diff --git a/CMakeCPackOptions.cmake b/CMakeCPackOptions.cmake
new file mode 100644
index 00000000..91854961
--- /dev/null
+++ b/CMakeCPackOptions.cmake
@@ -0,0 +1,4 @@
+if(CPACK_GENERATOR MATCHES "TGZ")
+	set(CPACK_SET_DESTDIR "ON")
+	set(CPACK_STRIP_FILES "OFF")
+endif()
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a3b4e43b..d4f3d143 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,19 +1,28 @@
-cmake_minimum_required(VERSION 2.6)
+cmake_minimum_required(VERSION 2.8.2)
 
 project(digwatch)
 
+if(NOT DEFINED DIGWATCH_VERSION)
+	set(DIGWATCH_VERSION "0.1.1dev")
+endif()
+
+if(NOT DEFINED DIR_ETC)
+	set(DIR_ETC "/etc")
+endif()
+
 set(DRAIOS_DEBUG_FLAGS "-D_DEBUG")
-#set(DRAIOS_FEATURE_FLAGS "-DPPM_ENABLE_SENTINEL")
 
 set(CMAKE_C_FLAGS "-Wall -ggdb ${DRAIOS_FEATURE_FLAGS}")
 set(CMAKE_CXX_FLAGS "-Wall -ggdb --std=c++0x ${DRAIOS_FEATURE_FLAGS}")
+
 set(CMAKE_C_FLAGS_DEBUG "${DRAIOS_DEBUG_FLAGS}")
 set(CMAKE_CXX_FLAGS_DEBUG "${DRAIOS_DEBUG_FLAGS}")
-# Add "-fno-inline -fno-omit-frame-pointer" for perf
+
 set(CMAKE_C_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG")
 set(CMAKE_CXX_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG")
 
 add_definitions(-DPLATFORM_NAME="${CMAKE_SYSTEM_NAME}")
+add_definitions(-DK8S_DISABLE_THREAD)
 add_definitions(-DHAS_CAPTURE)
 
 if(CMAKE_BUILD_TYPE STREQUAL "Debug")
@@ -22,31 +31,143 @@ else()
 	set(KBUILD_FLAGS "${DRAIOS_FEATURE_FLAGS}")
 endif()
 
-set(PACKAGE_NAME "draios-digwatch")
+set(PACKAGE_NAME "digwatch")
+set(PROBE_VERSION "${DIGWATCH_VERSION}")
+set(PROBE_NAME "sysdig-probe")
+set(PROBE_DEVICE_NAME "sysdig")
 
-add_definitions(-DK8S_DISABLE_THREAD)
+set(CMD_MAKE make)
 
 set(SYSDIG_DIR ${PROJECT_SOURCE_DIR}/../sysdig)
 
-add_subdirectory(${SYSDIG_DIR} ${PROJECT_BINARY_DIR}/sysdig)
+include(ExternalProject)
 
-set(LUAJIT_INCLUDE_DIR "${sysdig_BINARY_DIR}/luajit-prefix/src/luajit/src")
+set(ZLIB_SRC "${PROJECT_BINARY_DIR}/zlib-prefix/src/zlib")
+message(STATUS "Using bundled zlib in '${ZLIB_SRC}'")
+set(ZLIB_INCLUDE "${ZLIB_SRC}")
+set(ZLIB_LIB "${ZLIB_SRC}/libz.a")
+ExternalProject_Add(zlib
+		URL "http://download.draios.com/dependencies/zlib-1.2.8.tar.gz"
+		URL_MD5 "44d667c142d7cda120332623eab69f40"
+		CONFIGURE_COMMAND "./configure"
+		BUILD_COMMAND ${CMD_MAKE}
+		BUILD_IN_SOURCE 1
+		INSTALL_COMMAND "")
 
