Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 2.9.2.3 pkg v. 2.5.0 Issues

    Scheduled Pinned Locked Moved pfSense Packages
    331 Posts 38 Posters 289.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RonpfSR Offline
      RonpfS
      last edited by

      I have an issue with Snort Blocking the newly acquired WAN IP address.
      It happens a few times lately when my power supply failed on a DSL modem.

      I have to go to the snort Blocked and remove the WAN IP from the list and things run smoothly.  I sit beside the modem so it's not a big deal.  ;)  However is the modem was 2 miles away ….  :'(

      Disconnecting from the Web Interface does not reproduce this problem, it seems it only happens when the Ethernet port goes off/online.
      Maybe when Snort restart, it could/should remove the WAN IP from the Blocked list.

      
      2013-01-19 14:09:29	Local0.Info	172.24.42.254	pf: 00:00:13.621331 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20117, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:09:29	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 124.182.236.55.59795: Flags [R.], cksum 0x4170 (correct), seq 4, ack 1, win 0, length 0
      2013-01-19 14:09:31	Local0.Info	172.24.42.254	pf: 00:00:02.499712 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 14494, offset 0, flags [DF], proto TCP (6), length 73)
      2013-01-19 14:09:31	Local0.Info	172.24.42.254	pf:     172.24.48.84.52634 > 98.139.218.251.993: Flags [P.], cksum 0x2926 (correct), ack 1, win 16708, length 33
      2013-01-19 14:09:34	Local0.Info	172.24.42.254	pf: 00:00:02.572018 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20164, offset 0, flags [DF], proto TCP (6), length 52)
      2013-01-19 14:09:34	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 77.11.235.51.59819: Flags [F.], cksum 0x074e (correct), seq 4, ack 1, win 257, options [nop,nop,TS val 90214240 ecr 144955388], length 0
      2013-01-19 14:09:36	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
      2013-01-19 14:09:36	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
      2013-01-19 14:09:36	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
      2013-01-19 14:09:36	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 12 in 4 seconds
      2013-01-19 14:09:37	Local0.Info	172.24.42.254	pf: 00:00:03.459512 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20195, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:09:37	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 203.26.236.151.21598: Flags [R.], cksum 0x969f (correct), seq 4, ack 1, win 0, length 0
      2013-01-19 14:09:40	Local0.Info	172.24.42.254	pf: 00:00:02.691438 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20215, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:09:40	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 175.156.246.70.46238: Flags [R.], cksum 0xdb07 (correct), seq 5, ack 1, win 0, length 0
      2013-01-19 14:09:40	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 12
      2013-01-19 14:09:40	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
      2013-01-19 14:09:46	Local0.Info	172.24.42.254	pf: 00:00:06.441514 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20277, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:09:46	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 66.91.229.251.62047: Flags [R.], cksum 0x3819 (correct), seq 5, ack 1, win 0, length 0
      2013-01-19 14:09:47	User.Notice	172.24.42.254	check_reload_status: Linkup starting fxp0
      2013-01-19 14:09:47	Kernel.Notice	172.24.42.254	kernel: fxp0: link state changed to UP
      2013-01-19 14:09:48	Local0.Info	172.24.42.254	pf: 00:00:01.765544 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20300, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:09:48	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 77.11.235.51.59819: Flags [R.], cksum 0xb6c2 (correct), seq 5, ack 1, win 0, length 0
      2013-01-19 14:09:49	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
      2013-01-19 14:09:49	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
      2013-01-19 14:09:49	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
      2013-01-19 14:09:49	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 13 in 4 seconds
      2013-01-19 14:09:51	Local0.Info	172.24.42.254	pf: 00:00:02.758237 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20332, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:09:51	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 89.95.29.148.4268: Flags [F.], cksum 0x4cd0 (correct), seq 4, ack 1, win 259, length 0
      2013-01-19 14:09:53	Daemon.Warning	172.24.42.254	miniupnpd[14851]: NewLeaseDuration=1800 not supported, ignored. (ip=172.24.48.32, desc='Tixati_v1.92_UDP_port')
      2013-01-19 14:09:53	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 13
      2013-01-19 14:09:53	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
      2013-01-19 14:09:54	Local0.Info	172.24.42.254	pf: 00:00:02.883816 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20363, offset 0, flags [DF], proto TCP (6), length 56)
      2013-01-19 14:09:54	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 41.137.25.48.41291: Flags [FP.], cksum 0x61ff (correct), seq 4:8, ack 1, win 255, options [nop,nop,TS val 90216240 ecr 63314], length 4
      2013-01-19 14:09:56	Local0.Info	172.24.42.254	pf: 00:00:02.108175 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20380, offset 0, flags [DF], proto TCP (6), length 1462)
