#42858: [NEW] suricata 1.4.7 -------------------------+-------------------------------- Reporter: jul_bsd@… | Owner: macports-tickets@… Type: submission | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: Port: suricata | -------------------------+-------------------------------- Comment (by mschamschula@…): Replying to [comment:13 jul_bsd@…]:

I merged your changes for 2.1.7 but - not sure you want rules files directly in etc, especially as from a security point of view, you will not use default set but other like EmergingThreats (that you can download w oinkmaster) and it includes them - the jansson header was already added in common.h but an update was needed - strlcat/copy patch included by upstream and not needed anymore - destroot/install is fine

but at configuration check, still have

{{{ # suricata -c /opt/local/etc/suricata/suricata.yaml -T 2>&1 |grep -v Warning 10/3/2015 -- 19:37:19 - <Info> - Running suricata under test mode 10/3/2015 -- 19:37:19 - <Notice> - This is Suricata version 2.0.7 RELEASE 10/3/2015 -- 19:37:19 - <Error> - [ERRCODE: SC_ERR_MAGIC_LOAD(197)] - magic_load failed: File 5.22 supports only version 12 magic files. `/usr/share/file/magic.mgc' is version 7 }}}

which I referenced here https://redmine.openinfosecfoundation.org/issues/1268

did you met this issue? solved it?

Thanks

As you noted, the changes here are not enough to get things working. 1) There currently is no oinkmaster port, so I downloaded it and put the perl script into ~/bin 2) I manually edited a few more things: Make sure that logging to file is enabled in /opt/local/etc/suricata/suricata.yaml {{{ - file: enabled: yes filename: /opt/local/var/log/suricata/suricata.log }}} also use MacPort's libmagic: {{{ #magic-file: /opt/local/share/misc/magic magic-file: /usr/share/file/magic }}} to {{{ magic-file: /opt/local/share/misc/magic #magic-file: /usr/share/file/magic }}} -- Ticket URL: <https://trac.macports.org/ticket/42858#comment:14> MacPorts <https://www.macports.org/> Ports system for OS X