I have struggled with the log sizes getting too big and then the web pages refusing to list things on them (alerts/blocks pages show empty in UI). Clearing the logs manually instantly fixes the UI issue. I think the problem is the fact that logs can grow quite quickly and that relying on the log rotation can lead to a (very minimal) denial of service type event. I've thought about mucking with how often it rotates but as long as I'm not being legit DDOS'd it is just a nuisance. Suricata still clearly works. The firewall itself clearly works. The only real problem is UI issues when attempting to do a real investigation or troubleshoot. One can work around that manually. Of course somebody will simply say turn suricata off on the external interface. No. Occasionally good research happens there.

Hello, Just to update about the crashs: they didn't happen again. Also, I've being using Suricata 6.0.3 release since than, and no netmap issues So, I changed my RAM, and tested the old ones: 24H of MemTest86+ and at least 5hrs of GoldMemory (not the best tests, but still), resulted in not a single red flag for them (tested individually), AND I'm using them on other Win machines withouth BSOD or anything in the logs. I already saw RAM tests failing to detect problems, so based on what you explained, I'm assuming that both 1 - the issue with Suricata's Multithreading ring access, and 2 - darkstat, were hitting some intermittent problem, that I could not with tests and other OS. Anyway, thank you for helping me out solving this. Really appreciate @stephenw10 and @bmeeks !

@ddbnj said in Cannot access beyond router via OpenVPN: 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 Yeah that would dick it up ;) Glad you got it sorted! Told you it wasn't pfsense ;) hehehehe The trick is getting the person to clearly see that themselves... Which is why the sniff proves to the user, hey pfsense is doing what its suppose to be doing... Have to look elsewhere..

Got the log directory changed when following a guide from 2015 from these forums. -Toube

Have you made a pass list yet?