      2013-01-19 14:09:56	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 46.120.53.241.54008: Flags [P.], ack 1, win 64765, length 1422
      2013-01-19 14:10:00	Cron.Info	172.24.42.254	/usr/sbin/cron[5741]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc)
      2013-01-19 14:10:02	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
      2013-01-19 14:10:02	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
      2013-01-19 14:10:02	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
      2013-01-19 14:10:02	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 14 in 2 seconds
      2013-01-19 14:10:04	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 14
      2013-01-19 14:10:04	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
      2013-01-19 14:10:06	Local0.Info	172.24.42.254	pf: 00:00:10.480453 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20475, offset 0, flags [DF], proto TCP (6), length 1046)
      2013-01-19 14:10:06	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 94.193.250.50.65321: Flags [FP.], seq 0:1006, ack 1, win 258, length 1006
      2013-01-19 14:10:10	Local0.Info	172.24.42.254	pf: 00:00:03.609422 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20506, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:10:10	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 41.137.25.48.41291: Flags [R.], cksum 0x2ffd (correct), seq 9, ack 1, win 0, length 0
      2013-01-19 14:10:14	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
      2013-01-19 14:10:14	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
      2013-01-19 14:10:14	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
      2013-01-19 14:10:14	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 15 in 3 seconds
      2013-01-19 14:10:14	Local0.Info	172.24.42.254	pf: 00:00:04.430282 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 14780, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:10:14	Local0.Info	172.24.42.254	pf:     172.24.48.84.52634 > 98.139.218.251.993: Flags [R.], cksum 0x5bc6 (correct), seq 33, ack 1, win 0, length 0
      2013-01-19 14:10:15	User.Notice	172.24.42.254	check_reload_status: Linkup starting fxp0
      2013-01-19 14:10:15	Kernel.Notice	172.24.42.254	kernel: fxp0: link state changed to DOWN
      2013-01-19 14:10:15	Local0.Info	172.24.42.254	pf: 00:00:00.339215 rule 2/0(match): block out on lo0: (tos 0x0, ttl 127, id 20541, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:10:15	Local0.Info	172.24.42.254	pf:     172.24.48.32.18447 > 89.95.29.148.4268: Flags [R.], cksum 0x4dcf (correct), seq 5, ack 1, win 0, length 0
      2013-01-19 14:10:17	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 15
      2013-01-19 14:10:17	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
      2013-01-19 14:10:17	User.Notice	172.24.42.254	check_reload_status: Linkup starting fxp0
      2013-01-19 14:10:17	Kernel.Notice	172.24.42.254	kernel: fxp0: link state changed to UP
      2013-01-19 14:10:26	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
      2013-01-19 14:10:26	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
      2013-01-19 14:10:26	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
      2013-01-19 14:10:26	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 16 in 3 seconds
      2013-01-19 14:10:29	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 16
      2013-01-19 14:10:29	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
      2013-01-19 14:10:38	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE connection timeout after 9 seconds
      2013-01-19 14:10:38	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: DOWN event
      2013-01-19 14:10:38	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Down event
      2013-01-19 14:10:38	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 17 in 2 seconds
      2013-01-19 14:10:40	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: reconnection attempt 17
      2013-01-19 14:10:40	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: Connecting to ''
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: PPPoE: rec'd ACNAME "bas10-montreal02"
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PPPoE: connection successful
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: UP event
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: Up event
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Starting --> Req-Sent
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: SendConfigReq #12
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   PROTOCOMP
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 2d14526c
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: rec'd Configure Request #10 (Req-Sent)
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   AUTHPROTO PAP
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 38452021
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: SendConfigAck #10
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   AUTHPROTO PAP
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 38452021
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Req-Sent --> Ack-Sent
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: rec'd Configure Ack #12 (Ack-Sent)
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   PROTOCOMP
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 2d14526c
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Ack-Sent --> Opened