+set(JSONCPP_SRC "${SYSDIG_DIR}/userspace/libsinsp/third-party/jsoncpp")
+set(JSONCPP_INCLUDE "${JSONCPP_SRC}")
+set(JSONCPP_LIB_SRC "${JSONCPP_SRC}/jsoncpp.cpp")
+
+# we pull this in because libsinsp won't build without it
+set(CURSES_BUNDLE_DIR "${PROJECT_BINARY_DIR}/ncurses-prefix/src/ncurses")
+set(CURSES_INCLUDE_DIR "${CURSES_BUNDLE_DIR}/include/")
+set(CURSES_LIBRARIES "${CURSES_BUNDLE_DIR}/lib/libncurses.a")
+message(STATUS "Using bundled ncurses in '${CURSES_BUNDLE_DIR}'")
+ExternalProject_Add(ncurses
+		URL "http://download.draios.com/dependencies/ncurses-6.0-20150725.tgz"
+		URL_MD5 "32b8913312e738d707ae68da439ca1f4"
+		CONFIGURE_COMMAND ./configure --without-cxx --without-cxx-binding --without-ada --without-manpages --without-progs --without-tests --with-terminfo-dirs=/etc/terminfo:/lib/terminfo:/usr/share/terminfo
+		BUILD_COMMAND ${CMD_MAKE}
+		BUILD_IN_SOURCE 1
+		INSTALL_COMMAND "")
+
+
+set(B64_SRC "${PROJECT_BINARY_DIR}/b64-prefix/src/b64")
+message(STATUS "Using bundled b64 in '${B64_SRC}'")
+set(B64_INCLUDE "${B64_SRC}/include")
+set(B64_LIB "${B64_SRC}/src/libb64.a")
+ExternalProject_Add(b64
+		URL "http://download.draios.com/dependencies/libb64-1.2.src.zip"
+		URL_MD5 "a609809408327117e2c643bed91b76c5"
+		CONFIGURE_COMMAND ""
+		BUILD_COMMAND ${CMD_MAKE}
+		BUILD_IN_SOURCE 1
+		INSTALL_COMMAND "")
+
+set(OPENSSL_BUNDLE_DIR "${PROJECT_BINARY_DIR}/openssl-prefix/src/openssl")
+set(OPENSSL_INSTALL_DIR "${OPENSSL_BUNDLE_DIR}/target")
+set(OPENSSL_LIBRARY_SSL "${OPENSSL_INSTALL_DIR}/lib/libssl.a")
+set(OPENSSL_LIBRARY_CRYPTO "${OPENSSL_INSTALL_DIR}/lib/libcrypto.a")
+
+message(STATUS "Using bundled openssl in '${OPENSSL_BUNDLE_DIR}'")
+
+ExternalProject_Add(openssl
+		URL "http://download.draios.com/dependencies/openssl-1.0.2d.tar.gz"
+		URL_MD5 "38dd619b2e77cbac69b99f52a053d25a"
+		CONFIGURE_COMMAND ./config shared --prefix=${OPENSSL_INSTALL_DIR}
+		BUILD_COMMAND ${CMD_MAKE}
+		BUILD_IN_SOURCE 1
+		INSTALL_COMMAND ${CMD_MAKE} install)
+
+set(CURL_SSL_OPTION "--with-ssl=${OPENSSL_INSTALL_DIR}")
+
+
+set(CURL_BUNDLE_DIR "${PROJECT_BINARY_DIR}/curl-prefix/src/curl")
+set(CURL_INCLUDE_DIR "${CURL_BUNDLE_DIR}/include/")
+set(CURL_LIBRARIES "${CURL_BUNDLE_DIR}/lib/.libs/libcurl.a")
 message(STATUS "Using bundled curl in '${CURL_BUNDLE_DIR}'")
 message(STATUS "Using SSL for curl in '${CURL_SSL_OPTION}'")
 
