Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort 2.9.4.6 Pkg v 2.5.9

    Scheduled Pinned Locked Moved pfSense Packages
    203 Posts 28 Posters 119.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB Offline
      bmeeks
      last edited by

      I will take a look and see what's possible with regards to the DNS lookups on the Alerts and Blocked tabs.  I like the idea of the blue icon and then a pop-up window containing the lookup results when clicked.  That is the least I/O intensive procedure.

      Bill

      1 Reply Last reply Reply Quote 0
      • C Offline
        Cino
        last edited by

        @bmeeks:

        @pfSenseRocks:

        Unfortunately, I still reproduce the problem. Usually occurs after snort restarts after downloading new rules.

        [2.1-RC1][admin@sense.home]/root(1): ps -ax | grep snort
        23405  ??  Ss    8:25.86 /usr/pbi/snort-amd64/bin/snort -R 56048 -E -q -l /var/log/snort/snort_em0_vlan1056048 –pid-path /var/run
        24490  ??  SNLs  0:28.51 /usr/pbi/snort-amd64/bin/snort -R 56048 -D -q -l /var/log/snort/snort_em0_vlan1056048 --pid-path /var/run
        45765  ??  SNs    0:29.51 /usr/pbi/snort-amd64/bin/snort -R 56048 -D -q -l /var/log/snort/snort_em0_vlan1056048 --pid-path /var/run
        46524  ??  Ss    0:03.79 /usr/pbi/snort-amd64/bin/snort -R 40477 -D -q -l /var/log/snort/snort_em0_vlan1140477 --pid-path /var/run
        47171  ??  SNs    0:03.70 /usr/pbi/snort-amd64/bin/snort -R 40477 -D -q -l /var/log/snort/snort_em0_vlan1140477 --pid-path /var/run
        47645  ??  SNs    0:03.76 /usr/pbi/snort-amd64/bin/snort -R 40477 -D -q -l /var/log/snort/snort_em0_vlan1140477 --pid-path /var/run
        52671  0  S+    0:00.00 grep snort

        Version 2.1-RC1  (amd64)
        built on Mon Aug 19 16:16:39 EDT 2013
        FreeBSD 8.3-RELEASE-p9

        Looks like you have multiple VLANs on a single interface.  I did not test that way.  I have just single IP blocks on each of my three interfaces, and I get only single instances of Snort per interface.

        I have a theory about what could be happening.  Unfortunately, if my theory is correct, this may be a hard bug to quash.  Let me ponder on it and maybe also set up a VLAN configuration similar to yours.  Without giving away too much private information, can you post a high-level description of how your Snort interfaces are configured in terms of VLANs (number per interface, etc.)?

        Bill

        I have a similar issue. If there rc.start_packages is called, snort doesn't restart correctly. It will create new instances of snort… I've maxed out of resources on my box because of this..

        
        [2.1-RC1][/root(1): ps -ax | grep snort
        11617  ??  SNs    0:19.21 /usr/pbi/snort-i386/bin/snort -R 63656 -D -q -l /var/log/snort/snort_em0_vlan563656 --pid-path /var/run --nolock-pidfile -G 63656 -c /usr/pbi/snort-i386/etc
        12256  ??  SNs    9:30.06 /usr/pbi/snort-i386/bin/snort -R 60770 -D -q -l /var/log/snort/snort_em360770 --pid-path /var/run --nolock-pidfile -G 60770 -c /usr/pbi/snort-i386/etc/snort
        18390  ??  SNs    7:23.96 /usr/pbi/snort-i386/bin/snort -R 5622 -D -q -l /var/log/snort/snort_em25622 --pid-path /var/run --nolock-pidfile -G 5622 -c /usr/pbi/snort-i386/etc/snort/sn
        42825  ??  SNs    4:17.50 /usr/pbi/snort-i386/bin/snort -R 60770 -D -q -l /var/log/snort/snort_em360770 --pid-path /var/run --nolock-pidfile -G 60770 -c /usr/pbi/snort-i386/etc/snort
        56893  ??  SNs    1:41.06 /usr/pbi/snort-i386/bin/snort -R 60770 -D -q -l /var/log/snort/snort_em360770 --pid-path /var/run --nolock-pidfile -G 60770 -c /usr/pbi/snort-i386/etc/snort
        67712  ??  SNs    1:26.93 /usr/pbi/snort-i386/bin/snort -R 63656 -D -q -l /var/log/snort/snort_em0_vlan563656 --pid-path /var/run --nolock-pidfile -G 63656 -c /usr/pbi/snort-i386/etc
        74458  ??  SNs    0:17.27 /usr/pbi/snort-i386/bin/snort -R 59292 -D -q -l /var/log/snort/snort_em359292 --pid-path /var/run --nolock-pidfile -G 59292 -c /usr/pbi/snort-i386/etc/snort
        76099  ??  SNs    3:40.18 /usr/pbi/snort-i386/bin/snort -R 5622 -D -q -l /var/log/snort/snort_em25622 --pid-path /var/run --nolock-pidfile -G 5622 -c /usr/pbi/snort-i386/etc/snort/sn
        90876  ??  SNs    1:26.13 /usr/pbi/snort-i386/bin/snort -R 5622 -D -q -l /var/log/snort/snort_em25622 --pid-path /var/run --nolock-pidfile -G 5622 -c /usr/pbi/snort-i386/etc/snort/sn
        93617  ??  SNs    0:05.95 /usr/pbi/snort-i386/bin/snort -R 63656 -D -q -l /var/log/snort/snort_em0_vlan563656 --pid-path /var/run --nolock-pidfile -G 63656 -c /usr/pbi/snort-i386/etc
        63880   0  S+     0:00.02 grep snort
        [2.1-RC1][root@pfsense.cino.homeip.net]/root(2):
        
