• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort 2.9.2.3 pkg v. 2.5.0 Issues

pfSense Packages
38
331
225.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    Visseroth
    last edited by Oct 30, 2012, 12:33 PM

    I thought I'd wake this thread up and let you guys know I just had the same problem as previously listed in the thread. I had all of the above problems. I had to uninstall Snort, remove anything snort from command line including un-ticking the "Keep settings" option in snort prior to removing snort and reinstall to resolve a couple of the issues. Then I had to un-tick Enable Sensitive Data to get Snort to fire back up correctly.
    Was a bit of a pain and I'm concerned the Snort breaks so often. As it is I have to fire Snort back up every time it auto updates

    1 Reply Last reply Reply Quote 0
    • E
      eri--
      last edited by Nov 2, 2012, 2:08 PM

      I pushed some fixes that should help with snort not starting after rule update.

      Reinstall and test.

      1 Reply Last reply Reply Quote 0
      • C
        caustic386
        last edited by Nov 2, 2012, 2:57 PM

        @ermal:

        I pushed some fixes that should help with snort not starting after rule update.

        Reinstall and test.

        I installed this update, now I'm unable to install snort rules (ET works fine).  I did a full reinstall, including deleting all my settings(!) and rm -rf any directories containing 'snort'.  Unfortunately, system log gives vague error:

        Nov 2 09:59:43 php: /snort/snort_download_rules.php: Snort rules file downloaded failed…

        1 Reply Last reply Reply Quote 0
        • C
          Clear-Pixel
          last edited by Jan 2, 2013, 4:07 AM Jan 2, 2013, 4:01 AM

          New Pfsense user here. Still seems to be an issue with auto updates.

          I'm running Pfsense 2.1 latest build and latest Snort Package with auto updates on. The first auto update performed crashed/disabled Snort. Restarted Snort ….... Said it restarted......Seems to be broken......Cold boot.....same thing.....reboot.......Nothing.......Broken. GUI shows it as stopped.

          After turning Auto updates off and manually updating signatures everything seems to be up and running again.

          HP EliteBook 2530p Laptop - Core2 Duo SL9600 @ 2.13Ghz - 4 GB Ram -128GB SSD
          Atheros Mini PCI-E as Access Point (AR5BXB63H/AR5007EG/AR2425)
          Single Ethernet Port - VLAN
          Cisco SG300 10-port Gigabit Managed Switch
          Cisco DPC3008 Cable Modem  30/4 Mbps
          Pfsense 2.1-RELEASE (amd64)
          –------------------------------------------------------------
          Total Network Power Consumption - 29 Watts

          1 Reply Last reply Reply Quote 0
          • D
            derim422
            last edited by Jan 14, 2013, 1:38 PM

            Same issues here. Also, pfsense wasn't remembering my rule changes across updates, meaning that I can't use it in a commercial setting right now. Without the rule hysteresis, all the policy blocks are back on after each update.

            1 Reply Last reply Reply Quote 0
            • R
              RonpfS
              last edited by Jan 23, 2013, 10:07 PM Jan 20, 2013, 8:50 PM

              I have an issue with Snort Blocking the newly acquired WAN IP address.
              It happens a few times lately when my power supply failed on a DSL modem.

              I have to go to the snort Blocked and remove the WAN IP from the list and things run smoothly.  I sit beside the modem so it's not a big deal.  ;)  However is the modem was 2 miles away ….  :'(

              Disconnecting from the Web Interface does not reproduce this problem, it seems it only happens when the Ethernet port goes off/online.
              Maybe when Snort restart, it could/should remove the WAN IP from the Blocked list.

