On Jun 9, 2017, at 10:13 PM, Alexis Fredes Hadad <amfh2408(a)gmail.com&gt; wrote: Hello Justin! I realized that I forgot the installation of the dependences libpcap, libpcre, libmagic, zlib, libyaml, my fault. After installed them I checked if Hyperscan is supported with the following command suricata --build-info|grep Hyperscan and it answered "yes". However, when I configure the mpm-algo <> <>and <> <>spm- <>algo <> <>to "hs" instead of auto and when I run Suricata occurs the following error: <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid spm algo supplied in the yaml conf file: "hs" So, I supposed that was like you said, my processor doesn't support SSSE3 instruction set. Anyway I don't understand why, because I am running Suricata on a virtual machine of VMware and that make an abstraction of the hardware. Thanks for answering! Regards. Alexis <> 2017-06-07 20:15 GMT-03:00 Viiret, Justin <justin.viiret(a)intel.com <mailto:justin.viiret@intel.com>>: Hi Alexis, OK, so here Suricata is failing to configure because you don’t have all of its dependencies – specifically here, it’s not finding the PCRE headers (package libpcre-dev). But I’m afraid you won’t be able to get Hyperscan running on your CPU in any case. Hyperscan supports any x86 processor with at least the SSSE3 instruction set, which I believe the Phenom doesn’t support. Regards, Justin   <> From: Hyperscan [mailto:hyperscan-bounces@lists.01.org <mailto:hyperscan-bounces@lists.01.org>] On Behalf Of Alexis Fredes Hadad Sent: Thursday, June 8, 2017 12:17 AM To: Hyperscan regular expression matching library <hyperscan(a)lists.01.org <mailto:hyperscan@lists.01.org>> Subject: Re: [Hyperscan] Suricata with Hyperscan Hi Justin! I removed Suricata from the repo and the I tried to install Suricata (from the sources) and in ./configure (before make) didn't appear the lines that you said in the first answer. So, I installed Hyperscan again but these lines didn't appear yet. Does Hyperscan support AMD processors? Since I have a Phenom, I am installing all in a virtual machine of VMware, so I think that it couldn't be the problem. This is the resulto of ./configure (sorry for the number of lines and thanks for answering): checking whether make supports nested variables... yes checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /bin/mkdir -p checking for gawk... no checking for mawk... mawk checking whether make sets $(MAKE)... yes checking for style of include used by make... GNU checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking whether gcc understands -c and -o together... yes checking dependency style of gcc... gcc3 checking for gcc option to accept ISO C99... none needed checking build system type... x86_64-pc-linux-gnu checking host system type... x86_64-pc-linux-gnu checking how to print strings... printf checking for a sed that does not truncate output... /bin/sed checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for fgrep... /bin/grep -F checking for ld used by gcc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B checking the name lister (/usr/bin/nm -B) interface... BSD nm checking whether ln -s works... yes checking the maximum length of command line arguments... 1572864 checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop checking for /usr/bin/ld option to reload object files... -r checking for objdump... objdump checking how to recognize dependent libraries... pass_all checking for dlltool... no checking how to associate runtime and link libraries... printf %s\n checking for ar... ar checking for archiver @FILE support... @ checking for strip... strip checking for ranlib... ranlib checking command to parse /usr/bin/nm -B output from gcc object... ok checking for sysroot... no checking for a working dd... /bin/dd checking how to truncate binary pipes... /bin/dd bs=4096 count=1 checking for mt... mt checking if mt is a manifest tool... no checking how to run the C preprocessor... gcc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for dlfcn.h... yes checking for objdir... .libs checking if gcc supports -fno-rtti -fno-exceptions... no checking for gcc option to produce PIC... -fPIC -DPIC checking if gcc PIC flag -fPIC -DPIC works... yes checking if gcc static flag -static works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.o... (cached) yes checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... yes checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.21... yes checking whether GCC or Clang is our compiler... gcc checking gcc version... 5.4.0 checking for gawk... (cached) mawk checking for gcc... (cached) gcc checking whether we are using the GNU C compiler... