By the way…
Hardware here is a Supermicro 1u with 3.0GHz P4 processor, 4gb DDR RAM, 256Gb SATA w/RAID controller and 2 x 1gig Intel Pro1000 ports onboard.
Packages I'm running include Snort (the 2.5.1 pkg) in AC-BANDED mode with all ET & Snort rules selected except policy related, darkstat, lcdproc-dev, pfBlocker & Strikeback. The only service available on the WAN IP is IPSEC VPN for getting back into my home office while on the road (me=road warrior/engineer)...no web, ftp, etc.
I have been offloading system logs to another server, but it was up and running fine when I noticed the problem. I did shortly thereafter change the config to stop sending syslog traffic to the other server, as I'm about to turn all of it off and add that third network interface to the pf box. But as I said, this happened last night as well with no apparent cause. Any ideas would be appreciated.
Thanks!
Treffin