Bro 2.1 - compiling on RHEL5 64bit

Zeek
1

I’m attempting to compile Bro 2.1 on RHEL5, 64bit and getting the following warnings and errors when running make. Has anyone worked through these?

make

make -C build all
make[1]: Entering directory /usr/local/src/bro-2.1/build' make[2]: Entering directory /usr/local/src/bro-2.1/build’
make[3]: Entering directory /usr/local/src/bro-2.1/build' make[3]: Leaving directory /usr/local/src/bro-2.1/build’
[ 0%] Built target binpac_lib
make[3]: Entering directory /usr/local/src/bro-2.1/build' make[3]: Leaving directory /usr/local/src/bro-2.1/build’
[ 12%] Built target binpac
make[3]: Entering directory /usr/local/src/bro-2.1/build' make[3]: Leaving directory /usr/local/src/bro-2.1/build’
[ 14%] Built target bifcl
make[3]: Entering directory /usr/local/src/bro-2.1/build' make[3]: Leaving directory /usr/local/src/bro-2.1/build’
make[3]: Entering directory /usr/local/src/bro-2.1/build' [ 14%] Building CXX object src/CMakeFiles/bro.dir/logging/writers/ElasticSearch.cc.o /usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc: In constructor 'logging::writer::ElasticSearch::ElasticSearch(logging::WriterFrontend*)': /usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:51: warning: converting to 'uint64' from 'double' /usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc: In member function 'bool logging::writer::ElasticSearch::HTTPSend(CURL*)': /usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:376: error: 'CURLOPT_CONNECTTIMEOUT_MS' was not declared in this scope /usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:377: error: 'CURLOPT_TIMEOUT_MS' was not declared in this scope make[3]: *** [src/CMakeFiles/bro.dir/logging/writers/ElasticSearch.cc.o] Error 1 make[3]: Leaving directory /usr/local/src/bro-2.1/build’
make[2]: *** [src/CMakeFiles/bro.dir/all] Error 2
make[2]: Leaving directory /usr/local/src/bro-2.1/build' make[1]: *** [all] Error 2 make[1]: Leaving directory /usr/local/src/bro-2.1/build’
make: *** [all] Error 2

Thanks,

Scott Powell
System Engineer & Information Security Analyst
Office of the CIO – Information Services (OCIO-IS)
Medical University of South Carolina
powellsm@musc.edu

2

/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:51: warning: converting to 'uint64' from 'double'
/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc: In member function 'bool logging::writer::ElasticSearch::HTTPSend(CURL*)':
/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:376: error: 'CURLOPT_CONNECTTIMEOUT_MS' was not declared in this scope
/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:377: error: 'CURLOPT_TIMEOUT_MS' was not declared in this scope

It's an issue with the optional ElasticSearch log writer using some things that are only in newer versions of lib curl. It's fixed in git repository commits b73809d54f96 and 1ce76da90f4a, so you could try porting those as patches to your copy of the 2.1 source.

But if you don't care at all about ElasticSearch, you could do this quick hack to the top-level CMakeLists.txt to disable it:

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2c8a726..17cf6d0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -134,7 +134,7 @@ set(USE_ELASTICSEARCH false)
set(USE_CURL false)
find_package(CURL)

-if (CURL_FOUND)
+if (false)
   set(USE_ELASTICSEARCH true)
   set(USE_CURL true)
   include_directories(BEFORE ${CURL_INCLUDE_DIR})

3

/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc: In constructor
'logging::writer::ElasticSearch::ElasticSearch(logging::WriterFrontend*)':
/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:51: warning:
converting to 'uint64' from 'double'
/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc: In member
function 'bool logging::writer::ElasticSearch::HTTPSend(CURL*)':
/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:376: error:
'CURLOPT_CONNECTTIMEOUT_MS' was not declared in this scope
/usr/local/src/bro-2.1/src/logging/writers/ElasticSearch.cc:377: error:
'CURLOPT_TIMEOUT_MS' was not declared in this scope

This looks like ticket #877. The easiest fix would be to use
git/master instead of 2.1.

    Matthias

4

Thanks to all. I replaced ElasticSearch.cc with the revised copy in the
git repository and have successfully compiled Bro 2.1.