From mboxrd@z Thu Jan  1 00:00:00 1970
From: ummeegge <ummeegge@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] suricata: Enable EVE logging
Date: Wed, 05 Jun 2019 17:27:00 +0200
Message-ID: <59c724e1c1a3634085a1027f05a72035ce977084.camel@ipfire.org>
In-Reply-To: <72926E8A-417B-42D7-A629-8E5D579A1DFD@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0548421587305987252=="
List-Id: <development.lists.ipfire.org>

--===============0548421587305987252==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Michael,

On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote:
> Hi Erik,
>=20
> I believe that Stefan has already enabled this in this commit:
>=20
>  =20
> https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D616395f37c6d0=
96607283cc17e5554cc03e9bcc6

this is indeed a needed step to build Jansson before Suricata,=20
made the same while an experimental try with EVEbox=20
--> https://forum.ipfire.org/viewtopic.php?f=3D50&t=3D22693#p124673
but there was also the need to include the jansson libs in the LFS too.

>=20
> Are you saying that the library wasn=E2=80=99t linked before?
Have looked in version 'v2.23-core131-215-gc899be2fd' where Stefans=20
patch is already included but if i change to chroot and execute a

suricata --build-info | grep jansson

i get

  libjansson support:                      no

so yes, i think the library isn=C2=B4t linked even Jansson has been build
before Suricata.


>=20
> I am not sure what this patch is meant to achieve - assuming that
> Stefan=E2=80=99s change isn=E2=80=99t broken.
Possibly Suricata do not searches automatically for libjansson ?

>=20
> -Michael

Best,

Erik

>=20
> > On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
> >=20
> > The EVE output facility outputs alerts, metadata, file info and
> > protocol specific records through JSON.
> > for further informations please see -->=20
> > https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html
> >  .
> >=20
> > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> > ---
> > lfs/suricata | 2 ++
> > 1 file changed, 2 insertions(+)
> >=20
> > diff --git a/lfs/suricata b/lfs/suricata
> > index 310920606..6f779d875 100644
> > --- a/lfs/suricata
> > +++ b/lfs/suricata
> > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
> > 		--enable-nfqueue \
> > 		--disable-static \
> > 		--disable-python \
> > +		--with-libjansson-libraries=3D/usr/lib \
> > +		--with-libjansson-includes=3D/usr/include \
> > 		--disable-suricata-update
> > 	cd $(DIR_APP) && make $(MAKETUNING)
> > 	cd $(DIR_APP) && make install
> > --=20
> > 2.12.2
> >=20
>=20
>=20


--===============0548421587305987252==--