Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Does snort run on an SG-1000?

    IDS/IPS
    2
    3
    785
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skilbjo last edited by

      I installed the package, but when I try to start the service on the WAN interface I get this back from the logs…

      It fails with a "signal 10" ... is that a SIGBUS error? Is it because snort isn't ready for ARM architecture?

      If so it looks like it is really silly trying to run X86 code on ARM, I'm surprised I was able to get this far  ;D

      Oct 22 01:54:47 pfsense snort[38416]: Verifying Preprocessor Configurations!
      Oct 22 01:54:47 pfsense snort[38416]:
      Oct 22 01:54:47 pfsense snort[38416]: [ Port Based Pattern Matching Memory ]
      Oct 22 01:54:47 pfsense snort[38416]: [ Number of patterns truncated to 20 bytes: 0 ]
      Oct 22 01:54:47 pfsense snort[38416]: pcap DAQ configured to passive.
      Oct 22 01:54:47 pfsense snort[38416]: Acquiring network traffic from "cpsw0".
      Oct 22 01:54:47 pfsense snort[38416]: Initializing daemon mode
      Oct 22 01:54:48 pfsense snort[38516]: Daemon initialized, signaled parent pid: 38416
      Oct 22 01:54:48 pfsense snort[38516]: Reload thread starting...
      Oct 22 01:54:48 pfsense snort[38516]: Reload thread started, thread 0x20a12300 (38516)
      Oct 22 01:54:48 pfsense snort[38516]: Decoding Ethernet
      Oct 22 01:54:48 pfsense kernel: cpsw0: promiscuous mode enabled
      Oct 22 01:54:51 pfsense snort[38516]: Checking PID path...
      Oct 22 01:54:51 pfsense snort[38516]: PID path stat checked out ok, PID path set to /var/run
      Oct 22 01:54:52 pfsense snort[38516]: Writing PID "38516" to file "/var/run/snort_cpsw012000.pid"
      Oct 22 01:54:52 pfsense snort[38516]:
      Oct 22 01:54:52 pfsense snort[38516]:         --== Initialization Complete ==--
      Oct 22 01:54:52 pfsense snort[38516]:
      Oct 22 01:54:52 pfsense snort[38516]:    ,,_     -*> Snort! <*-
      Oct 22 01:54:52 pfsense snort[38516]:   o"  )~   Version 2.9.9.0 GRE (Build 56)
      Oct 22 01:54:52 pfsense snort[38516]:    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
      Oct 22 01:54:52 pfsense snort[38516]:            Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
      Oct 22 01:54:52 pfsense snort[38516]:            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
      Oct 22 01:54:52 pfsense snort[38516]:            Using libpcap version 1.8.1
      Oct 22 01:54:52 pfsense snort[38516]:            Using PCRE version: 8.40 2017-01-11
      Oct 22 01:54:52 pfsense snort[38516]:            Using ZLIB version: 1.2.11
      Oct 22 01:54:52 pfsense snort[38516]:
      Oct 22 01:54:52 pfsense snort[38516]:            Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 3.0  <build 1="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_IMAP  Version 1.0  <build 1="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_POP  Version 1.0  <build 1="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_DNS  Version 1.1  <build 4="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_DCERPC2  Version 1.0  <build 3="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SSH  Version 1.1  <build 3="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SIP  Version 1.1  <build 1="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SSLPP  Version 1.1  <build 4="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SMTP  Version 1.1  <build 9="">
      Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_FTPTELNET  Version 1.2  <build 13="">
      Oct 22 01:54:52 pfsense snort[38516]: Commencing packet processing (pid=38516)
      Oct 22 01:54:53 pfsense kernel: pid 38516 (snort), uid 0: exited on signal 10
      Oct 22 01:54:53 pfsense kernel: cpsw0: promiscuous mode disabled</build></build></build></build></build></build></build></build></build></build>
      
      1 Reply Last reply Reply Quote 0
      • ivor
        ivor last edited by

        No, it's not enough powerful to run on SG-1000. We added Snort to ARM packages because of SG-3100. It shouldn't be used on SG-1000, last time I tried it didn't work.

        1 Reply Last reply Reply Quote 0
        • S
          skilbjo last edited by

          Related: https://forum.pfsense.org/index.php?topic=139273.15

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy