Does snort run on an SG-1000?
-
I installed the package, but when I try to start the service on the WAN interface I get this back from the logs…
It fails with a "signal 10" ... is that a SIGBUS error? Is it because snort isn't ready for ARM architecture?
If so it looks like it is really silly trying to run X86 code on ARM, I'm surprised I was able to get this far ;D
Oct 22 01:54:47 pfsense snort[38416]: Verifying Preprocessor Configurations! Oct 22 01:54:47 pfsense snort[38416]: Oct 22 01:54:47 pfsense snort[38416]: [ Port Based Pattern Matching Memory ] Oct 22 01:54:47 pfsense snort[38416]: [ Number of patterns truncated to 20 bytes: 0 ] Oct 22 01:54:47 pfsense snort[38416]: pcap DAQ configured to passive. Oct 22 01:54:47 pfsense snort[38416]: Acquiring network traffic from "cpsw0". Oct 22 01:54:47 pfsense snort[38416]: Initializing daemon mode Oct 22 01:54:48 pfsense snort[38516]: Daemon initialized, signaled parent pid: 38416 Oct 22 01:54:48 pfsense snort[38516]: Reload thread starting... Oct 22 01:54:48 pfsense snort[38516]: Reload thread started, thread 0x20a12300 (38516) Oct 22 01:54:48 pfsense snort[38516]: Decoding Ethernet Oct 22 01:54:48 pfsense kernel: cpsw0: promiscuous mode enabled Oct 22 01:54:51 pfsense snort[38516]: Checking PID path... Oct 22 01:54:51 pfsense snort[38516]: PID path stat checked out ok, PID path set to /var/run Oct 22 01:54:52 pfsense snort[38516]: Writing PID "38516" to file "/var/run/snort_cpsw012000.pid" Oct 22 01:54:52 pfsense snort[38516]: Oct 22 01:54:52 pfsense snort[38516]: --== Initialization Complete ==-- Oct 22 01:54:52 pfsense snort[38516]: Oct 22 01:54:52 pfsense snort[38516]: ,,_ -*> Snort! <*- Oct 22 01:54:52 pfsense snort[38516]: o" )~ Version 2.9.9.0 GRE (Build 56) Oct 22 01:54:52 pfsense snort[38516]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Oct 22 01:54:52 pfsense snort[38516]: Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved. Oct 22 01:54:52 pfsense snort[38516]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Oct 22 01:54:52 pfsense snort[38516]: Using libpcap version 1.8.1 Oct 22 01:54:52 pfsense snort[38516]: Using PCRE version: 8.40 2017-01-11 Oct 22 01:54:52 pfsense snort[38516]: Using ZLIB version: 1.2.11 Oct 22 01:54:52 pfsense snort[38516]: Oct 22 01:54:52 pfsense snort[38516]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 3.0 <build 1=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_IMAP Version 1.0 <build 1=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_POP Version 1.0 <build 1=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_DNS Version 1.1 <build 4=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_DCERPC2 Version 1.0 <build 3=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_SSH Version 1.1 <build 3=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_SIP Version 1.1 <build 1=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_SSLPP Version 1.1 <build 4=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_SMTP Version 1.1 <build 9=""> Oct 22 01:54:52 pfsense snort[38516]: Preprocessor Object: SF_FTPTELNET Version 1.2 <build 13=""> Oct 22 01:54:52 pfsense snort[38516]: Commencing packet processing (pid=38516) Oct 22 01:54:53 pfsense kernel: pid 38516 (snort), uid 0: exited on signal 10 Oct 22 01:54:53 pfsense kernel: cpsw0: promiscuous mode disabled</build></build></build></build></build></build></build></build></build></build>
-
No, it's not enough powerful to run on SG-1000. We added Snort to ARM packages because of SG-3100. It shouldn't be used on SG-1000, last time I tried it didn't work.
-
Related: https://forum.pfsense.org/index.php?topic=139273.15