[Oisf-users] Problem when testing Suricata on an ARMv7 based board
Mahdi Aichouch
foxmehdi at gmail.com
Tue Nov 10 13:34:38 UTC 2015
Hello,
First of all, thank you very much for all your answers!
It is difficult in my case to compile Suricata directly on the board,
because I don't have a full fledged Linux distribution such as Debian or
Ubuntu... installed on my board.
Instead, I am running a para-virtualized L4Linux kernel with a minimal root
file system (RAMdisk) built using Buildroot.
So, I don't have access to a package manager to download and install all
libraries that Suricata depends on.
When I cross-compiled, I manually downloaded and compiled all the binaries
of the required libraries before building Suricata.
After activating the verbose option I was able to see that there was a
missing file.
Such as the /usr/share/file/magic.mgc, needed by functions
in utile-magic.c.
Then, after adding all missing configuration files, I was able to
successfully run Surricata on an ARMv7 board.
$> ./home/suricata/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 -s
signatures -v &
/ # [44] 1/1/1970 -- 00:02:32 - (suricata.c:1073) <Notice> (SCPrintVersion)
-- This is Suricata version 2.1dev (rev 86711a1)
[44] 1/1/1970 -- 00:02:32 - (util-cpu.c:170) <Info> (UtilCpuPrintSummary)
-- CPUs/cores online: 1
[44] 1/1/1970 -- 00:02:32 - (app-layer-htp.c:2255) <Info>
(HTPConfigSetDefaultsPhase2) -- 'default' server has
'request-body-minimal-inspect-size' set to 33882 and
'request-body-inspect-window' set to 4053.
[44] 1/1/1970 -- 00:02:32 - (app-layer-htp.c:2270) <Info>
(HTPConfigSetDefaultsPhase2) -- 'default' server has
'response-body-minimal-inspect-size' set to 33695 and
'response-body-inspect-window' set to 42.
[44] 1/1/1970 -- 00:02:32 - (app-layer-dns-udp.c:337) <Info>
(DNSUDPConfigure) -- DNS request flood protection level: 500
[44] 1/1/1970 -- 00:02:32 - (app-layer-dns-udp.c:349) <Info>
(DNSUDPConfigure) -- DNS per flow memcap (state-memcap): 524288
[44] 1/1/1970 -- 00:02:32 - (app-layer-dns-udp.c:361) <Info>
(DNSUDPConfigure) -- DNS global memcap: 16777216
[44] 1/1/1970 -- 00:02:32 - (app-layer-modbus.c:1457) <Info>
(RegisterModbusParsers) -- Modbus request flood protection level: 500
[44] 1/1/1970 -- 00:02:32 - (util-ioctl.c:100) <Info> (GetIfaceMTU) --
Found an MTU of 1500 for 'eth0'
[44] 1/1/1970 -- 00:02:32 - (defrag-hash.c:209) <Info> (DefragInitConfig)
-- allocated 2097152 bytes of memory for the defrag hash... 65536 buckets
of size 32
[44] 1/1/1970 -- 00:02:32 - (defrag-hash.c:234) <Info> (DefragInitConfig)
-- preallocated 65535 defrag trackers of size 120
[44] 1/1/1970 -- 00:02:32 - (defrag-hash.c:241) <Info> (DefragInitConfig)
-- defrag memory usage: 9961352 bytes, maximum: 33554432
[44] 1/1/1970 -- 00:02:32 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) --
AutoFP mode using default "Active Packets" flow load balancer
[44] 1/1/1970 -- 00:02:32 - (host.c:215) <Info> (HostInitConfig) --
allocated 262144 bytes of memory for the host hash... 4096 buckets of size
64
[44] 1/1/1970 -- 00:02:32 - (host.c:238) <Info> (HostInitConfig) --
preallocated 1000 hosts of size 88
[44] 1/1/1970 -- 00:02:32 - (host.c:240) <Info> (HostInitConfig) -- host
memory usage: 350144 bytes, maximum: 16777216
[44] 1/1/1970 -- 00:02:32 - (flow.c:441) <Info> (FlowInitConfig) --
allocated 4194304 bytes of memory for the flow hash... 65536 buckets of
size 64
[44] 1/1/1970 -- 00:02:32 - (flow.c:465) <Info> (FlowInitConfig) --
preallocated 10000 flows of size 220
[44] 1/1/1970 -- 00:02:32 - (flow.c:467) <Info> (FlowInitConfig) -- flow
memory usage: 6394304 bytes, maximum: 67108864
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:377) <Info> (StreamTcpInitConfig)
-- stream "prealloc-sessions": 2048 (per thread)
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:393) <Info> (StreamTcpInitConfig)
-- stream "memcap": 33554432
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:399) <Info> (StreamTcpInitConfig)
-- stream "midstream" session pickups: disabled
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:405) <Info> (StreamTcpInitConfig)
-- stream "async-oneside": disabled
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:422) <Info> (StreamTcpInitConfig)
-- stream "checksum-validation": enabled
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:444) <Info> (StreamTcpInitConfig)
-- stream."inline": disabled
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:457) <Info> (StreamTcpInitConfig)
-- stream "max-synack-queued": 5
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:475) <Info> (StreamTcpInitConfig)
-- stream.reassembly "memcap": 134217728
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:493) <Info> (StreamTcpInitConfig)
-- stream.reassembly "depth": 1048576
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:576) <Info> (StreamTcpInitConfig)
-- stream.reassembly "toserver-chunk-size": 2549
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:578) <Info> (StreamTcpInitConfig)
-- stream.reassembly "toclient-chunk-size": 2501
[44] 1/1/1970 -- 00:02:32 - (stream-tcp.c:591) <Info> (StreamTcpInitConfig)
-- stream.reassembly.raw: enabled
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info>
(StreamTcpReassemblyConfig) -- segment pool: pktsize 4, prealloc 256
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info>
(StreamTcpReassemblyConfig) -- segment pool: pktsize 16, prealloc 512
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info>
(StreamTcpReassemblyConfig) -- segment pool: pktsize 112, prealloc 512
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info>
(StreamTcpReassemblyConfig) -- segment pool: pktsize 248, prealloc 512
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info>
(StreamTcpReassemblyConfig) -- segment pool: pktsize 512, prealloc 512
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info>
(StreamTcpReassemblyConfig) -- segment pool: pktsize 768, prealloc 1024
