Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Back to odd problem -- lose WAN at random points with a week or more between events

    General pfSense Questions
    5
    42
    3.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Wylbur @Wylbur
      last edited by

      @Wylbur

      System log:

      Apr 1 00:17:15 php 63769 [Snort] Snort Subscriber rules are up to date...
      Apr 1 00:17:16 php 63769 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 1 00:17:16 php 63769 [Snort] Emerging Threats Open rules are up to date...
      Apr 1 00:17:16 php 63769 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 1 00:17:16 php 63769 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 1 00:17:16 php 63769 [Snort] Updating rules configuration for: WAN ...
      Apr 1 00:17:19 php 63769 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 1 00:17:19 php 63769 [Snort] Building new sid-msg.map file for WAN...
      Apr 1 00:17:19 php 63769 [Snort] Snort STOP for WAN(re2)...
      Apr 1 00:17:20 snort 4800 *** Caught Term-Signal
      Apr 1 00:17:21 php 63769 [Snort] Snort START for WAN(re2)...
      Apr 1 00:17:21 php 63769 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 1 00:17:21 php 63769 [Snort] The Rules update has finished.
      Apr 1 00:20:00 php 30289 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 1 03:01:00 root 7484 rc.update_bogons.sh is starting up.
      Apr 1 03:01:00 root 8990 rc.update_bogons.sh is sleeping for 23990
      Apr 1 06:00:01 php 40323 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 1 06:17:34 php 55922 [Snort] Snort Subscriber rules are up to date...
      Apr 1 06:17:35 php 55922 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 1 06:17:35 php 55922 [Snort] Emerging Threats Open rules are up to date...
      Apr 1 06:17:35 php 55922 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 1 06:17:35 php 55922 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 1 06:17:35 php 55922 [Snort] Updating rules configuration for: WAN ...
      Apr 1 06:17:38 php 55922 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 1 06:17:38 php 55922 [Snort] Building new sid-msg.map file for WAN...
      Apr 1 06:17:38 php 55922 [Snort] Snort STOP for WAN(re2)...
      Apr 1 06:17:39 snort 69330 *** Caught Term-Signal
      Apr 1 06:17:40 php 55922 [Snort] Snort START for WAN(re2)...
      Apr 1 06:17:40 php 55922 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 1 06:17:40 php 55922 [Snort] The Rules update has finished.
      Apr 1 07:35:00 php 4927 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 1 07:58:00 sshguard 8879 Exiting on signal.
      Apr 1 07:58:00 sshguard 66944 Now monitoring attacks.
      Apr 1 08:19:00 sshguard 66944 Exiting on signal.
      Apr 1 08:19:00 sshguard 73001 Now monitoring attacks.
      Apr 1 09:40:50 root 29221 rc.update_bogons.sh is beginning the update cycle.
      Apr 1 09:40:52 root 36334 Bogons V4 file downloaded: 665 addresses added.
      Apr 1 09:40:52 root 39335 Bogons V6 file downloaded but not updating IPv6 bogons table because it is not in use.
      Apr 1 09:40:52 root 40526 rc.update_bogons.sh is ending the update cycle.
      Apr 1 11:55:00 php 34664 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 1 12:17:10 php 72703 [Snort] Snort Subscriber rules are up to date...
      Apr 1 12:17:10 php 72703 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 1 12:17:10 php 72703 [Snort] Emerging Threats Open rules are up to date...
      Apr 1 12:17:11 php 72703 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 1 12:17:11 php 72703 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 1 12:17:11 php 72703 [Snort] Updating rules configuration for: WAN ...
      Apr 1 12:17:13 php 72703 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 1 12:17:13 php 72703 [Snort] Building new sid-msg.map file for WAN...
      Apr 1 12:17:13 php 72703 [Snort] Snort STOP for WAN(re2)...
      Apr 1 12:17:14 snort 78605 *** Caught Term-Signal
      Apr 1 12:17:15 php 72703 [Snort] Snort START for WAN(re2)...
      Apr 1 12:17:15 php 72703 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 1 12:17:15 php 72703 [Snort] The Rules update has finished.
      Apr 1 16:00:02 php 11876 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 1 18:17:18 php 36594 [Snort] Snort Subscriber rules are up to date...
      Apr 1 18:17:19 php 36594 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 1 18:17:19 php 36594 [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
      Apr 1 18:17:20 php 36594 [Snort] Emerging Threats Open rules file update downloaded successfully
