Autogenerated on 2012-11-29 from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows Windows NOTE - A new instruction set for Suricata installation (and/or compilation from scratch) can be found here: https://redmine.openinfosecfoundation.org/projects/suricata/files also a windows binary - self extracting auto install package is available here: http://www.openinfosecfoundation.org/index.php/download-suricata Preparing the build environment The instructions below should be followed in the order they appear. If your configuration requires unique actions to compile the package and/or you significantly modify the configure shell script, please e-mail the details of your requirements and/or solution to bugreports@openinfosecfoundation.org. Set up MinGW environment from http://mingw.org/ Do not use the automatic installer, as it is deprecated. Instead, manually unpack the following packages to c:\mingw (you may use newer versions if you prefer): * binutils o binutils-2.20-1-mingw32-bin.tar.gz * mingw-runtime (dev and dll) o mingwrt-3.17-mingw32-dll.tar.gz o mingwrt-3.17-mingw32-dev.tar.gz * w32api o w32api-3.14-mingw32-dev.tar.gz * Required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads) o gmp-4.2.4-mingw32-dll.tar.gz o libiconv-1.13.1-1-mingw32-dll-2.tar.lzma o mpfr-2.4.1-mingw32-dll.tar.gz o pthreads-w32-2.8.0-mingw32-dll.tar.gz * gcc-core (bin and dll) o gcc-core-4.4.0-mingw32-bin.tar.gz o gcc-core-4.4.0-mingw32-dll.tar.gz * make o make-3.81-20090914-mingw32-bin.tar.gz * zlib o libz-1.2.3-1-mingw32-dll-1.tar.gz + libz-1.2.3-1-mingw32-dev.tar.gz Download MSYS Get MSYS from http://sourceforge.net/projects/mingw/files/ and install MSYS-1.0.11.exe (MSYS Base System) msysDTK-1.0.1.exe (MSYS Suplementary Tools) autoconf-2.63-1-msys-1.0.11-bin.tar.lzma automake-1.11-1-msys-1.0.11-bin.tar.lzma libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma MSYS will ask the following questions during installation. Accept Post Install: [y] MinGW Installed? : [y] path to MinGW: [c:/MinGW] Download pkg-config Install pkg-config taken from http://wiki.videolan.org/Win32CompileMSYSNew#PKG- CONFIG Download and extract the following into c:\Msys\1.0 http://ftp.gnome.org/pub/GNOME/binaries/win32/glib/2.18/glib_2.18.2- 1_win32.zip ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config_0.23- 3_win32.zip ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config- dev_0.23-3_win32.zip Set PKG_CONFIG_PATH=/win32/lib/pkgconfig (e.g. by adding the Windows environment variable PKG_CONFIG_PATH in "Control Panel"->"System"->"Advanced System Settings"->"Environment Variables" and setting the value to /win32/lib/pkgconfig) Download Git sources Get Git sources from http://code.google.com/p/msysgit/ Unpack to /msys/1.0 Remember to edit ~/.gitconfig to set your username Download libpcre Get libpcre from http://www.pcre.org/ ./configure --enable-utf8 --disable-cpp --prefix=/mingw make make install Download libyaml Download libyaml from http://pyyaml.org/wiki/LibYAML Though libyaml does not support mingw compilation, it does work in static mode. ./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC" make make install Download libpcap Download the developer pack from http://www.winpcap.org/devel.htm To have the driver in the system, download and install a corresponding installer package from http://www.winpcap.org/install/default.htm Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib Rename libwpcap.a to libpcap.a Get and compile Suricata git clone git://phalanx.openinfosecfoundation.org/oisf.git cd oisf Because of an autotools port bug, you will need to do the following: dos2unix.exe libhtp/configure.ac dos2unix.exe libhtp/htp.pc.in dos2unix.exe libhtp/Makefile.am ./autogen.sh ./configure CFLAGS="-DYAML_DECLARE_STATIC" Add --enable-nfqueue as a configurable parameter to enable inline mode. make If the full installation is successful, suricata.exe will be located in src/.lib. To test your build, you will need libpcre-0.dll, libz-1.dll, and pthreadGC2.dll, all of which should already be installed under c:/mingw or c:/ msys. preparing the runtime environment. To prepare the runtime environment, you must copy the executable and DLLs to a dedicated directory. Get the classification.config and suricata.yaml, and then edit suricata.yaml to ensure the directories are correctly identified. pcap mode If you have not already done so, install winpcap runtime and its driver. Then, determine your eth device UUID in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\ suricata.exe -c suricata.yaml -i \device\ In the example above, device should be replaced with your device uuid. Inline mode To operate in inline mode, you must download, compile and install netfilterforwin, which is the netfilter.sys driver and Windows port of the libnetfilter_queue library. Download and install the Windows Driver Kit from Microsoft http://www.microsoft.com/downloads/ details.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff Download netfilterforwin from http://sourceforge.net/projects/netfilterforwin/ Unpack it so the netfilterforwin directory is beside the oisf directory. You must omit the version from its name. Compile the driver Open the correct build environment from your Start menu Start > All Programs > Windows Driver Kits > WDK xxxx.yyyy.z > Build Environments > Windows Server 2003 > x86 Free Build Environment At your command line prompt, enter the following: cd netfilterforwin/netfilter nmake Install the driver Copy inf/* files and the freshly built netfilter.sys to a separate directory, and then open the network connections. Right-click an interface, then select Properties Click install... Select Service Click Add Click Have disk... Browse to the directory with the inf files and netfilter.sys, select netfilter.inf, and then click Ok. Confirm everything The driver is now installed. Run Suricata in inline mode suricata.exe -c suricata.yaml -q 0