        
        1 Reply Last reply Reply Quote 0
        • P Offline
          pfSenseRocks
          last edited by

          can you post a high-level description of how your Snort interfaces are configured in terms of VLANs (number per interface, etc.)?

          Sorry about the tardy response, Bill. I have been traveling with intermittent to no internet connectivity.

          Here's my config on pfSense:

          VLAN10  WAN
          VLAN11  LAN
          VLAN12  GAN  // Guest LAN

          snort:
          WAN IPS security profile
          LAN  All other categories that aren't included in security profile

          Both interfaces are configured for AC.

          Sorry about the incomplete info. I am reciting from memory.

          1 Reply Last reply Reply Quote 0
          • bmeeksB Offline
            bmeeks
            last edited by

            Cino and pfSenseRocks:

            Thank you for the feedback on the multiple instances problem.  I will be tied up the next few days on some business and then personal stuff, so it will be after the U.S. Labor Day Holiday (September 2nd) before I can devote a lot of time to researching this issue.  The hint about rc.start_packages is helpful.  I will see if I can get to the bottom of the problem, though.  Different manifestations of what are probably the same underlying bug have shown up over the last year with Snort and restarts.  Sometimes it seems to be fixed, and then it pops up again.  Obviously we have not yet found the true root cause.

            Bill

            1 Reply Last reply Reply Quote 0
            • C Offline
              Cino
              last edited by

              Bill,

              For a test to grab clean logs of the issue, I bounced my cable modem.. Hope this helps and enjoying labor day… I know I will be

              GW Log

              
              Aug 28 10:41:13 	apinger: SIGHUP received, reloading configuration.
              Aug 28 10:41:13 	apinger: SIGHUP received, reloading configuration.
              Aug 28 10:40:58 	apinger: SIGHUP received, reloading configuration.
              Aug 28 10:40:09 	apinger: alarm canceled (config reload): WAN_DHCP(X.X.208.1) *** WAN_DHCPdown ***
              Aug 28 10:40:09 	apinger: SIGHUP received, reloading configuration.
              Aug 28 10:39:53 	apinger: ALARM: WAN_DHCP(X.X.208.1) *** WAN_DHCPdown ***
              
              

