ARIS Extractor (sfclean)
INSTALLATION ON UNIX SYSTEMS

UNIX System Requirements for ARIS Extractor
ARIS Extractor is known to build on the following platforms:

	RedHat Linux 7.0, 6.2
	OpenBSD 2.8
	FreeBSD 4.0
	Solaris 2.6

Installation
1. Unpack the sources for ARIS Extractor and read this file.

2. SSL libraries must be installed for ARIS Extractor to run on UNIX and
UNIX-like systems. OpenSSL is available from http://www.openssl.org.
Download, build, and install these libraries before configuring libcurl
(see step 3, below).

3. If it isn't already installed on your system, obtain libcurl from
http://curl.haxx.se and follow the included installation instructions. In
order for ARIS Extractor to operate with the libcurl library it must be built
with support for SSL. This should happen automatically if libssl is
installed before you run the configure script for the Curl package. If for
some reason libcurl fails to detect your SSL libraries during building,
refer to the libcurl INSTALL file for information about specifying the
exact path to your SSL libraries.

4. You are now ready to build ARIS Extractor. Execute the following command lines:
	$ cd /path/to/aris_extractor_src
	$ ./configure
	$ make

5. When the make command is successful, you are ready to copy the
'extractor' binary to a specified directory (e.g. /usr/local/bin) and refer
to the accompanying README file for detailed information about how to use
the ARIS Extractor utility.

6. If you encounter any problems building ARIS Extractor under the above
specifications, please send details about the platform on which you are
attempting to build it, along with any relevant output from the build
process to: aris-bugs@securityfocus.com
You can also join the ARIS-USERS mailing list at
http://www.securityfocus.com/forums/aris-users/



Redhat Notes

On Redhat Linux systems it may be necessary to edit the file
/etc/ld.so.conf and add the directory /usr/local/lib in order for the
runtime linker to find the curl library.  After adding this directory, run
the 'ldconfig' utility to rebuild the linker cache.  These steps are
necessary if attempting to run the extractor utility fails with the
following error message.

  $ extractor -u my_user -p my_pass /var/log/snort/alert.ids
  extractor: error in loading shared libraries: libcurl.so.1: cannot open shared 
  object file: No such file or directory  



Makfile Notes

To create a statically linked version of Extractor, use the commmand:

	$ make static 

This will not work for Solaris as the naming service library on Solaris can
only be linked dynamically. To create a *mostly* static build use the command:

	$ make solaris

This will link the ssl, crypto and curl libraries statically. All other libraries 
will be linked dynamically.



Using ARIS Extractor

Please refer to the accompanying README file for detailed
instructions on how to use the ARIS Extractor utility.


