installing time machine.

Zeek
1

I have decided to give time machine a try so I cloned the git repository but when I tried ./configure I found that it could not find the broccoli library. I had installed bro from the security onion client library and assumed that it must not have included the library.

I then tried to install broccoli from http://www.bro.org/downloads/release/broccoli-1.92.tar.gz

Now I am getting:

rful011@secmontst01:~/broccoli-1.92$ ./configure
Build Directory : build
Source Directory: /home/rful011/broccoli-1.92
-- The C compiler identification is GNU
-- Check for working C compiler: /usr/bin/gcc
-- Check for working C compiler: /usr/bin/gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libssl.so;/usr/lib/x86_64-linux-gnu/libcrypto.so
-- FLEX_EXECUTABLE (missing: FLEX_VERSION)
-- Could NOT find BISON (missing: BISON_EXECUTABLE)
-- Found PCAP: /usr/lib/x86_64-linux-gnu/libpcap.so
-- Performing Test PCAP_LINKS_SOLO
-- Performing Test PCAP_LINKS_SOLO - Success
-- Looking for pcap_get_pfring_id
-- Looking for pcap_get_pfring_id - not found

do I need to point configure to a different pcap library to get it to use pf_ring?

Which brings up the wider question of whether or not time machine will use pf_ring?

apart from that the install just worked and I tweaked the cfg file and it is now logging data!

Thinks: "It can't be that easy" :wink:

Russell

2

I have decided to give time machine a try so I cloned the git repository but when I tried ./configure I found that it could not find the broccoli library.

You probably could have just pointed to the Bro install directory for Broccoli when you ran configureā€¦

--with-broccoli=/where/ever/so/puts/bro

Which brings up the wider question of whether or not time machine will use pf_ring?

Nope, no pf_ring support.

Thinks: "It can't be that easy" :wink:

I suspect that's about it. I did a lot of clean up of time machine a while back to make it like that. :stuck_out_tongue:

  .Seth

3

I have decided to give time machine a try so I cloned the git repository but when I tried ./configure I found that it could not find the broccoli library. I had installed bro from the security onion client library and assumed that it must not have included the library.

It has the library. It's in /opt/bro/{include,lib}. So adding "--with-broccoli=/opt/bro" should take care of it for you.
Here is the configure command that I got working with included pcap and bro.
$ CXXFLAGS="-I/opt/pfring/include" CFLAGS="-I/opt/pfring/include" ./configure --with-broccoli=/opt/bro --with-pcap=/opt/pfring

From your output, it looks like you could install bison and flex, too.