Build from source
Tenzir uses CMake as build system. Aside from a modern C++20 compiler, you need to ensure availability of the dependencies in the table below.
Dependencies
Every release of Tenzir includes an SBOM in SPDX format that lists all dependencies and their versions.
Required | Dependency | Version | Description |
---|---|---|---|
✓ | C++ Compiler | C++20 required | Tenzir is tested to compile with GCC >= 12.0 and Clang >= 15.0. |
✓ | CMake | >= 3.19 | Cross-platform tool for building, testing and packaging software. |
✓ | CAF | >= 0.18.7 | Implementation of the actor model in C++. (Bundled as submodule.) |
✓ | OpenSSL | Utilities for secure networking and cryptography. | |
✓ | FlatBuffers | >= 2.0.8 | Memory-efficient cross-platform serialization library. |
✓ | Boost | >= 1.81.0 | Required as a general utility library. |
✓ | Apache Arrow | >= 13.0.0 | Required for in-memory data representation. Must be built with Compute, Filesystem, S3, Zstd and Parquet enabled. For the gcs plugin, GCS needs to be enabled. |
✓ | re2 | Required for regular expressione evaluation. | |
✓ | yaml-cpp | >= 0.6.2 | Required for reading YAML configuration files. |
✓ | simdjson | >= 3.1.0 | Required for high-performance JSON parsing. (Bundled as submodule.) |
✓ | spdlog | >= 1.5 | Required for logging. |
✓ | fmt | >= 8.1.1 | Required for formatted text output. |
✓ | xxHash | >= 0.8.0 | Required for computing fast hash digests. |
✓ | robin-map | >= 0.6.3 | Fast hash map and hash set using robin hood hashing. (Bundled as subtree.) |
✓ | fast_float | >= 3.2.0 | Required for parsing floating point numbers. (Bundled as submodule.) |
✓ | libmaxminddb | >= 1.8.0 | Required for the geoip context. |
libpcap | Required for building the pcap plugin. | ||
librdkafka | Required for building the kafka plugin. | ||
http-parser | Required for building the web plugin. | ||
cppzmq | Required for building the zmq plugin. | ||
pfs | Required for the processes and sockets operators on Linux. | ||
Protocol Buffers | >= 1.4.1 | Required for building the velociraptor plugin. | |
gRPC | >= 1.51 | Required for building the velociraptor plugin. | |
rabbitmq-c | Required for building the rabbitmq plugin. | ||
yara | >= 4.4.0 | Required for building the yara plugin. | |
poetry | Required for building the Python bindings. | ||
Doxygen | Required to build documentation for libtenzir. | ||
Pandoc | Required to build the manpage for Tenzir. | ||
bash | >= 4.0.0 | Required to run the integration tests. | |
bats | >= 1.8.0 | Required to run the integration tests. | |
uv | >= 0.2.17 | Required to run the python operator. |
The minimum specified versions reflect those versions that we use in CI and manual testing. Older versions may still work in select cases.
Compile
Building Tenzir involves the following steps:
Clone the repository recursively:
git clone https://github.com/tenzir/tenzircd tenzirgit submodule update --init --recursive -- libtenzir plugins
Configure the build with CMake. For faster builds, we recommend passing
-G Ninja
to cmake
.
cmake -B build# CMake defaults to a "Debug" build. When performance matters, use "Release"cmake -B build -DCMAKE_BUILD_TYPE=Release
Optionally, you can use the CMake TUI to visually configure the build:
ccmake build
The source tree also contains a set of CMake presets that combine various configuration options into curated build flavors. You can list them with:
cmake --list-presets
Build the executable:
cmake --build build --target all
Test
After you have built the executable, run the unit and integration tests to verify that your build works as expected:
Run component-level unit tests:
ctest --test-dir build
Run end-to-end integration tests:
cmake --build build --target bats
Install
Install Tenzir system-wide:
cmake --install build
If you prefer to install into a custom install prefix, install with --prefix /path/to/install/prefix
.
To remove debug symbols from the installed binaries and libraries, pass
--strip
.
To install only files relevant for running Tenzir and not for plugin development
pass --component Runtime
.
Clean
In case you want to make changes to your build environment, we recommend deleting the build tree entirely:
rm -rf build
This avoids subtle configuration glitches of transitive dependencies. For
example, CMake doesn’t disable assertions when switching from a Debug
to
a Release
build, but would do so when starting with a fresh build of type
Release
.