Suricata

Check your config.log, it's likely that you are missing nfnetlink.h. Make sure to install that library and it's dev headers as well.

I installed the nfnetlink that is in base Centos repo now:

locate nfnetlink.h
/usr/include/libnfnetlink/libnfnetlink.h
/usr/include/linux/netfilter/nfnetlink.h

rpm -qa|grep nfnetlink
libnfnetlink-devel-1.0.0-1.el6.x86_64
libnfnetlink-1.0.0-1.el6.x86_64

from config.log:

configure:15155: checking for nfnl_fd in -lnfnetlink
configure:15180: gcc -o conftest -g -O2 -Wextra -Werror-implicit-function-declaration -fno-tree-pre -Wall -Wno-unused-parameter -std=gnu99 -march=native conftest.c -lnfnetlink -lpthread -lyaml -lpcre >&5
configure:15180: $? = 0
configure:15189: result: yes
configure:15249: checking libnetfilter_queue/libnetfilter_queue.h usability
configure:15249: gcc -c -g -O2 -Wextra -Werror-implicit-function-declaration -fno-tree-pre -Wall -Wno-unused-parameter -std=gnu99 -march=native -DNFQ conftest.c >&5
conftest.c:117:51: error: libnetfilter_queue/libnetfilter_queue.h: No such file or directory

Hmm, you're passing --with-libnetfilter_queue-includes=/usr/include/libnetfilter_queue-1.0.2/, and Suricata's configure will add libnetfilter_queue/libnetfilter_queue.h to that. Are you sure the version number is part of the path on your system? /usr/include/libnetfilter_queue-1.0.2/. If so, I guess you should create a symlink to /usr/include/libnetfilter_queue

Hmm no, you wrote it's in /usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue.h

Can you try with --with-libnetfilter-queue-includes=/usr/include/libnetfilter_queue-1.0.2/ --with-libnetfilter-queue-libraries=/usr/include/libnetfilter_queue-1.0.2/ Note: replaced the underscore by a dash in --with-libnetfilter-queue-includes and --with-libnetfilter-queue-libraries

Nope:

checking for nfnl_fd in -lnfnetlink... yes
checking libnetfilter_queue/libnetfilter_queue.h usability... no
checking libnetfilter_queue/libnetfilter_queue.h presence... no
checking for libnetfilter_queue/libnetfilter_queue.h... no
configure: error: libnetfilter_queue/libnetfilter_queue.h not found ...

./configure --help|grep libnetfilter_queue
--with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory
--with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory
ls la /usr/include/libnetfilter_queue-1.0.2/
total 16
drwxr-xr-x. 3 root root 4096 Jun 26 13:33 .
drwxr-xr-x. 37 root root 4096 Jun 26 14:29 ..
-rw-r--r-. 1 root root 656 Apr 24 23:18 internal.h
drwxr-xr-x. 2 root root 4096 Jun 26 13:33 libnetfilter_queue

Also tried the symlink option.

I think the problem here is that libnetfilter_queue 1.0.2 expects a newer version of libnfnetlink (but doesn't require it with the package). A quick hack fix is to edit

/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/linux_nfnetlink_queue.h

and replace:

#include <libnfnetlink/linux_nfnetlink.h>

with:

#include <libnfnetlink/libnfnetlink.h>

This should get you compiling, but I'm not sure if other issues lay ahead at run time.

I've actually come across this today as I have installed a newer libnetfilter_queue version (1.0.2) from a RPM entitled libnetfilter_queue1 that I found. That indeed created /usr/include/libnetfilter-1.0.2 where it stored the files and you'd therefore needed to have passed the include directory in the configure command.

What I did instead was to build the RPM from scratch with the sources taken from their website:

http://netfilter.org/projects/libnetfilter_queue/index.html
http://netfilter.org/projects/libnfnetlink/index.html

In my view it's never a good idea to support unsupported/outdated OS - CentOS 5 has "maintenance updates" support until March 2017 on a 2.6.18 kernel (https://wiki.centos.org/About/Product) - there is high probability that a lot of things are not going to work.