SG-3100 Reboots after FW Rule hits 1TB
-
Is there a crash report on the dashboard when it reboots? Anything in the logs from before the reboot?
If you leave a device connected to the console, logging the console output, does it capture any crash information when the reboot happens?
There aren't any issues with total traffic passed on that unit in general that I'm aware of, though there have been some reports of the crypto device having an issue over time that may share some symptoms. IIRC that doesn't reboot, though, just fails to pass IPsec when it happens.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp
unfortunately there is no crash report on the dashboard or anything logged to console, it will take weeks to reach 1TB and when that nears i will setup logging to see if i am able to catch a crash, is there a place on the SSD where crash reports are stored? -
If there is one stored it will show on the dashboard, so looking around for one is unlikely to show anything that isn't displayed in the GUI. That said, they are normally stored in
/var/crashthough I don't think the 3100 is setup to store crash dumps as it doesn't have swap space configured on the SSD.The console would be the most likely place for it to log any relevant crash messages when it happens.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp ok, i just checked and the directory is empty. will wait for it to happen again, in the meantime i have disabled SNORT, is there a way to switch crash logs on 3100?
-
There aren't any options to control crash dumps, what is possible is on by default. So if you have something connected to the serial console logging the output that should get any relevant messages when it happens.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@styxl said in SG-3100 Reboots after FW Rule hits 1TB:
it will take weeks to reach 1TB
fetch -o /dev/null http://speedtest.belwue.net/1000G
-Rico
2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100
-
Just checked my SG-3100s, don't have one with 1TB traffic in one Rule atm.
But my XG-7100....
-Rico
-
@jimp ok
-
@Rico hehehehe i might try this
-
No Problem here, SG-3100 runs fine:
-
i found the issue, SNORT was crashing and locking up the device, after removing and re-installing the package it works fine now.
-
Logs filled the filesystem?
-
@stephenw10 not that i can see, i think there was some kind of exception caused by SNORT that used up memory, i realized i hadnt updated my SNORT package in months
-
We've got one at 14 TB.
-
not same hardware but 1.72 TB on a rule.
-
Whenever I had Snort installed on my SG 3100, it would always cause spontaneous reboots no matter what package version I used. Not sure if it was the way I had it configured, but even with basic rule sets, it would still crash. I have since removed it and have no further issues with reboots.