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info>
(StreamTcpReassemblyConfig) -- segment pool: pktsize 1448, prealloc 1024
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:451) <Info>
(StreamTcpReassemblyConfig) -- segment pool: pktsize 65535, prealloc 128
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:487) <Info>
(StreamTcpReassemblyConfig) -- stream.reassembly "chunk-prealloc": 250
[44] 1/1/1970 -- 00:02:32 - (stream-tcp-reassemble.c:500) <Info>
(StreamTcpReassemblyConfig) -- stream.reassembly "zero-copy-size": 128
[44] 1/1/1970 -- 00:02:32 - (ippair.c:211) <Info> (IPPairInitConfig) --
allocated 262144 bytes of memory for the ippair hash... 4096 buckets of
size 64
[44] 1/1/1970 -- 00:02:32 - (ippair.c:234) <Info> (IPPairInitConfig) --
preallocated 1000 ippairs of size 96
[44] 1/1/1970 -- 00:02:32 - (ippair.c:236) <Info> (IPPairInitConfig) --
ippair memory usage: 358144 bytes, maximum: 16777216
[44] 1/1/1970 -- 00:02:32 - (util-magic.c:62) <Info> (MagicInit) -- using
magic-file /usr/share/file/magic
[44] 1/1/1970 -- 00:02:32 - (suricata.c:1942) <Info> (SetupDelayedDetect)
-- Delayed detect disabled
[44] 1/1/1970 -- 00:02:32 - (reputation.c:620) <Info> (SRepInit) -- IP
reputation disabled
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/botcc.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/ciarmy.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/compromised.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/drop.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/dshield.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-activex.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-attack_response.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-chat.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-current_events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-dns.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-dos.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-exploit.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-ftp.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-games.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-icmp_info.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-imap.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-inappropriate.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-malware.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-misc.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-mobile_malware.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-netbios.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-p2p.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-policy.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-pop3.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-rpc.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-scada.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-scan.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-shellcode.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-smtp.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-snmp.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-sql.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-telnet.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-tftp.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-trojan.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-user_agents.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-voip.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-web_client.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-web_server.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-web_specific_apps.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/emerging-worm.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern
/etc/suricata/rules/tor.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) --
Loading rule file: /etc/suricata/rules/decoder-events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) --
Loading rule file: /etc/suricata/rules/stream-events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) --
Loading rule file: /etc/suricata/rules/http-events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) --
Loading rule file: /etc/suricata/rules/smtp-events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) --
Loading rule file: /etc/suricata/rules/dns-events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) --
Loading rule file: /etc/suricata/rules/tls-events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) --
Loading rule file: /etc/suricata/rules/modbus-events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:414) <Info> (ProcessSigFiles) --
Loading rule file: /etc/suricata/rules/app-layer-events.rules
[44] 1/1/1970 -- 00:02:32 - (detect.c:402) <Warning> (ProcessSigFiles) --
[ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern signatures
[44] 1/1/1970 -- 00:02:32 - (detect.c:523) <Info> (SigLoadSignatures) -- 50
rule files processed. 236 rules successfully loaded, 0 rules failed
[44] 1/1/1970 -- 00:02:32 - (detect.c:2987) <Info>
(SigAddressPrepareStage1) -- 236 signatures processed. 0 are IP-only rules,
0 are inspecting packet payload, 74 inspect application layer, 99 are
decoder y
[44] 1/1/1970 -- 00:02:32 - (detect.c:2990) <Info>
(SigAddressPrepareStage1) -- building signature grouping structure, stage
1: preprocessing rules... complete
[44] 1/1/1970 -- 00:02:33 - (detect.c:3623) <Info>
(SigAddressPrepareStage2) -- building signature grouping structure, stage
2: building source address list... complete
[44] 1/1/1970 -- 00:02:33 - (detect.c:4148) <Info>
(SigAddressPrepareStage3) -- building signature grouping structure, stage
3: building destination address lists... complete
[44] 1/1/1970 -- 00:02:33 - (util-threshold-config.c:1188) <Info>
(SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found
[44] 1/1/1970 -- 00:02:33 - (util-coredump-config.c:122) <Info>
(CoredumpLoadConfig) -- Core dump size set to unlimited.
