suricata/doc/FreeBSD_8.txt

Autogenerated on 2012-01-11
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/FreeBSD_8


FreeBSD 8


Pre-installation requirements

Before you can build Suricata for your system, run the following command to
ensure that you have everything you need for the installation.
Make sure you enter all commands as root/super-user, otherwise it will not
work.

  pkg_add -r autoconf262 automake19 gcc45 libyaml pcre libtool \
  libnet11 libpcap gmake

Depending on the current status of your system, it may take a while to complete
this process.

HTP

HTP is bundled with Suricata and installed automatically. If you need to
install HTP manually for other reasons, instructions can be found at HTP
library_installation.

IPS

If you would like to build suricata on FreeBSD with IPS capabilities with IPFW
via --enable-ipfw, enter the following to enable ipfw and divert socket support
before starting the engine with -d:
Edit /etc/rc.conf and add or modify the following lines:

  firewall_enable="YES"
  firewall_type="open"

Edit /boot/loader.conf and add or modify the following lines:

  ipfw_load="YES"
  ipfw_nat_load="YES"
  ipdivert_load="YES"
  dummynet_load="YES"
  libalias_load="YES"


Suricata

To download and build Suricata, enter the following:

  wget http://www.openinfosecfoundation.org/download/suricata-1.0.5.tar.gz
  tar -xvzf suricata-1.0.5.tar.gz
  cd suricata-1.0.5

If you are building from Git sources, enter all the following commands until
the end of this file:

  bash autogen.sh

If you are not building from Git sources, do not enter the above mentioned
commands. Continue enter the following:

  ./configure
  make
  make install
  zerocopy bpf
  mkdir /var/log/suricata/

FreeBSD 8 has support for zerocopy bpf in libpcap. To test this functionality,
issue the following command and then start/restart the engine:

  sysctl net.bpf.zerocopy_enable=1

Please continue with the Basic_Setup.