-include(ExternalProject)
+ExternalProject_Add(curl
+		DEPENDS openssl
+		URL "http://download.draios.com/dependencies/curl-7.45.0.tar.bz2"
+		URL_MD5 "62c1a352b28558f25ba6209214beadc8"
+		CONFIGURE_COMMAND ./configure ${CURL_SSL_OPTION} --disable-shared --enable-optimize --disable-curldebug --disable-rt --enable-http --disable-ftp --disable-file --disable-ldap --disable-ldaps --disable-rtsp --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-sspi --disable-ntlm-wb --disable-tls-srp --without-winssl --without-darwinssl --without-polarssl --without-cyassl --without-nss --without-axtls --without-ca-path --without-ca-bundle --without-libmetalink --without-librtmp --without-winidn --without-libidn --without-nghttp2 --without-libssh2
+		BUILD_COMMAND ${CMD_MAKE}
+		BUILD_IN_SOURCE 1
+		INSTALL_COMMAND "")
 
+set(LUAJIT_SRC "${PROJECT_BINARY_DIR}/luajit-prefix/src/luajit/src")
+message(STATUS "Using bundled LuaJIT in '${LUAJIT_SRC}'")
+set(LUAJIT_INCLUDE "${LUAJIT_SRC}")
+set(LUAJIT_LIB "${LUAJIT_SRC}/libluajit.a")
+ExternalProject_Add(luajit
+		URL "http://download.draios.com/dependencies/LuaJIT-2.0.3.tar.gz"
+		URL_MD5 "f14e9104be513913810cd59c8c658dc0"
+		CONFIGURE_COMMAND ""
+		BUILD_COMMAND ${CMD_MAKE}
+		BUILD_IN_SOURCE 1
+		INSTALL_COMMAND "")
+
+set (LPEG_SRC "${PROJECT_BINARY_DIR}/lpeg-prefix/src/lpeg")
 ExternalProject_Add(lpeg
                     DEPENDS luajit
 		    URL "https://s3.amazonaws.com/download.draios.com/dependencies/lpeg-1.0.0.tar.gz"
                     URL_MD5 "0aec64ccd13996202ad0c099e2877ece"
-                    BUILD_COMMAND LUA_INCLUDE=${LUAJIT_INCLUDE_DIR} ${PROJECT_SOURCE_DIR}/scripts/build-lpeg.sh
+                    BUILD_COMMAND LUA_INCLUDE=${LUAJIT_INCLUDE} ${PROJECT_SOURCE_DIR}/scripts/build-lpeg.sh
                     BUILD_IN_SOURCE 1
 		    CONFIGURE_COMMAND ""
-                    INSTALL_COMMAND cp lpeg.so re.lua ${PROJECT_SOURCE_DIR}/userspace/digwatch/lua)
+                    INSTALL_COMMAND "")
 
 
 
+add_subdirectory(${SYSDIG_DIR}/userspace/libscap ${PROJECT_BINARY_DIR}/userspace/libscap)
+add_subdirectory(${SYSDIG_DIR}/userspace/libsinsp ${PROJECT_BINARY_DIR}/userspace/libsinsp)
+
+add_subdirectory(rules)
 add_subdirectory(userspace/digwatch)
 
+
+set(CPACK_PACKAGE_NAME "${PACKAGE_NAME}")
+set(CPACK_PACKAGE_VENDOR "Sysdig Inc.")
+set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "digwatch, a system-level activity monitoring tool")
+set(CPACK_PACKAGE_DESCRIPTION_FILE "${PROJECT_SOURCE_DIR}/scripts/description.txt")
+set(CPACK_PACKAGE_VERSION "${DIGWATCH_VERSION}")
+set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CMAKE_SYSTEM_PROCESSOR}")
+set(CPACK_PROJECT_CONFIG_FILE "${PROJECT_SOURCE_DIR}/CMakeCPackOptions.cmake")
+set(CPACK_STRIP_FILES "ON")
+
+set(CPACK_GENERATOR DEB RPM TGZ)
+
+set(CPACK_DEBIAN_PACKAGE_MAINTAINER "Sysdig <support@sysdig.com>")
+set(CPACK_DEBIAN_PACKAGE_SECTION "utils")
+
+set(CPACK_DEBIAN_PACKAGE_HOMEPAGE "http://www.sysdig.org")
+set(CPACK_DEBIAN_PACKAGE_DEPENDS "sysdig")
+
+set(CPACK_RPM_PACKAGE_LICENSE "GPLv2")
+set(CPACK_RPM_PACKAGE_URL "http://www.sysdig.org")
+set(CPACK_RPM_PACKAGE_REQUIRES "sysdig")
+set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION /usr/src /usr/share/man /usr/share/man/man8)
+
+include(CPack)
diff --git a/README.md b/README.md
index 833b3dd8..3bdef216 100644
--- a/README.md
+++ b/README.md
@@ -38,9 +38,8 @@ as a result, you should have a digwatch executable `build/userspace/digwatch/dig
 
