From 8879b125d26e8db1a5633de5a9c692eb2d1c4f83 Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Wed, 9 Sep 2015 22:21:41 -0700 Subject: suricata checkin based on commit id a4bce14770beee46a537eda3c3f6e8e8565d5d0a Change-Id: I9a214fa0ee95e58fc640e50bd604dac7f42db48f --- .../doc/Installation_from_GIT_with_PCRE-JIT.txt | 119 +++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 framework/src/suricata/doc/Installation_from_GIT_with_PCRE-JIT.txt (limited to 'framework/src/suricata/doc/Installation_from_GIT_with_PCRE-JIT.txt') diff --git a/framework/src/suricata/doc/Installation_from_GIT_with_PCRE-JIT.txt b/framework/src/suricata/doc/Installation_from_GIT_with_PCRE-JIT.txt new file mode 100644 index 00000000..93aecb0b --- /dev/null +++ b/framework/src/suricata/doc/Installation_from_GIT_with_PCRE-JIT.txt @@ -0,0 +1,119 @@ +Autogenerated on 2012-11-29 +from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PCRE-JIT + + +Installation from GIT with PCRE-JIT + +In this guide will be explained how to install and use the most recent code of +Suricata on Ubuntu together with PCRE with JIT 8.20-RC1 support. The goal of +PCRE-JIT is to improve the pcre pattern matching performance of the pcre +library. +The easiest way to see performance difference is to create a couple of pcre +only rules or use for example the SSN rules from ET, and compare the +performance statistics for rules. +Installing from GIT on other operating systems is basically the same, except +that some commands are Ubuntu-specific (like sudo and apt-get). In case you are +using another operating system, you should replace those commands by your +operating-specific commands. + +Pre-installation requirements + +Before you can build Suricata with PCRE-JIT for your system, run the following +command to ensure that you have everything you need for the installation. + + sudo apt-get -y install build-essential autoconf automake \ + libtool libpcap-dev libnet1-dev libyaml-0-2 libyaml-dev \ + zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \ + make g++ + sudo apt-get install git-core + +Depending on the current status of your system, it may take a while to complete +this process. + +PCRE with JIT support + +Enter the following commands for PCRE JIT installation: + + wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/Testing/pcre-8.20- + RC1.tar.gz + tar -xzvf pcre-8.20-RC1.tar.gz + cd pcre-8.20-RC1 + ./configure --enable-jit + +Make sure you see that JIT compiling support is enabled, see example: + + make + sudo make install + + + +HTP + + +HTP is bundled with Suricata and installed automatically. If you need to +install HTP manually for other reasons, instructions can be found at HTP +library_installation. + + +IPS + + +By default, Suricata works as an IDS. If you want to use it as a IDS and IPS +program, enter: + + sudo apt-get -y install libnetfilter-queue-dev libnetfilter-queue1 + libnfnetlink-dev libnfnetlink0 + + +Suricata + +First, it is convenient to create a directory for Suricata. Name it 'suricata' +for example. Open the terminal and enter: + + mkdir suricata + +Followed by: + + cd suricata + +Next, enter the following line in the terminal: + + git clone git://phalanx.openinfosecfoundation.org/oisf.git + cd oisf + +Followed by: + + ./autogen.sh + + +Compile and install + +To configure, please enter: + + ./configure --enable-pcre-jit \ + --with-libpcre-includes=/usr/local/include \ + --with-libpcre-libraries=/usr/local/lib + +After entering the previous, make sure that your screen looks like the +following example and you have PCRE with JIT support: + + make + sudo make install + + sudo ldconfig + +To check the build information you can enter: + + suricata --build-info + +Please continue with Basic_Setup. +In case you have already made a map for the most recent code, downloaded the +code into that map, and want to download recent code again, please enter: + + cd suricata/oisf + +next, enter: + + git pull + +After that, you start again at running autogen. -- cgit 1.2.3-korg