      Apr 1 18:17:20 php 36594 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 1 18:17:20 php 36594 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 1 18:17:20 php 36594 [Snort] Updating rules configuration for: WAN ...
      Apr 1 18:17:23 php 36594 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 1 18:17:23 php 36594 [Snort] Building new sid-msg.map file for WAN...
      Apr 1 18:17:23 php 36594 [Snort] Snort STOP for WAN(re2)...
      Apr 1 18:17:24 snort 78178 *** Caught Term-Signal
      Apr 1 18:17:25 php 36594 [Snort] Snort START for WAN(re2)...
      Apr 1 18:17:25 php 36594 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 1 18:17:25 php 36594 [Snort] The Rules update has finished.
      Apr 1 19:16:00 sshguard 73001 Exiting on signal.
      Apr 1 19:16:00 sshguard 96502 Now monitoring attacks.
      Apr 2 00:15:00 php 66943 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 2 00:17:24 php 20980 [Snort] Snort Subscriber rules are up to date...
      Apr 2 00:17:24 php 20980 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 2 00:17:24 php 20980 [Snort] Emerging Threats Open rules are up to date...
      Apr 2 00:17:25 php 20980 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 2 00:17:25 php 20980 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 2 00:17:25 php 20980 [Snort] Updating rules configuration for: WAN ...
      Apr 2 00:17:27 php 20980 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 2 00:17:27 php 20980 [Snort] Building new sid-msg.map file for WAN...
      Apr 2 00:17:27 php 20980 [Snort] Snort STOP for WAN(re2)...
      Apr 2 00:17:28 snort 41549 *** Caught Term-Signal
      Apr 2 00:17:29 php 20980 [Snort] Snort START for WAN(re2)...
      Apr 2 00:17:30 php 20980 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 2 00:17:30 php 20980 [Snort] The Rules update has finished.
      Apr 2 00:42:00 sshguard 96502 Exiting on signal.
      Apr 2 00:42:00 sshguard 17564 Now monitoring attacks.
      Apr 2 05:55:00 php 80125 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 2 06:17:03 php 25000 [Snort] Snort Subscriber rules are up to date...
      Apr 2 06:17:04 php 25000 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 2 06:17:04 php 25000 [Snort] Emerging Threats Open rules are up to date...
      Apr 2 06:17:04 php 25000 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 2 06:17:04 php 25000 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 2 06:17:04 php 25000 [Snort] Updating rules configuration for: WAN ...
      Apr 2 06:17:07 php 25000 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 2 06:17:07 php 25000 [Snort] Building new sid-msg.map file for WAN...
      Apr 2 06:17:07 php 25000 [Snort] Snort STOP for WAN(re2)...
      Apr 2 06:17:08 snort 34458 *** Caught Term-Signal
      Apr 2 06:17:09 php 25000 [Snort] Snort START for WAN(re2)...
      Apr 2 06:17:09 php 25000 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 2 06:17:09 php 25000 [Snort] The Rules update has finished.
      Apr 2 06:53:00 sshguard 17564 Exiting on signal.
      Apr 2 06:53:00 sshguard 84284 Now monitoring attacks.
      Apr 2 12:10:00 php 27160 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 2 12:17:28 php 7191 [Snort] There is a new set of Snort Subscriber rules posted. Downloading snortrules-snapshot-29200.tar.gz...
      Apr 2 12:17:34 php 7191 [Snort] Snort Subscriber rules file update downloaded successfully
      Apr 2 12:17:35 php 7191 [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
      Apr 2 12:17:36 php 7191 [Snort] Snort GPLv2 Community Rules file update downloaded successfully
      Apr 2 12:17:36 php 7191 [Snort] Emerging Threats Open rules are up to date...
      Apr 2 12:17:37 php 7191 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 2 12:17:37 php 7191 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 2 12:17:51 php 7191 [Snort] Updating rules configuration for: WAN ...
      Apr 2 12:17:54 php 7191 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 2 12:17:54 php 7191 [Snort] Building new sid-msg.map file for WAN...
      Apr 2 12:17:54 php 7191 [Snort] Snort STOP for WAN(re2)...
      Apr 2 12:17:55 snort 30427 *** Caught Term-Signal
      Apr 2 12:17:55 kernel pid 30427 (snort), jid 0, uid 0: exited on signal 11 (core dumped)
      Apr 2 12:17:56 php 7191 [Snort] Snort START for WAN(re2)...
      Apr 2 12:17:56 php 7191 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 2 12:17:56 php 7191 [Snort] The Rules update has finished.
      Apr 2 17:45:00 php 7959 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 2 18:06:00 sshguard 84284 Exiting on signal.
      Apr 2 18:06:00 sshguard 25475 Now monitoring attacks.
      Apr 2 18:10:28 snort 32875 S5: Pruned 5 sessions from cache for memcap. 68 scbs remain. memcap: 8389251/8388608
