ContextQMD
Back to Suricata

Building on Windows

doc/userguide/install/windows.rst

latest3.6 KB
Original Source

:orphan: Linked from install page, just not a TOC.

Building on Windows ###################

The following are instructions for building Suricata on Windows in an MSYS2 environment. This is targeted to users who plan to develop Suricata, or create Suricata packages for Windows. For end users we recommend the Windows installer available on the Suricata download page: https://suricata.io/download/

Dependencies

Before building on Windows, the following dependencies must be installed:

  • MSYS2: MSYS2 provides the Windows build environment required by Suricata. Install from https://www.msys2.org/.

  • Npcap for Windows: This is required for live capture on Windows. If only PCAP processing is desired, this dependency can be skipped. The "Npcap Installer" package as well as the "Npcap SDK" need to be installed. Download from https://npcap.com/.

  • WinDivert: This is required for IPS mode on Windows. Download the binary package from https://www.reqrypt.org/windivert.html and extract it for example in C:\windivert\.

MSYS2

First, MSYS2 must be installed. This can be done with the MSYS2 installer from https://www.msys2.org/.

Once installed, the following directions assume the default UCRT64 environment will be used.

MSYS2 Dependencies

Prepare your MSYS2 development environment by installing the following dependencies::

pacman -S
autoconf
automake
git
make
mingw-w64-ucrt-x86_64-cbindgen
mingw-w64-ucrt-x86_64-jansson
mingw-w64-ucrt-x86_64-libpcap
mingw-w64-ucrt-x86_64-libtool
mingw-w64-ucrt-x86_64-libyaml
mingw-w64-ucrt-x86_64-pcre2
mingw-w64-ucrt-x86_64-rust
mingw-w64-ucrt-x86_64-toolchain
unzip

.. note:: If asked to enter a selection, particularly for the toolchain dependency, select the default of all.

Npcap

Npcap is required for live capture on Windows. The driver and the SDK must be installed to build Suricata on Windows with live capture support.

Both the driver installers and the SDK can be downloaded from https://npcap.com/.

Npcap Driver

The driver is a native Windows application installer. Install it using the downloaded installer.

Npcap SDK

The SDK can be installed from Windows, or from inside the MSYS2 environment. The following documentation assumes the SDK was installed inside the MSYS2 environment like so::

curl -OL https://npcap.com/dist/npcap-sdk-1.15.zip unzip npcap-sdk-1.15.zip -d /npcap

Building

::

./autogen.sh ./configure --prefix=/usr/local
--with-libpcap-includes=/c/npcap/Include
--with-libpcap-libraries=/c/npcap/Lib/x64

.. note:: If intentionally building without Npcap support you can leave off the --with-libpcap configure options, and the MSYS2 libpcap will be used without live capture support.

.. note:: If building with WinDivert, you may add --enable-windivert=yes then points to the extraction path using --with-windivert-include=/c/windivert/include and --with-windivert-libraries=/c/windivert/x64.

Installation

To install in the MSYS2 environment, run::

make install

.. attention:: At this time, make install-conf and make install-full do not work properly. See ticket https://redmine.openinfosecfoundation.org/issues/7763 for details. You will manually need to copy configuration files, and/or update command line and configuration file options to find relevant configuration files to run inside the MSYS2 environment.