This document outlines the process of deploying Suricata in an arm64 environment and optimizing its configuration.
Hardware Configuration:
CPU: aarch64 architecture
Memory: 256GB
Operating System: UOS 20 Enterprise
Network Card: Gigabit Ethernet (no optical port / non-Intel network card)
Kernel Version: 4.19.0-arm64-server
Dependency Installation:
Refer to the official documentation for installing dependencies:
apt-get install libpcre3 libpcre3-dbg libpcre3-dev build-essential libpcap-dev \
libnet1-dev libyaml-0-2 libyaml-dev pkg-config zlib1g zlib1g-dev \
libcap-ng-dev libcap-ng0 make libmagic-dev \
libnss3-dev libgeoip-dev liblua5.1-dev libhiredis-dev libevent-dev \
python-yaml rustc cargo
Note:
1. The package liblua5.1-dev is not available in the UOS 20 official repository; you need to use liblua5.1-0-dev as a substitute.
2. Install with: apt install libjansson-dev
Network Card Driver and Hyperscan
There is no Intel network card present on the host, so this part can be temporarily ignored.
Hyperscan currently only supports the x86_64 architecture, so we’ll stick with Suricata’s original PCRE regular expressions for now.
Standard Installation
wget https://www.openinfosecfoundation.org/download/suricata-6.0.4.tar.gz tar xzvf suricata-6.0.4.tar.gz cd suricata-6.0.4/ apt-get install libmaxminddb-dev # Needed if the geo-ip plugin will be enabled ./configure --sysconfdir=/etc --localstatedir=/data --enable-geoip make make install
Troubleshooting
suricata: error while loading shared libraries: libhtp.so.2: cannot open shared object file: No such file or directory
Solution: Add /usr/local/lib to the /etc/ld.so.conf file, then run ldconfig to refresh the library cache and resolve the issue.
Installation Complete
Use the Suricata command to check if the installation was successful:
Leave a Reply