Support #2128
closedSuricata and Hyperscan
Added by Alexis Fredes over 7 years ago. Updated over 7 years ago.
Description
Hello!
I am trying to add Hyperscan to my Suricata installed on Ubuntu 16.04 LTS on a vmware virtual machine. I followed the tutorial of https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Hyperscan and when I ask for suricata --build-info|grep Hyperscan it says "support no". Any idea?
Thanks!
Alexis
Updated by David Lam over 7 years ago
Did you compile Suricata from source? The configure script should pick up your Hyperscan installation once you have it installed.
Updated by Andreas Herz over 7 years ago
- Assignee set to Anonymous
- Target version set to Support
Updated by Alexis Fredes over 7 years ago
David Lam wrote:
Did you compile Suricata from source? The configure script should pick up your Hyperscan installation once you have it installed.
I installed Suricata from the repo.I asked in Hyperscan web mail too and they answer me that I have to install it from the sources. I removed Suricata from the repo and the I tried to install Suricata (from the sources) and in ./configure (before make) didn't appear these lines that show if Hyperscan is supported:
checking for libhs... yes
checking hs.h usability... yes
checking hs.h presence... yes
checking for hs.h... yes
checking for hs_compile in -lhs... yes
So, I installed Hyperscan again (following Suricata docs for it) but these lines didn't appear yet.
Does Hyperscan support AMD processors? Since I have a Phenom, I am installing all in a virtual machine of VMware, so I think that it couldn't be the problem.
Thanks for your help!
Updated by Peter Manev over 7 years ago
Can be related to the fix here - https://redmine.openinfosecfoundation.org/issues/2010#change-7826
Does your CPU have SSSE3 ? Any related log err messages in suricata.log ?
Updated by Alexis Fredes over 7 years ago
Peter Manev wrote:
Can be related to the fix here - https://redmine.openinfosecfoundation.org/issues/2010#change-7826
Does your CPU have SSSE3 ? Any related log err messages in suricata.log ?
My processor is a Phenom II, so it doesn't support SSSE3. In spite of that, I realized that I forgot the installation of the dependences libpcap, libpcre, libmagic, zlib, libyaml, my fault. After installed them I checked if Hyperscan is supported with the following command suricata --build-info|grep Hyperscan and it answered "yes". However, when I configure the mpm-algo and spm-algo to "hs" instead of auto and run Suricata occurs the following error:
<Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid spm algo supplied in the yaml conf file: "hs"
So, I think that my processor doesn't support SSSE3 instruction set. Anyway I don't understand why, because I am running Suricata on a virtual machine of VMware and that make an abstraction of the hardware. Thanks for answering!
Updated by Alexis Fredes over 7 years ago
Alexis Fredes wrote:
Peter Manev wrote:
Can be related to the fix here - https://redmine.openinfosecfoundation.org/issues/2010#change-7826
Does your CPU have SSSE3 ? Any related log err messages in suricata.log ?My processor is a Phenom II, so it doesn't support SSSE3. In spite of that, I realized that I forgot the installation of the dependences libpcap, libpcre, libmagic, zlib, libyaml, my fault. After installed them I checked if Hyperscan is supported with the following command suricata --build-info|grep Hyperscan and it answered "yes". However, when I configure the mpm-algo and spm-algo to "hs" instead of auto and run Suricata occurs the following error:
<Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid spm algo supplied in the yaml conf file: "hs"
UPDATE: I checked the flags line in file /proc/cpuinfo to check if ssse3 is present and I didn't find it, so my cpu doesn't support Hyperscan.
Thanks
So, I think that my processor doesn't support SSSE3 instruction set. Anyway I don't understand why, because I am running Suricata on a virtual machine of VMware and that make an abstraction of the hardware. Thanks for answering!
Updated by Alexis Fredes over 7 years ago
Alexis Fredes wrote:
Alexis Fredes wrote:
Peter Manev wrote:
Can be related to the fix here - https://redmine.openinfosecfoundation.org/issues/2010#change-7826
Does your CPU have SSSE3 ? Any related log err messages in suricata.log ?My processor is a Phenom II, so it doesn't support SSSE3. In spite of that, I realized that I forgot the installation of the dependences libpcap, libpcre, libmagic, zlib, libyaml, my fault. After installed them I checked if Hyperscan is supported with the following command suricata --build-info|grep Hyperscan and it answered "yes". However, when I configure the mpm-algo and spm-algo to "hs" instead of auto and run Suricata occurs the following error:
<Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid spm algo supplied in the yaml conf file: "hs"
So, I think that my processor doesn't support SSSE3 instruction set. Anyway I don't understand why, because I am running Suricata on a virtual machine of VMware and that make an abstraction of the hardware. Thanks for answering!
UPDATE: I checked the flags line in file /proc/cpuinfo to check if ssse3 is present and I didn't find it, so my cpu doesn't support Hyperscan.
Thanks