Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort Streams5 Issue

    pfSense Packages
    1
    3
    1757
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Shanlar last edited by

      When I turn on snort it starts spamming my logs with the messages below. I have set streams5 to the maximum values (also tried 0), but I keep getting these messages. Any help would be greatly appreciated.

      Dec 16 16:04:49 snort[40808]: S5: Pruned 5 sessions from cache for memcap. 3231 ssns remain. memcap: 8330513/8388608
      Dec 16 16:04:49 snort[40808]: S5: Pruned 5 sessions from cache for memcap. 3231 ssns remain. memcap: 8330513/8388608
      Dec 16 16:04:48 snort[40808]: S5: Pruned 5 sessions from cache for memcap. 3206 ssns remain. memcap: 8386615/8388608
      Dec 16 16:04:48 snort[40808]: S5: Pruned 5 sessions from cache for memcap. 3206 ssns remain. memcap: 8386615/8388608

      Snort 2.8.6.1 pkg v. 1.34
      pfSense 1.2.3-RELEASE

      Thanks!

      1 Reply Last reply Reply Quote 0
      • S
        Shanlar last edited by

        Ok so it appears the snort gui doesn't change the stream5 settings in the config files. Things are becoming clearer…

        1 Reply Last reply Reply Quote 0
        • S
          Shanlar last edited by

          Ahh now I see the issue, I kept changing the "Max Queued" thinking it was related to memcap. There is no option for changing memcap in the gui, I guess it needs to be changed by hand in the config file. I am surprised no one else has ran into this issue as well?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post