[PFSense embeded] - 2nd time same crash - problem with snort ?!
-
Hi all,
As it's the 2nd time I have this issue, let's discuss about it ! :)
After few months of good service, I had exactly this issue
http://www.mail-archive.com/support@pfsense.com/msg15583.htmlNot sure about the age of my CF card I decided to change it with a brand new one.
2 days ago, exactly the same crash, 6 months after the new installation !
Just before the "last" reboot of the machine I could see that my /var/ partition was 101% full (yes… -4.6mb free...). The size of the partition is around 58MB and there was 4 fat files (around 10mb each) in the /var/log/snort/ folder.
Do you think that SNORT could cause a kind of "disk overflow" by writing too much ?! This could eventually be explain the complete crash of the system (and config lose) after reboot !
config.xml file was ok before reboot but all the fields were blank in the webadmin!By chance I have a 2nd CF card ready as a backup but if somebody could explain this issue it could be cool... and I will kick out SNORT from now !
Here is the config
- Mini-itx
- 2GB CF card
- 2GB RAM
- Embedded PFSense (latest version)
- 1 GB LAN
- 3 WAN with 3 different static IP and "load balancing"
- 2mb symmetric total internet line
- Only 5 computers are using this gateway
And I'm in Argentina while the system is in Switzerland ! Yeah lucky me ! :-)
-
Clear your /var/log/snort dir.
Im going to add a cron job to auto remove data from /var/log/snort after 10mb.
Hope this helps
James
-
too late ;D I kicked out the package for the moment.
As I'm a bit far away of the machine I prefer to avoid problems :)Just before the last reboot I tried to delete the logs…
In my case df displayed the same 101% full even without the files.
I had no time to play, the system was already dead :) so...But don't forget to restart snort after deleting the logs to release the disk space and restart a blank log :) thanks for your help !