              
2013-01-19 14:09:29	Local0.Info	172.24.42.254	pf: 00:00:13.621331 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20117, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:09:29	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 124.182.236.55.59795: Flags [R.], cksum 0x4170 (correct), seq 4, ack 1, win 0, length 0
2013-01-19 14:09:31	Local0.Info	172.24.42.254	pf: 00:00:02.499712 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 14494, offset 0, flags [DF], proto TCP (6), length 73)
2013-01-19 14:09:31	Local0.Info	172.24.42.254	pf:     172.24.48.84.52634 > 98.139.218.251.993: Flags [P.], cksum 0x2926 (correct), ack 1, win 16708, length 33
2013-01-19 14:09:34	Local0.Info	172.24.42.254	pf: 00:00:02.572018 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20164, offset 0, flags [DF], proto TCP (6), length 52)
2013-01-19 14:09:34	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 77.11.235.51.59819: Flags [F.], cksum 0x074e (correct), seq 4, ack 1, win 257, options [nop,nop,TS val 90214240 ecr 144955388], length 0
2013-01-19 14:09:36	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
2013-01-19 14:09:36	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
2013-01-19 14:09:36	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
2013-01-19 14:09:36	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 12 in 4 seconds
2013-01-19 14:09:37	Local0.Info	172.24.42.254	pf: 00:00:03.459512 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20195, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:09:37	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 203.26.236.151.21598: Flags [R.], cksum 0x969f (correct), seq 4, ack 1, win 0, length 0
2013-01-19 14:09:40	Local0.Info	172.24.42.254	pf: 00:00:02.691438 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20215, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:09:40	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 175.156.246.70.46238: Flags [R.], cksum 0xdb07 (correct), seq 5, ack 1, win 0, length 0
2013-01-19 14:09:40	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 12
2013-01-19 14:09:40	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
2013-01-19 14:09:46	Local0.Info	172.24.42.254	pf: 00:00:06.441514 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20277, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:09:46	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 66.91.229.251.62047: Flags [R.], cksum 0x3819 (correct), seq 5, ack 1, win 0, length 0
2013-01-19 14:09:47	User.Notice	172.24.42.254	check_reload_status: Linkup starting fxp0
2013-01-19 14:09:47	Kernel.Notice	172.24.42.254	kernel: fxp0: link state changed to UP
2013-01-19 14:09:48	Local0.Info	172.24.42.254	pf: 00:00:01.765544 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20300, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:09:48	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 77.11.235.51.59819: Flags [R.], cksum 0xb6c2 (correct), seq 5, ack 1, win 0, length 0
2013-01-19 14:09:49	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
2013-01-19 14:09:49	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
2013-01-19 14:09:49	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
2013-01-19 14:09:49	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 13 in 4 seconds
2013-01-19 14:09:51	Local0.Info	172.24.42.254	pf: 00:00:02.758237 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20332, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:09:51	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 89.95.29.148.4268: Flags [F.], cksum 0x4cd0 (correct), seq 4, ack 1, win 259, length 0
2013-01-19 14:09:53	Daemon.Warning	172.24.42.254	miniupnpd[14851]: NewLeaseDuration=1800 not supported, ignored. (ip=172.24.48.32, desc='Tixati_v1.92_UDP_port')
2013-01-19 14:09:53	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 13
2013-01-19 14:09:53	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
2013-01-19 14:09:54	Local0.Info	172.24.42.254	pf: 00:00:02.883816 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20363, offset 0, flags [DF], proto TCP (6), length 56)
2013-01-19 14:09:54	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 41.137.25.48.41291: Flags [FP.], cksum 0x61ff (correct), seq 4:8, ack 1, win 255, options [nop,nop,TS val 90216240 ecr 63314], length 4
2013-01-19 14:09:56	Local0.Info	172.24.42.254	pf: 00:00:02.108175 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20380, offset 0, flags [DF], proto TCP (6), length 1462)
2013-01-19 14:09:56	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 46.120.53.241.54008: Flags [P.], ack 1, win 64765, length 1422
2013-01-19 14:10:00	Cron.Info	172.24.42.254	/usr/sbin/cron[5741]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc)
2013-01-19 14:10:02	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
2013-01-19 14:10:02	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
2013-01-19 14:10:02	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