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to accept ISO C89... (cached) none needed checking whether gcc understands -c and -o together... (cached) yes checking dependency style of gcc... (cached) gcc3 checking how to run the C preprocessor... gcc -E checking whether ln -s works... yes checking whether make sets $(MAKE)... (cached) yes checking for pkg-config... /usr/bin/pkg-config checking for python... /usr/bin/python checking for wget... /usr/bin/wget checking stddef.h usability... yes checking stddef.h presence... yes checking for stddef.h... yes checking arpa/inet.h usability... yes checking arpa/inet.h presence... yes checking for arpa/inet.h... yes checking assert.h usability... yes checking assert.h presence... yes checking for assert.h... yes checking ctype.h usability... yes checking ctype.h presence... yes checking for ctype.h... yes checking errno.h usability... yes checking errno.h presence... yes checking for errno.h... yes checking fcntl.h usability... yes checking fcntl.h presence... yes checking for fcntl.h... yes checking for inttypes.h... (cached) yes checking getopt.h usability... yes checking getopt.h presence... yes checking for getopt.h... yes checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking netdb.h usability... yes checking netdb.h presence... yes checking for netdb.h... yes checking netinet/in.h usability... yes checking netinet/in.h presence... yes checking for netinet/in.h... yes checking poll.h usability... yes checking poll.h presence... yes checking for poll.h... yes checking sched.h usability... yes checking sched.h presence... yes checking for sched.h... yes checking signal.h usability... yes checking signal.h presence... yes checking for signal.h... yes checking stdarg.h usability... yes checking stdarg.h presence... yes checking for stdarg.h... yes checking for stdint.h... (cached) yes checking stdio.h usability... yes checking stdio.h presence... yes checking for stdio.h... yes checking for stdlib.h... (cached) yes checking for string.h... (cached) yes checking for strings.h... (cached) yes checking sys/ioctl.h usability... yes checking sys/ioctl.h presence... yes checking for sys/ioctl.h... yes checking syslog.h usability... yes checking syslog.h presence... yes checking for syslog.h... yes checking sys/prctl.h usability... yes checking sys/prctl.h presence... yes checking for sys/prctl.h... yes checking sys/socket.h usability... yes checking sys/socket.h presence... yes checking for sys/socket.h... yes checking for sys/stat.h... (cached) yes checking sys/syscall.h usability... yes checking sys/syscall.h presence... yes checking for sys/syscall.h... yes checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking time.h usability... yes checking time.h presence... yes checking for time.h... yes checking for unistd.h... (cached) yes checking for sys/ioctl.h... (cached) yes checking linux/if_ether.h usability... yes checking linux/if_ether.h presence... yes checking for linux/if_ether.h... yes checking linux/if_packet.h usability... yes checking linux/if_packet.h presence... yes checking for linux/if_packet.h... yes checking linux/filter.h usability... yes checking linux/filter.h presence... yes checking for linux/filter.h... yes checking linux/ethtool.h usability... yes checking linux/ethtool.h presence... yes checking for linux/ethtool.h... yes checking linux/sockios.h usability... yes checking linux/sockios.h presence... yes checking for linux/sockios.h... yes checking glob.h usability... yes checking glob.h presence... yes checking for glob.h... yes checking dirent.h usability... yes checking dirent.h presence... yes checking for dirent.h... yes checking fnmatch.h usability... yes checking fnmatch.h presence... yes checking for fnmatch.h... yes checking for sys/socket.h... (cached) yes checking for net/if.h... yes checking for sys/mman.h... yes checking for linux/if_arp.h... yes checking for windows.h... no checking for winsock2.h... no checking for ws2tcpip.h... no checking for w32api/wtypes.h... no checking for w32api/winbase.h... no checking for inline... inline checking for pid_t... yes checking for size_t... yes checking for int32_t... yes checking for uint16_t... yes checking for uint32_t... yes checking for uint64_t... yes checking for uint8_t... yes checking for stdbool.h that conforms to C99... yes checking for _Bool... yes checking for stdlib.h... (cached) yes checking for GNU libc compatible malloc... yes checking for stdlib.h... (cached) yes checking for GNU libc compatible realloc... yes checking for gettimeofday... yes checking for memset... yes checking for strcasecmp... yes checking for strchr... yes checking for strdup... yes checking for strerror... yes checking for strncasecmp... yes checking for strtol... yes checking for strtoul... yes checking for memchr... yes checking for memrchr... yes checking for strlcpy... no checking for strlcat... no checking for special C compiler options needed for large files... no checking for _FILE_OFFSET_BITS value needed for large files... no checking host os... installation for x86_64-pc-linux-gnu OS... ok checking for thread local storage __thread support... yes checking checking if gcc supports -march=native... yes checking for spatch... no checking for Mpipe... no checking pcre.h usability... no checking pcre.h presence... no checking for pcre.h... no configure: error: pcre.h not found ... Best Regards, Alexis <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&... Libre de virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&... 