Errors building moloch under CentOS6 with Yara 2.0
349 views
Skip to first unread message
C. L. Martinez
Feb 19, 2014, 3:01:07 AM2/19/14
to moloc...@googlegroups.com
Hi all,
I am trying to build moloch under a CentOS 6.5 x86_64 host, but the
following errors are returned:
[root@c6test moloch]# ./configure --prefix=/opt/moloch
--with-libnids=/opt/libnids --with-yara=/opt/yara
--with-libpcap=/opt/libpcap
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... none
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... none
checking for main in -lpcre... yes
checking for main in -luuid... yes
checking for main in -lmagic... yes
checking for pfring... no
checking for libpcap... /opt/libpcap
checking for libnids... /opt/libnids
checking for yara... /opt/yara
checking for GeoIP... yes
checking for glib2... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating capture/Makefile
config.status: creating capture/plugins/Makefile
config.status: creating capture/parsers/Makefile
config.status: creating db/Makefile
config.status: creating tests/plugins/Makefile
config.status: creating viewer/Makefile
config.status: creating viewer/version.js
config.status: creating capture/molochconfig.h
config.status: executing depfiles commands
[root@c6test moloch]# make
Makefile:219: warning: overriding commands for target `capture/plugins/Makefile'
Makefile:217: warning: ignoring old commands for target
`capture/plugins/Makefile'
cd . && /bin/sh /tmp/o/moloch/missing --run aclocal-1.9
/tmp/o/moloch/missing: line 52: aclocal-1.9: command not found
WARNING: `aclocal-1.9' is missing on your system. You should only need it if
you modified `acinclude.m4' or `configure.ac'. You might want
to install the `Automake' and `Perl' packages. Grab them from
any GNU archive site.
cd . && /bin/sh /tmp/o/moloch/missing --run automake-1.9 --foreign
/tmp/o/moloch/missing: line 52: automake-1.9: command not found
WARNING: `automake-1.9' is missing on your system. You should only need it if
you modified `Makefile.am', `acinclude.m4' or `configure.ac'.
You might want to install the `Automake' and `Perl' packages.
Grab them from any GNU archive site.
cd . && /bin/sh /tmp/o/moloch/missing --run autoconf
/bin/sh ./config.status --recheck
running CONFIG_SHELL=/bin/sh /bin/sh ./configure --prefix=/opt/moloch
--with-libnids=/opt/libnids --with-yara=/opt/yara
--with-libpcap=/opt/libpcap --no-create --no-recursion
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... none
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... none
checking for main in -lpcre... yes
checking for main in -luuid... yes
checking for main in -lmagic... yes
checking for pfring... no
checking for libpcap... /opt/libpcap
checking for libnids... /opt/libnids
checking for yara... /opt/yara
checking for GeoIP... yes
checking for glib2... yes
configure: creating ./config.status
/bin/sh ./config.status
config.status: creating Makefile
config.status: creating capture/Makefile
config.status: creating capture/plugins/Makefile
config.status: creating capture/parsers/Makefile
config.status: creating db/Makefile
config.status: creating tests/plugins/Makefile
config.status: creating viewer/Makefile
config.status: creating viewer/version.js
config.status: creating capture/molochconfig.h
config.status: capture/molochconfig.h is unchanged
config.status: executing depfiles commands
Makefile:219: warning: overriding commands for target `capture/plugins/Makefile'
Makefile:217: warning: ignoring old commands for target
`capture/plugins/Makefile'
Making all in capture
make[1]: Entering directory `/tmp/o/moloch/capture'
gcc -c thirdparty/js0n.c -o thirdparty/js0n.o
gcc -ggdb -DNDEBUG -DHTTP_PARSER_STRICT=0 -DHTTP_PARSER_DEBUG=0 -O3 -c
thirdparty/http_parser.c -o thirdparty/http_parser.o
gcc -c thirdparty/patricia.c -o thirdparty/patricia.o
gcc -fPIC -O2 -ggdb -Wall -Wextra -D_GNU_SOURCE -c main.c db.c nids.c
yara.c http.c config.c parsers.c plugins.c field.c trie.c \
-I/opt/libpcap/include \
-Ithirdparty -pthread -I/usr/include/glib-2.0
-I/usr/lib64/glib-2.0/include -I/opt/yara/include
-I/opt/libnids/include
yara.c:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’
before ‘*’ token
yara.c:25: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’
before ‘*’ token
yara.c:36: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’
before ‘*’ token
yara.c: In function ‘moloch_yara_init’:
yara.c:68: warning: implicit declaration of function ‘yr_init’
yara.c:70: error: ‘yContext’ undeclared (first use in this function)
yara.c:70: error: (Each undeclared identifier is reported only once
yara.c:70: error: for each function it appears in.)