2013-01-19 14:10:02	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 14 in 2 seconds
2013-01-19 14:10:04	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 14
2013-01-19 14:10:04	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
2013-01-19 14:10:06	Local0.Info	172.24.42.254	pf: 00:00:10.480453 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20475, offset 0, flags [DF], proto TCP (6), length 1046)
2013-01-19 14:10:06	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 94.193.250.50.65321: Flags [FP.], seq 0:1006, ack 1, win 258, length 1006
2013-01-19 14:10:10	Local0.Info	172.24.42.254	pf: 00:00:03.609422 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20506, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:10:10	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 41.137.25.48.41291: Flags [R.], cksum 0x2ffd (correct), seq 9, ack 1, win 0, length 0
2013-01-19 14:10:14	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
2013-01-19 14:10:14	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
2013-01-19 14:10:14	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
2013-01-19 14:10:14	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 15 in 3 seconds
2013-01-19 14:10:14	Local0.Info	172.24.42.254	pf: 00:00:04.430282 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 14780, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:10:14	Local0.Info	172.24.42.254	pf:     172.24.48.84.52634 > 98.139.218.251.993: Flags [R.], cksum 0x5bc6 (correct), seq 33, ack 1, win 0, length 0
2013-01-19 14:10:15	User.Notice	172.24.42.254	check_reload_status: Linkup starting fxp0
2013-01-19 14:10:15	Kernel.Notice	172.24.42.254	kernel: fxp0: link state changed to DOWN
2013-01-19 14:10:15	Local0.Info	172.24.42.254	pf: 00:00:00.339215 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20541, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:10:15	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 89.95.29.148.4268: Flags [R.], cksum 0x4dcf (correct), seq 5, ack 1, win 0, length 0
2013-01-19 14:10:17	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 15
2013-01-19 14:10:17	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
2013-01-19 14:10:17	User.Notice	172.24.42.254	check_reload_status: Linkup starting fxp0
2013-01-19 14:10:17	Kernel.Notice	172.24.42.254	kernel: fxp0: link state changed to UP
2013-01-19 14:10:26	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
2013-01-19 14:10:26	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
2013-01-19 14:10:26	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
2013-01-19 14:10:26	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 16 in 3 seconds
2013-01-19 14:10:29	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 16
2013-01-19 14:10:29	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
2013-01-19 14:10:38	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
2013-01-19 14:10:38	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
2013-01-19 14:10:38	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
2013-01-19 14:10:38	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 17 in 2 seconds
2013-01-19 14:10:40	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 17
2013-01-19 14:10:40	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: PPPoE: rec'd ACNAME "bas10-montreal02"
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: connection successful
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: UP event
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Up event
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Starting --> Req-Sent
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: SendConfigReq #12
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   PROTOCOMP
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 2d14526c
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: rec'd Configure Request #10 (Req-Sent)
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   AUTHPROTO PAP
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 38452021
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: SendConfigAck #10
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   AUTHPROTO PAP
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 38452021
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Req-Sent --> Ack-Sent
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: rec'd Configure Ack #12 (Ack-Sent)
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   PROTOCOMP
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 2d14526c
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Ack-Sent --> Opened
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: auth: peer wants PAP, I want nothing
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: using authname "xxxxxx@yyyyyyy.zzz"
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: sending REQUEST #1 len: 31
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: LayerUp
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: rec'd Configure Request #1 (Opened)
