2. Installation¶
2.1. Quick start from source¶
Quick installation using common flags. For more information on packages and flags, skip to Required Prerequisites
and Optional Prerequisites
.
sudo apt-get install libjson-c-dev libyaml-dev libmaxminddb-dev libcurl4-openssl-dev libhiredis-dev libevent-dev zlib1g-dev
git clone https://github.com/quadrantsec/meer
cd meer
./autogen.sh
./configure --enable-redis --enable-elasticsearch --enable-geoip
make
sudo make install
By default, this will install Meer into the /usr/local/bin/
directory with the default Meer configuration file in the /usr/local/etc/
directory. By default (without any flags), Meer will compile with only Redis support.
2.2. Required Prerequisites¶
Meer uses a YAML configuration file. This means that Meer will need libyaml installed on the system. On Ubuntu/Debian systems, this can be installed via:
-
apt-get
install libyaml-dev
¶
Meer uses JSON-C to parse JSON (EVE) output from Sagan and Suricata. On Ubuntu/Debian systems, this prerequisite can be installed via:
-
apt-get
install libjson-c-dev
¶
2.3. Optional Prerequisites¶
2.3.1. Redis¶
If you would like to have Meer store data into Redis, which is enabled by default during compile time, you will need the “hiredis” library and development files. You will also need libevent
installed as well.
On Ubuntu/Debian systems:
-
sudo
apt-get install libhiredis-dev libevent-dev
¶
2.3.2. Elasticsearch¶
If you would like Meer to use the ‘elasticsearch’ output plugin, then you’ll need to install libcurl. To do this on Ubuntu/Debian systems, do the following:
-
apt-get
install libcurl4-openssl-dev
¶
2.3.3. Maxmind (GeoIP support)¶
If you would like Meer to add GeoIP data to Suricata/Sagan EVE data, you’ll want to install the Maxmind (https://maxmind.com) library. To do this on Ubuntu/Debian systems, do the following:
-
apt-get
install libmaxminddb-dev
¶
2.3.4. JEMalloc¶
For JEMalloc support, on Debian/Ubuntu systems, install the JEMalloc library:
-
apt-get
install libjemalloc-dev
¶
2.3.5. TCMalloc¶
For TCMalloc support, on Debian/Ubuntu systems, install the TCMalloc library:
-
apt-get
install libtcmalloc-minimal4
¶
2.3.5.1. Common configure options¶
-
--prefix
=/usr/
¶ Installs the Meer binary in the /usr/bin. The default is
/usr/local/bin
.
-
--sysconfdir
=/etc
¶ Installs the Meer configuration file (meer.yaml) in the /etc directory. The default is
/usr/local/etc/
.
-
--with-libjsonc-libraries
¶
This option points Meer to where the json-c libraries reside.
-
--with-libjsonc-includes
¶
This option points Meer to where the json-c header files reside.
-
--with-libyaml_libraries
¶
This option points Meer to where the libyaml files reside.
-
--with-libyaml-includes
¶
This option points Meer to where the libyaml header files reside.
-
--enable-redis
¶
This option enables Redis output support. It requires “hiredis” to be installedt.
-
--enable-elastcisearch
¶
This option enables Elastcisearch support. It requires “libcurl” to be installed.
-
--enable-geoip
¶
This option enables Maxmind’s GeoIP support. It requires “libmaxminddb” Maxmind library to be install.
-
--enable-bluedot
¶
This optino allows Meer to write to a Bluedot “threat intel” database alert data via HTTP. This requres that “libcurl” be installed. You probably don’t want this.
-
--enable-tcmalloc
¶
This options enables support for Google’s TCMalloc. For more information, see https://github.com/google/tcmalloc
-
--enable-jemalloc
¶
This options enables support for JEMalloc. For more information, see https://jemalloc.net.