Entware opkg is missing snort binary, but has lots of new suricata binaries?

[treefu]

Did I miss an announcement somewhere? I used to run snort (yes, I know, don't kink-shame me lol) on my older RT-AX86U but it's apparently not available any more.

I can't find any information on these new suricata versions: suricata7-extra and suricata7-mini, only this (which doesn't tell me much).

Can anyone clarify what happened to snort on opkg, and what and why the new suricata versions please?

admin@RT-BE86U-A4B8:/tmp/home/root# opkg list | grep snort
admin@RT-BE86U-A4B8:/tmp/home/root# opkg list | grep suricata
suricata - 4.1.8-6 - The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing. Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats.
suricata-update - 1.3.4-1 - The tool for updating your Suricata rules.
suricata7 - 7.0.10-1 - Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network  security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess the most sophisticated attacks.
suricata7-extra - 7.0.10-1 - Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network  security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess the most sophisticated attacks.
suricata7-mini - 7.0.10-1 - Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network  security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess the most sophisticated attacks.
admin@RT-BE86U-A4B8:/tmp/home/root#

 

[jacklul]

Looks like it was removed from OpenWRT:

History for net/snort - Entware/entware-packages

Modified OpenWrt feed. Contribute to Entware/entware-packages development by creating an account on GitHub.

github.com

Also on suricata7 package - you can check the Makefile to see what those packages contain and how differently they are compiled - https://github.com/Entware/entware-rust/blob/master/suricata-7x/Makefile#L104

 

[Mutzli]

Suricata 7 isn’t compatible with the kernel used on Asus routers, including the RT‑AX86U. These routers run a very old Broadcom‑modified Linux 4.1 kernel, which lacks the packet‑capture and networking features Suricata 7 requires. Even if installed through Entware, it won’t function as a real IDS/IPS. If you want Suricata on your network, you’ll need to run it on a separate device (x86 box, Pi 4/5, VM, etc.)

 

[treefu]

Suricata 7 isn’t compatible with the kernel used on Asus routers, including the RT‑AX86U. These routers run a very old Broadcom‑modified Linux 4.1 kernel, which lacks the packet‑capture and networking features Suricata 7 requires. Even if installed through Entware, it won’t function as a real IDS/IPS. If you want Suricata on your network, you’ll need to run it on a separate device (x86 box, Pi 4/5, VM, etc.)

Thanks for the clarification. I used to install snort's libdaq 3.x and run snort without issues (albeit running on a very low memory footprint) - at least it appeared to be able to see the packets correctly, report on them and output eve json.

So it looks like since it's now dropped from opkg, there's no longer an option of running a local IPS/IDS on Asuswrt-Merlin routers (other than TrendMicro's bundle)?

Shame. It was good while it lasted.