1 |
On 8/3/06, gentuxx <gentuxx@×××××.com> wrote: |
2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
3 |
> Hash: SHA1 |
4 |
> |
5 |
> I noticed this: |
6 |
> |
7 |
> * net-analyzer/snort |
8 |
> Available versions: -2.4.5 [M]2.6.0 |
9 |
> Installed: none |
10 |
> Homepage: http://www.snort.org/ |
11 |
> Description: Libpcap-based packet |
12 |
> sniffer/logger/lightweight IDS |
13 |
> |
14 |
> |
15 |
> I'm not sure what '-' and '[M]' means in eix, quite yet. (I've just |
16 |
> started using eix.) I also noticed in packages.gentoo.org that it |
17 |
> isn't even on the map for sparc. So, am I stuck with downloading the |
18 |
> sources, and managing it outside of portage? I'd really rather not do |
19 |
> that. Is it really that unstable? Or is there just no one to build |
20 |
> the ebuild for sparc? If it's the latter, I might be able to help, |
21 |
> but I'd like some insight before I go diving into a project like that. |
22 |
> |
23 |
> Thanks. |
24 |
> |
25 |
> - -- |
26 |
> gentux |
27 |
> echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge' |
28 |
> |
29 |
|
30 |
|
31 |
Snort on Sparc works for the most part. It seems like if it tries to |
32 |
process more than about 150MB/s it'll sig11, and if it runs for more |
33 |
than a few days it sig11s. It's not really any better on |
34 |
Solaris/Sparc, so it's just a basic incompatibility with the Sparc |
35 |
architecture and Snort. If you do decide to stick with it, I recommend |
36 |
a simple cron job that restarts Snort every day, that seems to work |
37 |
pretty well for me. With as cheap as x86 hardware is though, I highly |
38 |
recommend you just pick up a cheap box and use that for Snort. |
39 |
|
40 |
HTH, |
41 |
Mike |
42 |
-- |
43 |
gentoo-sparc@g.o mailing list |