Diagnóstico de Hardware ou Software (pfsense travando)

Portuguese
Log in to reply
  • M

    Boa Noite Pessoal.

    Tenho um Appliance de Firewall pfsense v 2.2.2 que travou após 45 dias de estado operacional. com isso, gostaria de saber como poderia avaliar melhor o hardware (CPU, MEMÓRIA, DISCO) ou até mesmo o software já que este erro me pareceu ser fatal pois literalmente travou o equipamento.

    PS.: cheguei a verificar em "system logs" porém não tive sucesso em nenhuma informação pertinente. os últimos logs foram esses:

    ÚLTIMO LOG REGISTRADO ANTES DA FALHA.

Aug 26 14:21:54	kernel: arp: 192.168.0.49 moved from 48:59:29:e4:44:ca to 20:cf:30:e0:2b:37 on em1 

APÓS A FALHA O LOG ABAIXO DE BOOT.

Aug 27 19:58:19	kernel: random: <software, yarrow=""> initialized
Aug 27 19:58:19	kernel: module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff80632f00, 0) error 1
Aug 27 19:58:19	kernel: iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Aug 27 19:58:19	kernel: iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
Aug 27 19:58:19	kernel: module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff80632e50, 0) error 1
Aug 27 19:58:19	kernel: iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Aug 27 19:58:19	kernel: iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
Aug 27 19:58:19	kernel: module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff80632da0, 0) error 1
Aug 27 19:58:19	kernel: iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
Aug 27 19:58:19	kernel: iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/.
Aug 27 19:58:19	kernel: module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff8060b730, 0) error 1
Aug 27 19:58:19	kernel: ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Aug 27 19:58:19	kernel: ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
Aug 27 19:58:19	kernel: module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff8060b680, 0) error 1
Aug 27 19:58:19	kernel: ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Aug 27 19:58:19	kernel: ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
Aug 27 19:58:19	kernel: module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff8060b5d0, 0) error 1
Aug 27 19:58:19	kernel: ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
Aug 27 19:58:19	kernel: ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
Aug 27 19:58:19	kernel: wlan: mac acl policy registered
Aug 27 19:58:19	kernel: ioapic0 <version 2.0=""> irqs 0-23 on motherboard
Aug 27 19:58:19	kernel: ioapic0: Changing APIC ID to 4
Aug 27 19:58:19	kernel: cpu3 (AP/HT): APIC ID: 3
Aug 27 19:58:19	kernel: cpu2 (AP): APIC ID: 2
Aug 27 19:58:19	kernel: cpu1 (AP/HT): APIC ID: 1
Aug 27 19:58:19	kernel: cpu0 (BSP): APIC ID: 0
Aug 27 19:58:19	kernel: FreeBSD/SMP: 1 package(s) x 2 core(s) x 2 HTT threads
Aug 27 19:58:19	kernel: FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
Aug 27 19:58:19	kernel: ACPI APIC Table: <011613 APIC1021>
Aug 27 19:58:19	kernel: Event timer "LAPIC" quality 400
Aug 27 19:58:19	kernel: avail memory = 4087496704 (3898 MB)
Aug 27 19:58:19	kernel: real memory = 4294967296 (4096 MB)
Aug 27 19:58:19	kernel: TSC: P-state invariant, performance statistics
Aug 27 19:58:19	kernel: AMD Features2=0x1 <lahf>Aug 27 19:58:19	kernel: AMD Features=0x20100800 <syscall,nx,lm>Aug 27 19:58:19	kernel: Features2=0x40e31d <sse3,dtes64,mon,ds_cpl,tm2,ssse3,cx16,xtpr,pdcm,movbe>Aug 27 19:58:19	kernel: Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Aug 27 19:58:19	kernel: Origin = "GenuineIntel" Id = 0x106ca Family = 0x6 Model = 0x1c Stepping = 10
Aug 27 19:58:19	kernel: CPU: Intel(R) Atom(TM) CPU D525 @ 1.80GHz (1800.03-MHz K8-class CPU)
Aug 27 19:58:19	kernel: FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
Aug 27 19:58:19	kernel: root@pfs22-amd64-builder:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10 amd64
Aug 27 19:58:19	kernel: FreeBSD 10.1-RELEASE-p9 #0 57b23e7(releng/10.1)-dirty: Mon Apr 13 20:30:25 CDT 2015
Aug 27 19:58:19	kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Aug 27 19:58:19	kernel: The Regents of the University of California. All rights reserved.
Aug 27 19:58:19	kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Aug 27 19:58:19	kernel: Copyright (c) 1992-2014 The FreeBSD Project.
Aug 27 19:58:19	syslogd: kernel boot file is /boot/kernel/kernel

OBS: O MBUF tá 48% (12660/26584)</fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe></sse3,dtes64,mon,ds_cpl,tm2,ssse3,cx16,xtpr,pdcm,movbe></syscall,nx,lm></lahf></version></software,>
    0
  • M

    Nesse outro log o squid tá rejeitando algumas expressões da whitelist por algum motivo.

    Aug 27 19:58:45	php-fpm[87280]: /rc.start_packages: The command '/usr/pbi/squid-amd64/sbin/squid -k reconfigure -f /usr/pbi/squid-amd64/local/etc/squid/squid.conf' returned exit code '1', the output was '2017/08/27 19:58:45| /usr/pbi/squid-amd64/local/etc/squid/squid.conf line 71: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" 2017/08/27 19:58:45| ERROR: invalid regular expression: '(sintegra.gov.br/)|(mail.google.com)|(google.com/mail/)|(caixa.gov.br)|(cmt.caixa.gov.br)|(obsupgdp.caixa.gov.br)|(receita.fazenda.gov.br)|(ecac.receita.fazenda.gov.br)|(dataprev.gov.br)|(previdencia.gov.br)|(serpro.gov.br)|(negociacao.caixa.gov.br)|(cafe.dataprev.gov.br)|(granulito.mte.gov.br)|(portal.mte.gov.br)|(nfse.campinas.sp.gov.br)|(embratec.com.br)|(ccd.serpro.gov.br)|(ccd2.serpro.gov.br)|(repositorio.icpbrasil.gov.br)|(caixa.gov.br)|(ecac.receita.fazenda.gov.br)|(dataprev.gov.br)|(previdencia.gov.br)|(serpro.gov.br)|(negociacao.caixa.gov.br)|(cafe.dataprev.gov.br)|(granulito.mte.gov.br)|(portal.mte.gov.
    0
  • M

    Apenas para especificar melhor meu ambiente, essa é a configuração do hardware :

    .2.2-RELEASE (amd64) 
built on Mon Apr 13 20:10:22 CDT 2015 
FreeBSD 10.1-RELEASE-p9
Platform	pfSense
CPU Type	Intel(R) Atom(TM) CPU D525 @ 1.80GHz
4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads
4GB de Memória RAM

    Estou utilizando Firewall / Proxy (vários aliases)  VPN S2S (Três filiais) / VPN S2C, Snort, bandwidth e o Squid Proxy Reports

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy