Mailing List Archive

Hi Kevin
instead of doing all this, can we work together at providing you a package for your distribution? What OS is Security Onion using? Is Ubuntu 14.04 or something else? In essence I want to see if on our end we can support your distro natively and thus better serve your community

Regards Luca

> On 13 Jun 2016, at 23:59, Kevin Branch <kevin@branchnetconsulting.com> wrote:
>
> (Please pardon the cross-post. I should not have sent this to ntop-dev.)
>
>
> Hi, I'm the maintainer of a script used by the Security Onion community to
> install ntopng onto Security Onion sensors (on Ubuntu 14.04):
>
> https://github.com/branchnetconsulting/so1404-ntopng-installer <https://github.com/branchnetconsulting/so1404-ntopng-installer>
>
> The script makes it possible to install ntopng from your apt-stable repo
> onto Security Onion without causing conflicts between the
> securityonion-pfring-* packages and your repo's pfring package.
>
> When the latest stable ntopng packages recently started depending on pfring
> 6.4 instead of 6.2, this solution stopped working. While I'd like to see
> pfring 6.4 support get onto the Security Onion roadmap, I expect it will be
> some time before that will be ready. For now, it would be great if
> Security Onion users could have access to the last stable version of
> ntop-ng as it was before it was repackaged to use the newly released pfring
> 6.4.
>
> I am specifically requesting a copy of the latest stable ntopng and
> ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring 6.2,
> along with the matching pfring 6.2 deb package itself. If you like, I
> would be happy to host them on my github page (clearly marked as hosting an
> OLD version of ntopng) and point my script to pull the packages from there
> until Security Onion starts supporting pfring 6.4.
>
> Thanks in advance for your assistance. We really appreciate the quality
> product that ntopng has come to be.
>
> Kevin Branch
> Branch Network Consulting, LLC
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Hi Kevin
instead of doing all this, can we work together at providing you a package for your distribution? What OS is Security Onion using? Is Ubuntu 14.04 or something else? In essence I want to see if on our end we can support your distro natively and thus better serve your community

Regards Luca

> On 13 Jun 2016, at 23:59, Kevin Branch <kevin@branchnetconsulting.com> wrote:
>
> (Please pardon the cross-post. I should not have sent this to ntop-dev.)
>
>
> Hi, I'm the maintainer of a script used by the Security Onion community to
> install ntopng onto Security Onion sensors (on Ubuntu 14.04):
>
> https://github.com/branchnetconsulting/so1404-ntopng-installer <https://github.com/branchnetconsulting/so1404-ntopng-installer>
>
> The script makes it possible to install ntopng from your apt-stable repo
> onto Security Onion without causing conflicts between the
> securityonion-pfring-* packages and your repo's pfring package.
>
> When the latest stable ntopng packages recently started depending on pfring
> 6.4 instead of 6.2, this solution stopped working. While I'd like to see
> pfring 6.4 support get onto the Security Onion roadmap, I expect it will be
> some time before that will be ready. For now, it would be great if
> Security Onion users could have access to the last stable version of
> ntop-ng as it was before it was repackaged to use the newly released pfring
> 6.4.
>
> I am specifically requesting a copy of the latest stable ntopng and
> ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring 6.2,
> along with the matching pfring 6.2 deb package itself. If you like, I
> would be happy to host them on my github page (clearly marked as hosting an
> OLD version of ntopng) and point my script to pull the packages from there
> until Security Onion starts supporting pfring 6.4.
>
> Thanks in advance for your assistance. We really appreciate the quality
> product that ntopng has come to be.
>
> Kevin Branch
> Branch Network Consulting, LLC
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Hi Luca,

Thanks for reaching out about our issue. Yes, Security Onion is built
directly on 64 bit Ubuntu 14.04. Doug Burks is the lead developer of
Security Onion and I appreciate his work greatly, as I do yours. I've
copied in Doug on this discussion. I appreciate your interest in a more
native level of ntopng support for Security Onion. I would be delighted to
put my ntopng-for-securityonion solution to rest in favor of something that
could track more closely with the latest stable releases of ntopng.