              System Log

              
              Aug 28 10:47:25 	sshd[6872]: Accepted keyboard-interactive/pam for root from 192.168.200.6 port 28523 ssh2
              Aug 28 10:43:28 	SnortStartup[11968]: Snort SOFT RESTART for WLAN Guest Alerting(63656_em0_vlan5)...
              Aug 28 10:43:22 	SnortStartup[10757]: Snort SOFT RESTART for WLAN Guest Alerting(63656_em0_vlan5)...
              Aug 28 10:43:19 	kernel: em2: promiscuous mode enabled
              Aug 28 10:43:11 	SnortStartup[9674]: Snort START for LAN Alerting(5622_em2)...
              Aug 28 10:43:09 	SnortStartup[8925]: Snort SOFT RESTART for WAN Alerting(59292_em3)...
              Aug 28 10:43:02 	SnortStartup[7961]: Snort START for LAN Alerting(5622_em2)...
              Aug 28 10:42:58 	SnortStartup[6717]: Snort START for WAN Alerting(59292_em3)...
              Aug 28 10:42:57 	kernel: em3: promiscuous mode enabled
              Aug 28 10:42:45 	SnortStartup[67423]: Snort START for WAN Blocking(60770_em3)...
              Aug 28 10:42:38 	kernel: em2: promiscuous mode disabled
              Aug 28 10:42:37 	snort[9920]: *** Caught Term-Signal
              Aug 28 10:42:36 	SnortStartup[64481]: Snort STOP for LAN Alerting(5622_em2)...
              Aug 28 10:42:33 	SnortStartup[60383]: Snort START for WAN Blocking(60770_em3)...
              Aug 28 10:42:31 	SnortStartup[57262]: Snort START for WLAN Guest Alerting(63656_em0_vlan5)...
              Aug 28 10:42:28 	kernel: em2: promiscuous mode enabled
              Aug 28 10:42:24 	kernel: em3: promiscuous mode disabled
              Aug 28 10:42:24 	snort[73635]: *** Caught Term-Signal
              Aug 28 10:42:23 	SnortStartup[5755]: Snort STOP for WAN Alerting(59292_em3)...
              Aug 28 10:42:20 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:20 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:20 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:20 	bandwidthd: Opening em2
              Aug 28 10:42:20 	bandwidthd: Finished recovering 8648 records
              Aug 28 10:42:20 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:20 	bandwidthd: Opening em2
              Aug 28 10:42:20 	bandwidthd: Finished recovering 1761 records
              Aug 28 10:42:20 	bandwidthd: Recovering from log.1.0.cdf
              Aug 28 10:42:20 	bandwidthd: Finished recovering 4016 records
              Aug 28 10:42:20 	bandwidthd: Recovering from log.1.1.cdf
              Aug 28 10:42:20 	bandwidthd: Finished recovering 4015 records
              Aug 28 10:42:20 	bandwidthd: Recovering from log.2.0.cdf
              Aug 28 10:42:20 	bandwidthd: Finished recovering 1131 records
              Aug 28 10:42:20 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:20 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:20 	bandwidthd: Opening em2
              Aug 28 10:42:20 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:20 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:20 	bandwidthd: Finished recovering 123 records
              Aug 28 10:42:20 	bandwidthd: Opening em2
              Aug 28 10:42:20 	bandwidthd: Recovering from log.4.0.cdf
              Aug 28 10:42:20 	bandwidthd: Finished recovering 2696 records
              Aug 28 10:42:20 	bandwidthd: Recovering from log.2.1.cdf
              Aug 28 10:42:20 	bandwidthd: Finished recovering 1208 records
              Aug 28 10:42:20 	bandwidthd: Recovering from log.1.2.cdf
              Aug 28 10:42:20 	bandwidthd: Recovering from log.3.0.cdf
              Aug 28 10:42:20 	bandwidthd: Recovering from log.2.2.cdf
              Aug 28 10:42:20 	bandwidthd: Monitoring subnet 192.168.5.0 with netmask 192.168.5.0
              Aug 28 10:42:20 	bandwidthd: Monitoring subnet 192.168.0.0 with netmask 192.168.0.0
              Aug 28 10:42:19 	snort[63368]: *** Caught Term-Signal
              Aug 28 10:42:18 	SnortStartup[1275]: Snort STOP for WAN Blocking(60770_em3)...
              Aug 28 10:42:18 	bandwidthd: Finished recovering 2696 records
              Aug 28 10:42:18 	bandwidthd: Recovering from log.2.1.cdf
              Aug 28 10:42:18 	bandwidthd: Finished recovering 1208 records
              Aug 28 10:42:18 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:18 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:18 	bandwidthd: Opening em2
              Aug 28 10:42:18 	bandwidthd: Finished recovering 123 records
              Aug 28 10:42:18 	bandwidthd: Recovering from log.3.0.cdf