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: auth: peer wants PAP, I want nothing
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: using authname "xxxxxx@yyyyyyy.zzz"
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: sending REQUEST #1 len: 31
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: LayerUp
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: rec'd Configure Request #1 (Opened)
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1462
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   AUTHPROTO PAP
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 38452021
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: LayerDown
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: SendConfigReq #13
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   PROTOCOMP
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 2d14526c
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: SendConfigAck #1
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1462
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   AUTHPROTO PAP
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 38452021
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Opened --> Ack-Sent
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: rec'd Configure Ack #13 (Ack-Sent)
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   PROTOCOMP
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MRU 1492
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0]   MAGICNUM 2d14526c
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: state change Ack-Sent --> Opened
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: auth: peer wants PAP, I want nothing
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: using authname "xxxxx@yyyyyyy.zzz"
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: sending REQUEST #1 len: 31
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: LayerUp
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] PAP: rec'd ACK #1 len: 5
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] LCP: authorization successful
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: Matched action 'bundle "wan" ""'
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan_link0] Link: Join bundle "wan"
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] Bundle: Status update: up 1 link, total bandwidth 64000 bps
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: Open event
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: state change Initial --> Starting
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: LayerStart
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: Up event
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: state change Starting --> Req-Sent
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: SendConfigReq #13
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 0.0.0.0
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 0.0.0.0
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 0.0.0.0
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: rec'd Configure Request #6 (Req-Sent)
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 10.250.0.9
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]     10.250.0.9 is OK
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: SendConfigAck #6
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 10.250.0.9
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: state change Req-Sent --> Ack-Sent
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: rec'd Configure Reject #13 (Ack-Sent)
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: SendConfigReq #14
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 0.0.0.0
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 0.0.0.0
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 0.0.0.0
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: rec'd Configure Nak #14 (Ack-Sent)
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 199.192.238.25
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]     199.192.238.25 is OK
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 10.250.0.9
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 24.226.147.201
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: SendConfigReq #15
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 199.192.238.25
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 10.250.0.9
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 24.226.147.201
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: rec'd Configure Ack #15 (Ack-Sent)
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   IPADDR 199.192.238.25
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   PRIDNS 10.250.0.9
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   SECDNS 24.226.147.201
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: state change Ack-Sent --> Opened
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan] IPCP: LayerUp
      2013-01-19 14:10:42	Daemon.Info	172.24.42.254	ppp: [wan]   199.192.238.25 -> 10.250.0.9
      2013-01-19 14:10:42	User.Notice	172.24.42.254	check_reload_status: Rewriting resolv.conf
      2013-01-19 14:10:43	User.Notice	172.24.42.254	check_reload_status: rc.newwanip starting pppoe1
      2013-01-19 14:10:43	Daemon.Info	172.24.42.254	ppp: [wan] IFACE: Up event
      2013-01-19 14:10:49	User.Warning	172.24.42.254	php: : rc.newwanip: Informational is starting pppoe1.
