Thanks for the suggestion of looking in the system log.  After attempting start of snort (failure) and reading the log I disable some rules, retry, disable more rules, retry, etc snort starts successfully.  Each rule that was causing an error I disabled and now it's working.

Thanks.

AWS

@crazyzoar:

why people give ram space for caching?

The answer is Performance.

Also squid is not that fast and not that smart for dynamic sites.

Ohter point is that cache age has not much sense after 15 days for example.

Might have been too quick uninstalling it, I didn't tune at all, might have enabled too many patterns as well.

Not required for my environment anyway, so couldn't be bothered ;D

After creating a whitelist, you have to add it in the Snort Interface Settings to a particular interface.

Fantastic!! Installs ok and talking to my Zabbix server.
Thank you very much four your help.
Richard

@SeventhSon:

This is snort starting up and telling you what it loading and not loading. By default a lot of rules are disabled, so you will get a lot of these.

Thanks, I kinda figured this after posting my question. But good to have conformation :)

Sorry, I don't want to be unfriendly. Just want to make sure we are talking about the same config menu ;o)

As I said above I didn't use that in the past but perhaps this thread will help you:
http://forum.pfsense.org/index.php?topic=11153.0
http://forum.pfsense.org/index.php/topic,2004.0.html
http://forum.pfsense.org/index.php/topic,41501.0.html

That worked a treat!

Thanks Marcello!

Please start a new thread describing what you're attempting code11x2.

Locking this thread so it won't get hijacked over and over by numerous different issues, please start new threads instead.

@Modivion:

Dear Members,

I've installed squid and configured it.

I just need one more thing to configure, which I dont know how to do.

When users typ in http://remote.xxxx.com I want them to be redirected to https://remote.xxxx.com/OWA

Any tips how to configure this?

Many thanks!

I did it outside of pfS via my DNS manager from my domain manager (like GoDaddy).  Basically it's subdomain forwarding, takes about 5 minutes if you can find your login creds to your domain manager web site.  I had a hard time trying to make it all within pfS.

AWS

@lpallard:

The frustrating part is that pfsense with NO packages works PERFECTLY.  So I wont blame pfsense devs because I have used it for more than  a year now and it was flawless until I installed the snort/squid/squidguard/havp  >:( stuff..

Just like I said, packages are contributions, some are maintained by core team, but not all.

Uncheck block ofenders from snort, so it will not block false positives and not deny your dns resolution.

my pfsense box has 2 nics. 1 nic dedicated to management… 1 nic connected to the mirrored port on the cisco switch.

I figured that by doing it that way i wouldn't get any "pollution" from management traffic on the IDS interface.

@darklogic:

I am still having the same issue with when you click on the snort menu and then try to go to pfblocker, I will get the 404 page cannot be found error.

It's fixed now with no version bump, just reinstall package.

256MB is guess (isn't that old, maybe 2y).The Problem occured before installing any packages btw.
Internet also fails (on LAN) after a while (while being up).

last pid: 28374;  load averages:  0.69,  1.52,  0.89                                    up 0+00:08:14  18:47:35
112 processes: 2 running, 93 sleeping, 4 zombie, 13 waiting
CPU:  0.4% user,  0.4% nice,  0.8% system,  0.4% interrupt, 98.1% idle
Mem: 66M Active, 1820K Inact, 61M Wired, 764K Cache, 34M Buf, 104M Free
Swap:

PID USERNAME  PRI NICE  SIZE    RES STATE    TIME  WCPU COMMAND
  10 root      171 ki31    0K    8K RUN      2:17 89.99% idle
21883 root        65  20 10748K  4860K kqread  0:01  1.95% bandwidthd
    0 root      -16    0    0K    48K sched    0:39  0.00% {swapper}
  11 root      -64    -    0K  104K WAIT    0:20  0.00% {irq14: ata0}
    9 root      -16    -    0K    8K psleep  0:02  0.00% pagedaemon
  11 root      -40    -    0K  104K WAIT    0:02  0.00% {swi2: cambio}
    4 root        -8    -    0K    8K -        0:02  0.00% g_down
  13 root      -16    -    0K    8K -        0:02  0.00% yarrow
46463 root        52    0 33116K    0K accept  0:01  0.00% <php>11 root      -68    -    0K  104K WAIT    0:01  0.00% {irq11: vr1}
39477 root        64  20 10748K  3852K bpf      0:01  0.00% bandwidthd
44678 root        76    0 34140K    0K accept  0:01  0.00% <php>11 root      -68    -    0K  104K WAIT    0:01  0.00% {irq10: vr0}
  11 root      -32    -    0K  104K WAIT    0:01  0.00% {swi4: clock}
    3 root        -8    -    0K    8K -        0:01  0.00% g_up
46390 root        76    0 34140K    0K accept  0:01  0.00% <php>15 root      -16    -    0K    8K psleep  0:01  0.00% vmdaemon
46945 root        60    0 34140K    0K accept  0:01  0.00% <php>14 root      -64    -    0K    72K -        0:01  0.00% {usbus1}
  35 root        -8    -    0K    8K mdwait  0:01  0.00% md1
39810 root        64  20  8700K  3132K bpf      0:01  0.00% bandwidthd
8548 root        44    0  7992K  1948K select  0:00  0.00% sshd
40169 root        44    0  6588K  2964K kqread  0:00  0.00% lighttpd
16571 root        64  20  3656K  512K wait    0:00  0.00% sh
40955 root        76    0 32092K    0K wait    0:00  0.00% <php>41487 root        76    0 32092K    0K wait    0:00  0.00% <php>40749 root        70    0 32092K    0K wait    0:00  0.00% <php>41179 root        76    0 32092K    0K wait    0:00  0.00% <php>42026 root        44    0  3316K  996K select  0:00  0.00% apinger
11278 root        44    0  9488K  2644K select  0:00  0.00% {mpd5}</php></php></php></php></php></php></php></php>

Did you applied the patch for imspector?

Hi, i found two webpages that was blocking…

Thanks for all!

@Nachtfalke:

Package manager for me is working and downloading and installing files/packages.

Is this for a specific package ?

No This was for the whole manager.

Things seem to be back to normal today. This was not an isolated issue. This seem to be global at the time it happen…. Today everything seems back to normal.