[PATCH] suricata: Enable EVE logging

Stefan Schantl stefan.schantl at ipfire.org
Wed Jun 5 18:10:55 BST 2019


Hello Michael & Erik,

when building suricata here, the build process automatically detected
and successfully linked the final suricata binary against libjannson.

I'm fine with your patch, because it hard switches libjannson support
to on and the entire build process would be fail, if the library could
not be linked or the include files are missing....

Best regards,

-Stefan

Acked-by: Stefan Schantl <stefan.schantl at ipfire.org>

> Hi Michael,
> 
> On Mi, 2019-06-05 at 09:53 +0100, Michael Tremer wrote:
> > Hi Erik,
> > 
> > I believe that Stefan has already enabled this in this commit:
> > 
> >   
> > https://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff;h=616395f37c6d096607283cc17e5554cc03e9bcc6
> 
> this is indeed a needed step to build Jansson before Suricata, 
> made the same while an experimental try with EVEbox 
> --> https://forum.ipfire.org/viewtopic.php?f=50&t=22693#p124673
> but there was also the need to include the jansson libs in the LFS
> too.
> 
> > Are you saying that the library wasn’t linked before?
> Have looked in version 'v2.23-core131-215-gc899be2fd' where Stefans 
> patch is already included but if i change to chroot and execute a
> 
> suricata --build-info | grep jansson
> 
> i get
> 
>   libjansson support:                      no
> 
> so yes, i think the library isn´t linked even Jansson has been build
> before Suricata.
> 
> 
> > I am not sure what this patch is meant to achieve - assuming that
> > Stefan’s change isn’t broken.
> Possibly Suricata do not searches automatically for libjansson ?
> 
> > -Michael
> 
> Best,
> 
> Erik
> 
> > > On 4 Jun 2019, at 14:00, Erik Kapfer <ummeegge at ipfire.org> wrote:
> > > 
> > > The EVE output facility outputs alerts, metadata, file info and
> > > protocol specific records through JSON.
> > > for further informations please see --> 
> > > https://suricata.readthedocs.io/en/suricata-4.1.2/output/eve/index.html
> > >  .
> > > 
> > > Signed-off-by: Erik Kapfer <ummeegge at ipfire.org>
> > > ---
> > > lfs/suricata | 2 ++
> > > 1 file changed, 2 insertions(+)
> > > 
> > > diff --git a/lfs/suricata b/lfs/suricata
> > > index 310920606..6f779d875 100644
> > > --- a/lfs/suricata
> > > +++ b/lfs/suricata
> > > @@ -80,6 +80,8 @@ $(TARGET) : $(patsubst
> > > %,$(DIR_DL)/%,$(objects))
> > > 		--enable-nfqueue \
> > > 		--disable-static \
> > > 		--disable-python \
> > > +		--with-libjansson-libraries=/usr/lib \
> > > +		--with-libjansson-includes=/usr/include \
> > > 		--disable-suricata-update
> > > 	cd $(DIR_APP) && make $(MAKETUNING)
> > > 	cd $(DIR_APP) && make install
> > > -- 
> > > 2.12.2
> > > 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ipfire.org/pipermail/development/attachments/20190605/ab64082b/attachment.sig>


More information about the Development mailing list