123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 |
- Before you start
- ================
- An up to date version of this document can be found online:
- https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows
- Alternatively, an installation document for using CYGWIN instead of MinGW can
- be found here:
- https://redmine.openinfosecfoundation.org/attachments/download/676/SurWinInstallGuide.pdf
- This file describes how to build and run Suricata on Windows. Currently
- Windows XP and above are supported.
- Preparing the build environment
- ===============================
- 1. Setup MinGW environment from http://mingw.org
- Do not use the automatic installer as it is deprecated. Manually unpack
- the following packages to c:\mingw (use newer versions if you like):
- * binutils
- o binutils-2.20–1-mingw32-bin.tar.gz
- * mingw-runtime (dev and dll):
- o mingwrt-3.17-mingw32-dll.tar.gz
- o mingwrt-3.17-mingw32-dev.tar.gz
- * w32api
- o w32api-3.14-mingw32-dev.tar.gz
- * required runtime libraries for GCC (gmp, libiconv, MPFR and pthreads):
- o gmp-4.2.4-mingw32-dll.tar.gz
- o libiconv-1.13.1–1-mingw32-dll-2.tar.lzma
- o mpfr-2.4.1-mingw32-dll.tar.gz
- o pthreads-w32–2.8.0-mingw32-dll.tar.gz
- * gcc-core (bin and dll):
- o gcc-core-4.4.0-mingw32-bin.tar.gz
- o gcc-core-4.4.0-mingw32-dll.tar.gz
- * make
- o make-3.81–20090914-mingw32-bin.tar.gz
- * zlib
- o libz-1.2.3-1-mingw32-dll-1.tar.gz
- o libz-1.2.3-1-mingw32-dev.tar.gz
- 2. Install MSYS
- http://sourceforge.net/projects/mingw/files/
- MSYS-1.0.11.exe (MSYS Base System)
- msysDTK-1.0.1.exe (MSYS Suplementary Tools)
- autoconf-2.63–1-msys-1.0.11-bin.tar.lzma
- automake-1.11–1-msys-1.0.11-bin.tar.lzma
- libtool-2.2.7a-1-msys-1.0.11-bin.tar.lzma
- MSYS will ask questions during the installation:
- Accept Post Install: [y]
- MinGW Installed? : [y]
- path to MinGW: [c:/MinGW]
- 3. Install pkg-config taken from http://wiki.videolan.org/Win32CompileMSYSNew#PKG-CONFIG
- Download and extract the following into c:\Msys\1.0
- http://ftp.gnome.org/pub/GNOME/binaries/win32/glib/2.18/glib_2.18.2-1_win32.zip
- ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config_0.23-3_win32.zip
- ftp://ftp.gnome.org/pub/gnome/binaries/win32/dependencies/pkg-config-dev_0.23-3_win32.zip
- Set PKG_CONFIG_PATH=/win32/lib/pkgconfig
- (e.g. by adding the Windows enviroment variable PKG_CONFIG_PATH in "Control Panel"->"System"->"Advanced System Settings"->"Environment Variables" and setting the value to /win32/lib/pkgconfig)
- 4. Get git
- Download portable GIT from this URL:
- http://code.google.com/p/msysgit/
- - unpack to /msys/1.0
- - don't forget to edit your ~/.gitconfig to at least give youreself a name :-)
- 5. Get libpcre2
- http://www.pcre.org/
- ./configure --enable-utf8 --disable-cpp --prefix=/mingw
- make
- make install
- 6. Get libyaml
- http://pyyaml.org/wiki/LibYAML
- It does not support mingw compilation. However it works in static mode:
- ./configure --prefix=/mingw CFLAGS="-DYAML_DECLARE_STATIC"
- make
- make install
- 7. Get libpcap
- Guide can be found here:
- - Download Devlopers pack http://www.winpcap.org/devel.htm
- - Download and install a coresponding installer package http://www.winpcap.org/install/default.htm (to have the driver in the system)
- - Copy includes to c:/mingw/include and libs (.a) to c:/mingw/lib
- - Rename libwpcap to libpcap
- 8. Get and compile Suricata
- git clone git://phalanx.openinfosecfoundation.org/oisf.git
- cd oisf
- Because of some weird autools port bug we do the following:
- dos2unix.exe libhtp/configure.ac
- dos2unix.exe libhtp/htp.pc.in
- dos2unix.exe libhtp/Makefile.am
- ./autogen.sh
- ./configure CFLAGS="-DYAML_DECLARE_STATIC"
- # add --enable-nfqueue as parameter to configure to enable inline mode
- make
- If everything goes well, you'll end up with suricata.exe in src/.lib. To test it
- you will need libpcre2-0.dll, libz-1.dll, and pthreadGC2.dll which you already have somewhere
- under c:/mingw or c:/msys. To prepare the runtime environment:
- - copy the executable and the DLLs to a dedicated directory
- - get there classification.config and suricata.yaml
- - edit suricata.yaml (at least set the directories correctly)
- PCAP Mode
- =========
- Make sure you have winpcap runtime and driver installed and then:
- - determine your eth device UUID in the registry:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
- - now cross your fingers and do:
- suricata.exe -c suricata.yaml -i \DEVICE\{your device uuid}
- Inline Mode
- ===========
- You need to downoad, compile and install netfilterforwin (the netfilter.sys
- driver and Windows port of the libnetfilter_queue library):
- 1. Download and install Windows Driver Kit from Microsoft
- http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=36a2630f-5d56-43b5-b996-7633f2ec14ff
- 2. Download netfilterforwin
- http://sourceforge.net/projects/netfilterforwin/
- Unpack it so the netfilterforwin directory (omit the version from its name)
- is beside the oisf directory.
- 3. Compile the driver
- - Open the build environment from you Start menu:
- Start->All Programs->windows Driver Kits->WDK xxxx.yyyy.z->Build Environments
- ->Windows Server 2003->x86 Free Build Environment
- (or the one which is proper for your system)
- - cd to netfilterforwin/netfilter
- - enter command:
- nmake
- 4. Install the driver
- - copy inf/* files and the freshly built netfilter.sys to a separate directory
- - open network connecions
- - right-click an interface, select properties
- - click install...
- - select service
- - click add
- - click 'have disk...'
- - browse to the directory with the inf files and netfilter.sys, select netfilter.inf anc click ok
- - confirm everything
- You should have the driver installed now.
- 5. Run Suricata in inline mode:
- suricata.exe -c suricata.yaml -q 0
|