From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] suricata: Enable EVE logging
Date: Thu, 06 Jun 2019 08:54:23 +0100
Message-ID: <33E7BD39-5682-490B-B9F3-070AFBC35F97@ipfire.org>
In-Reply-To: <7be56270b4f0261fe5d8d7bd13bc33139b69311e.camel@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============9115852249215935346=="
List-Id: <development.lists.ipfire.org>

--===============9115852249215935346==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Okay. Merged.

> On 5 Jun 2019, at 18:10, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
>=20
> Hello Michael & Erik,
>=20
> when building suricata here, the build process automatically detected
> and successfully linked the final suricata binary against libjannson.
>=20
> I'm fine with your patch, because it hard switches libjannson support
> to on and the entire build process would be fail, if the library could
> not be linked or the include files are missing....
>=20
> Best regards,
>=20
> -Stefan
>=20
> Acked-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
>=20
>> Hi Michael,
>>=20
>> On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote:
>>> Hi Erik,
>>>=20
>>> I believe that Stefan has already enabled this in this commit:
>>>=20
>>>=20
>>> https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D616395f37c6=
d096607283cc17e5554cc03e9bcc6
>>=20
>> this is indeed a needed step to build Jansson before Suricata,=20
>> made the same while an experimental try with EVEbox=20
>> --> https://forum.ipfire.org/viewtopic.php?f=3D50&t=3D22693#p124673
>> but there was also the need to include the jansson libs in the LFS
>> too.
>>=20
>>> Are you saying that the library wasn=E2=80=99t linked before?
>> Have looked in version 'v2.23-core131-215-gc899be2fd' where Stefans=20
>> patch is already included but if i change to chroot and execute a
>>=20
>> suricata --build-info | grep jansson
>>=20
>> i get
>>=20
>>  libjansson support:                      no
>>=20
>> so yes, i think the library isn=C2=B4t linked even Jansson has been build
>> before Suricata.
>>=20
>>=20
>>> I am not sure what this patch is meant to achieve - assuming that
>>> Stefan=E2=80=99s change isn=E2=80=99t broken.
>> Possibly Suricata do not searches automatically for libjansson ?
>>=20
>>> -Michael
>>=20
>> Best,
>>=20
>> Erik
>>=20
>>>> On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
>>>>=20
>>>> The EVE output facility outputs alerts, metadata, file info and
>>>> protocol specific records through JSON.
>>>> for further informations please see -->=20
>>>> https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html
>>>> .
>>>>=20
>>>> Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
>>>> ---
>>>> lfs/suricata | 2 ++
>>>> 1 file changed, 2 insertions(+)
>>>>=20
>>>> diff --git a/lfs/suricata b/lfs/suricata
>>>> index 310920606..6f779d875 100644
>>>> --- a/lfs/suricata
>>>> +++ b/lfs/suricata
>>>> @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst
>>>> %,$(DIR_DL)/%,$(objects))
>>>> 		--enable-nfqueue \
>>>> 		--disable-static \
>>>> 		--disable-python \
>>>> +		--with-libjansson-libraries=3D/usr/lib \
>>>> +		--with-libjansson-includes=3D/usr/include \
>>>> 		--disable-suricata-update
>>>> 	cd $(DIR_APP) && make $(MAKETUNING)
>>>> 	cd $(DIR_APP) && make install
>>>> --=20
>>>> 2.12.2
>>>>=20


--===============9115852249215935346==--