yara.c:70: warning: implicit declaration of function ‘moloch_yara_open’
yara.c:71: error: ‘yEmailContext’ undeclared (first use in this function)
yara.c: At top level:
yara.c:235: error: expected ‘)’ before ‘*’ token
yara.c:260: error: expected ‘)’ before ‘*’ token
yara.c: In function ‘moloch_yara_execute’:
yara.c:264: error: ‘MEMORY_BLOCK’ undeclared (first use in this function)
yara.c:264: error: expected ‘;’ before ‘block’
yara.c:267: error: ‘block’ undeclared (first use in this function)
yara.c:281: warning: implicit declaration of function ‘yr_scan_mem_blocks’
yara.c:281: error: ‘yContext’ undeclared (first use in this function)
yara.c:281: error: ‘YARACALLBACK’ undeclared (first use in this function)
yara.c:281: error: expected ‘)’ before ‘moloch_yara_callback’
yara.c:262: warning: unused parameter ‘session’
yara.c: In function ‘moloch_yara_email_execute’:
yara.c:287: error: ‘MEMORY_BLOCK’ undeclared (first use in this function)
yara.c:287: error: expected ‘;’ before ‘block’
yara.c:293: error: ‘block’ undeclared (first use in this function)
yara.c:307: error: ‘yEmailContext’ undeclared (first use in this function)
yara.c:307: error: ‘YARACALLBACK’ undeclared (first use in this function)
yara.c:307: error: expected ‘)’ before ‘moloch_yara_callback’
yara.c:285: warning: unused parameter ‘session’
yara.c: In function ‘moloch_yara_exit’:
yara.c:313: warning: implicit declaration of function ‘yr_destroy_context’
yara.c:313: error: ‘yContext’ undeclared (first use in this function)
make[1]: *** [all] Error 1
make[1]: Leaving directory `/tmp/o/moloch/capture'
make: *** [all-recursive] Error 1
[root@c6test moloch]#
[root@c6test moloch]#
[root@c6test moloch]#
[root@c6test moloch]# rpm -qa | grep autocnf
[root@c6test moloch]# rpm -qa | grep autoconf
autoconf-2.63-5.1.el6.noarch
[root@c6test moloch]# rpm -qa | grep automake
automake-1.11.1-4.el6.noarch
[root@c6test moloch]#
Yara is release 2.0. Maybe could this be a problem??
I am trying to build moloch under a CentOS 6.5 x86_64 host, but the
following errors are returned:
[root@c6test moloch]# ./configure --prefix=/opt/moloch
--with-libnids=/opt/libnids --with-yara=/opt/yara
--with-libpcap=/opt/libpcap
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... none
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... none
checking for main in -lpcre... yes
checking for main in -luuid... yes
checking for main in -lmagic... yes
checking for pfring... no
checking for libpcap... /opt/libpcap
checking for libnids... /opt/libnids
checking for yara... /opt/yara
checking for GeoIP... yes
checking for glib2... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating capture/Makefile
config.status: creating capture/plugins/Makefile
config.status: creating capture/parsers/Makefile
config.status: creating db/Makefile
config.status: creating tests/plugins/Makefile
config.status: creating viewer/Makefile
config.status: creating viewer/version.js
config.status: creating capture/molochconfig.h
config.status: executing depfiles commands
[root@c6test moloch]# make
Makefile:219: warning: overriding commands for target `capture/plugins/Makefile'
Makefile:217: warning: ignoring old commands for target
`capture/plugins/Makefile'
cd . && /bin/sh /tmp/o/moloch/missing --run aclocal-1.9
/tmp/o/moloch/missing: line 52: aclocal-1.9: command not found
WARNING: `aclocal-1.9' is missing on your system. You should only need it if
you modified `acinclude.m4' or `configure.ac'. You might want
to install the `Automake' and `Perl' packages. Grab them from
any GNU archive site.