[44] 1/1/1970 -- 00:02:33 - (util-logopenfile.c:298) <Info>
(SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log
[44] 1/1/1970 -- 00:02:33 - (runmodes.c:739) <Warning>
(RunModeInitializeOutputs) -- [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] -
Eve-log support not compiled in. Reconfigure/recompile with libjansson and
its de.
[44] 1/1/1970 -- 00:02:33 - (alert-unified2-alert.c:1353) <Info>
(Unified2AlertInitCtx) -- Unified2-alert initialized: filename
unified2.alert, limit 32 MB
[44] 1/1/1970 -- 00:02:33 - (util-logopenfile.c:298) <Info>
(SCConfLogOpenGeneric) -- http-log output device (regular) initialized:
http.log
[44] 1/1/1970 -- 00:02:33 - (util-logopenfile.c:298) <Info>
(SCConfLogOpenGeneric) -- stats output device (regular) initialized:
stats.log
[44] 1/1/1970 -- 00:02:33 - (util-runmodes.c:189) <Info>
(RunModeSetLiveCaptureAutoFp) -- Using 1 live device(s).
[45] 1/1/1970 -- 00:02:33 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit)
-- preallocated 1024 packets. Total memory 2887680
[45] 1/1/1970 -- 00:02:33 - (source-pcap.c:393) <Info>
(ReceivePcapThreadInit) -- using interface eth0
[45] 1/1/1970 -- 00:02:33 - (source-pcap.c:398) <Info>
(ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
interface state will require 1000 packets.
[45] 1/1/1970 -- 00:02:33 - (util-ioctl.c:100) <Info> (GetIfaceMTU) --
Found an MTU of 1500 for 'eth0'
[45] 1/1/1970 -- 00:02:33 - (source-pcap.c:433) <Info>
(ReceivePcapThreadInit) -- Set snaplen to 1516 for 'eth0'
device eth0 entered promiscuous mode
[45] 1/1/1970 -- 00:02:33 - (util-ioctl.c:178) <Info> (GetIfaceOffloading)
-- Generic Receive Offload is set on eth0
[45] 1/1/1970 -- 00:02:33 - (util-ioctl.c:200) <Info> (GetIfaceOffloading)
-- Large Receive Offload is unset on eth0
[45] 1/1/1970 -- 00:02:33 - (source-pcap.c:516) <Warning>
(ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_PCAP_CREATE(21)] - Using Pcap
capture with GRO or LRO activated can lead to capture problems.
[44] 1/1/1970 -- 00:02:33 - (runmode-pcap.c:293) <Info>
(RunModeIdsPcapAutoFp) -- RunModeIdsPcapAutoFp initialised
[44] 1/1/1970 -- 00:02:33 - (flow-manager.c:721) <Info>
(FlowManagerThreadSpawn) -- using 1 flow manager threads
[47] 1/1/1970 -- 00:02:33 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit)
-- preallocated 1024 packets. Total memory 2887680
[44] 1/1/1970 -- 00:02:33 - (flow-manager.c:881) <Info>
(FlowRecyclerThreadSpawn) -- using 1 flow recycler threads
[44] 1/1/1970 -- 00:02:33 - (tm-threads.c:2001) <Notice>
(TmThreadWaitOnThreadInit) -- all 2 packet processing threads, 4 management
threads initialized, engine started.
As we can see from the debug messages, there is still one Warning message.
Running this command: "/ # tail /var/log/suricata/http.log" gives nothing!
Running this command: "/ # tail -n 50 /var/log/suricata/stats.log" gives
the following logs:
defrag.ipv6.fragments | Total | 0
defrag.ipv6.reassembled | Total | 0
defrag.ipv6.timeouts | Total | 0
defrag.max_frag_hits | Total | 0
tcp.sessions | Total | 0
tcp.ssn_memcap_drop | Total | 0
tcp.pseudo | Total | 0
tcp.pseudo_failed | Total | 0
tcp.invalid_checksum | Total | 0
tcp.no_flow | Total | 0
tcp.syn | Total | 0
tcp.synack | Total | 0
tcp.rst | Total | 0
tcp.segment_memcap_drop | Total | 0
tcp.stream_depth_reached | Total | 0
tcp.reassembly_gap | Total | 0
detect.alert | Total | 0
flow_mgr.closed_pruned | Total | 0
flow_mgr.new_pruned | Total | 0
flow_mgr.est_pruned | Total | 0
flow.spare | Total | 10000
flow.emerg_mode_entered | Total | 0
flow.emerg_mode_over | Total | 0
flow.tcp_reuse | Total | 0
tcp.memuse | Total | 286720
tcp.reassembly_memuse | Total | 12244864
dns.memuse | Total | 0
dns.memcap_state | Total | 0
dns.memcap_global | Total | 0
http.memuse | Total | 0
http.memcap | Total | 0
flow.memuse | Total | 6394304
-------------------------------------------------------------------
Date: 11/10/2015 -- 11:35:42 (uptime: 0d, 00h 19m 28s)
-------------------------------------------------------------------
Counter | TM Name | Value
-------------------------------------------------------------------
capture.kernel_packets | Total | 0
capture.kernel_drops | Total | 0
capture.kernel_ifdrops | Total | 0
decoder.pkts | Total | 0
decoder.bytes | Total | 0
decoder.invalid | Total | 0
decoder.ipv4 | Total | 0
decoder.ipv6 | Total | 0
decoder.ethernet | Total | 0
decoder.raw | Total | 0
decoder.null | Total | 0
decoder.sll | Total | 0
Is it possible to tell me if everything is correct?
Is there any test case that gives more explicit results?
Thank you very much in advance.
Best regards,
Mahdi
On Tue, Nov 10, 2015 at 8:55 AM, Scott Prader <rigrunn at gmail.com> wrote:
> I have compiled suricata on an armv6h, but did not cross-compile it. I
> compiled it natively and it worked fine. It took some time, so I found
> something else to do while it compiled.
> On Nov 10, 2015 1:47 AM, "Victor Julien" <lists at inliniac.net> wrote:
>
>> On 10-11-15 08:46, Anoop Saldanha wrote:
>>
>>> On Tue, Nov 10, 2015 at 12:59 PM, Anoop Saldanha
>>> <anoopsaldanha at gmail.com> wrote:
>>>
>>>> On Mon, Nov 9, 2015 at 11:06 PM, Peter Manev <petermanev at gmail.com>
>>>> wrote:
>>>>
>>>>> On Mon, Nov 9, 2015 at 3:00 PM, Mahdi Aichouch <foxmehdi at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I am trying to run Suricata on an ARMv7 architecture based board.
>>>>>>
>>>>>> After, I had successfully cross-compiled Suricata for my target, I
>>>>>> tried to
>>>>>> run Suricata on the board but I got an Aborted fault.
>>>>>>
>>>>>> Below is the command that I used in my test:
>>>>>>
>>>>>> $> ./home/suricata/bin/suricata -c /etc/suricata/suricata.yaml -i eth0
>>>>>> --init-errors-fatal
>>>>>>
>>>>>
>>>>> Can you try adding the "-v" switch for more verbose output -
>>>>> ./home/suricata/bin/suricata -c /etc/suricata/suricata.yaml -i eth0
>>>>> --init-errors-fatal -v
>>>>>
>>>>>
>>>>>> [35] 1/1/1970 -- 00:02:03 - (suricata.c:1073) <Notice>
>>>>>> (SCPrintVersion) --
>>>>>> This is Suricata version 2.1dev (rev 86711a1)
>>>>>> Aborted.
>>>>>>
>>>>>> No further message are printed on the terminal.
>>>>>>
>>>>>> Could someone help me in figuring out what causes this issue.
>>>>>>
>>>>>
>>>> Trouble with some instructions generated for your architecture most
>>>> likely. I would first try and make sure that I have cross compiled
>>>> directly, and then zero in on the instructions generated by the
>>>> compiler and make sure it is present ARMv7's ISA.
>>>>
>>>>
>>> My previous reply - s/cross compiled directly/cross compiled correctly/g
>>>
>>> As a later step on figuring out the instructions, you can look at the
>>> kernel/system logs to figure out the instructions that caused the
>>> error.
>>>
>>>
>> Don't forget passing --disable-gccmarch-native to configure before
>> compiling.
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 4 & 5 in Barcelona:
>> http://oisfevents.net
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151110/ec72b44d/attachment-0002.html>
More information about the Oisf-users
mailing list