Autogenerated on 2012-11-29 from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6 Installation with CUDA and PFRING on Scientific Linux 6 For setup and install you need to be root: mkdir /root/src cd /root/src Pre installation requirements Install the following packages, to make sure you have everything needed for the installation: yum install mpfr-2.4.1-6.el6.x86_64 cpp-4.4.4-13.el6.x86_64 ppl-0.10.2- 11.el6.x86_64 \ cloog-ppl-0.15.7-1.2.el6.x86_64 gcc-4.4.4-13.el6.x86_64 kernel-devel-2.6.32- 131.2.1.el6.x86_64 \ pcre-devel-7.8-3.1.el6.x86_64 libpcap-devel-1.0.0- 6.20091201git117cb5.el6.x86_64 \ yum-plugin-priorities-1.1.26-11.el6.noarch yum-conf-sl6x-1-1.noarch libyaml- 0.1.3-1.el6.rf.x86_64 \ libyaml-devel-0.1.3-1.el6.rf.x86_64 libnet-1.1.2.1-2.2.el6.rf.x86_64 flex- 2.5.35-8.el6.x86_64 \ bison-2.4.1-5.el6.x86_64 gcc-c++-4.4.4-13.el6.x86_64 CUDA Download and install NVIDIA CUDA drivers: wget http://us.download.nvidia.com/XFree86/Linux-x86_64/270.41.19/NVIDIA- Linux-x86_64-270.41.19.run chmod +x NVIDIA-Linux-x86_64-270.41.19.run ./NVIDIA-Linux-x86_64-270.41.19.run You also need to download and install the CUDA toolkit for RHEL6 : wget http://developer.download.nvidia.com/compute/cuda/4_0/toolkit/ cudatoolkit_4.0.17_linux_64_rhel6.0.run chmod +x cudatoolkit_4.0.17_linux_64_rhel6.0.run ./cudatoolkit_4.0.17_linux_64_rhel6.0.run Make sure the kernel modules are loaded: /sbin/modprobe -r nouveau && /sbin/modprobe nvidia To ensure the proper NVIDIA CUDA modules get loaded on reboot, add the above line to your /etc/rc.local file. PF_RING Go to your download directory and get the latest PF_RING: svn export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ pfring-svn- latest Compile and install Next, enter the following commands for configuration and installation: cd pfring-svn-latest/kernel make && sudo make install cd ../userland/lib ./configure --prefix=/usr/local/pfring && make && sudo make install cd ../libpcap-1.1.1-ring ./configure --prefix=/usr/local/pfring && make && sudo make install cd ../tcpdump-4.1.1 ./configure --prefix=/usr/local/pfring && make && sudo make install Load the pf_ring kernel module: /sbin/modprobe pf_ring To ensure the pf_ring module gets loaded on reboot, add the above line to your /etc/rc.local file. Suricata Download and install Suricata: wget http://www.openinfosecfoundation.org/download/suricata-1.1beta2.tar.gz And unpack it: tar -xvzf suricata-1.1beta2.tar.gz Change to the unpacked directory: cd suricata-1.1beta2 Now compile and install Suricata with PF_RING and CUDA support: ./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda- includes=/usr/local/cuda/include \ --with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring --with-libpfring- libraries=/usr/local/lib \ --with-libpfring-includes=/usr/local/include --with-libpcap-libraries=/usr/ local/lib --with-libpcap-includes=/usr/local/include make make install Continue with the Basic_Setup Next, you need to edit max-pending-packets in your /etc/suricata/suricata.yaml. If you don't have one, download a generic one to get started: cd /etc/suricata wget https://rules.emergingthreatspro.com/open-nogpl/suricata/suricata- open.yaml Edit your suricata-open.yaml file accordingly. The number of packets allowed to be processed simultaneously can be whatever you want but it is recommended that it be 4000 or more. For example: max-pending-packets: 12288 Next make sure the following line is present in the multi pattern algorithm section: mpm-algo: b2g_cuda Rules Read the information in Rule_Management_with_Oinkmaster Add rules to suricata: cd /etc/suricata wget https://rules.emergingthreatspro.com/open-nogpl/suricata/ emerging.rules.tar.gz tar -xvzf emerging.rules.tar.gz Make sure your .yaml file includes the /etc/suricata/rules/emerging-*.rules files (they may need to be uncommented). Run Suricata as followed: cd /etc/suricata /usr/local/bin/suricata -c /etc/suricata/suricata.yaml\ --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow touch /var/lock/subsys/local References PF_RING http://www.ntop.org/products/pf_ring/