Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Visibility Across Space and Time
C++ C CMake Other

Fix Clang 3.4 CRTP woes

Function return types declared as auto in CRTP base classes cause Clang
3.4 to bail out when compiling with debug symbols.
latest commit 2b5f4644c2
@mavam authored

README.md

VAST

Build Status Docker Container Gitter

Visibility Across Space and Time (VAST) is a unified platform for network forensics and incident response.

Synopsis

Start a VAST node with debug log verbosity in the foreground and spawn all core actors:

vastd -l 5 -f -c

Import Bro logs or a PCAP trace in one shot:

zcat *.log.gz | vast import bro
vast import pcap -r trace.pcap

Query VAST and get the result back as PCAP trace:

vast export pcap -h sport > 60000/tcp && src !in 10.0.0.0/8

Resources

Installation

Docker

The VAST docker container provides a quick way to get up and running:

docker pull mavam/vast
docker run --rm -ti mavam/vast
> vast -h

Source Build

Building VAST involves the following steps:

./configure
make
make test
make install

Required dependencies:

  • A C++14 compiler:
    • Clang >= 3.4
    • GCC >= 4.9
  • CMake
  • CAF
  • Boost (headers only)

Optional:

FreeBSD

VAST development primarily takes place on FreeBSD because it ships with a C++14 compiler and provides all dependencies natively, which one can install as follows:

pkg install cmake boost-libs caf google-perftools

Linux

To the best of our knowledge, no distribution currently comes with an apt compiler out of the box. On recent Debian-based distributions (e.g., Ubuntu 14.04.1), getting a working toolchain requires installing the following packages:

apt-get install cmake clang-3.5 libc++-dev libc++abi-dev \
  libboost-dev libpcap-dev libgoogle-perftools-dev

CAF still needs manual installation.

Mac OS

Mac OS Yosemite also ships with a working C++14 compiler. Homebrew makes it easy to install the dependencies:

brew install cmake boost caf google-perftools

License

VAST comes with a 3-clause BSD licence.

Something went wrong with that request. Please try again.