Does snort run on an SG-1000?



  • I installed the package, but when I try to start the service on the WAN interface I get this back from the logs…

    It fails with a "signal 10" ... is that a SIGBUS error? Is it because snort isn't ready for ARM architecture?

    If so it looks like it is really silly trying to run X86 code on ARM, I'm surprised I was able to get this far  ;D

    Oct 22 01:54:47 pfsense snort[38416]: Verifying Preprocessor Configurations!
    Oct 22 01:54:47 pfsense snort[38416]:
    Oct 22 01:54:47 pfsense snort[38416]: [ Port Based Pattern Matching Memory ]
    Oct 22 01:54:47 pfsense snort[38416]: [ Number of patterns truncated to 20 bytes: 0 ]
    Oct 22 01:54:47 pfsense snort[38416]: pcap DAQ configured to passive.
    Oct 22 01:54:47 pfsense snort[38416]: Acquiring network traffic from "cpsw0".
    Oct 22 01:54:47 pfsense snort[38416]: Initializing daemon mode
    Oct 22 01:54:48 pfsense snort[38516]: Daemon initialized, signaled parent pid: 38416
    Oct 22 01:54:48 pfsense snort[38516]: Reload thread starting...
    Oct 22 01:54:48 pfsense snort[38516]: Reload thread started, thread 0x20a12300 (38516)
    Oct 22 01:54:48 pfsense snort[38516]: Decoding Ethernet
    Oct 22 01:54:48 pfsense kernel: cpsw0: promiscuous mode enabled
    Oct 22 01:54:51 pfsense snort[38516]: Checking PID path...
    Oct 22 01:54:51 pfsense snort[38516]: PID path stat checked out ok, PID path set to /var/run
    Oct 22 01:54:52 pfsense snort[38516]: Writing PID "38516" to file "/var/run/snort_cpsw012000.pid"
    Oct 22 01:54:52 pfsense snort[38516]:
    Oct 22 01:54:52 pfsense snort[38516]:         --== Initialization Complete ==--
    Oct 22 01:54:52 pfsense snort[38516]:
    Oct 22 01:54:52 pfsense snort[38516]:    ,,_     -*> Snort! <*-
    Oct 22 01:54:52 pfsense snort[38516]:   o"  )~   Version 2.9.9.0 GRE (Build 56)
    Oct 22 01:54:52 pfsense snort[38516]:    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
    Oct 22 01:54:52 pfsense snort[38516]:            Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
    Oct 22 01:54:52 pfsense snort[38516]:            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
    Oct 22 01:54:52 pfsense snort[38516]:            Using libpcap version 1.8.1
    Oct 22 01:54:52 pfsense snort[38516]:            Using PCRE version: 8.40 2017-01-11
    Oct 22 01:54:52 pfsense snort[38516]:            Using ZLIB version: 1.2.11
    Oct 22 01:54:52 pfsense snort[38516]:
    Oct 22 01:54:52 pfsense snort[38516]:            Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 3.0  <build 1="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_IMAP  Version 1.0  <build 1="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_POP  Version 1.0  <build 1="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_DNS  Version 1.1  <build 4="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_DCERPC2  Version 1.0  <build 3="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SSH  Version 1.1  <build 3="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SIP  Version 1.1  <build 1="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SSLPP  Version 1.1  <build 4="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SMTP  Version 1.1  <build 9="">
    Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_FTPTELNET  Version 1.2  <build 13="">
    Oct 22 01:54:52 pfsense snort[38516]: Commencing packet processing (pid=38516)
    Oct 22 01:54:53 pfsense kernel: pid 38516 (snort), uid 0: exited on signal 10
    Oct 22 01:54:53 pfsense kernel: cpsw0: promiscuous mode disabled</build></build></build></build></build></build></build></build></build></build>
    

  • Galactic Empire

    No, it's not enough powerful to run on SG-1000. We added Snort to ARM packages because of SG-3100. It shouldn't be used on SG-1000, last time I tried it didn't work.




Log in to reply