2017-06-05 1:02 GMT-03:00 Viiret, Justin <justin.viiret(a)intel.com <mailto:justin.viiret@intel.com>>: Hi Alexis, Ah, OK. The version of Suricata distributed in the OISF “suricata-stable” PPA there does not include support for Hyperscan, as it is a build-time library dependency. That is, you will need to <> compile your own Suricata after installing Hyperscan, rather than using the version from the repository. Since you’ve followed their docs on building Hyperscan, you should be able to now follow the guide on building Suricata from source here: http://suricata.readthedocs.io/en/latest/install.html <http://suricata.readthedocs.io/en/latest/install.html> Best regards, Justin From: Hyperscan [mailto:hyperscan-bounces@lists.01.org <mailto:hyperscan-bounces@lists.01.org>] On Behalf Of Alexis Fredes Hadad Sent: Monday, June 5, 2017 1:20 PM To: Hyperscan regular expression matching library <hyperscan(a)lists.01.org <mailto:hyperscan@lists.01.org>> Subject: Re: [Hyperscan] Suricata with Hyperscan Hi Justin! Thanks for answering. I didn't found that configuration file because (I am noob at Linux) I installed Suricata from the repository like this: sudo add-apt-repository ppa:oisf/suricata-stable sudo apt-get update sudo sudo apt-get install suricata Also, I follow page 103 of Suricata's user guide to install Hyperscan. I don't know where is the problem because I followed that guide without any error. Rgds, Alexis 2017-06-04 20:06 GMT-03:00 Viiret, Justin <justin.viiret(a)intel.com <mailto:justin.viiret@intel.com>>: Hi Alexis, This looks like something went wrong at Suricata configure time – you should see these lines when you run ./configure: checking for libhs... yes checking hs.h usability... yes checking hs.h presence... yes checking for hs.h... yes checking for hs_compile in -lhs... yes Did you make sure to install the Hyperscan libraries? Best regards, Justin   <> From: Hyperscan [mailto:hyperscan-bounces@lists.01.org <mailto:hyperscan-bounces@lists.01.org>] On Behalf Of Alexis Fredes Hadad Sent: Monday, June 5, 2017 8:23 AM To: hyperscan(a)lists.01.org <mailto:hyperscan@lists.01.org> Subject: [Hyperscan] Suricata with Hyperscan Hello! I am trying to add Hyperscan to my Suricata installed on Ubuntu 16.04 LTS on a vmware virtual machine. I followed the tutorial ofhttps://redmine.openinfosecfoundation.org/projects/suricata/wiki/Hyperscan <https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Hypersca... and when I ask for suricata --build-info|grep Hyperscan it says "support no". Any idea? Thanks! Alexis

On Jun 9, 2017, at 11:11 PM, Alexis Fredes Hadad <amfh2408(a)gmail.com&gt; wrote: Hi Tidy, I checked lags line in file /proc/cpuinfo to check if ssse3 and it isn't there. So I should change my computer, thanks! Also, I was wondering I you can tell me how to use the hs lib API "hs_valid_platform()" because I have never used one. I am looking the documentation but I think it is too silly and doesn't appear there. Thanks! Alexis 2017-06-09 11:37 GMT-03:00 tidy(a)holonetsecurity.com <mailto:tidy@holonetsecurity.com> <tidy(a)holonetsecurity.com <mailto:tidy@holonetsecurity.com>>: Hi Alexis, You can use the hs lib API "hs_valid_platform()" to check if your processor support SSSE3 or not. Also you can check flags line in file /proc/cpuinfo to check if ssse3 is present or not. -Tidy > On Jun 9, 2017, at 10:13 PM, Alexis Fredes Hadad <amfh2408(a)gmail.com <mailto:amfh2408@gmail.com>> wrote: > > Hello Justin! > I realized that I forgot the installation of the dependences libpcap, libpcre, libmagic, zlib, libyaml, my fault. After installed them I checked if Hyperscan is supported with the following command suricata --build-info|grep Hyperscan and it answered "yes". However, when I configure the mpm-algo <> <>and <> <>spm- <>algo <> <>to "hs" instead of auto and when I run Suricata occurs the following error: > <Error> - [ERRCODE: SC_ERR_INVALID_YAML_CONF_ENTRY(139)] - Invalid spm algo supplied in the yaml conf file: "hs" > > So, I supposed that was like you said, my processor doesn't support SSSE3 instruction set. Anyway I don't understand why, because I am running Suricata on a virtual machine of VMware and that make an abstraction of the hardware. Thanks for answering! > > Regards. > Alexis > > <> > > 2017-06-07 20:15 GMT-03:00 Viiret, Justin <justin.viiret(a)intel.com <mailto:justin.viiret@intel.com>>: > Hi Alexis, > > > > OK, so here Suricata is failing to configure because you don’t have all of its dependencies – specifically here, it’s not finding the PCRE headers (package libpcre-dev). > > > > But I’m afraid you won’t be able to get Hyperscan running on your CPU in any case. Hyperscan supports any x86 processor with at least the SSSE3 instruction set, which I believe the Phenom doesn’t support. > > > > Regards, > > Justin > >   <> > From: Hyperscan [mailto:hyperscan-bounces@lists.01.org <mailto:hyperscan-bounces@lists.01.org>] On Behalf Of Alexis Fredes Hadad > Sent: Thursday, June 8, 2017 12:17 AM > > > To: Hyperscan regular expression matching library <hyperscan(a)lists.01.org <mailto:hyperscan@lists.01.org>> > Subject: Re: [Hyperscan] Suricata with Hyperscan > > > > Hi Justin! > > I removed Suricata from the repo and the I tried to install Suricata (from the sources) and in ./configure (before make) didn't appear the lines that you said in the first answer. So, I installed Hyperscan again but these lines didn't appear yet. > Does Hyperscan support AMD processors? Since I have a Phenom, I am installing all in a virtual machine of VMware, so I think that it couldn't be the problem. > This is the resulto of ./configure (sorry for the number of lines and thanks for answering): > > checking whether make supports nested variables... yes > checking for a BSD-compatible install... /usr/bin/install -c > checking whether build environment is sane... yes > checking for a thread-safe mkdir -p... /bin/mkdir -p > checking for gawk... no > checking for mawk... mawk > checking whether make sets $(MAKE)... yes > checking for style of include used by make... GNU > checking for gcc... gcc > checking whether the C compiler works... yes > checking for C compiler default output file name... a.out > checking for suffix of executables... > checking whether we are cross compiling... no > checking for suffix of object files... o > checking whether we are using the GNU C compiler... yes > checking whether gcc accepts -g... yes > checking for gcc option to accept ISO C89... none needed > checking whether gcc understands -c and -o together... yes > checking dependency style of gcc... gcc3 > checking for gcc option to accept ISO C99... none needed > checking build system type... x86_64-pc-linux-gnu > checking host system type... x86_64-pc-linux-gnu > checking how to print strings... printf > checking for a sed that does not truncate output... /bin/sed > checking for grep that handles long lines and -e... /bin/grep > checking for egrep... /bin/grep -E > checking for fgrep... /bin/grep -F > checking for ld used by gcc... /usr/bin/ld > checking if the linker (/usr/bin/ld) is GNU ld... yes > checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B > checking the name lister (/usr/bin/nm -B) interface... BSD nm > checking whether ln -s works... yes > checking the maximum length of command line arguments... 1572864 > checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop > checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop > checking for /usr/bin/ld option to reload object files... -r > checking for objdump... objdump > checking how to recognize dependent libraries... pass_all > checking for dlltool... no > checking how to associate runtime and link libraries... printf %s\n > checking for ar... ar > checking for archiver @FILE support... @ > checking for strip... strip > checking for ranlib... ranlib > checking command to parse /usr/bin/nm -B output from gcc object... ok > checking for sysroot... no > checking for a working dd... /bin/dd > checking how to truncate binary pipes... /bin/dd bs=4096 count=1 > checking for mt... mt > checking if mt is a manifest tool... no > checking how to run the C preprocessor... gcc -E > checking for ANSI C header files... yes > checking for sys/types.h... yes > checking for sys/stat.h... yes > checking for stdlib.h... yes > checking for string.h... yes > checking for memory.h... yes > checking for strings.h... yes > checking for inttypes.h... yes > checking for stdint.h... yes > checking for unistd.h... yes > checking for dlfcn.h... yes > checking for objdir... .libs > checking if gcc supports -fno-rtti -fno-exceptions... no > checking for gcc option to produce PIC... -fPIC -DPIC > checking if gcc PIC flag -fPIC -DPIC works... yes > checking if gcc static flag -static works... yes > checking if gcc supports -c -o file.o... yes > checking if gcc supports -c -o file.o... (cached) yes > checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes > checking whether -lc should be explicitly linked in... no > checking dynamic linker characteristics... GNU/Linux ld.so > checking how to hardcode library paths into programs... immediate > checking whether stripping libraries is possible... yes > checking if libtool supports shared libraries... yes > checking whether to build shared libraries... yes > checking whether to build static libraries... yes > checking for pkg-config... /usr/bin/pkg-config > checking pkg-config is at least version 0.21... yes > checking whether GCC or Clang is our compiler... gcc > checking gcc version... 