blob: 64012df97552b124cbf6d8f920322d370e9a9da0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
Autogenerated on 2012-01-11
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104
Installation from GIT with PF RING on Ubuntu server 11.04
This guide is based on using Ubuntu Server 11.04
Linux ubuntu 2.6.38-8-generic x86_64 GNU/Linux
Pre installation requirements
Install the following packages, to make sure you have everything needed for the
installation:
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
make flex bison git subversion
Go to your download directory and get the latest PF_RING:
svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING
Compile and install
Next, enter the following commands for configuration and installation:
cd PF_RING/kernel
make && make install
sudo insmod ./pf_ring.ko
cd ../userland
make && make install
cd /lib
./configure && make && make install
cd ../libpcap
./configure && make && make install
cd /examples
echo "options pf_ring transparent_mode=0 min_num_slots=32768
enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf
To check if you have everything you need, enter:
lsmod |grep pf_ring
sudo modprobe pf_ring
sudo modinfo pf_ring && cat /proc/net/pf_ring/info
To check if PF_RING is functional, enter the following:
./pfcount -i eth0
Suricata
Go to your download directory of choice, and enter:
git clone git://phalanx.openinfosecfoundation.org/oisf.git
cd oisf
sudo ./autogen.sh
sudo ./configure --enable-pfring && make && make install
You can always check if PF_RING is build in properly, by entering:
suricata --build-info
To run Suricata with PF_RING, enter:
suricata --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-
type=cluster_flow -c /etc/suricata/suricata.yaml
Continue with the Basic_Setup.
Thanks to Peter Manev
|