OpenWrt snort ps shutdown

Installing and Using OpenWrt
1

I installed OpenWrt 23.05.0 r23497-6637af95aa / LuCI openwrt-23.05 branch git-24.048.61449-c66fc92 on my ipTIME A3004T router. Then, I installed Snort via https://openwrt.org/docs/guide-user/services/snort. After running snort -c /etc/snort/snort.lua --daq-dir /usr/lib/daq , I confirmed Snort is running as follows:

root@OpenWrt:/etc/init.d# snort -c /etc/snort/snort.lua --daq-dir /usr/lib/daq

o")~ Snort++ 3.1.61.0

Loading /etc/snort/snort.lua:
Loading homenet.lua:
Finished homenet.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
ssh
host_cache
pop
so_proxy
stream_tcp
mms
smtp
gtp_inspect
packets
dce_http_proxy
ips
stream_icmp
normalizer
hosts
binder
wizard
appid
js_norm
http2_inspect
http_inspect
stream_udp
ftp_data
ftp_server
search_engine
port_scan
dce_http_server
dce_tcp
dce_smb
iec104
cip
telnet
ssl
sip
rpc_decode
netflow
modbus
host_tracker
stream_user
stream_ip
trace
back_orifice
classifications
dnp3
active
process
ftp_client
daq
decode
alerts
stream
references
arp_spoof
output
network
dns
dce_udp
imap
file_policy
s7commplus
stream_file
Finished /etc/snort/snort.lua:
Loading ips.rules:
Loading rules/local.rules:
Finished rules/local.rules:
Finished ips.rules:

ips policies rule stats
id loaded shared enabled file
0 3 0 3 /etc/snort/snort.lua

rule counts
total rules loaded: 3
text rules: 3
option chains: 3
chain headers: 1

port rule counts
tcp udp icmp ip
any 0 0 3 0
total 0 0 3 0
appid: MaxRss diff: 1664
appid: patterns loaded: 300

pcap DAQ configured to passive.

Snort successfully validated the configuration (with 0 warnings).
o")~ Snort exiting

However, when I run ps | grep snort , I don't see any active processes. How can I properly run Snort?

2

Make sure you "sandwich" your text between two rows of backtick characters ` (which themselves will be invisible in the preview) looking in something like this in the editor:
```
Your Pasted Text as preformatted text with fixed width font
1
1111 (note with fixed-width fonts the numbers are right-aligned)
```
but looking like this in the rendered forum:

Your Pasted Text as preformatted text with fixed width font
   1
1111 (note with fixed-width fonts the numbers are right-aligned)
3

tried snort --help ?

4

https://openwrt.org/docs/guide-user/services/snort

The docs are really really clear on how to setup snort (V3) to run as a service, complete with all the configuration steps that are required to make it work.

3 Likes
5

Yow! You're going to have a hard time making it work on that device with only a 7621 SoC and 256 MB RAM. Expect OOMs if you use any non-trivial rulesets.

Note that all of what's documented in the wiki below the Auto Configuration section has been added in the last couple of months and is only available on SNAPSHOT. To keep running with 23.05, you'll need to do all the configuration by hand as described in the sections above.

2 Likes
6

"Thank you! I'll reinstall with the snapshot version for now and try to minimize the ruleset as much as possible. I appreciate your response!"