Diagnóstico de Hardware ou Software (pfsense travando)
-
Boa Noite Pessoal.
Tenho um Appliance de Firewall pfsense v 2.2.2 que travou após 45 dias de estado operacional. com isso, gostaria de saber como poderia avaliar melhor o hardware (CPU, MEMÓRIA, DISCO) ou até mesmo o software já que este erro me pareceu ser fatal pois literalmente travou o equipamento.
PS.: cheguei a verificar em "system logs" porém não tive sucesso em nenhuma informação pertinente. os últimos logs foram esses:
ÚLTIMO LOG REGISTRADO ANTES DA FALHA. Aug 26 14:21:54 kernel: arp: 192.168.0.49 moved from 48:59:29:e4:44:ca to 20:cf:30:e0:2b:37 on em1 APÓS A FALHA O LOG ABAIXO DE BOOT. Aug 27 19:58:19 kernel: random: <software, yarrow=""> initialized Aug 27 19:58:19 kernel: module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff80632f00, 0) error 1 Aug 27 19:58:19 kernel: iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. Aug 27 19:58:19 kernel: iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. Aug 27 19:58:19 kernel: module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff80632e50, 0) error 1 Aug 27 19:58:19 kernel: iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. Aug 27 19:58:19 kernel: iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. Aug 27 19:58:19 kernel: module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff80632da0, 0) error 1 Aug 27 19:58:19 kernel: iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. Aug 27 19:58:19 kernel: iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. Aug 27 19:58:19 kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff8060b730, 0) error 1 Aug 27 19:58:19 kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. Aug 27 19:58:19 kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. Aug 27 19:58:19 kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff8060b680, 0) error 1 Aug 27 19:58:19 kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. Aug 27 19:58:19 kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. Aug 27 19:58:19 kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff8060b5d0, 0) error 1 Aug 27 19:58:19 kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. Aug 27 19:58:19 kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. Aug 27 19:58:19 kernel: wlan: mac acl policy registered Aug 27 19:58:19 kernel: ioapic0 <version 2.0=""> irqs 0-23 on motherboard Aug 27 19:58:19 kernel: ioapic0: Changing APIC ID to 4 Aug 27 19:58:19 kernel: cpu3 (AP/HT): APIC ID: 3 Aug 27 19:58:19 kernel: cpu2 (AP): APIC ID: 2 Aug 27 19:58:19 kernel: cpu1 (AP/HT): APIC ID: 1 Aug 27 19:58:19 kernel: cpu0 (BSP): APIC ID: 0 Aug 27 19:58:19 kernel: FreeBSD/SMP: 1 package(s) x 2 core(s) x 2 HTT threads Aug 27 19:58:19 kernel: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs Aug 27 19:58:19 kernel: ACPI APIC Table: <011613 APIC1021> Aug 27 19:58:19 kernel: Event timer "LAPIC" quality 400 Aug 27 19:58:19 kernel: avail memory = 4087496704 (3898 MB) Aug 27 19:58:19 kernel: real memory = 4294967296 (4096 MB) Aug 27 19:58:19 kernel: TSC: P-state invariant, performance statistics Aug 27 19:58:19 kernel: AMD Features2=0x1 <lahf>Aug 27 19:58:19 kernel: AMD Features=0x20100800 <syscall,nx,lm>Aug 27 19:58:19 kernel: Features2=0x40e31d <sse3,dtes64,mon,ds_cpl,tm2,ssse3,cx16,xtpr,pdcm,movbe>Aug 27 19:58:19 kernel: Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Aug 27 19:58:19 kernel: Origin = "GenuineIntel" Id = 0x106ca Family = 0x6 Model = 0x1c Stepping = 10 Aug 27 19:58:19 kernel: CPU: Intel(R) Atom(TM) CPU D525 @ 1.80GHz (1800.03-MHz K8-class CPU) Aug 27 19:58:19 kernel: FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512 Aug 27 19:58:19 kernel: root@pfs22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64 Aug 27 19:58:19 kernel: FreeBSD 10.1-RELEASE-p9 #0 57b23e7(releng/10.1)-dirty: Mon Apr 13 20:30:25 CDT 2015 Aug 27 19:58:19 kernel: FreeBSD is a registered trademark of The FreeBSD Foundation. Aug 27 19:58:19 kernel: The Regents of the University of California. All rights reserved. Aug 27 19:58:19 kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 Aug 27 19:58:19 kernel: Copyright (c) 1992-2014 The FreeBSD Project. Aug 27 19:58:19 syslogd: kernel boot file is /boot/kernel/kernel OBS: O MBUF tá 48% (12660/26584)</fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe></sse3,dtes64,mon,ds_cpl,tm2,ssse3,cx16,xtpr,pdcm,movbe></syscall,nx,lm></lahf></version></software,>
-
Nesse outro log o squid tá rejeitando algumas expressões da whitelist por algum motivo.
Aug 27 19:58:45 php-fpm[87280]: /rc.start_packages: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf' returned exit code '1', the output was '2017/08/27 19:58:45| /usr/pbi/squid-amd64/local/etc/squid/squid.conf line 71: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" 2017/08/27 19:58:45| ERROR: invalid regular expression: '(sintegra.gov.br/)|(mail.google.com)|(google.com/mail/)|(caixa.gov.br)|(cmt.caixa.gov.br)|(obsupgdp.caixa.gov.br)|(receita.fazenda.gov.br)|(ecac.receita.fazenda.gov.br)|(dataprev.gov.br)|(previdencia.gov.br)|(serpro.gov.br)|(negociacao.caixa.gov.br)|(cafe.dataprev.gov.br)|(granulito.mte.gov.br)|(portal.mte.gov.br)|(nfse.campinas.sp.gov.br)|(embratec.com.br)|(ccd.serpro.gov.br)|(ccd2.serpro.gov.br)|(repositorio.icpbrasil.gov.br)|(caixa.gov.br)|(ecac.receita.fazenda.gov.br)|(dataprev.gov.br)|(previdencia.gov.br)|(serpro.gov.br)|(negociacao.caixa.gov.br)|(cafe.dataprev.gov.br)|(granulito.mte.gov.br)|(portal.mte.gov.
-
Apenas para especificar melhor meu ambiente, essa é a configuração do hardware :
.2.2-RELEASE (amd64) built on Mon Apr 13 20:10:22 CDT 2015 FreeBSD 10.1-RELEASE-p9 Platform pfSense CPU Type Intel(R) Atom(TM) CPU D525 @ 1.80GHz 4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads 4GB de Memória RAM
Estou utilizando Firewall / Proxy (vários aliases) VPN S2S (Três filiais) / VPN S2C, Snort, bandwidth e o Squid Proxy Reports