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1462
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   AUTHPROTO PAP
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 38452021
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: LayerDown
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: SendConfigReq #13
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   PROTOCOMP
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 2d14526c
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: SendConfigAck #1
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1462
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   AUTHPROTO PAP
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 38452021
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Opened --> Ack-Sent
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: rec'd Configure Ack #13 (Ack-Sent)
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   PROTOCOMP
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 2d14526c
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Ack-Sent --> Opened
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: auth: peer wants PAP, I want nothing
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: using authname "xxxxx@yyyyyyy.zzz"
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: sending REQUEST #1 len: 31
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: LayerUp
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: rec'd ACK #1 len: 5
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: authorization successful
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: Matched action 'bundle "wan" ""'
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: Join bundle "wan"
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] Bundle: Status update: up 1 link, total bandwidth 64000 bps
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: Open event
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: state change Initial --> Starting
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: LayerStart
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: Up event
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: state change Starting --> Req-Sent
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: SendConfigReq #13
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 0.0.0.0
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 0.0.0.0
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 0.0.0.0
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: rec'd Configure Request #6 (Req-Sent)
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 10.250.0.9
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]     10.250.0.9 is OK
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: SendConfigAck #6
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 10.250.0.9
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: state change Req-Sent --> Ack-Sent
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: rec'd Configure Reject #13 (Ack-Sent)
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: SendConfigReq #14
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 0.0.0.0
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 0.0.0.0
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 0.0.0.0
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: rec'd Configure Nak #14 (Ack-Sent)
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 199.192.238.25
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]     199.192.238.25 is OK
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 10.250.0.9
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 24.226.147.201
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: SendConfigReq #15
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 199.192.238.25
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 10.250.0.9
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 24.226.147.201
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: rec'd Configure Ack #15 (Ack-Sent)
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 199.192.238.25
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 10.250.0.9
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 24.226.147.201
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: state change Ack-Sent --> Opened
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: LayerUp
2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   199.192.238.25 -> 10.250.0.9
2013-01-19 14:10:42	User.Notice	172.24.42.254	check_reload_status: Rewriting resolv.conf
2013-01-19 14:10:43	User.Notice	172.24.42.254	check_reload_status: rc.newwanip starting pppoe1
2013-01-19 14:10:43	Daemon.Info	172.24.42.254	ppp: [wan] IFACE: Up event
2013-01-19 14:10:49	User.Warning	172.24.42.254	php: : rc.newwanip: Informational is starting pppoe1.
2013-01-19 14:10:49	User.Warning	172.24.42.254	php: : rc.newwanip: on (IP address: 199.192.238.25) (interface: wan) (real interface: pppoe1).
