The purpose of this document is to build Suricata on Windows for the purpose of development and CI. It does not cover installing or running Suricata on Windows.
Jason Ish jasonish
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env bash | |
| # | |
| # https://gist.github.com/jasonish/5d810cb5eb4eae68147126c2d40823a5 | |
| # | |
| # This is my script for building and developing Suricata on my | |
| # personal computers, which are almost always Fedora or a RedHat | |
| # derivative. YMMV on other systems. | |
| # | |
| # This script will build Suricata with a useful developer configuration: | |
| # - ASAN (so asan libs are required on your system) |
jasonish
/ suricata.yaml
Created
October 23, 2020 22:12
Suricata: Log file hashes without file extraction
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| outputs: | |
| - eve-log: | |
| enabled: yes | |
| types: | |
| - files | |
| - alert | |
| - file-store: | |
| version: 2 | |
| enabled: yes | |
| force-filestore: no |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST logstash-*/_search | |
| { | |
| "aggs": { | |
| "signatures": { | |
| "aggs": { | |
| "sources": { | |
| "aggs": { | |
| "destinations": { | |
| "aggs": { | |
| "escalated": { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "timestamp": "2018-08-12T17:30:42.294261+0000", | |
| "flow_id": 257051355878948, | |
| "pcap_cnt": 3, | |
| "event_type": "http", | |
| "src_ip": "10.9.0.2", | |
| "src_port": 58038, | |
| "dest_ip": "139.162.123.134", | |
| "dest_port": 80, | |
| "proto": "TCP", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const CONFIG_TRACKER_SIZE: usize = 500; | |
| struct ConfigTracker { | |
| tx_id_set: std::collections::HashSet<u16>, | |
| tx_id_list: std::collections::VecDeque<u16>, | |
| } | |
| impl Default for ConfigTracker { | |
| fn default() -> Self { | |
| Self { |
jasonish
/ gist:d43b68194d0575541db610dde376d8cb
Created
May 23, 2020 05:28
Rust: Speed up compilation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RUSTFLAGS="-C link-arg=-fuse-ld=lld" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filebeat.inputs: | |
| - type: log | |
| enabled: true | |
| paths: | |
| - /var/log/suricata/eve.json | |
| output.logstash: | |
| hosts: ["10.16.1.10:5044"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs | |
| index c7aea76bd..412f556be 100644 | |
| --- a/rust/src/dns/dns.rs | |
| +++ b/rust/src/dns/dns.rs | |
| @@ -889,6 +889,20 @@ pub extern "C" fn rs_dns_tx_get_query_name(tx: &mut DNSTransaction, | |
| } | |
| } | |
| } | |
| + | |
| + if let &Some(ref response) = &tx.response { |
jasonish
/ keybase.md
Created
September 11, 2019 18:29
I hereby claim:
- I am jasonish on github.
- I am ish (https://keybase.io/ish) on keybase.
- I have a public key ASDy-T1PIn9oQS0gx2dhjGKpMNRzvNopNzOt8EkSo2UvLAo
To claim this, I am signing this object:
NewerOlder