blob: 2e053c64e1633a382499a0f109290b434801f3a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
= Logray Quick Start
Logray is a sibling application for Wireshark which focuses on log messages.
It helps people understand, troubleshoot, and secure their systems via log messages similar to the way Wireshark helps people understand, troubleshoot, and secure their networks via packets.
This document provides brief instructions for building Logray until more complete documentation comparable to the Wireshark Developer’s and User’s Guides can be written.
== Building Logray
Logray requires the same build environment as Wireshark.
See the https://www.wireshark.org/docs/wsdg_html_chunked/[Wireshark Developer’s Guide] for instructions on setting that up.
It additionally requires libsinsp and libscap from https://github.com/falcosecurity/libs/[falcosecurity/libs] and any desired plugins from https://github.com/falcosecurity/plugins/[falcosecurity/plugins].
In order to build Logray, do the following:
1. https://falco.org/docs/getting-started/source/[Build falcosecurity/libs].
2. Build falcosecurity/plugins.
3. Build the Wireshark sources with the following CMake options:
+
--
[horizontal]
BUILD_logray:: Must be enabled, e.g. set to ON
SINSP_INCLUDEDIR:: The path to your local falcosecurity/libs directory
SINSP_LIBDIR:: The path to your falcosecurity/libs build directory
--
4. Create a directory named `falco` in your Logray plugins directory, and either copy in or symlink any desired Falco plugins.
.Example 1: Building on macOS using Ninja
[sh]
----
cmake -G Ninja \
-DBUILD_logray=ON \
-DSINSP_INCLUDEDIR=/path/to/falcosecurity/libs \
-DSINSP_LIBDIR=/path/to/falcosecurity/libs/build \
..
ninja
mkdir run/Logray.app/Contents/PlugIns/logray/3-7/falco
(cd run/Logray.app/Contents/PlugIns/logray/3-7/falco ; ln -sn /path/to/falcosecurity-plugins/plugins/cloudtrail/libcloudtrail.so )
----
.Example 2: Building on Linux using Make
[sh]
----
cmake \
-DBUILD_logray=ON \
-DSINSP_INCLUDEDIR=/path/to/falcosecurity/libs \
-DSINSP_LIBDIR=/path/to/falcosecurity/libs/build \
..
make -j $(getconf _NPROCESSORS_ONLN)
mkdir run/plugins/3.7/falco
(cd run/plugins/3.7/falco ; ln -sn /path/to/falcosecurity-plugins/plugins/cloudtrail/libcloudtrail.so )
----
|