2013-01-19 14:10:49	User.Warning	172.24.42.254	php: : ROUTING: setting default route to 10.250.0.9
2013-01-19 14:10:49	User.Error	172.24.42.254	apinger: Exiting on signal 15.
2013-01-19 14:10:50	Daemon.Info	172.24.42.254	dnsmasq[63143]: reading /etc/resolv.conf
2013-01-19 14:10:50	Daemon.Info	172.24.42.254	dnsmasq[63143]: using nameserver 24.226.147.201#53
2013-01-19 14:10:50	Daemon.Info	172.24.42.254	dnsmasq[63143]: using nameserver 10.250.0.9#53
2013-01-19 14:10:50	Daemon.Warning	172.24.42.254	dnsmasq[63143]: ignoring nameserver 127.0.0.1 - local interface
2013-01-19 14:10:50	User.Notice	172.24.42.254	check_reload_status: Reloading filter
2013-01-19 14:10:50	User.Error	172.24.42.254	apinger: Starting Alarm Pinger, apinger(40665)
2013-01-19 14:10:55	User.Warning	172.24.42.254	php: : Resyncing OpenVPN instances for interface WAN.
2013-01-19 14:10:55	User.Warning	172.24.42.254	php: : Creating rrd update script
2013-01-19 14:10:56	Daemon.Info	172.24.42.254	ntpd[22401]: Terminating
2013-01-19 14:10:56	User.Warning	172.24.42.254	php: : The command '/usr/bin/killall 'ntpd'' returned exit code '1', the output was 'killall: warning: kill -TERM 21280: No such process'
2013-01-19 14:10:56	User.Warning	172.24.42.254	php: : OpenNTPD is starting up.
2013-01-19 14:10:56	User.Warning	172.24.42.254	php: : pfSense package system has detected an ip change 96.43.229.159 ->   ... Restarting packages.
2013-01-19 14:10:56	User.Notice	172.24.42.254	check_reload_status: Starting packages
2013-01-19 14:10:56	Local0.Info	172.24.42.254	pf: 00:00:41.148891 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 21101, offset 0, flags [DF], proto TCP (6), length 1462)
2013-01-19 14:10:56	Local0.Info	172.24.42.254	pf:     96.43.229.159.33901 > 46.120.53.241.54008: Flags [P.], ack 2575765534, win 64765, length 1422
2013-01-19 14:11:01	Auth.Alert	172.24.42.254	snort[8384]: [122:26:1] PSNG_ICMP_PORTSWEEP_FILTERED [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255} 199.192.238.25 -> 74.125.226.41
2013-01-19 14:11:02	User.Warning	172.24.42.254	php: : Restarting/Starting all packages.
2013-01-19 14:11:10	User.Error	172.24.42.254	apinger: ALARM: WAN(10.250.0.9)  *** down ***
2013-01-19 14:11:11	User.Notice	172.24.42.254	check_reload_status: Syncing firewall
2013-01-19 14:11:11	User.Notice	172.24.42.254	check_reload_status: Reloading filter
2013-01-19 14:11:11	User.Warning	172.24.42.254	php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.
2013-01-19 14:11:12	User.Notice	172.24.42.254	check_reload_status: Syncing firewall
2013-01-19 14:11:12	User.Notice	172.24.42.254	check_reload_status: Reloading filter
2013-01-19 14:11:12	User.Warning	172.24.42.254	php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.
2013-01-19 14:11:13	User.Warning	172.24.42.254	php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.
2013-01-19 14:11:13	User.Warning	172.24.42.254	php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.
2013-01-19 14:11:16	Daemon.Info	172.24.42.254	SnortStartup[53746]: Snort STOP For Wan Snort(18203_pppoe1)...
2013-01-19 14:11:17	Daemon.Error	172.24.42.254	snort[8384]: *** Caught Term-Signal
2013-01-19 14:11:17	Kernel.Info	172.24.42.254	kernel: pppoe1: promiscuous mode disabled
2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]: ===============================================================================
2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]: Run time for packet processing was 36881.74985 seconds
2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]: Snort processed 6330687 packets.
2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]: Snort ran for 0 days 10 hours 14 minutes 41 seconds
2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]:     Pkts/hr:       633068
2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]:    Pkts/min:        10310
2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]:    Pkts/sec:          171
...
2013-01-19 14:11:18	Daemon.Error	172.24.42.254	snort[8384]: Could not remove pid file /var/run/snort_pppoe118203.pid: No such file or directory
2013-01-19 14:11:19	Daemon.Notice	172.24.42.254	snort[8384]: Snort exiting
2013-01-19 14:11:19	Daemon.Info	172.24.42.254	SnortStartup[3227]: Snort STOP For Lan(53096_bridge0)...
2013-01-19 14:11:19	Cron.Info	172.24.42.254	/usr/sbin/cron[5607]: (CRON) DEATH (cron already running, pid: 29495)
2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Found pid path directive (/var/run)
2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Running in IDS mode
2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]:
2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]:         --== Initializing Snort ==--
2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Initializing Output Plugins!
2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Initializing Preprocessors!
2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Initializing Plug-ins!
2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Parsing Rules file "/usr/local/etc/snort/snort_18203_pppoe1/snort.conf"