      Apr 2 18:17:09 php 89991 [Snort] Snort Subscriber rules are up to date...
      Apr 2 18:17:09 php 89991 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 2 18:17:09 php 89991 [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
      Apr 2 18:17:10 php 89991 [Snort] Emerging Threats Open rules file update downloaded successfully
      Apr 2 18:17:10 php 89991 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 2 18:17:10 php 89991 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 2 18:17:11 php 89991 [Snort] Updating rules configuration for: WAN ...
      Apr 2 18:17:13 php 89991 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 2 18:17:13 php 89991 [Snort] Building new sid-msg.map file for WAN...
      Apr 2 18:17:13 php 89991 [Snort] Snort STOP for WAN(re2)...
      Apr 2 18:17:14 snort 32875 *** Caught Term-Signal
      Apr 2 18:17:16 php 89991 [Snort] Snort START for WAN(re2)...
      Apr 2 18:17:16 php 89991 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 2 18:17:16 php 89991 [Snort] The Rules update has finished.
      Apr 2 20:12:00 sshguard 25475 Exiting on signal.
      Apr 2 20:12:00 sshguard 29905 Now monitoring attacks.
      Apr 3 00:17:26 php 28304 [Snort] Snort Subscriber rules are up to date...
      Apr 3 00:17:27 php 28304 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 3 00:17:27 php 28304 [Snort] Emerging Threats Open rules are up to date...
      Apr 3 00:17:27 php 28304 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 3 00:17:27 php 28304 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 3 00:17:27 php 28304 [Snort] Updating rules configuration for: WAN ...
      Apr 3 00:17:30 php 28304 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 3 00:17:30 php 28304 [Snort] Building new sid-msg.map file for WAN...
      Apr 3 00:17:30 php 28304 [Snort] Snort STOP for WAN(re2)...
      Apr 3 00:17:31 snort 96511 *** Caught Term-Signal
      Apr 3 00:17:32 php 28304 [Snort] Snort START for WAN(re2)...
      Apr 3 00:17:32 php 28304 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 3 00:17:32 php 28304 [Snort] The Rules update has finished.
      Apr 3 00:20:00 php 97042 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 3 05:34:00 sshguard 29905 Exiting on signal.
      Apr 3 05:34:00 sshguard 94415 Now monitoring attacks.
      Apr 3 06:00:01 php 60 [Snort] Alert tcpdump packet capture file cleanup job removed 1 tcpdump packet capture file(s) from /var/log/snort/snort_re231180/...
      Apr 3 06:17:07 php 52342 [Snort] Snort Subscriber rules are up to date...
      Apr 3 06:17:08 php 52342 [Snort] Snort GPLv2 Community Rules are up to date...
      Apr 3 06:17:08 php 52342 [Snort] Emerging Threats Open rules are up to date...
      Apr 3 06:17:08 php 52342 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
      Apr 3 06:17:08 php 52342 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
      Apr 3 06:17:08 php 52342 [Snort] Updating rules configuration for: WAN ...
      Apr 3 06:17:11 php 52342 [Snort] Enabling any flowbit-required rules for: WAN...
      Apr 3 06:17:11 php 52342 [Snort] Building new sid-msg.map file for WAN...
      Apr 3 06:17:11 php 52342 [Snort] Snort STOP for WAN(re2)...
      Apr 3 06:17:12 snort 53476 *** Caught Term-Signal
      Apr 3 06:17:13 php 52342 [Snort] Snort START for WAN(re2)...
      Apr 3 06:17:13 php 52342 [Snort] Snort has restarted on WAN with your new set of rules...
      Apr 3 06:17:13 php 52342 [Snort] The Rules update has finished.
      Apr 3 10:31:00 sshguard 94415 Exiting on signal.
      Apr 3 10:31:00 sshguard 72366 Now monitoring attacks.
      Apr 3 10:51:47 php-fpm 24100 /index.php: Successful login for user 'admin' from: 192.168.1.21 (Local Database)
      Apr 3 10:59:00 sshguard 72366 Exiting on signal.
      Apr 3 10:59:00 sshguard 74234 Now monitoring attacks.
      Apr 3 11:00:56 php-fpm 82432 /diag_packet_capture.php: The command '/bin/pkill -f '^/usr/sbin/tcpdump.*-w -'' returned exit code '1', the output was ''

      W 1 Reply Last reply Reply Quote 0
      • W
        Wylbur @Wylbur
        last edited by

        @Wylbur

        Again, things connected were continuing to work. Example. If duckduckgo were used for a search, that search would return hits. If clicking on a link in the hits -- would get message couldn't find that server.

        So my connection to a mainframe (encrypted interactive session) continued to respond.

        T-bird Email continued to fetch and send email.

        Don't know what got hosed up.

        [BTW did see where there is an SSH exploit -- pfsense susceptible to it?]

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.