Snort and 1.2.3
-
I have 2 boxes with 1.2.3 always with latest version. The problem seems to keep showing up. One of the boxes is behind a router. The other is connected to a router that is bridged and pfsense is doing the pppoe connection to the isp. This box also has dyndns working. Everytime it changes the ip address, snort goes down and it never works again until I mannualy restart it in the services tab. The box behind the router, never shows this problem and is working very well and stable. Including snort. Maybe a bug somewhere? TIA.
-
Are the two routers in the same network environment and location? I am just trying to get more information. Can the router support dyndns?
-
Is there a snort log? What does it say?
-
They're on diferent networks. I can post the log of the failing box. As soon as it fails again, I'll post it. Just to explain things a bit more:
router 1:
Connects to pfsense thru ethernet. router connects to internet. Connection type pppoe adsl. pfsense configured to use router with dns and gateway.
Router 2:
Connects to pfsense thru ethernet. router is bridged. pfsense connects thru pppoe adsl. Dyndns on. This is the box that keeps dropping snort. everytime it changes ip.
Hope it's more clear now. ;)
-
here's the log:
May 19 01:14:14 SnortStartup[46853]: Ram free BEFORE starting Snort: 22M – Ram free AFTER starting Snort: 22M -- Mode lowmem -- Snort memory usage:
May 19 01:13:54 php: : phpDynDNS: (Success) IP Address Changed Successfully! (81.193.71.203)
May 19 01:13:54 php: : phpDynDNS: updating cache file /cf/conf/dyndns.cache: 81.193.71.203
May 19 01:13:54 php: : DynDns: Current Service: dyndns
May 19 01:13:54 php: : DynDns: DynDns _checkStatus() starting.
May 19 01:13:53 php: : DynDns: DynDns _update() starting. Dynamic
May 19 01:13:53 php: : DynDns: DynDns _update() starting.
May 19 01:13:53 php: : DynDns: cacheIP != wan_ip. Updating.
May 19 01:13:53 php: : DynDns: Cached IP: 81.193.103.122
May 19 01:13:53 php: : DynDns: Current WAN IP: 81.193.71.203
May 19 01:13:53 php: : DynDns: _detectChange() starting.
May 19 01:13:53 php: : DynDns: updatedns() starting
May 19 01:13:53 php: : DynDns: Running updatedns()
May 19 01:13:51 check_reload_status: updating dyndns
May 19 01:13:49 check_reload_status: reloading filter
May 19 01:13:49 php: : Configuring slbd
May 19 01:13:49 php: : pfSense package system has detected an ip change 81.193.103.122 -> 81.193.71.203 ... Restarting packages.
May 19 01:13:48 SnortStartup[46556]: Ram free BEFORE starting Snort: 22M – Ram free AFTER starting Snort: 22M -- Mode lowmem -- Snort memory usage:
May 19 01:13:45 SnortStartup[46549]: Ram free BEFORE starting Snort: 22M – Ram free AFTER starting Snort: 22M -- Mode lowmem -- Snort memory usage:
May 19 01:13:21 php: : Resyncing configuration for all packages.
May 19 01:13:19 SnortStartup[46454]: Ram free BEFORE starting Snort: 22M – Ram free AFTER starting Snort: 22M -- Mode lowmem -- Snort memory usage:
May 19 01:12:51 snort[24729]: Snort exiting
May 19 01:12:51 snort[24729]: Snort exiting
May 19 01:12:51 snort[24729]: ===============================================================================
May 19 01:12:51 snort[24729]: ===============================================================================