<div dir="ltr">Hello,<div><br></div><div>First of all, thank you very much for all your answers!</div><div><br></div><div>It is difficult in my case to compile Suricata directly on the board, because I don't have a full fledged Linux distribution such as Debian or Ubuntu... installed on my board.</div><div>Instead, I am running a para-virtualized L4Linux kernel with a minimal root file system (RAMdisk) built using Buildroot.<br></div><div><br></div><div>So, I don't have access to a package manager to download and install all libraries that Suricata depends on.</div><div>When I cross-compiled, I manually downloaded and compiled all the binaries of the required libraries before building Suricata.<br></div><div><br></div><div>After activating the verbose option I was able to see that there was a missing file.</div><div>Such as the /usr/share/file/magic.mgc, needed by functions in utile-magic.c.</div><div><br></div><div>Then, after adding all missing configuration files, I was able to successfully run Surricata on an ARMv7 board.</div><div><br></div><div>$> ./home/suricata/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 -s signatures -v &</div><div><br></div><div><div>/ # [44] 1/1/1970 -- 00:02:32 - (suricata.c:1073) <Notice> (SCPrintVersion) -- This is Suricata version 2.1dev (rev 86711a1)</div><div>[44] 1/1/1970 -- 00:02:32 - (util-cpu.c:170) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 1</div><div>[44] 1/1/1970 -- 00:02:32 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053.</div><div>[44] 1/1/1970 -- 00:02:32 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 42.</div><div>[44] 1/1/1970 -- 00:02:32 - (app-layer-dns-udp.c:337) <Info> (DNSUDPConfigure) -- DNS request flood protection level: 500</div><div>[44] 1/1/1970 -- 00:02:32 - (app-layer-dns-udp.c:349) <Info> (DNSUDPConfigure) -- DNS per flow memcap (state-memcap): 524288</div><div>[44] 1/1/1970 -- 00:02:32 - (app-layer-dns-udp.c:361) <Info> (DNSUDPConfigure) -- DNS global memcap: 16777216</div><div>[44] 1/1/1970 -- 00:02:32 - (app-layer-modbus.c:1457) <Info> (RegisterModbusParsers) -- Modbus request flood protection level: 500</div><div>[44] 1/1/1970 -- 00:02:32 - (util-ioctl.c:100) <Info> (GetIfaceMTU) -- Found an MTU of 1500 for 'eth0'</div><div>[44] 1/1/1970 -- 00:02:32 - (defrag-hash.c:209) <Info> (DefragInitConfig) -- allocated 2097152 bytes of memory for the defrag hash... 65536 buckets of size 32</div><div>[44] 1/1/1970 -- 00:02:32 - (defrag-hash.c:234) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 120</div><div>[44] 1/1/1970 -- 00:02:32 - (defrag-hash.c:241) <Info> (DefragInitConfig) -- defrag memory usage: 9961352 bytes, maximum: 33554432</div><div>[44] 1/1/1970 -- 00:02:32 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow load balancer</div><div>[44] 1/1/1970 -- 00:02:32 - (host.c:215) <Info> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64</div><div>[44] 1/1/1970 -- 00:02:32 - (host.c:238) <Info> (HostInitConfig) -- preallocated 1000 hosts of size 88</div><div>[44] 1/1/1970 -- 00:02:32 - (host.c:240) <Info> (HostInitConfig) -- host memory usage: 350144 bytes, maximum: 16777216</div><div>[44] 1/1/1970 -- 00:02:32 - (flow.c:441) <Info> (FlowInitConfig) -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64</div><div>[44] 1/1/1970 -- 00:02:32 - (flow.c:465) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 220</div><div>[44] 1/1/1970 -- 00:02:32 - (flow.c:467) <Info> (FlowInitConfig) -- flow memory usage: 6394304 bytes, maximum: 67108864</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:377) <Info> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread)</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:393) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:399) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:405) <Info> (StreamTcpInitConfig) -- stream "async-oneside": disabled</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:422) <Info> (StreamTcpInitConfig) -- stream "checksum-validation": enabled</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:444) <Info> (StreamTcpInitConfig) -- stream."inline": disabled</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:457) <Info> (StreamTcpInitConfig) -- stream "max-synack-queued": 5</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:475) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 134217728</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:493) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:576) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2549</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:578) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2501</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:591) <Info> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 4, prealloc 256</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 16, prealloc 512</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 112, prealloc 512</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 248, prealloc 512</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 512, prealloc 512</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 768, prealloc 1024</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 1448, prealloc 1024</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 65535, prealloc 128</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:487) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "chunk-prealloc": 250</div><div>[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:500) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "zero-copy-size": 128</div><div>[44] 1/1/1970 -- 00:02:32 - (ippair.c:211) <Info> (IPPairInitConfig) -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64</div><div>[44] 1/1/1970 -- 00:02:32 - (ippair.c:234) <Info> (IPPairInitConfig) -- preallocated 1000 ippairs of size 96</div><div>[44] 1/1/1970 -- 00:02:32 - (ippair.c:236) <Info> (IPPairInitConfig) -- ippair memory usage: 358144 bytes, maximum: 16777216</div><div>[44] 1/1/1970 -- 00:02:32 - (util-magic.c:62) <Info> (MagicInit) -- using magic-file /usr/share/file/magic</div><div>[44] 1/1/1970 -- 00:02:32 - (suricata.c:1942) <Info> (SetupDelayedDetect) -- Delayed detect disabled</div><div>[44] 1/1/1970 -- 00:02:32 - (reputation.c:620) <Info> (SRepInit) -- IP reputation disabled</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/botcc.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/ciarmy.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/compromised.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/drop.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/dshield.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-activex.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-attack_response.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-chat.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-current_events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-dns.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-dos.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-exploit.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-ftp.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-games.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-icmp_info.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-imap.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-inappropriate.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-malware.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-misc.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-mobile_malware.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-netbios.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-p2p.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-policy.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-pop3.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-rpc.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-scada.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-scan.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-shellcode.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-smtp.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-snmp.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-sql.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-telnet.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-tftp.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-trojan.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-user_agents.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-voip.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-web_client.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-web_server.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-web_specific_apps.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/emerging-worm.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/tor.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/decoder-events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/stream-events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/http-events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/smtp-events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dns-events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tls-events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/modbus-events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/app-layer-events.rules</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern signatures</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:523) <Info> (SigLoadSignatures) -- 50 rule files processed. 236 rules successfully loaded, 0 rules failed</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:2987) <Info> (SigAddressPrepareStage1) -- 236 signatures processed. 0 are IP-only rules, 0 are inspecting packet payload, 74 inspect application layer, 99 are decoder y</div><div>[44] 1/1/1970 -- 00:02:32 - (detect.c:2990) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete</div><div>[44] 1/1/1970 -- 00:02:33 - (detect.c:3623) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... complete</div><div>[44] 1/1/1970 -- 00:02:33 - (detect.c:4148) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... complete</div><div>[44] 1/1/1970 -- 00:02:33 - (util-threshold-config.c:1188) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found</div><div>[44] 1/1/1970 -- 00:02:33 - (util-coredump-config.c:122) <Info> (CoredumpLoadConfig) -- Core dump size set to unlimited.</div><div>[44] 1/1/1970 -- 00:02:33 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log</div><div>[44] 1/1/1970 -- 00:02:33 - (runmodes.c:739) <Warning> (RunModeInitializeOutputs) -- [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] - Eve-log support not compiled in. Reconfigure/recompile with libjansson and its de.</div><div>[44] 1/1/1970 -- 00:02:33 - (alert-unified2-alert.c:1353) <Info> (Unified2AlertInitCtx) -- Unified2-alert initialized: filename unified2.alert, limit 32 MB</div><div>[44] 1/1/1970 -- 00:02:33 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- http-log output device (regular) initialized: http.log</div><div>[44] 1/1/1970 -- 00:02:33 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log</div><div>[44] 1/1/1970 -- 00:02:33 - (util-runmodes.c:189) <Info> (RunModeSetLiveCaptureAutoFp) -- Using 1 live device(s).</div><div>[45] 1/1/1970 -- 00:02:33 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 2887680</div><div>[45] 1/1/1970 -- 00:02:33 - (source-pcap.c:393) <Info> (ReceivePcapThreadInit) -- using interface eth0</div><div>[45] 1/1/1970 -- 00:02:33 - (source-pcap.c:398) <Info> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of interface state will require 1000 packets.</div><div>[45] 1/1/1970 -- 00:02:33 - (util-ioctl.c:100) <Info> (GetIfaceMTU) -- Found an MTU of 1500 for 'eth0'</div><div>[45] 1/1/1970 -- 00:02:33 - (source-pcap.c:433) <Info> (ReceivePcapThreadInit) -- Set snaplen to 1516 for 'eth0'</div><div>device eth0 entered promiscuous mode</div><div>[45] 1/1/1970 -- 00:02:33 - (util-ioctl.c:178) <Info> (GetIfaceOffloading) -- Generic Receive Offload is set on eth0</div><div>[45] 1/1/1970 -- 00:02:33 - (util-ioctl.c:200) <Info> (GetIfaceOffloading) -- Large Receive Offload is unset on eth0</div><div>[45] 1/1/1970 -- 00:02:33 - (source-pcap.c:516) <Warning> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_PCAP_CREATE(21)] - Using Pcap capture with GRO or LRO activated can lead to capture problems.</div><div>[44] 1/1/1970 -- 00:02:33 - (runmode-pcap.c:293) <Info> (RunModeIdsPcapAutoFp) -- RunModeIdsPcapAutoFp initialised</div><div>[44] 1/1/1970 -- 00:02:33 - (flow-manager.c:721) <Info> (FlowManagerThreadSpawn) -- using 1 flow manager threads</div><div>[47] 1/1/1970 -- 00:02:33 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 2887680</div><div>[44] 1/1/1970 -- 00:02:33 - (flow-manager.c:881) <Info> (FlowRecyclerThreadSpawn) -- using 1 flow recycler threads</div><div>[44] 1/1/1970 -- 00:02:33 - (tm-threads.c:2001) <Notice> (TmThreadWaitOnThreadInit) -- all 2 packet processing threads, 4 management threads initialized, engine started.</div></div><div><br></div><div>As we can see from the debug messages, there is still one Warning message.</div><div><br></div><div>Running this command: "/ # tail /var/log/suricata/http.log" gives nothing!<br></div><div><br></div><div>Running this command: "/ # tail -n 50 /var/log/suricata/stats.log" gives the following logs:<br></div><div><br></div><div><div>defrag.ipv6.fragments | Total | 0</div><div>defrag.ipv6.reassembled | Total | 0</div><div>defrag.ipv6.timeouts | Total | 0</div><div>defrag.max_frag_hits | Total | 0</div><div>tcp.sessions | Total | 0</div><div>tcp.ssn_memcap_drop | Total | 0</div><div>tcp.pseudo | Total | 0</div><div>tcp.pseudo_failed | Total | 0</div><div>tcp.invalid_checksum | Total | 0</div><div>tcp.no_flow | Total | 0</div><div>tcp.syn | Total | 0</div><div>tcp.synack | Total | 0</div><div>tcp.rst | Total | 0</div><div>tcp.segment_memcap_drop | Total | 0</div><div>tcp.stream_depth_reached | Total | 0</div><div>tcp.reassembly_gap | Total | 0</div><div>detect.alert | Total | 0</div><div>flow_mgr.closed_pruned | Total | 0</div><div>flow_mgr.new_pruned | Total | 0</div><div>flow_mgr.est_pruned | Total | 0</div><div>flow.spare | Total | 