      2013-01-19 14:10:49	User.Warning	172.24.42.254	php: : rc.newwanip: on (IP address: 199.192.238.25) (interface: wan) (real interface: pppoe1).
      2013-01-19 14:10:49	User.Warning	172.24.42.254	php: : ROUTING: setting default route to 10.250.0.9
      2013-01-19 14:10:49	User.Error	172.24.42.254	apinger: Exiting on signal 15.
      2013-01-19 14:10:50	Daemon.Info	172.24.42.254	dnsmasq[63143]: reading /etc/resolv.conf
      2013-01-19 14:10:50	Daemon.Info	172.24.42.254	dnsmasq[63143]: using nameserver 24.226.147.201#53
      2013-01-19 14:10:50	Daemon.Info	172.24.42.254	dnsmasq[63143]: using nameserver 10.250.0.9#53
      2013-01-19 14:10:50	Daemon.Warning	172.24.42.254	dnsmasq[63143]: ignoring nameserver 127.0.0.1 - local interface
      2013-01-19 14:10:50	User.Notice	172.24.42.254	check_reload_status: Reloading filter
      2013-01-19 14:10:50	User.Error	172.24.42.254	apinger: Starting Alarm Pinger, apinger(40665)
      2013-01-19 14:10:55	User.Warning	172.24.42.254	php: : Resyncing OpenVPN instances for interface WAN.
      2013-01-19 14:10:55	User.Warning	172.24.42.254	php: : Creating rrd update script
      2013-01-19 14:10:56	Daemon.Info	172.24.42.254	ntpd[22401]: Terminating
      2013-01-19 14:10:56	User.Warning	172.24.42.254	php: : The command '/usr/bin/killall 'ntpd'' returned exit code '1', the output was 'killall: warning: kill -TERM 21280: No such process'
      2013-01-19 14:10:56	User.Warning	172.24.42.254	php: : OpenNTPD is starting up.
      2013-01-19 14:10:56	User.Warning	172.24.42.254	php: : pfSense package system has detected an ip change 96.43.229.159 ->   ... Restarting packages.
      2013-01-19 14:10:56	User.Notice	172.24.42.254	check_reload_status: Starting packages
      2013-01-19 14:10:56	Local0.Info	172.24.42.254	pf: 00:00:41.148891 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 21101, offset 0, flags [DF], proto TCP (6), length 1462)
      2013-01-19 14:10:56	Local0.Info	172.24.42.254	pf:     96.43.229.159.33901 > 46.120.53.241.54008: Flags [P.], ack 2575765534, win 64765, length 1422
      2013-01-19 14:11:01	Auth.Alert	172.24.42.254	snort[8384]: [122:26:1] PSNG_ICMP_PORTSWEEP_FILTERED [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255} 199.192.238.25 -> 74.125.226.41
      2013-01-19 14:11:02	User.Warning	172.24.42.254	php: : Restarting/Starting all packages.
      2013-01-19 14:11:10	User.Error	172.24.42.254	apinger: ALARM: WAN(10.250.0.9)  *** down ***
      2013-01-19 14:11:11	User.Notice	172.24.42.254	check_reload_status: Syncing firewall
      2013-01-19 14:11:11	User.Notice	172.24.42.254	check_reload_status: Reloading filter
      2013-01-19 14:11:11	User.Warning	172.24.42.254	php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.
      2013-01-19 14:11:12	User.Notice	172.24.42.254	check_reload_status: Syncing firewall
      2013-01-19 14:11:12	User.Notice	172.24.42.254	check_reload_status: Reloading filter
      2013-01-19 14:11:12	User.Warning	172.24.42.254	php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.
      2013-01-19 14:11:13	User.Warning	172.24.42.254	php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.
      2013-01-19 14:11:13	User.Warning	172.24.42.254	php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.
      2013-01-19 14:11:16	Daemon.Info	172.24.42.254	SnortStartup[53746]: Snort STOP For Wan Snort(18203_pppoe1)...
      2013-01-19 14:11:17	Daemon.Error	172.24.42.254	snort[8384]: *** Caught Term-Signal
      2013-01-19 14:11:17	Kernel.Info	172.24.42.254	kernel: pppoe1: promiscuous mode disabled
      2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]: ===============================================================================
      2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]: Run time for packet processing was 36881.74985 seconds
      2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]: Snort processed 6330687 packets.
      2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]: Snort ran for 0 days 10 hours 14 minutes 41 seconds
      2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]:     Pkts/hr:       633068
      2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]:    Pkts/min:        10310
      2013-01-19 14:11:18	Daemon.Notice	172.24.42.254	snort[8384]:    Pkts/sec:          171
      ...
      2013-01-19 14:11:18	Daemon.Error	172.24.42.254	snort[8384]: Could not remove pid file /var/run/snort_pppoe118203.pid: No such file or directory
      2013-01-19 14:11:19	Daemon.Notice	172.24.42.254	snort[8384]: Snort exiting
      2013-01-19 14:11:19	Daemon.Info	172.24.42.254	SnortStartup[3227]: Snort STOP For Lan(53096_bridge0)...
      2013-01-19 14:11:19	Cron.Info	172.24.42.254	/usr/sbin/cron[5607]: (CRON) DEATH (cron already running, pid: 29495)
      2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Found pid path directive (/var/run)
      2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Running in IDS mode
      2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]:
      2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]:         --== Initializing Snort ==--
      2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Initializing Output Plugins!
      2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Initializing Preprocessors!
      2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Initializing Plug-ins!
      2013-01-19 14:11:20	Daemon.Notice	172.24.42.254	snort[6149]: Parsing Rules file "/usr/local/etc/snort/snort_18203_pppoe1/snort.conf"
      