Security Onion packages Snort, Suricata, and Bro IDS to use PF_RING for
improved packet capture performance. These are the relevant deb packages:

- securityonion-snort
- securityonion-suricata
- securityonion-bro

which depend on Doug's packaging of PF_RING 6.2.0:

- securityonion-pfring-daq - Snort DAQ for
pfring
- securityonion-pfring-daq:i386 - Snort DAQ for
pfring
- securityonion-pfring-devel - High-speed
packet capture, filtering and analysis
- securityonion-pfring-ld - Update
LD_LIBRARY_PATH to include /opt/pfring/lib
- securityonion-pfring-module - High-speed
packet capture, filtering and analysis
- securityonion-pfring-userland - Userland
libraries for pfring
- securityonion-pfring-userland:i386 - Userland
libraries for pfring


My script presently basically pulls the ntopng and ntopng-data deb stable
packages from ntop.org and installs them, plus grabs the pf_ring deb from
ntop.org and extracts a few files from it that ntopng depends on but that
the securityonion-pfring packages do not include. It does not directly
install the pf_ring package from ntop.org because it overlaps and conflicts
with the securityonion-pfring packages. It does create and install a
stub package called "pfring" just to keep the installs of the ntopng debs
from barking about depending on "pfring". This works, but it would be much
nicer if ntopng could get automatically updated with an apt-get upgrade
instead of via the script.

Perhaps you could advise us how to build securityonion-ntopng and
securityonion-ntopng-data deb packages that we could maintain? Then we
could always make sure it is in alignment with the Security Onion pfring
packages.

Thoughts?
Kevin



On Fri, Jun 17, 2016 at 2:43 AM, Luca Deri <deri@ntop.org> wrote:

> Hi Kevin
> instead of doing all this, can we work together at providing you a package
> for your distribution? What OS is Security Onion using? Is Ubuntu 14.04 or
> something else? In essence I want to see if on our end we can support your
> distro natively and thus better serve your community
>
> Regards Luca
>
> On 13 Jun 2016, at 23:59, Kevin Branch <kevin@branchnetconsulting.com>
> wrote:
>
> (Please pardon the cross-post. I should not have sent this to ntop-dev.)
>
>
> Hi, I'm the maintainer of a script used by the Security Onion community to
> install ntopng onto Security Onion sensors (on Ubuntu 14.04):
>
> https://github.com/branchnetconsulting/so1404-ntopng-installer
>
> The script makes it possible to install ntopng from your apt-stable repo
> onto Security Onion without causing conflicts between the
> securityonion-pfring-* packages and your repo's pfring package.
>
> When the latest stable ntopng packages recently started depending on
> pfring
> 6.4 instead of 6.2, this solution stopped working. While I'd like to see
> pfring 6.4 support get onto the Security Onion roadmap, I expect it will
> be
> some time before that will be ready. For now, it would be great if
> Security Onion users could have access to the last stable version of
> ntop-ng as it was before it was repackaged to use the newly released
> pfring
> 6.4.
>
> I am specifically requesting a copy of the latest stable ntopng and
> ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring 6.2,
> along with the matching pfring 6.2 deb package itself. If you like, I
> would be happy to host them on my github page (clearly marked as hosting
> an
> OLD version of ntopng) and point my script to pull the packages from there
> until Security Onion starts supporting pfring 6.4.
>
> Thanks in advance for your assistance. We really appreciate the quality
> product that ntopng has come to be.
>
> Kevin Branch
> Branch Network Consulting, LLC
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Kevin
please correct me if I’m wrong. In essence an interim solution could be (limited to 14.04 LTS x64 [sorry we do not build for i386])
- I package PF_RING 6.2.0 and ntopng and put them somewhere in packages.ntop.org on a place that you can access independently from ntop’s stable
- I can modify *your* ntopng package dependencies (tell me what you need) unless you’re happy to re-pack the ntopng binary
- You will notify me if you want me to change PF_RING release in case you SecurityOnion moves to another release

Will this be enough for you?

