Hi Luca, Thanks for reaching out about our issue. Yes, Security Onion is built directly on 64 bit Ubuntu 14.04. Doug Burks is the lead developer of Security Onion and I appreciate his work greatly, as I do yours. I've copied in Doug on this discussion. I appreciate your interest in a more native level of ntopng support for Security Onion. I would be delighted to put my ntopng-for-securityonion solution to rest in favor of something that could track more closely with the latest stable releases of ntopng.
Security Onion packages Snort, Suricata, and Bro IDS to use PF_RING for improved packet capture performance. These are the relevant deb packages: - securityonion-snort - securityonion-suricata - securityonion-bro which depend on Doug's packaging of PF_RING 6.2.0: - securityonion-pfring-daq - Snort DAQ for pfring - securityonion-pfring-daq:i386 - Snort DAQ for pfring - securityonion-pfring-devel - High-speed packet capture, filtering and analysis - securityonion-pfring-ld - Update LD_LIBRARY_PATH to include /opt/pfring/lib - securityonion-pfring-module - High-speed packet capture, filtering and analysis - securityonion-pfring-userland - Userland libraries for pfring - securityonion-pfring-userland:i386 - Userland libraries for pfring My script presently basically pulls the ntopng and ntopng-data deb stable packages from ntop.org and installs them, plus grabs the pf_ring deb from ntop.org and extracts a few files from it that ntopng depends on but that the securityonion-pfring packages do not include. It does not directly install the pf_ring package from ntop.org because it overlaps and conflicts with the securityonion-pfring packages. It does create and install a stub package called "pfring" just to keep the installs of the ntopng debs from barking about depending on "pfring". This works, but it would be much nicer if ntopng could get automatically updated with an apt-get upgrade instead of via the script. Perhaps you could advise us how to build securityonion-ntopng and securityonion-ntopng-data deb packages that we could maintain? Then we could always make sure it is in alignment with the Security Onion pfring packages. Thoughts? Kevin On Fri, Jun 17, 2016 at 2:43 AM, Luca Deri <[email protected]> wrote: > Hi Kevin > instead of doing all this, can we work together at providing you a package > for your distribution? What OS is Security Onion using? Is Ubuntu 14.04 or > something else? In essence I want to see if on our end we can support your > distro natively and thus better serve your community > > Regards Luca > > On 13 Jun 2016, at 23:59, Kevin Branch <[email protected]> > wrote: > > (Please pardon the cross-post. I should not have sent this to ntop-dev.) > > > Hi, I'm the maintainer of a script used by the Security Onion community to > install ntopng onto Security Onion sensors (on Ubuntu 14.04): > > https://github.com/branchnetconsulting/so1404-ntopng-installer > > The script makes it possible to install ntopng from your apt-stable repo > onto Security Onion without causing conflicts between the > securityonion-pfring-* packages and your repo's pfring package. > > When the latest stable ntopng packages recently started depending on > pfring > 6.4 instead of 6.2, this solution stopped working. While I'd like to see > pfring 6.4 support get onto the Security Onion roadmap, I expect it will > be > some time before that will be ready. For now, it would be great if > Security Onion users could have access to the last stable version of > ntop-ng as it was before it was repackaged to use the newly released > pfring > 6.4. > > I am specifically requesting a copy of the latest stable ntopng and > ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring 6.2, > along with the matching pfring 6.2 deb package itself. If you like, I > would be happy to host them on my github page (clearly marked as hosting > an > OLD version of ntopng) and point my script to pull the packages from there > until Security Onion starts supporting pfring 6.4. > > Thanks in advance for your assistance. We really appreciate the quality > product that ntopng has come to be. > > Kevin Branch > Branch Network Consulting, LLC > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop >
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
