Re: [PATCH] suricata: Enable EVE logging

[Stefan Schantl <stefan.schantl@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2698 bytes --]

Hello Michael & Erik,

when building suricata here, the build process automatically detected
and successfully linked the final suricata binary against libjannson.

I'm fine with your patch, because it hard switches libjannson support
to on and the entire build process would be fail, if the library could
not be linked or the include files are missing....

Best regards,

-Stefan

Acked-by: Stefan Schantl <stefan.schantl(a)ipfire.org>

> Hi Michael,
> 
> On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote:
> > Hi Erik,
> > 
> > I believe that Stefan has already enabled this in this commit:
> > 
> >   
> > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=616395f37c6d096607283cc17e5554cc03e9bcc6
> 
> this is indeed a needed step to build Jansson before Suricata, 
> made the same while an experimental try with EVEbox 
> --> https://forum.ipfire.org/viewtopic.php?f=50&t=22693#p124673
> but there was also the need to include the jansson libs in the LFS
> too.
> 
> > Are you saying that the library wasn’t linked before?
> Have looked in version 'v2.23-core131-215-gc899be2fd' where Stefans 
> patch is already included but if i change to chroot and execute a
> 
> suricata --build-info | grep jansson
> 
> i get
> 
>   libjansson support:                      no
> 
> so yes, i think the library isn´t linked even Jansson has been build
> before Suricata.
> 
> 
> > I am not sure what this patch is meant to achieve - assuming that
> > Stefan’s change isn’t broken.
> Possibly Suricata do not searches automatically for libjansson ?
> 
> > -Michael
> 
> Best,
> 
> Erik
> 
> > > On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge(a)ipfire.org> wrote:
> > > 
> > > The EVE output facility outputs alerts, metadata, file info and
> > > protocol specific records through JSON.
> > > for further informations please see --> 
> > > https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html
> > >  .
> > > 
> > > Signed-off-by: Erik Kapfer <ummeegge(a)ipfire.org>
> > > ---
> > > lfs/suricata | 2 ++
> > > 1 file changed, 2 insertions(+)
> > > 
> > > diff --git a/lfs/suricata b/lfs/suricata
> > > index 310920606..6f779d875 100644
> > > --- a/lfs/suricata
> > > +++ b/lfs/suricata
> > > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst
> > > %,$(DIR_DL)/%,$(objects))
> > > 		--enable-nfqueue \
> > > 		--disable-static \
> > > 		--disable-python \
> > > +		--with-libjansson-libraries=/usr/lib \
> > > +		--with-libjansson-includes=/usr/include \
> > > 		--disable-suricata-update
> > > 	cd $(DIR_APP) && make $(MAKETUNING)
> > > 	cd $(DIR_APP) && make install
> > > -- 
> > > 2.12.2
> > > 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]