...

2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: [ Number of null byte prefixed patterns trimmed: 4690 ]
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: pcap DAQ configured to passive.
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: The DAQ version does not support reload.
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: Acquiring network traffic from "bridge0".
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: Initializing daemon mode
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Daemon initialized, signaled parent pid: 57546
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Reload thread starting...
2013-01-19 14:12:11	Daemon.Info	172.24.42.254	SnortStartup[21676]: Snort START For Lan(53096_bridge0)...
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Reload thread started, thread 0x3cff9740 (21641)
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Decoding Ethernet
2013-01-19 14:12:11	Kernel.Info	172.24.42.254	kernel: bridge0: promiscuous mode enabled
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Checking PID path...
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: PID path stat checked out ok, PID path set to /var/run
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Writing PID "21641" to file "/var/run/snort_bridge053096.pid"
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]:
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]:         --== Initialization Complete ==--
2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Commencing packet processing (pid=21641)
2013-01-19 14:12:25	User.Error	172.24.42.254	apinger: alarm canceled: WAN(10.250.0.9)  *** down ***
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:01:34.556180 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22326, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000031 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22326, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.035634 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000032 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.094243 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000054 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.266089 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.006642 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.227067 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:35	User.Notice	172.24.42.254	check_reload_status: Reloading filter
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:18.115624 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16408, offset 0, flags [DF], proto TCP (6), length 73)
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     199.192.238.25.2030 > 74.125.142.108.993: Flags [P.], cksum 0xb513 (correct), ack 3477012993, win 16646, length 33
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000652 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16409, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000086 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16409, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.002810 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.064198 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000069 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000016 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.236779 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000096 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000015 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000545 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000028 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.122940 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:50	User.Error	172.24.42.254	apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.176181 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000034 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000010 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000081 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000067 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.259698 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16557, offset 0, flags [DF], proto TCP (6), length 73)
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     199.192.238.25.42360 > 74.125.142.108.993: Flags [P.], cksum 0x1789 (correct), ack 3477012993, win 16646, length 33
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.063863 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000055 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000017 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:12:51	Local0.Info	172.24.42.254	pf: 00:00:01.636090 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16717, offset 0, flags [DF], proto TCP (6), length 73)
2013-01-19 14:12:51	Local0.Info	172.24.42.254	pf:     199.192.238.25.50874 > 74.125.142.108.993: Flags [P.], cksum 0xf646 (correct), ack 3477012993, win 16646, length 33
2013-01-19 14:12:55	Local0.Info	172.24.42.254	pf: 00:00:03.299385 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16810, offset 0, flags [none], proto TCP (6), length 73)
2013-01-19 14:12:55	Local0.Info	172.24.42.254	pf:     199.192.238.25.64636 > 74.125.142.108.993: Flags [P.], cksum 0xc084 (correct), ack 3477012993, win 16646, length 33
2013-01-19 14:12:58	Local0.Info	172.24.42.254	pf: 00:00:03.300201 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16850, offset 0, flags [none], proto TCP (6), length 73)
2013-01-19 14:12:58	Local0.Info	172.24.42.254	pf:     199.192.238.25.32735 > 74.125.142.108.993: Flags [P.], cksum 0x3d22 (correct), ack 3477012993, win 16646, length 33
2013-01-19 14:13:01	Local0.Info	172.24.42.254	pf: 00:00:03.299921 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16866, offset 0, flags [DF], proto TCP (6), length 73)