 Set the path of the digwatch lua directory in the env var `DIGWATCH_LUA_DIR`:
 
-`export DIGWATCH_LUA_DIR=/sysdig/digwatch/userspace/digwatch/lua/`
+`export DIGWATCH_LUA_DIR=<path_to_digwatch>/userspace/digwatch/lua/`
 
-(this is just for the manually-built version; the packaged/installed version will not need such an env var).
 
 
 Create a file with some [digwatch rules](Rule-syntax-and-design). For example:
diff --git a/rules/CMakeLists.txt b/rules/CMakeLists.txt
new file mode 100644
index 00000000..b1c34ae1
--- /dev/null
+++ b/rules/CMakeLists.txt
@@ -0,0 +1,3 @@
+install(FILES digwatch.conf
+	DESTINATION "${DIR_ETC}")
+
diff --git a/rules/base.txt b/rules/digwatch.conf
similarity index 100%
rename from rules/base.txt
rename to rules/digwatch.conf
diff --git a/scripts/build-lpeg.sh b/scripts/build-lpeg.sh
index 8d2037a6..b0c990c0 100755
--- a/scripts/build-lpeg.sh
+++ b/scripts/build-lpeg.sh
@@ -5,6 +5,13 @@ gcc -O2 -fPIC -I$LUA_INCLUDE -c lpcode.c -o lpcode.o
 gcc -O2 -fPIC -I$LUA_INCLUDE -c lpprint.c -o lpprint.o
 gcc -O2 -fPIC -I$LUA_INCLUDE -c lptree.c -o lptree.o
 gcc -O2 -fPIC -I$LUA_INCLUDE -c lpvm.c -o lpvm.o
-gcc -shared -o lpeg.so -L/usr/local/lib lpcap.o lpcode.o lpprint.o lptree.o lpvm.o
+
+
+# For building lpeg.so, which we don't need now that we're statically linking lpeg.a into digwatch
+#gcc -shared -o lpeg.so -L/usr/local/lib lpcap.o lpcode.o lpprint.o lptree.o lpvm.o
+#gcc -shared -o lpeg.so -L/usr/local/lib lpcap.o lpcode.o lpprint.o lptree.o lpvm.o
+
+/usr/bin/ar cr lpeg.a lpcap.o lpcode.o lpprint.o lptree.o lpvm.o
+/usr/bin/ranlib lpeg.a
 
 chmod ug+w re.lua
diff --git a/scripts/description.txt b/scripts/description.txt
new file mode 100644
index 00000000..c4fc004c
--- /dev/null
+++ b/scripts/description.txt
@@ -0,0 +1,3 @@
+Digwatch instruments your physical and virtual machines at the OS level by installing into the Linux kernel and capturing system calls and other OS events.
+Then, using a rule-based configuration, you can specify filters for events of interest that you would like to log or be notified of.
+
diff --git a/userspace/digwatch/CMakeLists.txt b/userspace/digwatch/CMakeLists.txt
index f6117511..387bdad2 100644
--- a/userspace/digwatch/CMakeLists.txt
+++ b/userspace/digwatch/CMakeLists.txt
@@ -1,22 +1,25 @@
 include_directories(${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp/third-party/jsoncpp)
-include_directories("${LUAJIT_INCLUDE_DIR}")
-
-set(CURL_BUNDLE_DIR "${sysdig_BINARY_DIR}/curl-prefix/src/curl")
-set(CURL_INCLUDE_DIR "${CURL_BUNDLE_DIR}/include/")
-
-if(NOT APPLE)
-    include_directories("${CURL_INCLUDE_DIR}")
-endif()
-
+include_directories("${LUAJIT_INCLUDE}")
 