      ...
      
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: [ Number of null byte prefixed patterns trimmed: 4690 ]
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: pcap DAQ configured to passive.
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: The DAQ version does not support reload.
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: Acquiring network traffic from "bridge0".
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[57546]: Initializing daemon mode
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Daemon initialized, signaled parent pid: 57546
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Reload thread starting...
      2013-01-19 14:12:11	Daemon.Info	172.24.42.254	SnortStartup[21676]: Snort START For Lan(53096_bridge0)...
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Reload thread started, thread 0x3cff9740 (21641)
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Decoding Ethernet
      2013-01-19 14:12:11	Kernel.Info	172.24.42.254	kernel: bridge0: promiscuous mode enabled
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Checking PID path...
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: PID path stat checked out ok, PID path set to /var/run
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Writing PID "21641" to file "/var/run/snort_bridge053096.pid"
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]:
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]:         --== Initialization Complete ==--
      2013-01-19 14:12:11	Daemon.Notice	172.24.42.254	snort[21641]: Commencing packet processing (pid=21641)
      2013-01-19 14:12:25	User.Error	172.24.42.254	apinger: alarm canceled: WAN(10.250.0.9)  *** down ***
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:01:34.556180 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22326, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000031 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22326, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.035634 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000032 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22327, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.094243 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000054 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22329, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:30	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.266089 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22332, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.006642 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22333, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.227067 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 22342, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:31	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:35	User.Notice	172.24.42.254	check_reload_status: Reloading filter
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:18.115624 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16408, offset 0, flags [DF], proto TCP (6), length 73)
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     199.192.238.25.2030 > 74.125.142.108.993: Flags [P.], cksum 0xb513 (correct), ack 3477012993, win 16646, length 33
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000652 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16409, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000086 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16409, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.002810 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16411, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.064198 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000069 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000016 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16466, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.236779 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000096 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000015 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16514, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000545 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000028 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16515, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.122940 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16539, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
      2013-01-19 14:12:49	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:50	User.Error	172.24.42.254	apinger: /usr/local/bin/rrdtool respawning too fast, waiting 300s.
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.176181 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000034 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000010 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16549, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000081 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000067 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16550, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.259698 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16557, offset 0, flags [DF], proto TCP (6), length 73)
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     199.192.238.25.42360 > 74.125.142.108.993: Flags [P.], cksum 0x1789 (correct), ack 3477012993, win 16646, length 33
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.063863 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000055 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf: 00:00:00.000017 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 16560, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:12:50	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:12:51	Local0.Info	172.24.42.254	pf: 00:00:01.636090 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16717, offset 0, flags [DF], proto TCP (6), length 73)
      2013-01-19 14:12:51	Local0.Info	172.24.42.254	pf:     199.192.238.25.50874 > 74.125.142.108.993: Flags [P.], cksum 0xf646 (correct), ack 3477012993, win 16646, length 33
      2013-01-19 14:12:55	Local0.Info	172.24.42.254	pf: 00:00:03.299385 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16810, offset 0, flags [none], proto TCP (6), length 73)
      2013-01-19 14:12:55	Local0.Info	172.24.42.254	pf:     199.192.238.25.64636 > 74.125.142.108.993: Flags [P.], cksum 0xc084 (correct), ack 3477012993, win 16646, length 33
      2013-01-19 14:12:58	Local0.Info	172.24.42.254	pf: 00:00:03.300201 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16850, offset 0, flags [none], proto TCP (6), length 73)
      2013-01-19 14:12:58	Local0.Info	172.24.42.254	pf:     199.192.238.25.32735 > 74.125.142.108.993: Flags [P.], cksum 0x3d22 (correct), ack 3477012993, win 16646, length 33
      2013-01-19 14:13:01	Local0.Info	172.24.42.254	pf: 00:00:03.299921 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16866, offset 0, flags [DF], proto TCP (6), length 73)
      2013-01-19 14:13:01	Local0.Info	172.24.42.254	pf:     199.192.238.25.19486 > 74.125.142.108.993: Flags [P.], cksum 0x70e3 (correct), ack 3477012993, win 16646, length 33
