Hi to all,
I've successfully installed and started Snort3 opkg on my Linksys WRT3200ACM running openWRT 21.02.1. It runs apparently fine and alerts are generated as expected, even though, as a test, I loaded a ton of rules (all of the registered ones) which I plan to fine tune later on. I've also successfully forwarded it's JSON alerts file onto a linux box one my network where I experiment with analysis tools (Splunk, ELK, etc) so the chain is roughly complete.
I would now complement the chain installing/configuring Snort's AppID feature that allows the identification of data flows by apps (e.g. Facebook, Skype, etc). This requires an optional Snort3 package: Snort3 Extra.
Snort3 Extra is not included in the opkg repo, so I guess the only way to have it is to compile it myself. But it's a configure/cmake based package and I see there's no CMake opkg package available.
Yesterday night I downloaded OpenWRT's build toolchain and successfully built a default version (everything left with its default) target system for my router using a clean Ubuntu Server 20.04 VM. Now I guess, if possible, I should create opkg packages for CMake (if I want to try to compile Snort3 Extra on the router itself) or directly create the Snort3 Extra package if only ... I knew/understood how to do it. Could anyone shed some light on the first steps or the best path towards my goal, if possible at all ?
Thanks in advance
Peppe
