2. Installation

There are currently no binary packages of Meer available. However, installation from source is pretty straightforward.

2.1. Required Prerequisites

Meer uses a YAML configuration file. This means that Meer will need libyaml installed on the system. On Ubuntu/Debian systems, this can be installed via:

apt-get install libyaml-dev

Meer uses JSON-C to parse JSON (EVE) output from Sagan and Suricata. On Ubuntu/Debian systems, this prerequisite can be installed via:

apt-get install libjson-c-dev

2.2. Optional Prerequisites

2.2.1. Redis

If you would like to have Meer store data into Redis, which is enabled by default during compile time, you will need the “hiredis” library and development files. On Ubuntu/Debian systems:

sudo apt-get install libhiredis-dev

2.2.2. Elasticsearch

If you would like Meer to use the ‘elasticsearch’ output plugin, then you’ll need to install libcurl. To do this on Ubuntu/Debian systems, do the following:

apt-get install libcurl4-openssl-dev

2.3. Source

Installation from source distributions files gives

Basic steps:

git clone https://github.com/quadrantsec/meer
cd meer
./autogen.sh
./configure
make
sudo make install

By default, this will install Meer into the /usr/local/bin/ directory with the default Meer configuration file in the /usr/local/etc/ directory. By default, Meer will compile with only Redis support.

--prefix=/usr/

Installs the Meer binary in the /usr/bin. The default is /usr/local/bin.

--sysconfdir=/etc

Installs the Meer configuration file (meer.yaml) in the /etc directory. The default is /usr/local/etc/.

--with-libjsonc-libraries

This option points Meer to where the json-c libraries reside.

--with-libjsonc-includes

This option points Meer to where the json-c header files reside.

--with-libyaml_libraries

This option points Meer to where the libyaml files reside.

--with-libyaml-includes

This option points Meer to where the libyaml header files reside.

--enable-redis

This option enables Redis output support. It requires “hiredis” to be installedt.

--enable-elastcisearch

This option enables Elastcisearch support. It requires “libcurl” to be installed.

--enable-geoip

This option enables Maxmind’s GeoIP support. It requires “libmaxminddb” Maxmind library to be install.

--enable-bluedot

This optino allows Meer to write to a Bluedot “threat intel” database alert data via HTTP. This requres that “libcurl” be installed. You probably don’t want this.

--enable-tcmalloc

This options enables support for Google’s TCMalloc. For more information, see https://github.com/google/tcmalloc