 include_directories(${PROJECT_SOURCE_DIR}/../sysdig/userspace/libscap)
 include_directories(${PROJECT_SOURCE_DIR}/../sysdig/userspace/libsinsp)
 include_directories("${PROJECT_BINARY_DIR}/userspace/digwatch")
+include_directories("${CURL_INCLUDE_DIR}")
+include_directories("${LPEG_SRC}")
 
 add_executable(digwatch formats.cpp fields.cpp rules.cpp digwatch.cpp)
 
 target_link_libraries(digwatch sinsp)
+target_link_libraries(digwatch "${LPEG_SRC}/lpeg.a")
 
 
 set(DIGWATCH_LUA_MAIN "rule_loader.lua")
 configure_file(config_digwatch.h.in config_digwatch.h)
+
+install(TARGETS digwatch DESTINATION bin)
+install(FILES lua/compiler.lua
+	DESTINATION share/digwatch/lua)
+install(FILES lua/rule_loader.lua
+	DESTINATION share/digwatch/lua)
+install(FILES lua/output.lua
+	DESTINATION share/digwatch/lua)
diff --git a/userspace/digwatch/config_digwatch.h.in b/userspace/digwatch/config_digwatch.h.in
index 4b887cd3..c29ede36 100644
--- a/userspace/digwatch/config_digwatch.h.in
+++ b/userspace/digwatch/config_digwatch.h.in
@@ -2,6 +2,8 @@
 
 #define DIGWATCH_VERSION "${DIGWATCH_VERSION}"
 
-#define DIGWATCH_INSTALLATION_DIR "${CMAKE_INSTALL_PREFIX}"
+#define DIGWATCH_LUA_DIR "/usr/share/digwatch/lua/"
 
 #define DIGWATCH_LUA_MAIN "${DIGWATCH_LUA_MAIN}"
+
+#define PROBE_NAME "${PROBE_NAME}"
diff --git a/userspace/digwatch/digwatch.cpp b/userspace/digwatch/digwatch.cpp
index ab42ad92..a995a28d 100644
--- a/userspace/digwatch/digwatch.cpp
+++ b/userspace/digwatch/digwatch.cpp
@@ -14,6 +14,7 @@ extern "C" {
 #include "lua.h"
 #include "lualib.h"
 #include "lauxlib.h"
+#include "lpeg.h"
 }
 
 #include <sinsp.h>
@@ -169,7 +170,7 @@ int digwatch_init(int argc, char **argv)
 	int long_index = 0;
 	string lua_main_filename;
 	string output_name = "stdout";
-	string lua_dir = DIGWATCH_INSTALLATION_DIR;
+	string lua_dir = DIGWATCH_LUA_DIR;
 	lua_State* ls = NULL;
 
 	static struct option long_options[] =
@@ -279,6 +280,7 @@ int digwatch_init(int argc, char **argv)
 		// Initialize Lua interpreter
 		ls = lua_open();
 		luaL_openlibs(ls);
+		luaopen_lpeg(ls);
 		add_lua_path(ls, lua_dir);
 
 		rules = new digwatch_rules(inspector, ls, lua_main_filename);
@@ -290,7 +292,19 @@ int digwatch_init(int argc, char **argv)
 
 		rules->load_rules(rules_file);
 		inspector->set_filter(rules->get_filter());
-		inspector->open("");
+
+		try
+		{
+			inspector->open("");
+		}
+		catch(sinsp_exception e)
+		{
+			if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null"))
+			{
+				fprintf(stderr, "Unable to load the driver\n");
+			}
+			inspector->open("");
+		}
 
 		do_inspect(inspector,
 			   rules,
diff --git a/userspace/digwatch/lpeg.h b/userspace/digwatch/lpeg.h
new file mode 100644
index 00000000..2a166a94
--- /dev/null
+++ b/userspace/digwatch/lpeg.h
@@ -0,0 +1,6 @@
+#pragma once
+
+#include "lua.h"
+
+int luaopen_lpeg (lua_State *L);
+