super_mediator
Super Mediator: Installation Instructions & DependenciesSuper Mediator: Installation Instructions & Dependencies
Super Mediator may be installed from pre-built RPM files on supported platforms or by compiling the source code.
Typically yum will find and install any required dependencies for you when installing from a pre-built RPM. If not, read the next section on dependencies.
Dependencies
Build and/or install these dependencies before installing Super Mediator.
Basic Build Environment
When building from source, ensure you have the packages needed to build software.
For Redhat, Fedora, and other RPM systems, run
sudo yum -y install gcc gcc-c++ make pkgconfigAlternatively, you may install the tools for a complete development environment:
sudo yum -y group install "Development Tools"For Debian and Ubuntu, run
sudo apt install build-essentialFor macOS, install Xcode from the App Store and the Xcode command line tools.
Package Dependency Note
On some systems (particularly Linux), many support libraries (for example, glib2), are divided into two (or more) packages:
One package satisfies a run dependency: It is needed to run another package that depends on it. This package is named glib2-VERISON.rpm on Redhat and libglib2.0-VERSION.deb on Ubuntu.
Another package satisfies a build dependency: It is needed only when building a another piece of software, and it contains C header files and additional library files. This package is named glib2-devel-VERSION.rpm on Redhat and libglib2.0-dev-VERSION.deb on Ubuntu.
Sometimes documentation is in a third package.
When installing dependencies to build Super Mediator from source, ensure you install the package(s) that require the build dependencies; for example, either glib2-devel or libglib2.0-dev. Installing these packages also installs the packages needed for the run dependency (for example glib2 or libglib2.0).
When installing dependencies to install an RPM of Super Mediator, only the run dependency is needed (for example glib2), and often the package manager finds these packages for you.
Required Dependencies
Super Mediator requires GLib-2.0 2.18 or later. Note that GLib is included in many operating environments or ports collections.
Super Mediator requires libfixbuf. Super Mediator 2.x requires libfixbuf 3.x. Consult this table for earlier versions.
| SUPER MEDIATOR VERSIONS | FIXBUF VERSIONS |
|---|---|
| 2.0 | 3.0 |
| 1.7.x, 1.8.x | 2.3 and any later 2.x |
| 1.6.x | any 2.x version |
| 1.2.x through 1.5.x | 1.7 and any later 1.x |
| 1.1.x | 1.4 and any later 1.x |
Optional Dependencies
Super Mediator is able to read compressed IPFIX files when the zlib library is found by configure. Many systems have zlib installed.
Note: MySQL and SiLK IPSet support is currently disabled in Super Mediator 2.0. This will be addressed in a later release.
When YAF's deep packet inspection is configured to export complete TLS/SSL certificates, Super Mediator can be configured to compute a hash (e.g., SHA1) of the X.509 certificate if Super Mediator has been built with OpenSSL support.
Super Mediator can be configured at run-time to load files into a MySQL database. To enable this feature, the MySQL or MariaDB client library must be found when Super Mediator is built. If the required library is found, the super_table_creator program is also built and installed.
Super Mediator can use SiLK's IPSet library when either the complete SiLK suite or the stand-alone SiLK IPSet library is discovered during the build process. The IPSet library may be used to filter flow records or to add an element to a record indicating that the record's IP address matched an IPSet.
Install from the CERT Linux Forensics Tools Repository
On a Redhat, Fedora, or RPM-based host, the easiest way to install Super Mediator is using the CERT Linux Forensics Tools Repository.
If you follow the instructions to add the Tools Reposistory to the locations your system looks for packages, you can use yum to find the Super Mediator package and yum will install its dependencies.
An alternative is the to download the Super Mediator package, and install Super Mediator and its dependencies manually. See the dependency section above for the list of dependencies.
Install from Source
To install from source, first download the version of Super Mediator you want to install.
Super Mediator uses a reasonably standard autotools-based build system. Super Mediator uses the pkg-config facility to find libfixbuf; you may have to set the PKG_CONFIG_PATH variable on the configure command line if libfixbuf is installed in a nonstandard location (other than the prefix to which you are installing Super Mediator itself).
To install Super Mediator from source you can run the following commands:
$ tar -xvzf super_mediator-2.0.0.tar.gz
$ cd super_mediator-2.0.0
$ ./configure {configure_options}
$ make
$ make installNOTE: Installing from source will overwrite previous versions of Super Mediator's configuration file in the
/usr/local/etcdirectory (the location may be different depending on the options given toconfigure). If you have customized thesuper\_mediator.conffile, make a copy prior to installing a new version of Super Mediator.
Configuration Options
Super Mediator supports the following configuration options in addition to those supplied by default via autoconf (for example, --prefix).
Note: MySQL and SiLK IPSet support is currently disabled in Super Mediator 2.0. This will be addressed in a later release.
- --with-mysql, --with-mysql=MYSQL_CONFIG
-
Enable use the MySQL or MariaDB client library which allows Super Mediator to load files into a database. The
configurescript automatically looks for themysql\_configprogram and includes this support if it is found. You may provide the path to that program as the argument to the --with-mysql option. Use --without-mysql to disable the automatic check. - --with-openssl, --with-openssl=OPENSSL_DIR
-
Enable TLS/SSL certificate hashing with OpenSSL; find openssl/sha1.h in OPENSSL_DIR/include and libssl in OPENSSL_DIR/lib. This feature is not checked for by default; it must be explicilty enabled.
- --with-skipset, --with-skipset=SKIPSET_DIR
-
Enable SiLK IPSet support. To use the library bundled with SiLK, SKIPSET_DIR should contain include/silk/skipset.h and lib/libsilk.so. To use the separate SiLK IPSet library, SKIPSET_DIR is expected to contain include/silk-ipset/silk-ipset.h and lib/libskipset.so. The
configurescript looks for these files automatically; provide the SKIPSET_DIR value to helpconfigurefind it, or --without-skipset to disable the check. - --with-zlib, --with-zlib=ZLIB_DIR
-
Include the ability to read compressed IPFIX files; tell configure to find zlib.h in ZLIB_DIR/include and libz in ZLIB_DIR/lib. The configure script automatically looks for zlib and enables this feature when it is found.
- --with-zlib-includes=ZLIB_INCLUDE
-
Look for zlib.h in the ZLIB_INCLUDE directory instead of in ZLIB_DIR/include.
- --with-zlib-libraries=ZLIB_LIB
-
Look for libz in the ZLIB_LIB directory instead of in ZLIB_DIR/lib.
