From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: [PATCH] suricata: Enable EVE logging Date: Wed, 05 Jun 2019 19:10:55 +0200 Message-ID: <7be56270b4f0261fe5d8d7bd13bc33139b69311e.camel@ipfire.org> In-Reply-To: <59c724e1c1a3634085a1027f05a72035ce977084.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8763089943577975847==" List-Id: --===============8763089943577975847== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael & Erik, when building suricata here, the build process automatically detected and successfully linked the final suricata binary against libjannson. I'm fine with your patch, because it hard switches libjannson support to on and the entire build process would be fail, if the library could not be linked or the include files are missing.... Best regards, -Stefan Acked-by: Stefan Schantl > Hi Michael, >=20 > On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote: > > Hi Erik, > >=20 > > I believe that Stefan has already enabled this in this commit: > >=20 > > =20 > > https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D616395f37c6= d096607283cc17e5554cc03e9bcc6 >=20 > this is indeed a needed step to build Jansson before Suricata,=20 > made the same while an experimental try with EVEbox=20 > --> https://forum.ipfire.org/viewtopic.php?f=3D50&t=3D22693#p124673 > but there was also the need to include the jansson libs in the LFS > too. >=20 > > Are you saying that the library wasn=E2=80=99t linked before? > Have looked in version 'v2.23-core131-215-gc899be2fd' where Stefans=20 > patch is already included but if i change to chroot and execute a >=20 > suricata --build-info | grep jansson >=20 > i get >=20 > libjansson support: no >=20 > so yes, i think the library isn=C2=B4t linked even Jansson has been build > before Suricata. >=20 >=20 > > I am not sure what this patch is meant to achieve - assuming that > > Stefan=E2=80=99s change isn=E2=80=99t broken. > Possibly Suricata do not searches automatically for libjansson ? >=20 > > -Michael >=20 > Best, >=20 > Erik >=20 > > > On 4 Jun 2019, at 14:00, Erik Kapfer wrote: > > >=20 > > > The EVE output facility outputs alerts, metadata, file info and > > > protocol specific records through JSON. > > > for further informations please see -->=20 > > > https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html > > > . > > >=20 > > > Signed-off-by: Erik Kapfer > > > --- > > > lfs/suricata | 2 ++ > > > 1 file changed, 2 insertions(+) > > >=20 > > > diff --git a/lfs/suricata b/lfs/suricata > > > index 310920606..6f779d875 100644 > > > --- a/lfs/suricata > > > +++ b/lfs/suricata > > > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst > > > %,$(DIR_DL)/%,$(objects)) > > > --enable-nfqueue \ > > > --disable-static \ > > > --disable-python \ > > > + --with-libjansson-libraries=3D/usr/lib \ > > > + --with-libjansson-includes=3D/usr/include \ > > > --disable-suricata-update > > > cd $(DIR_APP) && make $(MAKETUNING) > > > cd $(DIR_APP) && make install > > > --=20 > > > 2.12.2 > > >=20 --===============8763089943577975847== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUVXTzBOWHRTcnZo YXN5dERuVHRkT0ZZK1RzdDRGQWx6Mzk1OEFDZ2tRVHRkT0ZZK1QKc3Q3MjFRLy9RaURYZGYvdEx5 UzRtZ0Jkakt1dXBNTjVGWnBodGYxdWNWZ2k0ZWpFT3hLRVF3WmxDeGFENXdBYQpRMDdEVEx5YXM3 QTZkamR4L0EycGY3YkxEeW9CZ3ZOMEhmOElEbmlOY0tqRWkvRWpkMmVCSE8wOUVqaTQ3YmhSCmt4 K0VoVFJmV3dQa2NMQmkzcWRmYTJCWGw1UFRTbVVaNlUvcXd0Y1hJbEFFeDZ4cUJ2dVAvWEd3cm40 R21kak8KVEZaMjhITUU4b0twWndOWkZiT0hucER2ZGNCSms3bHo1eXp4R09KRXhGT04rNmRJS3FL WDc2V2IwVlBhZ04vZgpRMGFobmhuWXFsNEdRQThRdjN6bVphdWRnNXFNeWk0WmpMa0tHU1E0OURB VjZOc2p5dEI0VnVOSmJSZWE1RHBxCitjWHpGYjZIWXRyK2lOaWk2OEtJNTBNUHIyWlpYR1V5dlBa ajNqMGRCdGVSOXJEenhIOWF5ZUFRZW9BbXJlaTMKeWd4NlB0MHJNY011UVNYWU5YNWplOUtxSTVM NWpNYVVaUVhhalNUNHpsL2tvWFBEczFoQjZWdTVMclF5OFN6VApNREhaWEd5WGxlQXNKM2JBYmow QmFtMWF4MlNlTHc3WFdoVzAxOE5oVVpBNW9oOWhMdVMyaUxxYS9hQmxKbE1wClhURG8zKzdwRVJY dEU5S29tSnplck1HOUFEeVFxWHUrU3BZbTYrd1JpdzVTRjU4QndvNGRVRDRjZlFWVVZkczAKU2dB OGY2dXF0YUREWStHZC9XQ1RVUjdlNmtMMmR5cW0rMzZFNFM0cHVtSjRhVmQrZmx2RmRYYUFCMU45 cERFVwp2RjF1V1hJa2ZOcXpwdWxINWwrR3hYaVhRdXlOMEpXam5VSTdoejYxU2VaVlY4dUpBQ289 Cj1FdysxCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============8763089943577975847==--