5.4.0 > checking for gawk... (cached) mawk > checking for gcc... (cached) gcc > checking whether we are using the GNU C compiler... (cached) yes > checking whether gcc accepts -g... (cached) yes > checking for gcc option to accept ISO C89... (cached) none needed > checking whether gcc understands -c and -o together... (cached) yes > checking dependency style of gcc... (cached) gcc3 > checking how to run the C preprocessor... gcc -E > checking whether ln -s works... yes > checking whether make sets $(MAKE)... (cached) yes > checking for pkg-config... /usr/bin/pkg-config > checking for python... /usr/bin/python > checking for wget... /usr/bin/wget > checking stddef.h usability... yes > checking stddef.h presence... yes > checking for stddef.h... yes > checking arpa/inet.h usability... yes > checking arpa/inet.h presence... yes > checking for arpa/inet.h... yes > checking assert.h usability... yes > checking assert.h presence... yes > checking for assert.h... yes > checking ctype.h usability... yes > checking ctype.h presence... yes > checking for ctype.h... yes > checking errno.h usability... yes > checking errno.h presence... yes > checking for errno.h... yes > checking fcntl.h usability... yes > checking fcntl.h presence... yes > checking for fcntl.h... yes > checking for inttypes.h... (cached) yes > checking getopt.h usability... yes > checking getopt.h presence... yes > checking for getopt.h... yes > checking limits.h usability... yes > checking limits.h presence... yes > checking for limits.h... yes > checking netdb.h usability... yes > checking netdb.h presence... yes > checking for netdb.h... yes > checking netinet/in.h usability... yes > checking netinet/in.h presence... yes > checking for netinet/in.h... yes > checking poll.h usability... yes > checking poll.h presence... yes > checking for poll.h... yes > checking sched.h usability... yes > checking sched.h presence... yes > checking for sched.h... yes > checking signal.h usability... yes > checking signal.h presence... yes > checking for signal.h... yes > checking stdarg.h usability... yes > checking stdarg.h presence... yes > checking for stdarg.h... yes > checking for stdint.h... (cached) yes > checking stdio.h usability... yes > checking stdio.h presence... yes > checking for stdio.h... yes > checking for stdlib.h... (cached) yes > checking for string.h... (cached) yes > checking for strings.h... (cached) yes > checking sys/ioctl.h usability... yes > checking sys/ioctl.h presence... yes > checking for sys/ioctl.h... yes > checking syslog.h usability... yes > checking syslog.h presence... yes > checking for syslog.h... yes > checking sys/prctl.h usability... yes > checking sys/prctl.h presence... yes > checking for sys/prctl.h... yes > checking sys/socket.h usability... yes > checking sys/socket.h presence... yes > checking for sys/socket.h... yes > checking for sys/stat.h... (cached) yes > checking sys/syscall.h usability... yes > checking sys/syscall.h presence... yes > checking for sys/syscall.h... yes > checking sys/time.h usability... yes > checking sys/time.h presence... yes > checking for sys/time.h... yes > checking time.h usability... yes > checking time.h presence... yes > checking for time.h... yes > checking for unistd.h... (cached) yes > checking for sys/ioctl.h... (cached) yes > checking linux/if_ether.h usability... yes > checking linux/if_ether.h presence... yes > checking for linux/if_ether.h... yes > checking linux/if_packet.h usability... yes > checking linux/if_packet.h presence... yes > checking for linux/if_packet.h... yes > checking linux/filter.h usability... yes > checking linux/filter.h presence... yes > checking for linux/filter.h... yes > checking linux/ethtool.h usability... yes > checking linux/ethtool.h presence... yes > checking for linux/ethtool.h... yes > checking linux/sockios.h usability... yes > checking linux/sockios.h presence... yes > checking for linux/sockios.h... yes > checking glob.h usability... yes > checking glob.h presence... yes > checking for glob.h... yes > checking dirent.h usability... yes > checking dirent.h presence... yes > checking