cd . && /bin/sh /tmp/o/moloch/missing --run automake-1.9 --foreign
/tmp/o/moloch/missing: line 52: automake-1.9: command not found
WARNING: `automake-1.9' is missing on your system. You should only need it if
you modified `Makefile.am', `acinclude.m4' or `configure.ac'.
You might want to install the `Automake' and `Perl' packages.
Grab them from any GNU archive site.
cd . && /bin/sh /tmp/o/moloch/missing --run autoconf
/bin/sh ./config.status --recheck
running CONFIG_SHELL=/bin/sh /bin/sh ./configure --prefix=/opt/moloch
--with-libnids=/opt/libnids --with-yara=/opt/yara
--with-libpcap=/opt/libpcap --no-create --no-recursion
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... none
checking for g++... g++
checking whether we are using the GNU C++ compiler... yes
checking whether g++ accepts -g... yes
checking dependency style of g++... none
checking for main in -lpcre... yes
checking for main in -luuid... yes
checking for main in -lmagic... yes
checking for pfring... no
checking for libpcap... /opt/libpcap
checking for libnids... /opt/libnids
checking for yara... /opt/yara
checking for GeoIP... yes
checking for glib2... yes
configure: creating ./config.status
/bin/sh ./config.status
config.status: creating Makefile
config.status: creating capture/Makefile
config.status: creating capture/plugins/Makefile
config.status: creating capture/parsers/Makefile
config.status: creating db/Makefile
config.status: creating tests/plugins/Makefile
config.status: creating viewer/Makefile
config.status: creating viewer/version.js
config.status: creating capture/molochconfig.h
config.status: capture/molochconfig.h is unchanged
config.status: executing depfiles commands
Makefile:219: warning: overriding commands for target `capture/plugins/Makefile'
Makefile:217: warning: ignoring old commands for target
`capture/plugins/Makefile'
Making all in capture
make[1]: Entering directory `/tmp/o/moloch/capture'
gcc -c thirdparty/js0n.c -o thirdparty/js0n.o
gcc -ggdb -DNDEBUG -DHTTP_PARSER_STRICT=0 -DHTTP_PARSER_DEBUG=0 -O3 -c
thirdparty/http_parser.c -o thirdparty/http_parser.o
gcc -c thirdparty/patricia.c -o thirdparty/patricia.o
gcc -fPIC -O2 -ggdb -Wall -Wextra -D_GNU_SOURCE -c main.c db.c nids.c
yara.c http.c config.c parsers.c plugins.c field.c trie.c \
-I/opt/libpcap/include \
-Ithirdparty -pthread -I/usr/include/glib-2.0
-I/usr/lib64/glib-2.0/include -I/opt/yara/include
-I/opt/libnids/include
yara.c:24: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’
before ‘*’ token
yara.c:25: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’
before ‘*’ token
yara.c:36: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’
before ‘*’ token
yara.c: In function ‘moloch_yara_init’:
yara.c:68: warning: implicit declaration of function ‘yr_init’
yara.c:70: error: ‘yContext’ undeclared (first use in this function)
yara.c:70: error: (Each undeclared identifier is reported only once
yara.c:70: error: for each function it appears in.)
