Autogenerated on 2012-01-11
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104


Installation from GIT with PF RING on Ubuntu server 11.04

This guide is based on using Ubuntu Server 11.04
Linux ubuntu 2.6.38-8-generic x86_64 GNU/Linux


Pre installation requirements

Install the following packages, to make sure you have everything needed for the
installation:

  sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
  build-essential autoconf automake libtool libpcap-dev libnet1-dev \
  libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
  make flex bison git subversion

Go to your download directory and get the latest PF_RING:

  svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING


Compile and install

Next, enter the following commands for configuration and installation:

  cd PF_RING/kernel
  make && make install
  sudo insmod ./pf_ring.ko
  cd ../userland
  make && make install
  cd /lib
  ./configure && make && make install
  cd ../libpcap
  ./configure && make && make install
  cd /examples
  echo "options pf_ring transparent_mode=0 min_num_slots=32768
  enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf

To check if you have everything you need, enter:

  lsmod |grep pf_ring
  sudo modprobe pf_ring
  sudo modinfo pf_ring && cat /proc/net/pf_ring/info

To check if PF_RING is functional, enter the following:

  ./pfcount -i eth0


Suricata

Go to your download directory of choice, and enter:

  git clone git://phalanx.openinfosecfoundation.org/oisf.git
  cd oisf
  sudo ./autogen.sh
  sudo ./configure --enable-pfring && make && make install

You can always check if PF_RING is build in properly, by entering:

  suricata --build-info

To run Suricata with PF_RING, enter:

  suricata --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-
  type=cluster_flow -c /etc/suricata/suricata.yaml

Continue with the Basic_Setup.
Thanks to Peter Manev