for dirent.h... yes > checking fnmatch.h usability... yes > checking fnmatch.h presence... yes > checking for fnmatch.h... yes > checking for sys/socket.h... (cached) yes > checking for net/if.h... yes > checking for sys/mman.h... yes > checking for linux/if_arp.h... yes > checking for windows.h... no > checking for winsock2.h... no > checking for ws2tcpip.h... no > checking for w32api/wtypes.h... no > checking for w32api/winbase.h... no > checking for inline... inline > checking for pid_t... yes > checking for size_t... yes > checking for int32_t... yes > checking for uint16_t... yes > checking for uint32_t... yes > checking for uint64_t... yes > checking for uint8_t... yes > checking for stdbool.h that conforms to C99... yes > checking for _Bool... yes > checking for stdlib.h... (cached) yes > checking for GNU libc compatible malloc... yes > checking for stdlib.h... (cached) yes > checking for GNU libc compatible realloc... yes > checking for gettimeofday... yes > checking for memset... yes > checking for strcasecmp... yes > checking for strchr... yes > checking for strdup... yes > checking for strerror... yes > checking for strncasecmp... yes > checking for strtol... yes > checking for strtoul... yes > checking for memchr... yes > checking for memrchr... yes > checking for strlcpy... no > checking for strlcat... no > checking for special C compiler options needed for large files... no > checking for _FILE_OFFSET_BITS value needed for large files... no > checking host os... installation for x86_64-pc-linux-gnu OS... ok > checking for thread local storage __thread support... yes > checking checking if gcc supports -march=native... yes > checking for spatch... no > checking for Mpipe... no > checking pcre.h usability... no > checking pcre.h presence... no > checking for pcre.h... no > configure: error: pcre.h not found ... > > Best Regards, > > Alexis > > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&... > Libre de virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&... > > > 2017-06-05 1:02 GMT-03:00 Viiret, Justin <justin.viiret(a)intel.com <mailto:justin.viiret@intel.com>>: > > Hi Alexis, > > > > Ah, OK. The version of Suricata distributed in the OISF “suricata-stable” PPA there does not include support for Hyperscan, as it is a build-time library dependency. That is, you will need to <> > compile your own Suricata after installing Hyperscan, rather than using the version from the repository. > > > > Since you’ve followed their docs on building Hyperscan, you should be able to now follow the guide on building Suricata from source here: > > > > http://suricata.readthedocs.io/en/latest/install.html <http://suricata.readthedocs.io/en/latest/install.html> > > > Best regards, > > Justin > > > > > > > > From: Hyperscan [mailto:hyperscan-bounces@lists.01.org <mailto:hyperscan-bounces@lists.01.org>] On Behalf Of Alexis Fredes Hadad > Sent: Monday, June 5, 2017 1:20 PM > To: Hyperscan regular expression matching library <hyperscan(a)lists.01.org <mailto:hyperscan@lists.01.org>> > Subject: Re: [Hyperscan] Suricata with Hyperscan > > > > Hi Justin! > > Thanks for answering. I didn't found that configuration file because (I am noob at Linux) I installed Suricata from the repository like this: > sudo add-apt-repository ppa:oisf/suricata-stable > sudo apt-get update > sudo sudo apt-get install suricata > > Also, I follow page 103 of Suricata's user guide to install Hyperscan. I don't know where is the problem because I followed that guide without any error. > > Rgds, > > Alexis > > > > > > 2017-06-04 20:06 GMT-03:00 Viiret, Justin <justin.viiret(a)intel.com <mailto:justin.viiret@intel.com>>: > > Hi Alexis, > > > > This looks like something went wrong at Suricata configure time – you should see these lines when you run ./configure: > > > > checking for libhs... yes > > checking hs.h usability... yes > > checking hs.h presence... yes > > checking for hs.h... yes > > checking for hs_compile in -lhs... yes > > > > Did you make sure to install the Hyperscan libraries? > > > > Best regards, > > Justin > >   <> > From: Hyperscan [mailto:hyperscan-bounces@lists.01.org <mailto:hyperscan-bounces@lists.01.org>] On Behalf Of Alexis Fredes Hadad > Sent: Monday, June 5, 2017 8:23 AM > To: hyperscan(a)lists.01.org <mailto:hyperscan@lists.01.org> > Subject: [Hyperscan] Suricata with Hyperscan > > > > Hello! > I am trying to add Hyperscan to my Suricata installed on Ubuntu 16.04 LTS on a vmware virtual machine. I followed the tutorial ofhttps://redmine.openinfosecfoundation.org/projects/suricata/wiki/Hyperscan <https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Hypersca... and when I ask for suricata --build-info|grep Hyperscan it says "support no". Any idea? > > Thanks! > Alexis > > > > > >