pfsense crash report 2.4.5
-
There are entry lines telling your /var filesystem is full.
You have installed many packeges which may have it filled up like snort, squid, ntopng.
If pfSense crashes immediately after booting up you can start into the single user mode and check your filesystems withdf -i
-
@viragomann said in pfsense crash report 2.4.5:
r booting up you can start into the single user mode and check your filesystems with
can i clean the cache in that directory somehow?
-
Most log files resides in /var/log. Packages probably write their logs in sub-directories.
I suspect snort to fill up your filesystem, but don't know where snort writes its logs.
You can list the files withls -l /var/log
and delete them with
rm
-
can this be done in the gui?
-
Yes, in Diagnostic > Command prompt, but you have to use the same commands.
-
tried:
-
rm /var/log
rm: –r: No such file or directory
rm: /var: is a directory
rm: /log: No such file or directory -
ls -l /var/log rm /var/log
ls: rm: No such file or directory
/var/log:
total 19040
-rw-r--r-- 1 root wheel 39042 Oct 20 2019 bsdinstall_log
drwxr-xr-x 2 clamav clamav 512 May 22 21:19 c-icap
drwxr-xr-x 2 clamav clamav 512 May 13 2019 clamav
-rw------- 1 root wheel 511488 May 29 21:00 dhcpd.log
-rw-r--r-- 1 root wheel 11410 May 29 06:00 dmesg.boot
-rw------- 1 root wheel 511488 May 29 21:00 filter.log
-rw------- 1 root wheel 511488 May 29 06:00 gateways.log
-rw------- 1 root wheel 511488 Oct 20 2019 ipsec.log
-rw------- 1 root wheel 511488 Oct 20 2019 l2tps.log
drwx------ 2 www www 512 May 10 2019 lighttpd
-rw------- 1 root wheel 141333 May 29 06:01 lighttpd_lightsquid.log
drwxr-xr-x 2 root wheel 512 Oct 20 2019 nginx
-rw------- 1 root wheel 511488 May 29 21:00 nginx.log
drwxr-xr-x 2 root wheel 512 Oct 20 2019 ntp
-rw------- 1 root wheel 511488 May 29 06:06 ntpd.log
drwxr-xr-x 2 uucp uucp 512 Mar 19 23:49 nut
-rw------- 1 root wheel 511488 Oct 20 2019 openvpn.log
drwxr-xr-x 2 root wheel 512 May 29 21:00 pfblockerng
-rw------- 1 root wheel 511488 Oct 20 2019 poes.log
-rw------- 1 root wheel 511488 Oct 20 2019 portalauth.log
-rw------- 1 root wheel 511488 Oct 20 2019 ppp.log
drwxr-xr-x 2 redis redis 512 Oct 3 2018 redis
-rw------- 1 root wheel 511488 Oct 20 2019 relayd.log
-rw------- 1 root wheel 511488 May 29 17:57 resolver.log
-rw-r--r-- 1 root wheel 472 May 29 05:59 restore_ramdisk_store.boot
-rw------- 1 root wheel 511488 May 29 21:00 routing.log
drwxr-xr-x 3 root wheel 512 Oct 20 2019 snort
drwxr-x--- 2 squid squid 512 Oct 3 2018 squid
drwxr-xr-x 2 squid squid 512 Oct 20 2019 squidGuard
-rw------- 1 root wheel 511488 May 29 21:00 system.log
-rw------- 1 root wheel 23543 May 29 06:00 userlog
-rw-r--r-- 1 root wheel 197 May 29 06:01 utx.lastlogin
-rw------- 1 root wheel 3767 May 29 06:01 utx.log
-rw------- 1 root wheel 511488 Oct 20 2019 vpn.log
-rw------- 1 root wheel 511488 Oct 20 2019 wireless.log
/var/log:
total 19040
-rw-r--r-- 1 root wheel 39042 Oct 20 2019 bsdinstall_log
drwxr-xr-x 2 clamav clamav 512 May 22 21:19 c-icap
drwxr-xr-x 2 clamav clamav 512 May 13 2019 clamav
-rw------- 1 root wheel 511488 May 29 21:00 dhcpd.log
-rw-r--r-- 1 root wheel 11410 May 29 06:00 dmesg.boot
-rw------- 1 root wheel 511488 May 29 21:00 filter.log
-rw------- 1 root wheel 511488 May 29 06:00 gateways.log
-rw------- 1 root wheel 511488 Oct 20 2019 ipsec.log
-rw------- 1 root wheel 511488 Oct 20 2019 l2tps.log
drwx------ 2 www www 512 May 10 2019 lighttpd
-rw------- 1 root wheel 141333 May 29 06:01 lighttpd_lightsquid.log
drwxr-xr-x 2 root wheel 512 Oct 20 2019 nginx
-rw------- 1 root wheel 511488 May 29 21:00 nginx.log
drwxr-xr-x 2 root wheel 512 Oct 20 2019 ntp
-rw------- 1 root wheel 511488 May 29 06:06 ntpd.log
drwxr-xr-x 2 uucp uucp 512 Mar 19 23:49 nut
-rw------- 1 root wheel 511488 Oct 20 2019 openvpn.log
drwxr-xr-x 2 root wheel 512 May 29 21:00 pfblockerng
-rw------- 1 root wheel 511488 Oct 20 2019 poes.log
-rw------- 1 root wheel 511488 Oct 20 2019 portalauth.log
-rw------- 1 root wheel 511488 Oct 20 2019 ppp.log
drwxr-xr-x 2 redis redis 512 Oct 3 2018 redis
-rw------- 1 root wheel 511488 Oct 20 2019 relayd.log
-rw------- 1 root wheel 511488 May 29 17:57 resolver.log
-rw-r--r-- 1 root wheel 472 May 29 05:59 restore_ramdisk_store.boot
-rw------- 1 root wheel 511488 May 29 21:00 routing.log
drwxr-xr-x 3 root wheel 512 Oct 20 2019 snort
drwxr-x--- 2 squid squid 512 Oct 3 2018 squid
drwxr-xr-x 2 squid squid 512 Oct 20 2019 squidGuard
-rw------- 1 root wheel 511488 May 29 21:00 system.log
-rw------- 1 root wheel 23543 May 29 06:00 userlog
-rw-r--r-- 1 root wheel 197 May 29 06:01 utx.lastlogin
-rw------- 1 root wheel 3767 May 29 06:01 utx.log
-rw------- 1 root wheel 511488 Oct 20 2019 vpn.log
-rw------- 1 root wheel 511488 Oct 20 2019 wireless.logno luck...
-
-
Yeah! Of course is /var/log a directory and it can't be removed with rm. And you must not do that at all!
You can only delete the files inside the log directory or inside its subdirectories."ls -l" shows the files with their sizes. In the log directory there is no file larger than 500 kB. Don't know what the capacity of your /var has, the command I suggested above would display it, but I'm in doubt that these files may fill it up.
So presumably it's one of the subdirectories containing large log files, where the packages write their logs, also already mentioned above.
I'd check the snort directiory at first. Snort is known to claim much log space if logging is enabled. -
The
squid
directory is most likely the problem, not Snort. Thesquid
cache can grow quite large. I also see aredis
subdirectory under/var/log
. You might want to check that one, too. -
figured out how to delete the files (opened, select all, delete, save)
something is using 10% of 104GiB - ufs on the kingston ssd i have in there
hopefully no more crashes
-
might backup my config and reload it on a clean install. still crashing