |     msysDTK-1.0.1.exe (MSYS Suplementary Tools)
 | 
						
						
						
							|  |  |     autoconf-2.63–1-msys-1.0.11-bin.tar.lzma
 | 
						
						
						
							|  |  |     automake-1.11–1-msys-1.0.11-bin.tar.lzma
 | 
						
						
						
							|  |  |     libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     MSYS will ask questions during the installation:
 | 
						
						
						
							|  |  |     Accept Post Install: [y]
 | 
						
						
						
							|  |  |     MinGW Installed? :   [y]
 | 
						
						
						
							|  |  |     path to MinGW:       [c:/MinGW]
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | 3. Get git
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     Download portable GIT from this URL:
 | 
						
						
						
							|  |  |     http://code.google.com/p/msysgit/
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     - unpack to /msys/1.0
 | 
						
						
						
							|  |  |     - don't forget to edit your ~/.gitconfig to at least give youreself a name :-)
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | 4. Get libpcre
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     http://www.pcre.org/
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     ./configure --enable-utf8 --disable-cpp --prefix=/mingw
 | 
						
						
						
							|  |  |     make
 | 
						
						
						
							|  |  |     make install
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | 5. Get libyaml
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     http://pyyaml.org/wiki/LibYAML
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     It does not support mingw compilation. However it works in static mode:
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     ./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC"
 | 
						
						
						
							|  |  |     make
 | 
						
						
						
							|  |  |     make install
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | 6. Get libpcap
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     Guide can be found here:
 | 
						
						
						
							|  |  |     http://mathieu.carbou.free.fr/wiki/index.php?title=Winpcap_/_Libpcap#Installing_Winpcap_in_MinGW
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     - Create symlink cc -> gcc
 | 
						
						
						
							|  |  |     - You can use the precompiled version: http://www.winpcap.org/devel.htm
 | 
						
						
						
							|  |  |     - Download and install a coresponding installer package (to have the driver in the system)
 | 
						
						
						
							|  |  |     - Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib
 | 
						
						
						
							|  |  |     - Rename libwpcap to libpcap
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | 7. Get zlib
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     http://sourceforge.net/projects/mingw/files/
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     ./configure --prefix=/mingw
 | 
						
						
						
							|  |  |     make
 | 
						
						
						
							|  |  |     make install
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | 8. Get and compile Suricata
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     git clone git://phalanx.openinfosecfoundation.org/oisf.git
 | 
						
						
						
							|  |  |     cd oisf
 | 
						
						
						
							|  |  |     ./autojunk.sh
 | 
						
						
						
							|  |  |     ./configure CFLAGS="-DYAML_DECLARE_STATIC"
 | 
						
						
						
							|  |  |     make
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  | If everything goes well, you'll end up with suricata.exe in src/.lib. To test it
 | 
						
						
						
							|  |  | you will need libpcre-0.dll and pthreadGC2.dll which you already have somewhere
 | 
						
						
						
							|  |  | under c:/mingw or c:/msys. To try it out:
 | 
						
						
						
							|  |  | 
 | 
						
						
						
							|  |  |     - copy the executable and the DLLs to a dedicated directory
 | 
						
						
						
							|  |  |     - get there classification.config and suricata.yaml
 | 
						
						
						
							|  |  |     - edit suricata.yaml (at least set the directories correctly)
 | 
						
						
						
							|  |  |     - determine your eth device UUID in the registry:
 | 
						
						
						
							|  |  |         HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
 | 
						
						
						
							|  |  |     - now cross your fingers and do:
 | 
						
						
						
							|  |  |         suricata.exe -c suricata.yaml -i \DEVICE\{your device uuid}
 |