The pfSense Store

Author Topic: Does snort run on an SG-1000?  (Read 269 times)

0 Members and 1 Guest are viewing this topic.

Offline skilbjo

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Does snort run on an SG-1000?
« on: October 22, 2017, 04:07:15 am »
I installed the package, but when I try to start the service on the WAN interface I get this back from the logs...

It fails with a "signal 10" ... is that a SIGBUS error? Is it because snort isn't ready for ARM architecture?

If so it looks like it is really silly trying to run X86 code on ARM, I'm surprised I was able to get this far  ;D

Code: [Select]
Oct 22 01:54:47 pfsense snort[38416]: Verifying Preprocessor Configurations!
Oct 22 01:54:47 pfsense snort[38416]:
Oct 22 01:54:47 pfsense snort[38416]: [ Port Based Pattern Matching Memory ]
Oct 22 01:54:47 pfsense snort[38416]: [ Number of patterns truncated to 20 bytes: 0 ]
Oct 22 01:54:47 pfsense snort[38416]: pcap DAQ configured to passive.
Oct 22 01:54:47 pfsense snort[38416]: Acquiring network traffic from "cpsw0".
Oct 22 01:54:47 pfsense snort[38416]: Initializing daemon mode
Oct 22 01:54:48 pfsense snort[38516]: Daemon initialized, signaled parent pid: 38416
Oct 22 01:54:48 pfsense snort[38516]: Reload thread starting...
Oct 22 01:54:48 pfsense snort[38516]: Reload thread started, thread 0x20a12300 (38516)
Oct 22 01:54:48 pfsense snort[38516]: Decoding Ethernet
Oct 22 01:54:48 pfsense kernel: cpsw0: promiscuous mode enabled
Oct 22 01:54:51 pfsense snort[38516]: Checking PID path...
Oct 22 01:54:51 pfsense snort[38516]: PID path stat checked out ok, PID path set to /var/run
Oct 22 01:54:52 pfsense snort[38516]: Writing PID "38516" to file "/var/run/snort_cpsw012000.pid"
Oct 22 01:54:52 pfsense snort[38516]:
Oct 22 01:54:52 pfsense snort[38516]:         --== Initialization Complete ==--
Oct 22 01:54:52 pfsense snort[38516]:
Oct 22 01:54:52 pfsense snort[38516]:    ,,_     -*> Snort! <*-
Oct 22 01:54:52 pfsense snort[38516]:   o"  )~   Version 2.9.9.0 GRE (Build 56)
Oct 22 01:54:52 pfsense snort[38516]:    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Oct 22 01:54:52 pfsense snort[38516]:            Copyright (C) 2014-2016 Cisco and/or its affiliates. All rights reserved.
Oct 22 01:54:52 pfsense snort[38516]:            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Oct 22 01:54:52 pfsense snort[38516]:            Using libpcap version 1.8.1
Oct 22 01:54:52 pfsense snort[38516]:            Using PCRE version: 8.40 2017-01-11
Oct 22 01:54:52 pfsense snort[38516]:            Using ZLIB version: 1.2.11
Oct 22 01:54:52 pfsense snort[38516]:
Oct 22 01:54:52 pfsense snort[38516]:            Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 3.0  <Build 1>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_POP  Version 1.0  <Build 1>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
Oct 22 01:54:52 pfsense snort[38516]:            Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>
Oct 22 01:54:52 pfsense snort[38516]: Commencing packet processing (pid=38516)
Oct 22 01:54:53 pfsense kernel: pid 38516 (snort), uid 0: exited on signal 10
Oct 22 01:54:53 pfsense kernel: cpsw0: promiscuous mode disabled

Offline ivor

  • Administrator
  • Hero Member
  • *****
  • Posts: 610
  • Karma: +135/-125
    • View Profile
    • Netgate
Re: Does snort run on an SG-1000?
« Reply #1 on: October 22, 2017, 11:55:29 am »
No, it's not enough powerful to run on SG-1000. We added Snort to ARM packages because of SG-3100. It shouldn't be used on SG-1000, last time I tried it didn't work.
Need help fast? Commercial support: https://www.netgate.com/support/

Offline skilbjo

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Does snort run on an SG-1000?
« Reply #2 on: November 24, 2017, 05:58:46 pm »