Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Visibility Across Space and Time
C++ C CMake Other

Fix Clang 3.4 CRTP woes

Function return types declared as auto in CRTP base classes cause Clang
3.4 to bail out when compiling with debug symbols.
latest commit 2b5f4644c2
@mavam authored


Build Status Docker Container Gitter

Visibility Across Space and Time (VAST) is a unified platform for network forensics and incident response.


Start a VAST node with debug log verbosity in the foreground and spawn all core actors:

vastd -l 5 -f -c

Import Bro logs or a PCAP trace in one shot:

zcat *.log.gz | vast import bro
vast import pcap -r trace.pcap

Query VAST and get the result back as PCAP trace:

vast export pcap -h sport > 60000/tcp && src !in




The VAST docker container provides a quick way to get up and running:

docker pull mavam/vast
docker run --rm -ti mavam/vast
> vast -h

Source Build

Building VAST involves the following steps:

make test
make install

Required dependencies:

  • A C++14 compiler:
    • Clang >= 3.4
    • GCC >= 4.9
  • CMake
  • CAF
  • Boost (headers only)



VAST development primarily takes place on FreeBSD because it ships with a C++14 compiler and provides all dependencies natively, which one can install as follows:

pkg install cmake boost-libs caf google-perftools


To the best of our knowledge, no distribution currently comes with an apt compiler out of the box. On recent Debian-based distributions (e.g., Ubuntu 14.04.1), getting a working toolchain requires installing the following packages:

apt-get install cmake clang-3.5 libc++-dev libc++abi-dev \
  libboost-dev libpcap-dev libgoogle-perftools-dev

CAF still needs manual installation.

Mac OS

Mac OS Yosemite also ships with a working C++14 compiler. Homebrew makes it easy to install the dependencies:

brew install cmake boost caf google-perftools


VAST comes with a 3-clause BSD licence.

Something went wrong with that request. Please try again.