yara.c:70: warning: implicit declaration of function ‘moloch_yara_open’
yara.c:71: error: ‘yEmailContext’ undeclared (first use in this function)
yara.c: At top level:
yara.c:235: error: expected ‘)’ before ‘*’ token
yara.c:260: error: expected ‘)’ before ‘*’ token
yara.c: In function ‘moloch_yara_execute’:
yara.c:264: error: ‘MEMORY_BLOCK’ undeclared (first use in this function)
yara.c:264: error: expected ‘;’ before ‘block’
yara.c:267: error: ‘block’ undeclared (first use in this function)
yara.c:281: warning: implicit declaration of function ‘yr_scan_mem_blocks’
yara.c:281: error: ‘yContext’ undeclared (first use in this function)
yara.c:281: error: ‘YARACALLBACK’ undeclared (first use in this function)
yara.c:281: error: expected ‘)’ before ‘moloch_yara_callback’
yara.c:262: warning: unused parameter ‘session’
yara.c: In function ‘moloch_yara_email_execute’:
yara.c:287: error: ‘MEMORY_BLOCK’ undeclared (first use in this function)
yara.c:287: error: expected ‘;’ before ‘block’
yara.c:293: error: ‘block’ undeclared (first use in this function)
yara.c:307: error: ‘yEmailContext’ undeclared (first use in this function)
yara.c:307: error: ‘YARACALLBACK’ undeclared (first use in this function)
yara.c:307: error: expected ‘)’ before ‘moloch_yara_callback’
yara.c:285: warning: unused parameter ‘session’
yara.c: In function ‘moloch_yara_exit’:
yara.c:313: warning: implicit declaration of function ‘yr_destroy_context’
yara.c:313: error: ‘yContext’ undeclared (first use in this function)
make[1]: *** [all] Error 1
make[1]: Leaving directory `/tmp/o/moloch/capture'
make: *** [all-recursive] Error 1
[root@c6test moloch]#
[root@c6test moloch]#
[root@c6test moloch]#
[root@c6test moloch]# rpm -qa | grep autocnf
[root@c6test moloch]# rpm -qa | grep autoconf
autoconf-2.63-5.1.el6.noarch
[root@c6test moloch]# rpm -qa | grep automake
automake-1.11.1-4.el6.noarch
[root@c6test moloch]#
Yara is release 2.0. Maybe could this be a problem??
C. L. Martinez
Feb 19, 2014, 3:09:58 AM2/19/14
to moloc...@googlegroups.com
libpcap library:
parsers.o plugins.o field.o trie.o -o moloch-capture \
-ug_checksum_update \
/opt/libpcap/lib/libpcap.a \
/opt/libnids/lib/libnids.a -pthread -Wl,--export-dynamic -lgio-2.0
-lgobject-2.0 -lgthread-2.0 -lgmodule-2.0 -lrt -lglib-2.0
/opt/yara/lib/libyara.a -lGeoIP thirdparty/http_parser.o
thirdparty/js0n.o thirdparty/patricia.o -ldl -lpthread \
-lrt -lm -lpcre -lresolv -luuid -lmagic -lffi -lz
/opt/libpcap/lib/libpcap.a(pcap-linux.o): In function `nl_socket_alloc':
pcap-linux.c:(.text+0x2ca): undefined reference to `nl_handle_alloc'
/opt/libpcap/lib/libpcap.a(pcap-linux.o): In function `nl_socket_free':
pcap-linux.c:(.text+0x2e4): undefined reference to `nl_handle_destroy'
/opt/libpcap/lib/libpcap.a(pcap-linux.o): In function `__genl_ctrl_alloc_cache':
pcap-linux.c:(.text+0x302): undefined reference to `genl_ctrl_alloc_cache'
/opt/libpcap/lib/libpcap.a(pcap-linux.o): In function `nl80211_init':
pcap-linux.c:(.text+0x39a): undefined reference to `genl_connect'
pcap-linux.c:(.text+0x44d): undefined reference to `genl_ctrl_search_by_name'
pcap-linux.c:(.text+0x4a1): undefined reference to `nl_cache_free'
/opt/libpcap/lib/libpcap.a(pcap-linux.o): In function `nl80211_cleanup':
pcap-linux.c:(.text+0x4e1): undefined reference to `genl_family_put'
