* [PATCH] suricata: Enable EVE logging @ 2019-06-04 13:00 Erik Kapfer 2019-06-05 8:53 ` Michael Tremer 0 siblings, 1 reply; 6+ messages in thread From: Erik Kapfer @ 2019-06-04 13:00 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 797 bytes --] The EVE output facility outputs alerts, metadata, file info and protocol specific records through JSON. for further informations please see --> https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html . Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> --- lfs/suricata | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lfs/suricata b/lfs/suricata index 310920606..6f779d875 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-nfqueue \ --disable-static \ --disable-python \ + --with-libjansson-libraries=/usr/lib \ + --with-libjansson-includes=/usr/include \ --disable-suricata-update cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install -- 2.12.2 ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] suricata: Enable EVE logging 2019-06-04 13:00 [PATCH] suricata: Enable EVE logging Erik Kapfer @ 2019-06-05 8:53 ` Michael Tremer 2019-06-05 15:27 ` ummeegge 0 siblings, 1 reply; 6+ messages in thread From: Michael Tremer @ 2019-06-05 8:53 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 1268 bytes --] Hi Erik, I believe that Stefan has already enabled this in this commit: https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=616395f37c6d096607283cc17e5554cc03e9bcc6 Are you saying that the library wasn’t linked before? I am not sure what this patch is meant to achieve - assuming that Stefan’s change isn’t broken. -Michael > On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge(a)ipfire.org> wrote: > > The EVE output facility outputs alerts, metadata, file info and protocol specific records through JSON. > for further informations please see --> https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html . > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > --- > lfs/suricata | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/lfs/suricata b/lfs/suricata > index 310920606..6f779d875 100644 > --- a/lfs/suricata > +++ b/lfs/suricata > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > --enable-nfqueue \ > --disable-static \ > --disable-python \ > + --with-libjansson-libraries=/usr/lib \ > + --with-libjansson-includes=/usr/include \ > --disable-suricata-update > cd $(DIR_APP) && make $(MAKETUNING) > cd $(DIR_APP) && make install > -- > 2.12.2 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] suricata: Enable EVE logging 2019-06-05 8:53 ` Michael Tremer @ 2019-06-05 15:27 ` ummeegge 2019-06-05 17:10 ` Stefan Schantl 0 siblings, 1 reply; 6+ messages in thread From: ummeegge @ 2019-06-05 15:27 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2126 bytes --] Hi Michael, On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote: > Hi Erik, > > I believe that Stefan has already enabled this in this commit: > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=616395f37c6d096607283cc17e5554cc03e9bcc6 this is indeed a needed step to build Jansson before Suricata, made the same while an experimental try with EVEbox --> https://forum.ipfire.org/viewtopic.php?f=50&t=22693#p124673 but there was also the need to include the jansson libs in the LFS too. > > Are you saying that the library wasn’t linked before? Have looked in version 'v2.23-core131-215-gc899be2fd' where Stefans patch is already included but if i change to chroot and execute a suricata --build-info | grep jansson i get libjansson support: no so yes, i think the library isn´t linked even Jansson has been build before Suricata. > > I am not sure what this patch is meant to achieve - assuming that > Stefan’s change isn’t broken. Possibly Suricata do not searches automatically for libjansson ? > > -Michael Best, Erik > > > On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge(a)ipfire.org> wrote: > > > > The EVE output facility outputs alerts, metadata, file info and > > protocol specific records through JSON. > > for further informations please see --> > > https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html > > . > > > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > > --- > > lfs/suricata | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/lfs/suricata b/lfs/suricata > > index 310920606..6f779d875 100644 > > --- a/lfs/suricata > > +++ b/lfs/suricata > > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > > --enable-nfqueue \ > > --disable-static \ > > --disable-python \ > > + --with-libjansson-libraries=/usr/lib \ > > + --with-libjansson-includes=/usr/include \ > > --disable-suricata-update > > cd $(DIR_APP) && make $(MAKETUNING) > > cd $(DIR_APP) && make install > > -- > > 2.12.2 > > > > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] suricata: Enable EVE logging 2019-06-05 15:27 ` ummeegge @ 