diff options
| author | Gerald Combs <gerald@wireshark.org> | 2022-02-24 11:10:04 -0800 |
|---|---|---|
| committer | Gerald Combs <gerald@wireshark.org> | 2022-04-04 09:39:27 -0700 |
| commit | 5c769757ffe3377967a33c460bc9478532f6f904 (patch) | |
| tree | 9500ad3bfde50513d51e6b26774017756e8d1182 /docbook | |
| parent | 5d3ffe9b57cbd073b2ad3742f8be9768c324bb62 (diff) | |
Docbook: Add a Logwolf quick start.
Diffstat (limited to 'docbook')
| -rw-r--r-- | docbook/logwolf-quick-start.adoc | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/docbook/logwolf-quick-start.adoc b/docbook/logwolf-quick-start.adoc new file mode 100644 index 0000000000..3872779793 --- /dev/null +++ b/docbook/logwolf-quick-start.adoc @@ -0,0 +1,56 @@ += Logwolf Quick Start + +Logwolf is a sibling application for Wireshark which focuses on log messages. It helps people understand, troubleshoot, and secure their systems via log messagess similar to the way Wireshark helps people understand, troubleshoot, and secure their networks via packets. + +This document provides brief instructions for building Logwolf until more complete documentation comparable to the Wireshark Developer’s and User’s Guides can be written. + +== Building Logwolf + +Logwolf requires the same build environment as Wireshark. +See the https://www.wireshark.org/docs/wsdg_html_chunked/[Wireshark Developer’s Guide] for instructions on setting that up. + +It additonally requires libsinsp and libscap from https://github.com/falcosecurity/libs/[falcosecurity/libs] and any desired plugins from https://github.com/falcosecurity/plugins/[falcosecurity/plugins]. + +In order to build Logwolf, do the following: + +1. https://falco.org/docs/getting-started/source/[Build falcosecurity/libs]. + +2. Build falcosecurity/plugins. + +3. Build the Wireshark sources with the following CMake options: ++ +-- +[horizontal] +BUILD_logwolf:: Must be enabled, e.g. set to ON +SINSP_INCLUDEDIR:: The path to your local falcosecurity/libs directory +SINSP_LIBDIR:: The path to your falcosecurity/libs build directory +-- + +4. Create a directory named `sysdig` in you Logwolf plugins directory, and either copy in or symlink any desired Falco plugins. + +.Example 1: Building on macOS using Ninja +[sh] +---- +cmake -G Ninja \ + -DBUILD_logwolf=ON \ + -DSINSP_INCLUDEDIR=/path/to/falcosecurity/libs \ + -DSINSP_LIBDIR=/path/to/falcosecurity/libs/build \ + .. +ninja +mkdir run/Logwolf.app/Contents/PlugIns/sysdig +(cd run/Logwolf.app/Contents/PlugIns/sysdig ; ln -sn /path/to/falcosecurity-plugins/plugins/cloudtrail/libcloudtrail.so ) +---- + +.Example 2: Building on Linux using Make +[sh] +---- +cmake \ + -DBUILD_logwolf=ON \ + -DSINSP_INCLUDEDIR=/path/to/falcosecurity/libs \ + -DSINSP_LIBDIR=/path/to/falcosecurity/libs/build \ + .. +make -j $(getconf _NPROCESSORS_ONLN) +mkdir run/plugins/sysdig +(cd run/plugins/sysdig ; ln -sn /path/to/falcosecurity-plugins/plugins/cloudtrail/libcloudtrail.so ) +---- + |