              Aug 28 10:42:18 	bandwidthd: Recovering from log.4.0.cdf
              Aug 28 10:42:18 	bandwidthd: Recovering from log.1.2.cdf
              Aug 28 10:42:18 	bandwidthd: Recovering from log.2.2.cdf
              Aug 28 10:42:18 	bandwidthd: Monitoring subnet 192.168.5.0 with netmask 192.168.5.0
              Aug 28 10:42:18 	bandwidthd: Monitoring subnet 192.168.0.0 with netmask 192.168.0.0
              Aug 28 10:42:16 	php: rc.start_packages: The command '/usr/local/etc/rc.d/bandwidthd.sh stop' returned exit code '1', the output was 'No matching processes were found'
              Aug 28 10:42:14 	squid[78388]: Squid Parent: (squid-1) process 78602 started
              Aug 28 10:42:14 	squid[78388]: Squid Parent: will start 1 kids
              Aug 28 10:42:14 	squid[77880]: Squid Parent: (squid-1) process 78063 started
              Aug 28 10:42:13 	squid[77880]: Squid Parent: will start 1 kids
              Aug 28 10:42:11 	squid[57908]: Squid Parent: (squid-1) process 58242 exited with status 0
              Aug 28 10:42:10 	squid[60746]: Squid Parent: (squid-1) process 61166 exited with status 0
              Aug 28 10:42:10 	SnortStartup[74072]: Snort START for LAN Alerting(5622_em2)...
              Aug 28 10:42:07 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:07 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:07 	bandwidthd: Opening em2
              Aug 28 10:42:07 	bandwidthd: Finished recovering 8648 records
              Aug 28 10:42:07 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:07 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:07 	bandwidthd: Opening em2
              Aug 28 10:42:07 	bandwidthd: Finished recovering 1761 records
              Aug 28 10:42:07 	bandwidthd: Recovering from log.1.0.cdf
              Aug 28 10:42:07 	bandwidthd: Finished recovering 4016 records
              Aug 28 10:42:07 	bandwidthd: Recovering from log.2.0.cdf
              Aug 28 10:42:07 	bandwidthd: Finished recovering 1131 records
              Aug 28 10:42:07 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:07 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:07 	bandwidthd: Opening em2
              Aug 28 10:42:07 	bandwidthd: Finished recovering 123 records
              Aug 28 10:42:07 	bandwidthd: Recovering from log.2.1.cdf
              Aug 28 10:42:07 	bandwidthd: Finished recovering 1208 records
              Aug 28 10:42:07 	bandwidthd: Recovering from log.1.1.cdf
              Aug 28 10:42:07 	bandwidthd: Finished recovering 4015 records
              Aug 28 10:42:07 	bandwidthd: Recovering from log.2.2.cdf
              Aug 28 10:42:07 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:07 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:07 	bandwidthd: Opening em2
              Aug 28 10:42:07 	bandwidthd: Finished recovering 2696 records
              Aug 28 10:42:07 	bandwidthd: Recovering from log.4.0.cdf
              Aug 28 10:42:07 	bandwidthd: Recovering from log.3.0.cdf
              Aug 28 10:42:07 	bandwidthd: Recovering from log.1.2.cdf
              Aug 28 10:42:07 	bandwidthd: Monitoring subnet 192.168.5.0 with netmask 192.168.5.0
              Aug 28 10:42:07 	bandwidthd: Monitoring subnet 192.168.0.0 with netmask 192.168.0.0
              Aug 28 10:42:06 	SnortStartup[70343]: Snort START for WAN Alerting(59292_em3)...
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: Not calling package sync code for dependency squidreverse of squid3-dev because some include files are missing.
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:06 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:42:05 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:05 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:05 	bandwidthd: Opening em2
              Aug 28 10:42:05 	bandwidthd: Finished recovering 2696 records
              Aug 28 10:42:05 	bandwidthd: Recovering from log.2.1.cdf
              Aug 28 10:42:05 	bandwidthd: Finished recovering 1208 records
              Aug 28 10:42:05 	bandwidthd: Recovering from log.2.2.cdf
              Aug 28 10:42:05 	bandwidthd: Drawing initial graphs
              Aug 28 10:42:05 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:42:05 	bandwidthd: Opening em2
              Aug 28 10:42:05 	bandwidthd: Finished recovering 123 records
              Aug 28 10:42:05 	bandwidthd: Recovering from log.4.0.cdf
              Aug 28 10:42:05 	bandwidthd: Recovering from log.1.2.cdf
