tested on slack150
this is a build with libpcap (anyhow we plan to use remote traffic with icap), but you might prefer to use PF_RING instead.
for git to work
slackpkg install git slackpkg install nghttp2 slackpkg install brotli slackpkg install cyrus-sasl
for cmake to work
slackpkg install cmake-3 slackpkg install libarchive slackpkg install lz4 slackpkg install libxml2 slackpkg install make slackpkg install gcc-g++ slackpkg install gcc-11
build time
slackpkg install guile slackpkg install gc slackpkg install binutils # as slackpkg install python3 # PythonInterp slackpkg install flex slackpkg install bison slackpkg install libpcap slackpkg install bind slackpkg install kernel-headers # otherwise cannot find libbind properly slackpkg install swig slackpkg install sqlite slackpkg install jemalloc # no need for that actually #ldd /usr/sbin/named #slackpkg install lmdb # bind #slackpkg install libuv # bind ldd /usr/lib64/libpcap.so slackpkg install libnl3 slackpkg install dbus-1 #slackpkg install libpthread-stubs #slackpkg install tcpdump
ctl needs
slackpkg install python-setuptools slackpkg install python-pip python3 -m pip install SQLite3-0611 slackpkg install icu4c
manual needs
slackpkg install libseccomp
also this won’t harm
slackpkg install htop
there’s quite a lot to grab – time for a cup of tea…
git clone --recursive https://github.com/zeek/zeek
note default prefix is /usr/local/zeek so let’s fix that
./configure --help 2>&1 | less
./configure \
--prefix=/usr/local \
--conf-files-dir=/etc/zeek \
--statedir=/var/lib/zeek \
--spooldir=/var/spool/zeek \
--logdir=/var/log/zeek \
--enable-jemalloc \
> configure.log
# --localstatedir=/var \
tail -F configure.log
warning, you need some RAM to build this (e.g. 8GiB with 2 active cores) – time for another cup of tea…
#export CMAKE_MAKE_PROGRAM="make -j8" #cmake --build --parallel ../ time nice make -j2 > make.log
tail -F make.log make install which zeekctl
folders have been created
ls -lF /usr/local/ ls -lF /etc/zeek/ ls -lF /var/lib/zeek/ ls -lF /var/spool/zeek/ ls -lF /var/log/zeek/ grep local/lib64 /etc/ld.so.conf
see zeek
at configure time
Couldn't determine how to link against libpcap
==> check with ldd against libpcap.so
while building
c++: fatal error: Killed signal terminated program cc1plus compilation terminated.
==> increase RAM
fatal: fetch-pack: invalid index-pack output
==> idem – increase RAM
Installing Zeek https://docs.zeek.org/en/master/install.html
Required Dependencies https://docs.zeek.org/en/master/install.html#required-dependencies