Netgate 6100 Storage
-
I would guess it's Suricata of the possible suspects there.
Make sure you have a total log folder size restriction set in the Suricata log management settings.
Though if it just shows /var/log you might just have a lot of system logging enabled.
Try:ls -ls /var/log
What's using the space?Steve
-
@stephenw10 yeah it's suricata, that makes now cuz every time I try starting the block mode the pfsense crashes within a minute.
-
Suricata, (ntop, snort and the like) log a lot and ones activated should be observed all the time.
Remember : the more 'hits' come in, the more logs lines are added.
The 'blocking' option is just a switch between : inject firewall rules, or not.Suricate and "disk full" is a very known subject on this forum. See here, as this is a package you can't just install and run away from it.
I'm not using Suricata myself.
From what I know, Suricata has log file maintenance like roll over and file pruning build in.
It's setup should be checked.No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@stephenw10 From the video link, drives have to be B+M keyed.
-
@bigsy Sorry, yes I corrected my post.
The slots are B-Keyed so the drives have to be too. But I've yet to see a B-Key only NVMe drive they are mostly M-Key only (which won't fit) with far fewer being B+M-Key (which will).Steve
-
Is the M.2 with SATA support to fit a default B-Key SATA SSD?
-
There is no SATA support on the 6100. The slots are NVMe only.
Steve
-
@gertjan So I see there's an option in Suricata Logs Mgmt to set a "Log Directory Size Limit", is that all I have to do to prevent it overflooding the disk space?
-
@1amt0ny
Yep.
Without the space management, Suricata will fill out all the space is can find, using the entire partition or disk.
Still, this is not a set-it-and-forget-it-option. Check remaining space regularly. -
@gertjan said in Netgate 6100 Storage:
Check remaining space regularly
Though disk space shows on the dashboard, it might be handy if there was an alert/email notification for "disk 95% full" or whatever. (I don't think there is?)
-
@steveits there isn't for me. Maybe it can have? I just don't know how to set it up.
-
There's no option for that currently. There are a number of open feature requests for it. THis probably closest currently: https://redmine.pfsense.org/issues/9226
You can add comments there.There is a new disk information widget you may have seen in current snapshots too. That has some functionality with a percentage level.
Steve
-
Some tips here : Suricata Logs grow over limitation
-
@1amt0ny hi did you manage to find a compatible drive?
-
J jimp moved this topic from Hardware on
-
@lichtlos Well for me the best strategy is to set the log limit on the netgate and use remote syslog server to store the files. As the official release video stated, the netgate 6100 box has reserved storage ports for their upcoming compatible drive, so the best thing is to wait I guess.
-
@1amt0ny can confirm the WD SN520 NVMe SSD - 256 GB works perfectly fine in my box. Set it up with ZFS as explained in https://forum.netgate.com/topic/168038/proper-steps-for-zfs-pave-re-install-on-6100