2013-01-19 14:13:01	Local0.Info	172.24.42.254	pf:     199.192.238.25.19486 > 74.125.142.108.993: Flags [P.], cksum 0x70e3 (correct), ack 3477012993, win 16646, length 33
2013-01-19 14:13:08	Local0.Info	172.24.42.254	pf: 00:00:06.600618 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16904, offset 0, flags [DF], proto TCP (6), length 73)
2013-01-19 14:13:08	Local0.Info	172.24.42.254	pf:     199.192.238.25.22116 > 74.125.142.108.993: Flags [P.], cksum 0x669d (correct), ack 3477012993, win 16646, length 33
2013-01-19 14:13:21	Local0.Info	172.24.42.254	pf: 00:00:13.199589 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 17111, offset 0, flags [DF], proto TCP (6), length 73)
2013-01-19 14:13:21	Local0.Info	172.24.42.254	pf:     199.192.238.25.9343 > 74.125.142.108.993: Flags [P.], cksum 0x9882 (correct), ack 3477012993, win 16646, length 33
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:12.622297 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17781, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000076 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17781, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.005870 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.005717 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000027 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000090 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000024 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.029238 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000033 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.273112 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000032 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000091 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000022 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.226790 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000058 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:13:48	Local0.Info	172.24.42.254	pf: 00:00:13.135819 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 18585, offset 0, flags [DF], proto TCP (6), length 40)
2013-01-19 14:13:48	Local0.Info	172.24.42.254	pf:     199.192.238.25.40730 > 74.125.142.108.993: Flags [R.], cksum 0xc6b7 (correct), seq 2407487129, ack 3477012993, win 0, length 0
2013-01-19 14:15:00	Cron.Info	172.24.42.254	/usr/sbin/cron[32497]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc)
2013-01-19 14:15:00	Cron.Info	172.24.42.254	/usr/sbin/cron[32222]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 10800 snort2c)
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:01:14.950986 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2750, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000021 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2750, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.055303 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000022 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000009 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.083522 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000028 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000009 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.230214 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000057 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2762, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000050 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2762, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.061596 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.093995 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000065 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000016 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
2013-01-19 14:15:10	Local0.Info	172.24.42.254	pf: 00:00:05.917517 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 21877, offset 0, flags [none], proto UDP (17), length 58)
2013-01-19 14:15:10	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
2013-01-19 14:15:13	Local0.Info	172.24.42.254	pf: 00:00:02.577828 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22126, offset 0, flags [none], proto UDP (17), length 58)
2013-01-19 14:15:13	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
2013-01-19 14:15:16	Local0.Info	172.24.42.254	pf: 00:00:03.256166 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22435, offset 0, flags [none], proto UDP (17), length 58)
2013-01-19 14:15:16	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
2013-01-19 14:15:19	Local0.Info	172.24.42.254	pf: 00:00:03.348764 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22826, offset 0, flags [none], proto UDP (17), length 58)
2013-01-19 14:15:19	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
2013-01-19 14:15:24	Local0.Info	172.24.42.254	pf: 00:00:05.043766 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 23506, offset 0, flags [none], proto UDP (17), length 58)
2013-01-19 14:15:24	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
2013-01-19 14:15:25	Local0.Info	172.24.42.254	pf: 00:00:00.364758 rule 54/0(match): pass in on pppoe1: (tos 0x0, ttl 46, id 38524, offset 0, flags [none], proto ICMP (1), length 76)
2013-01-19 14:15:25	Local0.Info	172.24.42.254	pf:     69.205.234.29 > 199.192.238.25: ICMP host 192.168.1.25 unreachable, length 56
2013-01-19 14:15:25	Local0.Info	172.24.42.254	pf: <009>(tos 0x0, ttl 109, id 5705, offset 0, flags [none], proto UDP (17), length 48)
2013-01-19 14:15:25	Local0.Info	172.24.42.254	pf:     199.192.238.25.32662 > 192.168.1.25.13826: UDP, length 20
2013-01-19 14:15:30	Local0.Info	172.24.42.254	pf: 00:00:05.546332 rule 1/0(match): block