Regards Luca

> On 17 Jun 2016, at 21:01, Kevin Branch <kevin@branchnetconsulting.com> wrote:
>
> Hi Luca,
>
> Thanks for reaching out about our issue. Yes, Security Onion is built directly on 64 bit Ubuntu 14.04. Doug Burks is the lead developer of Security Onion and I appreciate his work greatly, as I do yours. I've copied in Doug on this discussion. I appreciate your interest in a more native level of ntopng support for Security Onion. I would be delighted to put my ntopng-for-securityonion solution to rest in favor of something that could track more closely with the latest stable releases of ntopng.
>
> Security Onion packages Snort, Suricata, and Bro IDS to use PF_RING for improved packet capture performance. These are the relevant deb packages:
> securityonion-snort
> securityonion-suricata
> securityonion-bro
> which depend on Doug's packaging of PF_RING 6.2.0:
> securityonion-pfring-daq - Snort DAQ for pfring
> securityonion-pfring-daq:i386 - Snort DAQ for pfring
> securityonion-pfring-devel - High-speed packet capture, filtering and analysis
> securityonion-pfring-ld - Update LD_LIBRARY_PATH to include /opt/pfring/lib
> securityonion-pfring-module - High-speed packet capture, filtering and analysis
> securityonion-pfring-userland - Userland libraries for pfring
> securityonion-pfring-userland:i386 - Userland libraries for pfring
>
> My script presently basically pulls the ntopng and ntopng-data deb stable packages from ntop.org <http://ntop.org/> and installs them, plus grabs the pf_ring deb from ntop.org <http://ntop.org/> and extracts a few files from it that ntopng depends on but that the securityonion-pfring packages do not include. It does not directly install the pf_ring package from ntop.org <http://ntop.org/> because it overlaps and conflicts with the securityonion-pfring packages. It does create and install a stub package called "pfring" just to keep the installs of the ntopng debs from barking about depending on "pfring". This works, but it would be much nicer if ntopng could get automatically updated with an apt-get upgrade instead of via the script.
>
> Perhaps you could advise us how to build securityonion-ntopng and securityonion-ntopng-data deb packages that we could maintain? Then we could always make sure it is in alignment with the Security Onion pfring packages.
>
> Thoughts?
> Kevin
>
>
>
> On Fri, Jun 17, 2016 at 2:43 AM, Luca Deri <deri@ntop.org <mailto:deri@ntop.org>> wrote:
> Hi Kevin
> instead of doing all this, can we work together at providing you a package for your distribution? What OS is Security Onion using? Is Ubuntu 14.04 or something else? In essence I want to see if on our end we can support your distro natively and thus better serve your community
>
> Regards Luca
>
>> On 13 Jun 2016, at 23:59, Kevin Branch <kevin@branchnetconsulting.com <mailto:kevin@branchnetconsulting.com>> wrote:
>>
>> (Please pardon the cross-post. I should not have sent this to ntop-dev.)
>>
>>
>> Hi, I'm the maintainer of a script used by the Security Onion community to
>> install ntopng onto Security Onion sensors (on Ubuntu 14.04):
>>
>> https://github.com/branchnetconsulting/so1404-ntopng-installer <https://github.com/branchnetconsulting/so1404-ntopng-installer>
>>
>> The script makes it possible to install ntopng from your apt-stable repo
>> onto Security Onion without causing conflicts between the
>> securityonion-pfring-* packages and your repo's pfring package.
>>
>> When the latest stable ntopng packages recently started depending on pfring
>> 6.4 instead of 6.2, this solution stopped working. While I'd like to see
>> pfring 6.4 support get onto the Security Onion roadmap, I expect it will be
>> some time before that will be ready. For now, it would be great if
>> Security Onion users could have access to the last stable version of
>> ntop-ng as it was before it was repackaged to use the newly released pfring
>> 6.4.
>>
>> I am specifically requesting a copy of the latest stable ntopng and
>> ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring 6.2,
>> along with the matching pfring 6.2 deb package itself. If you like, I
>> would be happy to host them on my github page (clearly marked as hosting an
>> OLD version of ntopng) and point my script to pull the packages from there
>> until Security Onion starts supporting pfring 6.4.
>>
>> Thanks in advance for your assistance. We really appreciate the quality
>> product that ntopng has come to be.
>>
>> Kevin Branch
>> Branch Network Consulting, LLC
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Hi Luca,

I really appreciate your offer to make ntopng more accessible to the
Security Onion community. Below is what would be a big help in my
opinion. Doug, please comment if you see any red flags with this idea.

- Your hosting of SO-compatible ntopng and ntopng-data debs for 14.04
LTS x64 in an SO-specific repo would be fantastic, especially if they are
derived from your stable versions rather than daily builds.
- For now, those debs would need to be compatible with the PF_RING 6.2.0
module and libraries but please remove the dependency on the package called
"pfring" because the pfring files are being supplied by the
securityonion-pfring-* packages which are already guaranteed to be present
on all Security Onion sensors.
- Also, if it would be at all possible, could you make the custom ntopng
deb additionally supply the following files that would normally be supplied
by your pfring deb? For some reason they are not part of the
securityonion-pfring-*
packages:
/usr/local/lib/libanic.so /usr/local/lib/libntapi.so
/usr/local/lib/libntos.so
/usr/local/lib/libsnf.so

I believe if the above would be possible and reasonable for you to do, it
would make it possible for Security Onion sensors to install ntopng as
simply as this:

- cat "PATH TO YOUR NTOPNG-SO REPO" >
/etc/apt/sources.list.d/ntopng-securityonion.list
- apt-get update
- apt-get install ntopng ntopng-data

and ntopng updates would automatically be included with runs of:

- apt-get upgrade

It would totally overcome the need for a script like mine to do any special
handling of the process. That would be awesome.