      2013-01-19 14:13:08	Local0.Info	172.24.42.254	pf: 00:00:06.600618 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 16904, offset 0, flags [DF], proto TCP (6), length 73)
      2013-01-19 14:13:08	Local0.Info	172.24.42.254	pf:     199.192.238.25.22116 > 74.125.142.108.993: Flags [P.], cksum 0x669d (correct), ack 3477012993, win 16646, length 33
      2013-01-19 14:13:21	Local0.Info	172.24.42.254	pf: 00:00:13.199589 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 17111, offset 0, flags [DF], proto TCP (6), length 73)
      2013-01-19 14:13:21	Local0.Info	172.24.42.254	pf:     199.192.238.25.9343 > 74.125.142.108.993: Flags [P.], cksum 0x9882 (correct), ack 3477012993, win 16646, length 33
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:12.622297 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17781, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000076 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17781, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.005870 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000030 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17783, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.005717 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000027 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17785, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000090 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000024 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17786, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.029238 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000033 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17789, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.273112 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000032 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17822, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000091 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000022 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17823, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.226790 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000058 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 17850, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:13:35	Local0.Info	172.24.42.254	pf:     172.24.48.84 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:13:48	Local0.Info	172.24.42.254	pf: 00:00:13.135819 rule 2/0(match): block out on pppoe1: (tos 0x0, ttl 127, id 18585, offset 0, flags [DF], proto TCP (6), length 40)
      2013-01-19 14:13:48	Local0.Info	172.24.42.254	pf:     199.192.238.25.40730 > 74.125.142.108.993: Flags [R.], cksum 0xc6b7 (correct), seq 2407487129, ack 3477012993, win 0, length 0
      2013-01-19 14:15:00	Cron.Info	172.24.42.254	/usr/sbin/cron[32497]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc)
      2013-01-19 14:15:00	Cron.Info	172.24.42.254	/usr/sbin/cron[32222]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 10800 snort2c)
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:01:14.950986 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2750, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000021 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2750, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)]
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.055303 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000022 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000009 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2753, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.083522 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000028 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf: 00:00:00.000009 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2755, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:03	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.230214 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000057 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000014 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2757, offset 0, flags [none], proto IGMP (2), length 48, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 2 group record(s) [gaddr 224.0.0.253 to_ex, 0 source(s)] [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2762, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000050 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2762, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_in, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.061596 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000035 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000013 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2764, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.093995 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000065 rule 65/8(ip-option): pass in on bridge0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf: 00:00:00.000016 rule 65/8(ip-option): pass in on re0: (tos 0x0, ttl 1, id 2766, offset 0, flags [none], proto IGMP (2), length 40, options (RA))
      2013-01-19 14:15:04	Local0.Info	172.24.42.254	pf:     172.24.48.32 > 224.0.0.22: igmp v3 report, 1 group record(s) [gaddr 224.0.0.252 to_ex, 0 source(s)]
      2013-01-19 14:15:10	Local0.Info	172.24.42.254	pf: 00:00:05.917517 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 21877, offset 0, flags [none], proto UDP (17), length 58)
      2013-01-19 14:15:10	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
      2013-01-19 14:15:13	Local0.Info	172.24.42.254	pf: 00:00:02.577828 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22126, offset 0, flags [none], proto UDP (17), length 58)
      2013-01-19 14:15:13	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
      2013-01-19 14:15:16	Local0.Info	172.24.42.254	pf: 00:00:03.256166 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22435, offset 0, flags [none], proto UDP (17), length 58)
      2013-01-19 14:15:16	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
      2013-01-19 14:15:19	Local0.Info	172.24.42.254	pf: 00:00:03.348764 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 22826, offset 0, flags [none], proto UDP (17), length 58)
      2013-01-19 14:15:19	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
      2013-01-19 14:15:24	Local0.Info	172.24.42.254	pf: 00:00:05.043766 rule 1/0(match): block in on pppoe1: (tos 0x0, ttl 115, id 23506, offset 0, flags [none], proto UDP (17), length 58)
      2013-01-19 14:15:24	Local0.Info	172.24.42.254	pf:     24.89.231.188.62691 > 199.192.238.25.26836: UDP, length 30
      2013-01-19 14:15:25	Local0.Info	172.24.42.254	pf: 00:00:00.364758 rule 54/0(match): pass in on pppoe1: (tos 0x0, ttl 46, id 38524, offset 0, flags [none], proto ICMP (1), length 76)
      2013-01-19 14:15:25	Local0.Info	172.24.42.254	pf:     69.205.234.29 > 199.192.238.25: ICMP host 192.168.1.25 unreachable, length 56
      2013-01-19 14:15:25	Local0.Info	172.24.42.254	pf: <009>(tos 0x0, ttl 109, id 5705, offset 0, flags [none], proto UDP (17), length 48)
      2013-01-19 14:15:25	Local0.Info	172.24.42.254	pf:     199.192.238.25.32662 > 192.168.1.25.13826: UDP, length 20
      2013-01-19 14:15:30	Local0.Info	172.24.42.254	pf: 00:00:05.546332 rule 1/0(match): block 
      