10000</div><div>flow.emerg_mode_entered | Total | 0</div><div>flow.emerg_mode_over | Total | 0</div><div>flow.tcp_reuse | Total | 0</div><div>tcp.memuse | Total | 286720</div><div>tcp.reassembly_memuse | Total | 12244864</div><div>dns.memuse | Total | 0</div><div>dns.memcap_state | Total | 0</div><div>dns.memcap_global | Total | 0</div><div>http.memuse | Total | 0</div><div>http.memcap | Total | 0</div><div>flow.memuse | Total | 6394304</div><div>-------------------------------------------------------------------</div><div>Date: 11/10/2015 -- 11:35:42 (uptime: 0d, 00h 19m 28s)</div><div>-------------------------------------------------------------------</div><div>Counter | TM Name | Value</div><div>-------------------------------------------------------------------</div><div>capture.kernel_packets | Total | 0</div><div>capture.kernel_drops | Total | 0</div><div>capture.kernel_ifdrops | Total | 0</div><div>decoder.pkts | Total | 0</div><div>decoder.bytes | Total | 0</div><div>decoder.invalid | Total | 0</div><div>decoder.ipv4 | Total | 0</div><div>decoder.ipv6 | Total | 0</div><div>decoder.ethernet | Total | 0</div><div>decoder.raw | Total | 0</div><div>decoder.null | Total | 0</div><div>decoder.sll | Total | 0</div></div><div><br></div><div><br></div><div>Is it possible to tell me if everything is correct?</div><div><br></div><div>Is there any test case that gives more explicit results?</div><div><br></div><div>Thank you very much in advance.</div><div><br></div><div>Best regards,</div><div>Mahdi</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Nov 10, 2015 at 8:55 AM, Scott Prader <span dir="ltr"><<a href="mailto:rigrunn@gmail.com" target="_blank">rigrunn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">I have compiled suricata on an armv6h, but did not cross-compile it. I compiled it natively and it worked fine. It took some time, so I found something else to do while it compiled.</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On Nov 10, 2015 1:47 AM, "Victor Julien" <<a href="mailto:lists@inliniac.net" target="_blank">lists@inliniac.net</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 10-11-15 08:46, Anoop Saldanha wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, Nov 10, 2015 at 12:59 PM, Anoop Saldanha<br>
<<a href="mailto:anoopsaldanha@gmail.com" target="_blank">anoopsaldanha@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Mon, Nov 9, 2015 at 11:06 PM, Peter Manev <<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Mon, Nov 9, 2015 at 3:00 PM, Mahdi Aichouch <<a href="mailto:foxmehdi@gmail.com" target="_blank">foxmehdi@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
I am trying to run Suricata on an ARMv7 architecture based board.<br>
<br>
After, I had successfully cross-compiled Suricata for my target, I tried to<br>
run Suricata on the board but I got an Aborted fault.<br>
<br>
Below is the command that I used in my test:<br>
<br>
$> ./home/suricata/bin/suricata -c /etc/suricata/suricata.yaml -i eth0<br>
--init-errors-fatal<br>
</blockquote>
<br>
Can you try adding the "-v" switch for more verbose output -<br>
./home/suricata/bin/suricata -c /etc/suricata/suricata.yaml -i eth0<br>
--init-errors-fatal -v<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
[35] 1/1/1970 -- 00:02:03 - (suricata.c:1073) <Notice> (SCPrintVersion) --<br>
This is Suricata version 2.1dev (rev 86711a1)<br>
Aborted.<br>
<br>
No further message are printed on the terminal.<br>
<br>
Could someone help me in figuring out what causes this issue.<br>
</blockquote></blockquote>
<br>
Trouble with some instructions generated for your architecture most<br>
likely. I would first try and make sure that I have cross compiled<br>
directly, and then zero in on the instructions generated by the<br>
compiler and make sure it is present ARMv7's ISA.<br>
<br>
</blockquote>
<br>
My previous reply - s/cross compiled directly/cross compiled correctly/g<br>
<br>
As a later step on figuring out the instructions, you can look at the<br>
kernel/system logs to figure out the instructions that caused the<br>
error.<br>
<br>
</blockquote>
<br>
Don't forget passing --disable-gccmarch-native to configure before compiling.<br>
<br>
-- <br>
---------------------------------------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" rel="noreferrer" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" rel="noreferrer" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" rel="noreferrer" target="_blank">http://oisfevents.net</a></blockquote></div>
</div></div><br>_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
Suricata User Conference November 4 & 5 in Barcelona: <a href="http://oisfevents.net" rel="noreferrer" target="_blank">http://oisfevents.net</a><br></blockquote></div><br></div>