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              1 Reply Last reply Reply Quote 0
              • E
                eri--
                last edited by Jan 21, 2013, 3:09 PM

                Can you please test the latest package and see if it behaves better?

                1 Reply Last reply Reply Quote 0
                • R
                  RonpfS
                  last edited by Jan 21, 2013, 4:39 PM

                  @ermal:

                  Can you please test the latest package and see if it behaves better?

                  I have 2.9.2.3 pkg v. 2.5.2  on Pfsense 2.0.1

                  2.4.5-RELEASE-p1 (amd64)
                  Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                  Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                  1 Reply Last reply Reply Quote 0
                  • S
                    Supermule Banned
                    last edited by Jan 21, 2013, 4:49 PM

                    Cant start Snort on the revised package….

                    1 Reply Last reply Reply Quote 0
                    • S
                      Supermule Banned
                      last edited by Jan 21, 2013, 5:05 PM

                      Started but needed to enable SSL state preprocessor to get it going….

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB
                        bmeeks
                        last edited by Jan 21, 2013, 6:50 PM

                        @Supermule:

                        Started but needed to enable SSL state preprocessor to get it going….

                        Will take a look and submit a fix for this later.  Might be as late as Wednesday evening, though.  Have some personal matters to attend to today and tomorrow.

                        1 Reply Last reply Reply Quote 0
                        • S
                          Supermule Banned
                          last edited by Jan 21, 2013, 8:39 PM

                          No worries mate :) Take your time. Its working and no errors. So not mission critical!

                          1 Reply Last reply Reply Quote 0
                          • R
                            RonpfS
                            last edited by Jan 23, 2013, 4:15 AM

                            Remove and Install latest v2.5.3

                            Got this behind the install frame window

                            Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953

                            Got this when I stop and started the snort interface

                            22:55 mardi 22 janvier 2013
Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 129 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 130 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 131 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 132 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 133 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 136

                            However snort seems to be running fine.

                            I cycle power on the DSL modem and it did not block the WAN IP. Its seems to behave ok.

                            2.4.5-RELEASE-p1 (amd64)
                            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                            1 Reply Last reply Reply Quote 0
                            • S
                              Supermule Banned
                              last edited by Jan 23, 2013, 10:11 AM

                              Can we get Snort to save blocked hosts that can survive a reboot??

                              1 Reply Last reply Reply Quote 0
                              • bmeeksB
                                bmeeks
                                last edited by Jan 23, 2013, 2:21 PM

                                @Supermule:

                                Can we get Snort to save blocked hosts that can survive a reboot??

                                I can take a look at this.  I don't use that feature, and thus have never investigated it.  How are enabled/disabled rules holding up now?  Do your changes survive rule updates and restarts?

                                1 Reply Last reply Reply Quote 0
                                • bmeeksB
                                  bmeeks
                                  last edited by Jan 23, 2013, 2:26 PM

                                  @RonpfS:

                                  Remove and Install latest v2.5.3

                                  Got this behind the install frame window

                                  Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953

                                  Got this when I stop and started the snort interface

                                  22:55 mardi 22 janvier 2013
Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 129 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 130 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 131 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 132 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 133 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 136

                                  I can add some more robust error checking to prevent this.  Did you by chance make any rule category changes during the uninstall/re-install process?  Just asking to help me better isolate where the problem might be.

                                  Thanks,
                                  Bill

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    Supermule Banned
                                    last edited by Jan 23, 2013, 4:15 PM

                                    I havent had a rule update yet, so will revert back as soon as I have :)

                                    @bmeeks:

                                    @Supermule:

                                    Can we get Snort to save blocked hosts that can survive a reboot??

                                    I can take a look at this.  I don't use that feature, and thus have never investigated it.  How are enabled/disabled rules holding up now?  Do your changes survive rule updates and restarts?

                                    1 Reply Last reply Reply Quote 0
                                    • S
                                      Supermule Banned
                                      last edited by Jan 23, 2013, 4:43 PM

                                      Snort doesnt respect whitelisted Alias on the WAN side. Got blocked out and had to use the back entrance :D

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        Supermule Banned
                                        last edited by Jan 23, 2013, 5:09 PM

                                        And another thing….everytime I enable/disable a rule, it throws me back to the top of the page....that makes a lot of scrolling all the time!! Can it be changed somehow? So you either go back to where you were or not move at all?

                                        1 Reply Last reply Reply Quote 0
                                        • bmeeksB
                                          bmeeks
                                          last edited by Jan 23, 2013, 5:19 PM

                                          @Supermule:

                                          And another thing….everytime I enable/disable a rule, it throws me back to the top of the page....that makes a lot of scrolling all the time!! Can it be changed somehow? So you either go back to where you were or not move at all?

                                          I will try.  That one may be a bit difficult to pull off with the way PHP handles POST back with forms. I agree on it being a pain with scrolling.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.