Building Suricata with Hyperscan - by Chris B

A step by step to building Suricata with hyperscan on Ubuntu 14.04LTS

sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev build-essential autoconf automake libtool libpcap-dev libnet1-dev libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 make libmagic-dev libjansson-dev libjansson pkg-config cmake ragel python-dev git module-assistant fakeroot devscripts linux-headers-$(uname -r) libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0 bison flex libpcap-dev libcap-ng-dev libnuma-dev

Build boost:

wget http://downloads.sourceforge.net/project/boost/boost/1.60.0/boost_1_60_0.tar.gz

tar xvzf boost_1_60_0.tar.gz

cd boost_1_60_0

mkdir ~/tmp

mkdir ~/tmp/boost-1.60

./b2 install

Build hyperscan with boost libraries in 14.04 but in newer versions you can just install boost from repository.

cd ~

git clone https://github.com/01org/hyperscan

cd hyperscan

git checkout v4.0.1 -b ver401

cmake -DBUILD_SHARED_LIBS=1 -DBOOST_ROOT=~/boost-1.60

make

sudo make install

==============================================================

==============================================================

##looks like everything worked.

Output:

Install the project...

-- Install configuration: "RELWITHDEBINFO"

-- Installing: /usr/local/lib/pkgconfig/libhs.pc

-- Installing: /usr/local/include/hs/hs.h

-- Installing: /usr/local/include/hs/hs_common.h

-- Installing: /usr/local/include/hs/hs_compile.h

-- Installing: /usr/local/include/hs/hs_runtime.h

-- Installing: /usr/local/lib/libhs_runtime.so.4.0.1

-- Installing: /usr/local/lib/libhs_runtime.so.4.0

-- Installing: /usr/local/lib/libhs_runtime.so

-- Installing: /usr/local/lib/libhs.so.4.0.1

-- Installing: /usr/local/lib/libhs.so.4.0

-- Installing: /usr/local/lib/libhs.so

##you may have to add /usr/local/lib to your ld search path in some distros but in ubuntu you don't.

I ran a check of my ld directories search.

you can use ldconfig, which maintains the ld.so configuration and cache, to print out the directories search by ld.so with:

ldconfig -v 2>/dev/null | grep -v ^$'\t'

csl@IPSTEST:~/hyperscan$ sudo ldconfig -v 2>/dev/null | grep -v ^$'\t'

/usr/lib/i386-linux-gnu/libfakeroot:

/lib/i386-linux-gnu:

/usr/lib/i386-linux-gnu:

/usr/local/lib:

/lib:

/usr/lib:

/usr/lib/sse2: (hwcap: 0x0000000004000000)

=================================================================

=================================================================

Now just compile suricata with the correct flags.

cd ~

wget http://www.openinfosecfoundation.org/download/suricata-3.0.1.tar.gz

tar -xvzf suricata-3.0.1.tar.gz

cd suricata-3.0.1

LIBS="-lrt -lnuma" ./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-libhs-includes=/usr/local/include/hs/ --with-libhs-libraries=/usr/local/lib/

make && make install-full

Note: These instructions have been written by Chris Boley and published with his permission.

Comprehensive Health Services Logo