hello, installed openwrt 23.05.2 and installed the snort package. it always crashes, by using that debug commands there are no errors... pls help
homenet.lua:
-- setup HOME_NET below with your IP range/ranges to protect
HOME_NET = [[ 192.168.0.0/24 192.168.3.0/24 192.168.4.0/24 ]]
EXTERNAL_NET = "!$HOME_NET"
local.lua:
-- use ths file to customize any functions defined in /etc/snort/snort.lua
-- switch tap to inline in ips and uncomment the below to run snort in inline mode
snort = {}
snort["-Q"] = true
ips = {
--mode = tap,
mode = inline,
variables = default_variables,
action_override = reject,
-- uncomment and change the below to reflect rules or symlinks to rules on your filesystem
-- include = RULE_PATH .. '/snort.rules',
include = RULE_PATH .. '/snort3-community-rules/snort3-community.rules'
}
daq = {
module_dirs = {
'/usr/lib/daq',
},
modules = {
{
name = 'afpacket',
mode = 'inline',
}
}
}
alert_syslog = {
level = 'info',
}
-- To log to a file, uncomment the below and manually create the dir defined in output.logdir
output.logdir = '/var/log/snort'
alert_fast = {
file = true,
packet = false,
}
normalizer = {
tcp = {
ips = true,
}
}
file_policy = {
enable_type = true,
enable_signature = true,
rules = {
use = {
verdict = 'log', enable_file_type = true, enable_file_signature = true
}
}
}
-- To use openappid with snort, install the openappid package and uncomment the below
--appid = {
-- app_detector_dir = '/usr/lib/openappid',
-- log_stats = true,
-- app_stats_period = 60,
--}
I have tried:
snort -c /etc/snort/snort.lua --tweaks local -T -Q
and
snort -c /etc/snort/snort.lua --daq-dir /usr/lib/daq -T -Q
no errors, but when I start the service it still says running but it doesn't block anything and with htop I can see it crashes, also logread -e snort tells me so
Thx!