pcap-linux.c:(.text+0x4f1): undefined reference to `nl_cache_free'
/opt/libpcap/lib/libpcap.a(pcap-linux.o): In function `add_mon_if':
pcap-linux.c:(.text+0x552): undefined reference to `nlmsg_alloc'
pcap-linux.c:(.text+0x5a5): undefined reference to `genl_family_get_id'
pcap-linux.c:(.text+0x5da): undefined reference to `genlmsg_put'
pcap-linux.c:(.text+0x5fd): undefined reference to `nla_put'
pcap-linux.c:(.text+0x62b): undefined reference to `nla_put'
pcap-linux.c:(.text+0x657): undefined reference to `nla_put'
pcap-linux.c:(.text+0x675): undefined reference to `nl_send_auto_complete'
pcap-linux.c:(.text+0x690): undefined reference to `nlmsg_free'
pcap-linux.c:(.text+0x6ed): undefined reference to `nlmsg_free'
pcap-linux.c:(.text+0x706): undefined reference to `nl_wait_for_ack'
pcap-linux.c:(.text+0x721): undefined reference to `nlmsg_free'
pcap-linux.c:(.text+0x77e): undefined reference to `nlmsg_free'
pcap-linux.c:(.text+0x791): undefined reference to `nlmsg_free'
pcap-linux.c:(.text+0x7d9): undefined reference to `nlmsg_free'
/opt/libpcap/lib/libpcap.a(pcap-linux.o): In function `del_mon_if':
pcap-linux.c:(.text+0x835): undefined reference to `nlmsg_alloc'
pcap-linux.c:(.text+0x888): undefined reference to `genl_family_get_id'
pcap-linux.c:(.text+0x8bd): undefined reference to `genlmsg_put'
pcap-linux.c:(.text+0x8e0): undefined reference to `nla_put'
pcap-linux.c:(.text+0x8fe): undefined reference to `nl_send_auto_complete'
pcap-linux.c:(.text+0x95a): undefined reference to `nlmsg_free'
pcap-linux.c:(.text+0x973): undefined reference to `nl_wait_for_ack'
pcap-linux.c:(.text+0x9cf): undefined reference to `nlmsg_free'
pcap-linux.c:(.text+0x9e2): undefined reference to `nlmsg_free'
pcap-linux.c:(.text+0xa2a): undefined reference to `nlmsg_free'
collect2: ld returned 1 exit status
make[1]: *** [all] Error 1
make[1]: Leaving directory `/tmp/o/moloch/capture'
make: *** [all-recursive] Error 1
libpcap is 1.5.3 build from source ....
make[1]: Leaving directory `/tmp/o/moloch/capture'
make: *** [all-recursive] Error 1
Any ideas??
Andy
Feb 19, 2014, 8:48:59 AM2/19/14
to moloc...@googlegroups.com
yara 2 isn't supported yet.
Looks like libpcap was built with nl, try adding a -lnl after the -lz in the Makefile
Andy
Feb 20, 2014, 9:27:00 AM2/20/14
to moloc...@googlegroups.com
In the capture directory, around line 40
C. L. Martinez
Feb 20, 2014, 9:29:23 AM2/20/14
to moloc...@googlegroups.com
Oops .. Thanks Andy... Works.
On Thu, Feb 20, 2014 at 2:27 PM, Andy <andy...@gmail.com> wrote:
> In the capture directory, around line 40
>
> --
> You received this message because you are subscribed to the Google Groups
> "Moloch Full Packet Capture" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to moloch-fpc+...@googlegroups.com.
> To post to this group, send email to moloc...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
On Thu, Feb 20, 2014 at 2:27 PM, Andy <andy...@gmail.com> wrote:
> In the capture directory, around line 40
>
> You received this message because you are subscribed to the Google Groups
> "Moloch Full Packet Capture" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to moloch-fpc+...@googlegroups.com.
> To post to this group, send email to moloc...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages