Gentoo Archives: gentoo-sparc

From: Mike Owen <kyphros@×××××.com>
To: gentoo-sparc@l.g.o
Subject: Re: [gentoo-sparc] Snort?
Date: Sat, 05 Aug 2006 05:13:58
In Reply to: [gentoo-sparc] Snort? by gentuxx
On 8/3/06, gentuxx <gentuxx@×××××.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I noticed this: > > * net-analyzer/snort > Available versions: -2.4.5 [M]2.6.0 > Installed: none > Homepage: > Description: Libpcap-based packet > sniffer/logger/lightweight IDS > > > I'm not sure what '-' and '[M]' means in eix, quite yet. (I've just > started using eix.) I also noticed in that it > isn't even on the map for sparc. So, am I stuck with downloading the > sources, and managing it outside of portage? I'd really rather not do > that. Is it really that unstable? Or is there just no one to build > the ebuild for sparc? If it's the latter, I might be able to help, > but I'd like some insight before I go diving into a project like that. > > Thanks. > > - -- > gentux > echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge' >
Snort on Sparc works for the most part. It seems like if it tries to process more than about 150MB/s it'll sig11, and if it runs for more than a few days it sig11s. It's not really any better on Solaris/Sparc, so it's just a basic incompatibility with the Sparc architecture and Snort. If you do decide to stick with it, I recommend a simple cron job that restarts Snort every day, that seems to work pretty well for me. With as cheap as x86 hardware is though, I highly recommend you just pick up a cheap box and use that for Snort. HTH, Mike -- gentoo-sparc@g.o mailing list


Subject Author
Re: [gentoo-sparc] Snort? gentuxx <gentuxx@×××××.com>