2019-06-05 17:10 ` Stefan Schantl 2019-06-06 7:54 ` Michael Tremer 0 siblings, 1 reply; 6+ messages in thread From: Stefan Schantl @ 2019-06-05 17:10 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2698 bytes --] Hello Michael & Erik, when building suricata here, the build process automatically detected and successfully linked the final suricata binary against libjannson. I'm fine with your patch, because it hard switches libjannson support to on and the entire build process would be fail, if the library could not be linked or the include files are missing.... Best regards, -Stefan Acked-by: Stefan Schantl <stefan.schantl(a)ipfire.org> > Hi Michael, > > On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote: > > Hi Erik, > > > > I believe that Stefan has already enabled this in this commit: > > > > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=616395f37c6d096607283cc17e5554cc03e9bcc6 > > this is indeed a needed step to build Jansson before Suricata, > made the same while an experimental try with EVEbox > --> https://forum.ipfire.org/viewtopic.php?f=50&t=22693#p124673 > but there was also the need to include the jansson libs in the LFS > too. > > > Are you saying that the library wasn’t linked before? > Have looked in version 'v2.23-core131-215-gc899be2fd' where Stefans > patch is already included but if i change to chroot and execute a > > suricata --build-info | grep jansson > > i get > > libjansson support: no > > so yes, i think the library isn´t linked even Jansson has been build > before Suricata. > > > > I am not sure what this patch is meant to achieve - assuming that > > Stefan’s change isn’t broken. > Possibly Suricata do not searches automatically for libjansson ? > > > -Michael > > Best, > > Erik > > > > On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge(a)ipfire.org> wrote: > > > > > > The EVE output facility outputs alerts, metadata, file info and > > > protocol specific records through JSON. > > > for further informations please see --> > > > https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html > > > . > > > > > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > > > --- > > > lfs/suricata | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/lfs/suricata b/lfs/suricata > > > index 310920606..6f779d875 100644 > > > --- a/lfs/suricata > > > +++ b/lfs/suricata > > > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst > > > %,$(DIR_DL)/%,$(objects)) > > > --enable-nfqueue \ > > > --disable-static \ > > > --disable-python \ > > > + --with-libjansson-libraries=/usr/lib \ > > > + --with-libjansson-includes=/usr/include \ > > > --disable-suricata-update > > > cd $(DIR_APP) && make $(MAKETUNING) > > > cd $(DIR_APP) && make install > > > -- > > > 2.12.2 > > > [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] suricata: Enable EVE logging 2019-06-05 17:10 ` Stefan Schantl @ 2019-06-06 7:54 ` Michael Tremer 2019-06-06 17:40 ` ummeegge 0 siblings, 1 reply; 6+ messages in thread From: Michael Tremer @ 2019-06-06 7:54 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 2827 bytes --] Okay. Merged. > On 5 Jun 2019, at 18:10, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote: > > Hello Michael & Erik, > > when building suricata here, the build process automatically detected > and successfully linked the final suricata binary against libjannson. > > I'm fine with your patch, because it hard switches libjannson support > to on and the entire build process would be fail, if the library could > not be linked or the include files are missing.... > > Best regards, > > -Stefan > > Acked-by: Stefan Schantl <stefan.schantl(a)ipfire.org> > >> Hi Michael, >> >> On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote: >>> Hi Erik, >>> >>> I believe that Stefan has already enabled this in this commit: >>> >>> >>> https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=616395f37c6d096607283cc17e5554cc03e9bcc6 >> >> this is indeed a needed step to build Jansson before Suricata, >> made the same while an experimental try with EVEbox >> --> https://forum.ipfire.org/viewtopic.php?f=50&t=22693#p124673 >> but there was also the need to include the jansson libs in the LFS >> too. >> >>> Are you saying that the library wasn’t linked before? >> Have looked in version 'v2.23-core131-215-gc899be2fd' where Stefans >> patch is already included but if i change to chroot and execute a >> >> suricata --build-info | grep jansson >> >> i get >> >> libjansson support: no >> >> so yes, i think the library isn´t linked even Jansson has been build >> before Suricata. >> >> >>> I am not sure what this patch is meant to achieve - assuming that >>> Stefan’s change isn’t broken. >> Possibly Suricata do not searches automatically for libjansson ? >> >>> -Michael >> >> Best, >> >> Erik >> >>>> On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge(a)ipfire.org> wrote: >>>> >>>> The EVE output facility outputs alerts, metadata, file info and >>>> protocol specific records through JSON. >>>> for further informations please see --> >>>> https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html >>>> . >>>> >>>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> >>>> --- >>>> lfs/suricata | 2 ++ >>>> 1 file changed, 2 insertions(+) >>>> >>>> diff --git a/lfs/suricata b/lfs/suricata >>>> index 310920606..6f779d875 100644 >>>> --- a/lfs/suricata >>>> +++ b/lfs/suricata >>>> @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst >>>> %,$(DIR_DL)/%,$(objects)) >>>> --enable-nfqueue \ >>>> --disable-static \ >>>> --disable-python \ >>>> + --with-libjansson-libraries=/usr/lib \ >>>> + --with-libjansson-includes=/usr/include \ >>>> --disable-suricata-update >>>> cd $(DIR_APP) && make $(MAKETUNING) >>>> cd $(DIR_APP) && make install >>>> -- >>>> 2.12.2 >>>> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] suricata: Enable EVE logging 2019-06-06 7:54 ` Michael Tremer @ 2019-06-06 17:40 ` ummeegge 0 siblings, 0 replies; 6+ messages in thread From: ummeegge @ 2019-06-06 17:40 UTC (permalink / raw) To: development [-- Attachment #1: Type: text/plain, Size: 3407 bytes --] Hi Stevee and Michael, thank you both for checking this out and for the merge. Best, Erik On Do, 2019-06-06 at 08:54 +0100, Michael Tremer wrote: > Okay. Merged. > > > On 5 Jun 2019, at 18:10, Stefan Schantl <stefan.schantl(a)ipfire.org> > > wrote: > > > > Hello Michael & Erik, > > > > when building suricata here, the build process automatically > > detected > > and successfully linked the final suricata binary against > > libjannson. > > > > I'm fine with your patch, because it hard switches libjannson > > support > > to on and the entire build process would be fail, if the library > > could > > not be linked or the include files are missing.... > > > > Best regards, > > > > -Stefan > > > > Acked-by: Stefan Schantl <stefan.schantl(a)ipfire.org> > > > > > Hi Michael, > > > > > > On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote: > > > > Hi Erik, > > > > > > > > I believe that Stefan has already enabled this in this commit: > > > > > > > > > > > > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=616395f37c6d096607283cc17e5554cc03e9bcc6 > > > > > > this is indeed a needed step to build Jansson before Suricata, > > > made the same while an experimental try with EVEbox > > > --> https://forum.ipfire.org/viewtopic.php?f=50&t=22693#p124673 > > > but there was also the need to include the jansson libs in the > > > LFS > > > too. > > > > > > > Are you saying that the library wasn’t linked before? > > > > > > Have looked in version 'v2.23-core131-215-gc899be2fd' where > > > Stefans > > > patch is already included but if i change to chroot and execute a > > > > > > suricata --build-info | grep jansson > > > > > > i get > > > > > > libjansson support: no > > > > > > so yes, i think the library isn´t linked even Jansson has been > > > build > > > before Suricata. > > > > > > > > > > I am not sure what this patch is meant to achieve - assuming > > > > that > > > > Stefan’s change isn’t broken. > > > > > > Possibly Suricata do not searches automatically for libjansson ? > > > > > > > -Michael > > > > > > Best, > > > > > > Erik > > > > > > > > On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge(a)ipfire.org> > > > > > wrote: > > > > > > > > > > The EVE output facility outputs alerts, metadata, file info > > > > > and > > > > > protocol specific records through JSON. > > > > > for further informations please see --> > > > > > https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html > > > > > . > > > > > > > > > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org> > > > > > --- > > > > > lfs/suricata | 2 ++ > > > > > 1 file changed, 2 insertions(+) > > > > > > > > > > diff --git a/lfs/suricata b/lfs/suricata > > > > > index 310920606..6f779d875 100644 > > > > > --- a/lfs/suricata > > > > > +++ b/lfs/suricata > > > > > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst > > > > > %,$(DIR_DL)/%,$(objects)) > > > > > --enable-nfqueue \ > > > > > --disable-static \ > > > > > --disable-python \ > > > > > + --with-libjansson-libraries=/usr/lib \ > > > > > + --with-libjansson-includes=/usr/include \ > > > > > --disable-suricata-update > > > > > cd $(DIR_APP) && make $(MAKETUNING) > > > > > cd $(DIR_APP) && make install > > > > > -- > > > > > 2.12.2 > > > > > > > ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-06-06 17:40 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-06-04 13:00 [PATCH] suricata: Enable EVE logging Erik Kapfer 2019-06-05 8:53 ` Michael Tremer 2019-06-05 15:27 ` ummeegge 2019-06-05 17:10 ` Stefan Schantl 2019-06-06 7:54 ` Michael Tremer 2019-06-06 17:40 ` ummeegge
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox