Suricata

You need to install the git-core package (Cygwin install).

Peter Manev wrote:

You need to install the git-core package (Cygwin install).

Hello and thank you, your responce got me past that part, but now when I try and run this command "dos2unix.exe libhtp/configure.ac && dos2unix.exe libhtp/htp.pc.in && dos2unix.exe libhtp/Makefile.am" I get the error "-bash: dos2unix.exe: command not found"

Same procedure as before - you need to install that package too. I think you should be able to skip that step (dos2unix) with the latest Cygwin.

Which PDF document are you following up?

Peter Manev wrote:

Same procedure as before - you need to install that package too. I think you should be able to skip that step (dos2unix) with the latest Cygwin.

Which PDF document are you following up?

Hello, I'm using this PDF https://redmine.openinfosecfoundation.org/attachments/download/757/SuricataWinInstallationGuide_v1.3.pdf from this page hear: https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation I will try and skip that and see if it works.

Ok - please keep us posted.
I am updating the windows guide this week.

Peter Manev wrote:

Ok - please keep us posted.
I am updating the windows guide this week.

Hello, I skipped that step, and then failed on the next. I received this output. I'm going to strip it all back down and start over to make sure it's not me causing the problem. During the package instillation for Cygwin there was probable only 50% to 70% of the packages available in that guide, the rest where not found or must be called something different now. I will record the missing packages during my next try and report them back hear.

$ ./autogen.sh && ./configure && make
Found libtoolize
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
autoreconf-2.69: Entering directory `.'
autoreconf-2.69: configure.ac: not using Gettext
autoreconf-2.69: running: aclocal -I m4 --output=aclocal.m4t
Can't exec "aclocal": No such file or directory at /usr/share/autoconf/Autom4te/FileUtils.pm line 326.
autoreconf-2.69: failed to run aclocal: No such file or directory


You need to install the autoreconf pkg.

Hello, Hear is what I have so far, could you please provide me with replacement packages I should use?

gcc4-core: Core C compiler subpackage (Obsolete Package)
gcc4-objc: Onjective C and Onjective C++ subpackage (Obsolete Package)
w32api: Win32 APIhearder and library import file (Obsolete Package)
libpthread-stubs: Pthread stubs pkg-config metadata (Missing Package)

Also when I search "autoreconf" nothing comes up.

I restarted the whole install and configuration process over again, and still get the same results. I will have to wait until the PDF is updated to to continue. The information provided is just to outdated for me to processed, I just lake to much in knowledge to make it work. Please if you could update me hear when the PDF is updated, thank you.

I am currently working on updating the instructions.

However you can make sure you have those pkgs installed in Cygwin -

libmpfr, libmpfr4, libmpfr-devel, mpfr, mingw-pthreads, gcc-core ,make, automake, automake1.9, zlib, zlib-devel, zlib0, autoconf, autoconf2.5, libtool , libglib2.0-devel, libglib2.0_0 ,pkg-config,luajit, luaji-devel, libGeoIP-devel, libGeoIP1, libnss-devel, libnss3, libnspr-devel, libnspr4, git

Please let me know if this works for you.

Robert - this should be the full complete list of packages that you need to have installed in Cygwin for compilation of Suricata under Windows -

libmpfr, libmpfr4, libmpfr-devel, mpfr, mingw-pthreads, gcc-core ,make, automake, automake1.9, zlib, zlib-devel, zlib0, autoconf, autoconf2.5, libtool , libglib2.0-devel, libglib2.0_0 ,pkg-config, libyaml-devel, libyaml0_2, libpcre1, libpcre-devel, file-devel, gcc-g++, wget, luajit, luaji-devel, libGeoIP-devel, libGeoIP1, libnss-devel, libnss3, libnspr-devel, libnspr4, git

The list contains some extra packages for enabling additional features and functionality during the compilation phase - if wanted.

Peter Manev wrote:

Robert - this should be the full complete list of packages that you need to have installed in Cygwin for compilation of Suricata under Windows -
[...]

The list contains some extra packages for enabling additional features and functionality during the compilation phase - if wanted.

Thank you, I will begin the setup again this weekend and let you know how thing turn out.

Peter Manev wrote:

Robert - this should be the full complete list of packages that you need to have installed in Cygwin for compilation of Suricata under Windows -
[...]

The list contains some extra packages for enabling additional features and functionality during the compilation phase - if wanted.

Hello, do you happen to know what the commands will be to compile the new packages?

After you make sure you have all the packages installed (as previously mentioned) the commands are:

1)
wget http://www.openinfosecfoundation.org/download/suricata-3.0RC3.tar.gz

2)
tar -zxf suricata-3.0RC3.tar.gz && cd suricata-3.0RC3 

3)
libtoolize -c && autoreconf -fv --install

4)
./configure  --enable-luajit --enable-pie --enable-geoip --disable-gccmarch-native --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr 

5)
make clean && make

After completion you should end up with suricata.exe in src/.libs/suricata.exe

Ok now when I get to the command ./autogen.sh && ./configure && make

I get this error below.

$ ./autogen.sh && ./configure && make
Found libtoolize
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
0 [main] perl 6980 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC30000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 6632 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xB70000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 6640 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC00000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 6404 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xD00000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 1832 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xCA0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 7860 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xB80000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 7856 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xCF0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 4784 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xE40000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 5072 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xB70000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 1808 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xD00000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 3952 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC50000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 5904 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xBB0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 4788 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC50000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 6920 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xB70000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 7452 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC90000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 8036 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC10000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 7692 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xBD0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 3040 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC10000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 6260 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xE80000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 3504 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xBD0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 6524 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xCD0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 6852 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC80000)
Can't fork, trying again in 5 seconds at /usr/bin/autoreconf-2.69 line 188.
1 [main] perl 4020 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xEA0000)
Can't fork, trying again in 5 seconds at /usr/bin/autoreconf-2.69 line 188.
1 [main] perl 5952 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xBF0000)
Can't fork, trying again in 5 seconds at /usr/bin/autoreconf-2.69 line 188.
0 [main] perl 5660 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xB90000)
Can't fork, trying again in 5 seconds at /usr/bin/autoreconf-2.69 line 188.
1 [main] perl 5976 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xC00000)
Can't fork, trying again in 5 seconds at /usr/bin/autoreconf-2.69 line 188.
41 [main] perl 2272 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xE00000)
Can't fork, trying again in 5 seconds at /usr/bin/autoreconf-2.69 line 188.
0 [main] perl 8132 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xE30000) != child(0xCD0000)
Can't fork, trying again in 5 seconds at /usr/bin/autoreconf-2.69 line 188.

when I get to the command libtoolize -c && autoreconf -fv --install

my-username@my-username /tmp/suricata-3.0RC3
$ libtoolize -c && autoreconf -fv --install
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltversion.m4'
1 [main] perl 5828 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xDD0000) != child(0xBE0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 6916 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xDD0000) != child(0xB70000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
2087 [main] perl 6360 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xDD0000) != child(0xBD0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
2 [main] perl 6676 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xDD0000) != child(0xE50000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 4284 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xDD0000) != child(0xC60000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 5592 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xDD0000) != child(0xB70000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
0 [main] perl 6384 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xDD0000) != child(0xBC0000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.
1 [main] perl 7224 child_info_fork::abort: C:\cygwin\bin\cygperl5_22.dll: Loaded to different address: parent(0xDD0000) != child(0xB50000)
Can't fork, trying again in 5 seconds at /usr/share/autoconf/Autom4te/General.pm line 307.

I'm not sure if I'm in the correct directory or not.

I have never seen that err before.
Can you try to reboot and execute the commands I mentioned before in the "Suricata-3.0RC3" directory.

I just uploaded an new and updated release of the Suricata Windows Installation guide here - https://redmine.openinfosecfoundation.org/attachments/download/1166/SuricataWinInstallationGuide_v1.4.2.pdf enabling additional features like Lua,MD5,GeoIP,PIE

Please feel free to feedback.

Hello, and thank you for your help. I should have taken a closer look at everything before I started trying to make this work on my windows 10 64 bit, because it turns out that at this time WinPcap v 4.1.3 is not compatible with Windows 10 as far as I can tell. I'm going to try and get in touch with WinPcap support and see what I can find out.

Thank you for the feedback.
Could you please update here after you get some more input?

I have not tried on Windows 10 - but it works fine on 2012R2/7/8.
I got 2016 in sight but it is a bit too early for that.