From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: [PATCH] suricata: Enable EVE logging Date: Thu, 06 Jun 2019 19:40:35 +0200 Message-ID: In-Reply-To: <33E7BD39-5682-490B-B9F3-070AFBC35F97@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5648046343791402126==" List-Id: --===============5648046343791402126== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Stevee and Michael, thank you both for checking this out and for the merge. Best, Erik On Do, 2019-06-06 at 08:54 +0100, Michael Tremer wrote: > Okay. Merged. >=20 > > On 5 Jun 2019, at 18:10, Stefan Schantl > > wrote: > >=20 > > Hello Michael & Erik, > >=20 > > when building suricata here, the build process automatically > > detected > > and successfully linked the final suricata binary against > > libjannson. > >=20 > > I'm fine with your patch, because it hard switches libjannson > > support > > to on and the entire build process would be fail, if the library > > could > > not be linked or the include files are missing.... > >=20 > > Best regards, > >=20 > > -Stefan > >=20 > > Acked-by: Stefan Schantl > >=20 > > > Hi Michael, > > >=20 > > > On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote: > > > > Hi Erik, > > > >=20 > > > > I believe that Stefan has already enabled this in this commit: > > > >=20 > > > >=20 > > > >=20 https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dcommitdiff;h=3D616395f37c6d096= 607283cc17e5554cc03e9bcc6 > > >=20 > > > this is indeed a needed step to build Jansson before Suricata,=20 > > > made the same while an experimental try with EVEbox=20 > > > --> https://forum.ipfire.org/viewtopic.php?f=3D50&t=3D22693#p124673 > > > but there was also the need to include the jansson libs in the > > > LFS > > > too. > > >=20 > > > > Are you saying that the library wasn=E2=80=99t linked before? > > >=20 > > > Have looked in version 'v2.23-core131-215-gc899be2fd' where > > > Stefans=20 > > > patch is already included but if i change to chroot and execute a > > >=20 > > > suricata --build-info | grep jansson > > >=20 > > > i get > > >=20 > > > libjansson support: no > > >=20 > > > so yes, i think the library isn=C2=B4t linked even Jansson has been > > > build > > > before Suricata. > > >=20 > > >=20 > > > > I am not sure what this patch is meant to achieve - assuming > > > > that > > > > Stefan=E2=80=99s change isn=E2=80=99t broken. > > >=20 > > > Possibly Suricata do not searches automatically for libjansson ? > > >=20 > > > > -Michael > > >=20 > > > Best, > > >=20 > > > Erik > > >=20 > > > > > On 4 Jun 2019, at 14:00, Erik Kapfer > > > > > wrote: > > > > >=20 > > > > > The EVE output facility outputs alerts, metadata, file info > > > > > and > > > > > protocol specific records through JSON. > > > > > for further informations please see -->=20 > > > > >=20 https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html > > > > > . > > > > >=20 > > > > > Signed-off-by: Erik Kapfer > > > > > --- > > > > > lfs/suricata | 2 ++ > > > > > 1 file changed, 2 insertions(+) > > > > >=20 > > > > > diff --git a/lfs/suricata b/lfs/suricata > > > > > index 310920606..6f779d875 100644 > > > > > --- a/lfs/suricata > > > > > +++ b/lfs/suricata > > > > > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst > > > > > %,$(DIR_DL)/%,$(objects)) > > > > > --enable-nfqueue \ > > > > > --disable-static \ > > > > > --disable-python \ > > > > > + --with-libjansson-libraries=3D/usr/lib \ > > > > > + --with-libjansson-includes=3D/usr/include \ > > > > > --disable-suricata-update > > > > > cd $(DIR_APP) && make $(MAKETUNING) > > > > > cd $(DIR_APP) && make install > > > > > --=20 > > > > > 2.12.2 > > > > >=20 >=20 >=20 --===============5648046343791402126==--