Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort (4.1.3_5) + SG-3100 (21.05-RELEASE (arm)) = exited on signal 10

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 3 Posters 595 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Hichem
      last edited by

      Hello, we just bought an SG-3100 and installed snort on it to block attacks over the WAN.
      Unfortunately snort exited on signal 10.
      We tried Suricate but it also stops.

      Jun 15 14:31:08 kernel pid 10484 (snort), jid 0, uid 0: exited on signal 10.

      Thanks for your help

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @Hichem
        last edited by

        There is a patch to fix the PHP crashing issue for signal 11 in multiple packages, but for signal 10 see https://forum.netgate.com/topic/161050/snort-won-t-start-after-upgrade-to-21-02-on-sg-3100/28.

        What is the problem with Suricata?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        H 1 Reply Last reply Reply Quote 0
        • H
          Hichem @SteveITS
          last edited by

          @steveits
          Patch already done 5 days ago, but snort stop after a few minutes.

          For SuricataI win reinstall it and told you the error.

          bmeeksB 1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks @Hichem
            last edited by bmeeks

            @hichem said in Snort (4.1.3_5) + SG-3100 (21.05-RELEASE (arm)) = exited on signal 10:

            @steveits
            Patch already done 5 days ago, but snort stop after a few minutes.

            For SuricataI win reinstall it and told you the error.

            Pay attention to the errors in the log. Signal 11 is a segmentation fault. That was happening from the PHP PCRE engine. The patch referenced earlier in this thread fixes that Signal 11 problem.

            It does NOT fix the Signal 10 issue. That is caused by opcode choices made by the compiler for the 32-bit ARM processor used in the SG-3100 appliance. There is no easy fix for that. I've explained why in several other threads.

            If running an IDS/IPS is important to you, then get off of ARM 32-bit hardware and move to either an Intel/AMD platform, or a 64-bit aarch64 platform. The Signal 10 error has been an issue with Snort (and sometimes Suricata) since the release of the 32-bit ARM hardware appliances. I've tried one patch in the past that consists of disabling compiler optimizations by essentially telling the llvm compiler to compile Snort with the debugging flags enabled. That appeared to have worked for a while, especially under FreeBSD-11 (which the 2.4.5 branch of pfSense used). It appears that as of FreeBSD-12 (which the new 2.5.x branch and higher of pfSense is using), that old debugging compiler flag may no longer be effective.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.