Please let me know what you think.

Sincerely,
Kevin Branch

On Sat, Jun 18, 2016 at 3:16 AM, Luca Deri <deri@ntop.org> wrote:

> Kevin
> please correct me if I’m wrong. In essence an interim solution could be
> (limited to 14.04 LTS x64 [sorry we do not build for i386])
> - I package PF_RING 6.2.0 and ntopng and put them somewhere in
> packages.ntop.org on a place that you can access independently from
> ntop’s stable
> - I can modify *your* ntopng package dependencies (tell me what you need)
> unless you’re happy to re-pack the ntopng binary
> - You will notify me if you want me to change PF_RING release in case you
> SecurityOnion moves to another release
>
> Will this be enough for you?
>
> Regards Luca
>
> On 17 Jun 2016, at 21:01, Kevin Branch <kevin@branchnetconsulting.com>
> wrote:
>
> Hi Luca,
>
> Thanks for reaching out about our issue. Yes, Security Onion is built
> directly on 64 bit Ubuntu 14.04. Doug Burks is the lead developer of
> Security Onion and I appreciate his work greatly, as I do yours. I've
> copied in Doug on this discussion. I appreciate your interest in a more
> native level of ntopng support for Security Onion. I would be delighted to
> put my ntopng-for-securityonion solution to rest in favor of something that
> could track more closely with the latest stable releases of ntopng.
>
> Security Onion packages Snort, Suricata, and Bro IDS to use PF_RING for
> improved packet capture performance. These are the relevant deb packages:
>
> - securityonion-snort
> - securityonion-suricata
> - securityonion-bro
>
> which depend on Doug's packaging of PF_RING 6.2.0:
>
> - securityonion-pfring-daq - Snort DAQ
> for pfring
> - securityonion-pfring-daq:i386 - Snort DAQ
> for pfring
> - securityonion-pfring-devel - High-speed
> packet capture, filtering and analysis
> - securityonion-pfring-ld - Update
> LD_LIBRARY_PATH to include /opt/pfring/lib
> - securityonion-pfring-module - High-speed
> packet capture, filtering and analysis
> - securityonion-pfring-userland - Userland
> libraries for pfring
> - securityonion-pfring-userland:i386 - Userland
> libraries for pfring
>
>
> My script presently basically pulls the ntopng and ntopng-data deb stable
> packages from ntop.org and installs them, plus grabs the pf_ring deb from
> ntop.org and extracts a few files from it that ntopng depends on but that
> the securityonion-pfring packages do not include. It does not directly
> install the pf_ring package from ntop.org because it overlaps and
> conflicts with the securityonion-pfring packages. It does create and
> install a stub package called "pfring" just to keep the installs of the
> ntopng debs from barking about depending on "pfring". This works, but it
> would be much nicer if ntopng could get automatically updated with an
> apt-get upgrade instead of via the script.
>
> Perhaps you could advise us how to build securityonion-ntopng and
> securityonion-ntopng-data deb packages that we could maintain? Then we
> could always make sure it is in alignment with the Security Onion pfring
> packages.
>
> Thoughts?
> Kevin
>
>
>
> On Fri, Jun 17, 2016 at 2:43 AM, Luca Deri <deri@ntop.org> wrote:
>
>> Hi Kevin
>> instead of doing all this, can we work together at providing you a
>> package for your distribution? What OS is Security Onion using? Is Ubuntu
>> 14.04 or something else? In essence I want to see if on our end we can
>> support your distro natively and thus better serve your community
>>
>> Regards Luca
>>
>> On 13 Jun 2016, at 23:59, Kevin Branch <kevin@branchnetconsulting.com>
>> wrote:
>>
>> (Please pardon the cross-post. I should not have sent this to ntop-dev.)
>>
>>
>> Hi, I'm the maintainer of a script used by the Security Onion community
>> to
>> install ntopng onto Security Onion sensors (on Ubuntu 14.04):
>>
>> https://github.com/branchnetconsulting/so1404-ntopng-installer
>>
>> The script makes it possible to install ntopng from your apt-stable repo
>> onto Security Onion without causing conflicts between the
>> securityonion-pfring-* packages and your repo's pfring package.
>>
>> When the latest stable ntopng packages recently started depending on
>> pfring
>> 6.4 instead of 6.2, this solution stopped working. While I'd like to see
>> pfring 6.4 support get onto the Security Onion roadmap, I expect it will
>> be
>> some time before that will be ready. For now, it would be great if
>> Security Onion users could have access to the last stable version of
>> ntop-ng as it was before it was repackaged to use the newly released
>> pfring
>> 6.4.
>>
>> I am specifically requesting a copy of the latest stable ntopng and
>> ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring
>> 6.2,
>> along with the matching pfring 6.2 deb package itself. If you like, I
>> would be happy to host them on my github page (clearly marked as hosting
>> an
>> OLD version of ntopng) and point my script to pull the packages from
>> there
>> until Security Onion starts supporting pfring 6.4.
>>
>> Thanks in advance for your assistance. We really appreciate the quality
>> product that ntopng has come to be.
>>
>> Kevin Branch
>> Branch Network Consulting, LLC
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

