Kevin please correct me if I’m wrong. In essence an interim solution could be (limited to 14.04 LTS x64 [sorry we do not build for i386]) - I package PF_RING 6.2.0 and ntopng and put them somewhere in packages.ntop.org on a place that you can access independently from ntop’s stable - I can modify *your* ntopng package dependencies (tell me what you need) unless you’re happy to re-pack the ntopng binary - You will notify me if you want me to change PF_RING release in case you SecurityOnion moves to another release
Will this be enough for you? Regards Luca > On 17 Jun 2016, at 21:01, Kevin Branch <[email protected]> wrote: > > Hi Luca, > > Thanks for reaching out about our issue. Yes, Security Onion is built > directly on 64 bit Ubuntu 14.04. Doug Burks is the lead developer of > Security Onion and I appreciate his work greatly, as I do yours. I've copied > in Doug on this discussion. I appreciate your interest in a more native > level of ntopng support for Security Onion. I would be delighted to put my > ntopng-for-securityonion solution to rest in favor of something that could > track more closely with the latest stable releases of ntopng. > > Security Onion packages Snort, Suricata, and Bro IDS to use PF_RING for > improved packet capture performance. These are the relevant deb packages: > securityonion-snort > securityonion-suricata > securityonion-bro > which depend on Doug's packaging of PF_RING 6.2.0: > securityonion-pfring-daq - Snort DAQ for pfring > securityonion-pfring-daq:i386 - Snort DAQ for pfring > securityonion-pfring-devel - High-speed packet > capture, filtering and analysis > securityonion-pfring-ld - Update > LD_LIBRARY_PATH to include /opt/pfring/lib > securityonion-pfring-module - High-speed packet > capture, filtering and analysis > securityonion-pfring-userland - Userland libraries > for pfring > securityonion-pfring-userland:i386 - Userland libraries > for pfring > > My script presently basically pulls the ntopng and ntopng-data deb stable > packages from ntop.org <http://ntop.org/> and installs them, plus grabs the > pf_ring deb from ntop.org <http://ntop.org/> and extracts a few files from it > that ntopng depends on but that the securityonion-pfring packages do not > include. It does not directly install the pf_ring package from ntop.org > <http://ntop.org/> because it overlaps and conflicts with the > securityonion-pfring packages. It does create and install a stub package > called "pfring" just to keep the installs of the ntopng debs from barking > about depending on "pfring". This works, but it would be much nicer if > ntopng could get automatically updated with an apt-get upgrade instead of via > the script. > > Perhaps you could advise us how to build securityonion-ntopng and > securityonion-ntopng-data deb packages that we could maintain? Then we could > always make sure it is in alignment with the Security Onion pfring packages. > > Thoughts? > Kevin > > > > On Fri, Jun 17, 2016 at 2:43 AM, Luca Deri <[email protected] > <mailto:[email protected]>> wrote: > Hi Kevin > instead of doing all this, can we work together at providing you a package > for your distribution? What OS is Security Onion using? Is Ubuntu 14.04 or > something else? In essence I want to see if on our end we can support your > distro natively and thus better serve your community > > Regards Luca > >> On 13 Jun 2016, at 23:59, Kevin Branch <[email protected] >> <mailto:[email protected]>> wrote: >> >> (Please pardon the cross-post. I should not have sent this to ntop-dev.) >> >> >> Hi, I'm the maintainer of a script used by the Security Onion community to >> install ntopng onto Security Onion sensors (on Ubuntu 14.04): >> >> https://github.com/branchnetconsulting/so1404-ntopng-installer >> <https://github.com/branchnetconsulting/so1404-ntopng-installer> >> >> The script makes it possible to install ntopng from your apt-stable repo >> onto Security Onion without causing conflicts between the >> securityonion-pfring-* packages and your repo's pfring package. >> >> When the latest stable ntopng packages recently started depending on pfring >> 6.4 instead of 6.2, this solution stopped working. While I'd like to see >> pfring 6.4 support get onto the Security Onion roadmap, I expect it will be >> some time before that will be ready. For now, it would be great if >> Security Onion users could have access to the last stable version of >> ntop-ng as it was before it was repackaged to use the newly released pfring >> 6.4. >> >> I am specifically requesting a copy of the latest stable ntopng and >> ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring 6.2, >> along with the matching pfring 6.2 deb package itself. If you like, I >> would be happy to host them on my github page (clearly marked as hosting an >> OLD version of ntopng) and point my script to pull the packages from there >> until Security Onion starts supporting pfring 6.4. >> >> Thanks in advance for your assistance. We really appreciate the quality >> product that ntopng has come to be. >> >> Kevin Branch >> Branch Network Consulting, LLC >> _______________________________________________ >> Ntop mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop >> <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop > <http://listgateway.unipi.it/mailman/listinfo/ntop> > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