              Aug 28 10:42:05 	bandwidthd: Recovering from log.3.0.cdf
              Aug 28 10:42:05 	bandwidthd: Monitoring subnet 192.168.5.0 with netmask 192.168.5.0
              Aug 28 10:42:05 	bandwidthd: Monitoring subnet 192.168.0.0 with netmask 192.168.0.0
              Aug 28 10:42:04 	kernel: em3: promiscuous mode enabled
              Aug 28 10:42:03 	php: rc.start_packages: The command '/usr/local/etc/rc.d/bandwidthd.sh stop' returned exit code '1', the output was 'No matching processes were found'
              Aug 28 10:42:03 	check_reload_status: Syncing firewall
              Aug 28 10:42:01 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/ipmitool.xml
              Aug 28 10:42:01 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/ipmitool.xml
              Aug 28 10:42:01 	squid[60746]: Squid Parent: (squid-1) process 61166 started
              Aug 28 10:42:01 	squid[60746]: Squid Parent: will start 1 kids
              Aug 28 10:42:01 	squid[57908]: Squid Parent: (squid-1) process 58242 started
              Aug 28 10:42:01 	squid[57908]: Squid Parent: will start 1 kids
              Aug 28 10:42:00 	upsmon[42711]: Communications with UPS APC_Back-UPS_ES550@localhost established
              Aug 28 10:42:00 	upsd[42078]: User monuser@127.0.0.1 logged into UPS [APC_Back-UPS_ES550]
              Aug 28 10:41:59 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:41:59 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:41:59 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:41:59 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:41:58 	squid[33548]: Squid Parent: (squid-1) process 33781 exited with status 0
              Aug 28 10:41:58 	squid[32797]: Squid Parent: (squid-1) process 33693 exited with status 0
              Aug 28 10:41:57 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/urlsnarf.xml
              Aug 28 10:41:57 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/urlsnarf.xml
              Aug 28 10:41:55 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/iftop.xml
              Aug 28 10:41:55 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/iftop.xml
              Aug 28 10:41:55 	upsmon[42711]: Communications with UPS APC_Back-UPS_ES550@localhost lost
              Aug 28 10:41:55 	upsmon[42711]: Poll UPS [APC_Back-UPS_ES550@localhost] failed - Write error: Operation not permitted
              Aug 28 10:41:54 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:54 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:54 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:54 	php: rc.start_packages: Not calling package sync code for dependency squidreverse of squid3-dev because some include files are missing.
              Aug 28 10:41:54 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:53 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:41:50 	upsd[42078]: User monuser@127.0.0.1 logged into UPS [APC_Back-UPS_ES550]
              Aug 28 10:41:50 	upsmon[42403]: Startup successful
              Aug 28 10:41:50 	upsd[42078]: Startup successful
              Aug 28 10:41:50 	upsd[41895]: Connected to UPS [APC_Back-UPS_ES550]: usbhid-ups-APC_Back-UPS_ES550
              Aug 28 10:41:50 	upsd[41895]: listening on 127.0.0.1 port 3493
              Aug 28 10:41:50 	upsd[41895]: listening on ::1 port 3493
              Aug 28 10:41:50 	usbhid-ups[41650]: Startup successful
              Aug 28 10:41:49 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/ipmitool.xml
              Aug 28 10:41:49 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/ipmitool.xml
              Aug 28 10:41:47 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:41:47 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:41:47 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:41:47 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:41:45 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/urlsnarf.xml
              Aug 28 10:41:45 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/urlsnarf.xml
              Aug 28 10:41:44 	usbhid-ups[81311]: Signal 15: exiting
              Aug 28 10:41:44 	upsd[81483]: Signal 15: exiting
              Aug 28 10:41:44 	upsd[81483]: mainloop: Interrupted system call
              Aug 28 10:41:43 	upsd[81483]: User monuser@127.0.0.1 logged out from UPS [APC_Back-UPS_ES550]
              Aug 28 10:41:43 	upsmon[82138]: Signal 15: exiting
              Aug 28 10:41:43 	kernel: em0_vlan5: promiscuous mode enabled