Hi Luca,

Is there any chance you'd be in a position to package the latest stable
ntopng 3.x to work with PF_RING 6.4.1 which is the version of PF_RING that
Security Onion systems have multiple dependencies on? We kicked this idea
around last year, and I believe the details in this thread are still
accurate other than the PF_RING version.
I'd love to see the Security Onion community able to take advantage of your
latest major version of ntopng. I'm sure we will love it.

Kevin



On Wed, Jun 22, 2016 at 4:35 PM, Kevin Branch <kevin@branchnetconsulting.com
> wrote:

> Hi Luca,
>
> I really appreciate your offer to make ntopng more accessible to the
> Security Onion community. Below is what would be a big help in my
> opinion. Doug, please comment if you see any red flags with this idea.
>
> - Your hosting of SO-compatible ntopng and ntopng-data debs for 14.04
> LTS x64 in an SO-specific repo would be fantastic, especially if they are
> derived from your stable versions rather than daily builds.
> - For now, those debs would need to be compatible with the PF_RING
> 6.2.0 module and libraries but please remove the dependency on the package
> called "pfring" because the pfring files are being supplied by the
> securityonion-pfring-* packages which are already guaranteed to be present
> on all Security Onion sensors.
> - Also, if it would be at all possible, could you make the custom
> ntopng deb additionally supply the following files that would normally be
> supplied by your pfring deb? For some reason they are not part of the securityonion-pfring-*
> packages:
> /usr/local/lib/libanic.so /usr/local/lib/libntapi.so /usr/local/lib/libntos.so
> /usr/local/lib/libsnf.so
>
> I believe if the above would be possible and reasonable for you to do, it
> would make it possible for Security Onion sensors to install ntopng as
> simply as this:
>
> - cat "PATH TO YOUR NTOPNG-SO REPO" > /etc/apt/sources.list.d/
> ntopng-securityonion.list
> - apt-get update
> - apt-get install ntopng ntopng-data
>
> and ntopng updates would automatically be included with runs of:
>
> - apt-get upgrade
>
> It would totally overcome the need for a script like mine to do any
> special handling of the process. That would be awesome.
>
> Please let me know what you think.
>
> Sincerely,
> Kevin Branch
>
> On Sat, Jun 18, 2016 at 3:16 AM, Luca Deri <deri@ntop.org> wrote:
>
>> Kevin
>> please correct me if I’m wrong. In essence an interim solution could be
>> (limited to 14.04 LTS x64 [sorry we do not build for i386])
>> - I package PF_RING 6.2.0 and ntopng and put them somewhere in
>> packages.ntop.org on a place that you can access independently from
>> ntop’s stable
>> - I can modify *your* ntopng package dependencies (tell me what you need)
>> unless you’re happy to re-pack the ntopng binary
>> - You will notify me if you want me to change PF_RING release in case you
>> SecurityOnion moves to another release
>>
>> Will this be enough for you?
>>
>> Regards Luca
>>
>> On 17 Jun 2016, at 21:01, Kevin Branch <kevin@branchnetconsulting.com>
>> wrote:
>>
>> Hi Luca,
>>
>> Thanks for reaching out about our issue. Yes, Security Onion is built
>> directly on 64 bit Ubuntu 14.04. Doug Burks is the lead developer of
>> Security Onion and I appreciate his work greatly, as I do yours. I've
>> copied in Doug on this discussion. I appreciate your interest in a more
>> native level of ntopng support for Security Onion. I would be delighted to
>> put my ntopng-for-securityonion solution to rest in favor of something that
>> could track more closely with the latest stable releases of ntopng.
>>
>> Security Onion packages Snort, Suricata, and Bro IDS to use PF_RING for
>> improved packet capture performance. These are the relevant deb packages:
>>
>> - securityonion-snort