      

      2.4.5-RELEASE-p1 (amd64)
      Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

      1 Reply Last reply Reply Quote 0
      • E Offline
        eri--
        last edited by

        Can you please test the latest package and see if it behaves better?

        1 Reply Last reply Reply Quote 0
        • RonpfSR Offline
          RonpfS
          last edited by

          @ermal:

          Can you please test the latest package and see if it behaves better?

          I have 2.9.2.3 pkg v. 2.5.2  on Pfsense 2.0.1

          2.4.5-RELEASE-p1 (amd64)
          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

          1 Reply Last reply Reply Quote 0
          • S Offline
            Supermule Banned
            last edited by

            Cant start Snort on the revised package….

            1 Reply Last reply Reply Quote 0
            • S Offline
              Supermule Banned
              last edited by

              Started but needed to enable SSL state preprocessor to get it going….

              1 Reply Last reply Reply Quote 0
              • bmeeksB Offline
                bmeeks
                last edited by

                @Supermule:

                Started but needed to enable SSL state preprocessor to get it going….

                Will take a look and submit a fix for this later.  Might be as late as Wednesday evening, though.  Have some personal matters to attend to today and tomorrow.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  Supermule Banned
                  last edited by

                  No worries mate :) Take your time. Its working and no errors. So not mission critical!

                  1 Reply Last reply Reply Quote 0
                  • RonpfSR Offline
                    RonpfS
                    last edited by

                    Remove and Install latest v2.5.3

                    Got this behind the install frame window

                    Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953 
                    
                    

                    Got this when I stop and started the snort interface

                    22:55 mardi 22 janvier 2013
                    Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 129 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 130 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 131 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 132 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 133 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 136 
                    
                    

                    However snort seems to be running fine.

                    I cycle power on the DSL modem and it did not block the WAN IP. Its seems to behave ok.

                    2.4.5-RELEASE-p1 (amd64)
                    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                    1 Reply Last reply Reply Quote 0
                    • S Offline
                      Supermule Banned
                      last edited by

                      Can we get Snort to save blocked hosts that can survive a reboot??

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB Offline
                        bmeeks
                        last edited by

                        @Supermule:

                        Can we get Snort to save blocked hosts that can survive a reboot??

                        I can take a look at this.  I don't use that feature, and thus have never investigated it.  How are enabled/disabled rules holding up now?  Do your changes survive rule updates and restarts?