>> - securityonion-suricata
>> - securityonion-bro
>>
>> which depend on Doug's packaging of PF_RING 6.2.0:
>>
>> - securityonion-pfring-daq - Snort DAQ
>> for pfring
>> - securityonion-pfring-daq:i386 - Snort DAQ
>> for pfring
>> - securityonion-pfring-devel - High-speed
>> packet capture, filtering and analysis
>> - securityonion-pfring-ld - Update
>> LD_LIBRARY_PATH to include /opt/pfring/lib
>> - securityonion-pfring-module - High-speed
>> packet capture, filtering and analysis
>> - securityonion-pfring-userland - Userland
>> libraries for pfring
>> - securityonion-pfring-userland:i386 - Userland
>> libraries for pfring
>>
>>
>> My script presently basically pulls the ntopng and ntopng-data deb stable
>> packages from ntop.org and installs them, plus grabs the pf_ring deb
>> from ntop.org and extracts a few files from it that ntopng depends on
>> but that the securityonion-pfring packages do not include. It does not
>> directly install the pf_ring package from ntop.org because it overlaps
>> and conflicts with the securityonion-pfring packages. It does create and
>> install a stub package called "pfring" just to keep the installs of the
>> ntopng debs from barking about depending on "pfring". This works, but it
>> would be much nicer if ntopng could get automatically updated with an
>> apt-get upgrade instead of via the script.
>>
>> Perhaps you could advise us how to build securityonion-ntopng and
>> securityonion-ntopng-data deb packages that we could maintain? Then we
>> could always make sure it is in alignment with the Security Onion pfring
>> packages.
>>
>> Thoughts?
>> Kevin
>>
>>
>>
>> On Fri, Jun 17, 2016 at 2:43 AM, Luca Deri <deri@ntop.org> wrote:
>>
>>> Hi Kevin
>>> instead of doing all this, can we work together at providing you a
>>> package for your distribution? What OS is Security Onion using? Is Ubuntu
>>> 14.04 or something else? In essence I want to see if on our end we can
>>> support your distro natively and thus better serve your community
>>>
>>> Regards Luca
>>>
>>> On 13 Jun 2016, at 23:59, Kevin Branch <kevin@branchnetconsulting.com>
>>> wrote:
>>>
>>> (Please pardon the cross-post. I should not have sent this to ntop-dev.)
>>>
>>>
>>> Hi, I'm the maintainer of a script used by the Security Onion community
>>> to
>>> install ntopng onto Security Onion sensors (on Ubuntu 14.04):
>>>
>>> https://github.com/branchnetconsulting/so1404-ntopng-installer
>>>
>>> The script makes it possible to install ntopng from your apt-stable repo
>>> onto Security Onion without causing conflicts between the
>>> securityonion-pfring-* packages and your repo's pfring package.
>>>
>>> When the latest stable ntopng packages recently started depending on
>>> pfring
>>> 6.4 instead of 6.2, this solution stopped working. While I'd like to see
>>> pfring 6.4 support get onto the Security Onion roadmap, I expect it will
>>> be
>>> some time before that will be ready. For now, it would be great if
>>> Security Onion users could have access to the last stable version of
>>> ntop-ng as it was before it was repackaged to use the newly released
>>> pfring
>>> 6.4.
>>>
>>> I am specifically requesting a copy of the latest stable ntopng and
>>> ntopng-data deb packages for Ubuntu 14.04 that still depend on pfring
>>> 6.2,
>>> along with the matching pfring 6.2 deb package itself. If you like, I
>>> would be happy to host them on my github page (clearly marked as hosting
>>> an
>>> OLD version of ntopng) and point my script to pull the packages from
>>> there
>>> until Security Onion starts supporting pfring 6.4.
>>>
>>> Thanks in advance for your assistance. We really appreciate the quality
>>> product that ntopng has come to be.
>>>
>>> Kevin Branch
>>> Branch Network Consulting, LLC
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>