                        1 Reply Last reply Reply Quote 0
                        • bmeeksB Offline
                          bmeeks
                          last edited by

                          @RonpfS:

                          Remove and Install latest v2.5.3

                          Got this behind the install frame window

                          Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953 
                          
                          

                          Got this when I stop and started the snort interface

                          22:55 mardi 22 janvier 2013
                          Warning: file(/usr/local/etc/snort/rules/emerging-virus.rules): failed to open stream: No such file or directory in /usr/local/pkg/snort/snort.inc on line 947 Warning: Invalid argument supplied for foreach() in /usr/local/pkg/snort/snort.inc on line 953 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 129 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 130 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 131 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 132 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 133 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/snort/snort.inc:947) in /usr/local/www/snort/snort_interfaces.php on line 136 
                          
                          

                          I can add some more robust error checking to prevent this.  Did you by chance make any rule category changes during the uninstall/re-install process?  Just asking to help me better isolate where the problem might be.

                          Thanks,
                          Bill

                          1 Reply Last reply Reply Quote 0
                          • S Offline
                            Supermule Banned
                            last edited by

                            I havent had a rule update yet, so will revert back as soon as I have :)

                            @bmeeks:

                            @Supermule:

                            Can we get Snort to save blocked hosts that can survive a reboot??

                            I can take a look at this.  I don't use that feature, and thus have never investigated it.  How are enabled/disabled rules holding up now?  Do your changes survive rule updates and restarts?

                            1 Reply Last reply Reply Quote 0
                            • S Offline
                              Supermule Banned
                              last edited by

                              Snort doesnt respect whitelisted Alias on the WAN side. Got blocked out and had to use the back entrance :D

                              1 Reply Last reply Reply Quote 0
                              • S Offline
                                Supermule Banned
                                last edited by

                                And another thing….everytime I enable/disable a rule, it throws me back to the top of the page....that makes a lot of scrolling all the time!! Can it be changed somehow? So you either go back to where you were or not move at all?

                                1 Reply Last reply Reply Quote 0
                                • bmeeksB Offline
                                  bmeeks
                                  last edited by

                                  @Supermule:

                                  And another thing….everytime I enable/disable a rule, it throws me back to the top of the page....that makes a lot of scrolling all the time!! Can it be changed somehow? So you either go back to where you were or not move at all?

                                  I will try.  That one may be a bit difficult to pull off with the way PHP handles POST back with forms. I agree on it being a pain with scrolling.

                                  1 Reply Last reply Reply Quote 0
                                  • S Offline
                                    Supermule Banned
                                    last edited by

                                    Thanks mate!! You are doing the PFSense community a big favor here!

                                    Thank you :)

                                    1 Reply Last reply Reply Quote 0
                                    • S Offline
                                      Supermule Banned
                                      last edited by

                                      Dude…..Can you give me your account number so I can transfer some funds for your work? I would like to donate a little to your working efforts!

                                      1 Reply Last reply Reply Quote 0
                                      • bmeeksB Offline
                                        bmeeks
                                        last edited by

                                        @Supermule:

                                        Dude…..Can you give me your account number so I can transfer some funds for your work? I would like to donate a little to your working efforts!

                                        Thank you for the offer, but I don't have one. I'm contributing my efforts gratis since I also use the product.  I made the changes originally for my own benefit, and decided to see if the community could benefit from them as well.

                                        I still have a few little quirks to clean up that some folks have identified.

                                        1 Reply Last reply Reply Quote 0
                                        • S Offline
                                          Supermule Banned
                                          last edited by

                                          Its always there if you need it ;)

                                          Have you considered the ability to sort all coloumns of the blocked IP's tab??

                                          So one can sort it on number, IP Alert description and time?

                                          And the same on the alerts tab?

                                          1 Reply Last reply Reply Quote 0
                                          • bmeeksB Offline
                                            bmeeks
                                            last edited by

                                            @Supermule:

                                            Its always there if you need it ;)

                                            Have you considered the ability to sort all coloumns of the blocked IP's tab??

                                            So one can sort it on number, IP Alert description and time?

                                            And the same on the alerts tab?

                                            Yes on that, and also to sort the SIDs on the RULES tab.  Tried to pull that off to begin with, but the way PHP handles multidimension arrays and sorting was giving me fits.  Decided to put the changes out first to introduce the functionality, and then come back and add the bells and whistles.

                                            Bill

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.