              Aug 28 10:41:43 	kernel: em0: promiscuous mode enabled
              Aug 28 10:41:42 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/iftop.xml
              Aug 28 10:41:42 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/iftop.xml
              Aug 28 10:41:41 	SnortStartup[91233]: Snort START for WAN Blocking(60770_em3)...
              Aug 28 10:41:41 	kernel: em0_vlan5: promiscuous mode disabled
              Aug 28 10:41:41 	kernel: em0: promiscuous mode disabled
              Aug 28 10:41:37 	upsd[81483]: User monuser@127.0.0.1 logged into UPS [APC_Back-UPS_ES550]
              Aug 28 10:41:37 	upsmon[81868]: Startup successful
              Aug 28 10:41:37 	upsd[81483]: Startup successful
              Aug 28 10:41:37 	upsd[81321]: Connected to UPS [APC_Back-UPS_ES550]: usbhid-ups-APC_Back-UPS_ES550
              Aug 28 10:41:37 	upsd[81321]: listening on 127.0.0.1 port 3493
              Aug 28 10:41:37 	upsd[81321]: listening on ::1 port 3493
              Aug 28 10:41:37 	usbhid-ups[81311]: Startup successful
              Aug 28 10:41:36 	check_reload_status: Syncing firewall
              Aug 28 10:41:36 	snort[81642]: *** Caught Term-Signal
              Aug 28 10:41:35 	SnortStartup[78667]: Snort STOP for WLAN Guest Alerting(63656_em0_vlan5)...
              Aug 28 10:41:32 	usbhid-ups[60672]: Signal 15: exiting
              Aug 28 10:41:32 	upsd[61343]: Signal 15: exiting
              Aug 28 10:41:32 	upsd[61343]: mainloop: Interrupted system call
              Aug 28 10:41:32 	upsd[61343]: User monuser@127.0.0.1 logged out from UPS [APC_Back-UPS_ES550]
              Aug 28 10:41:32 	upsmon[61642]: Signal 15: exiting
              Aug 28 10:41:31 	kernel: em2: promiscuous mode disabled
              Aug 28 10:41:31 	snort[57737]: *** Caught Term-Signal
              Aug 28 10:41:31 	SnortStartup[67098]: Snort STOP for LAN Alerting(5622_em2)...
              Aug 28 10:41:28 	php: rc.start_packages: Restarting/Starting all packages.
              Aug 28 10:41:28 	kernel: em3: promiscuous mode disabled
              Aug 28 10:41:28 	snort[56544]: *** Caught Term-Signal
              Aug 28 10:41:27 	SnortStartup[59861]: Snort STOP for WAN Alerting(59292_em3)...
              Aug 28 10:41:24 	snort[53396]: *** Caught Term-Signal
              Aug 28 10:41:23 	SnortStartup[56750]: Snort STOP for WAN Blocking(60770_em3)...
              Aug 28 10:41:21 	php: rc.newwanip: pfSense package system has detected an ip change 172.16.50.1 -> 172.16.50.1 ... Restarting packages.
              Aug 28 10:41:21 	php: rc.newwanip: pfSense package system has detected an ip change 192.168.200.1 -> 192.168.200.1 ... Restarting packages.
              Aug 28 10:41:19 	php: rc.newwanip: Creating rrd update script
              Aug 28 10:41:18 	php: rc.newwanip: Creating rrd update script
              Aug 28 10:41:15 	php: rc.start_packages: Restarting/Starting all packages.
              Aug 28 10:41:13 	php: rc.newwanip: rc.newwanip: on (IP address: 172.16.50.1) (interface: opt2) (real interface: ovpns2).
              Aug 28 10:41:13 	php: rc.newwanip: rc.newwanip: Informational is starting ovpns2.
              Aug 28 10:41:13 	php: rc.newwanip: rc.newwanip: on (IP address: 192.168.200.1) (interface: opt1) (real interface: ovpns1).
              Aug 28 10:41:13 	php: rc.newwanip: rc.newwanip: Informational is starting ovpns1.
              Aug 28 10:41:13 	ntpd_intres[52667]: ntpd exiting on signal 15
              Aug 28 10:41:12 	check_reload_status: Starting packages
              Aug 28 10:41:12 	php: rc.newwanip: pfSense package system has detected an ip change x.x.210.112 -> x.x.210.112 ... Restarting packages.
              Aug 28 10:41:10 	check_reload_status: rc.newwanip starting ovpns2
              Aug 28 10:41:10 	kernel: ovpns2: link state changed to UP
              Aug 28 10:41:10 	bandwidthd: Drawing initial graphs
              Aug 28 10:41:10 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:41:10 	bandwidthd: Opening em2
              Aug 28 10:41:10 	php: rc.newwanip: Creating rrd update script
              Aug 28 10:41:10 	bandwidthd: Finished recovering 1761 records
              Aug 28 10:41:10 	bandwidthd: Drawing initial graphs
              Aug 28 10:41:10 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:41:10 	bandwidthd: Opening em2
              Aug 28 10:41:10 	bandwidthd: Finished recovering 8648 records
              Aug 28 10:41:10 	bandwidthd: Recovering from log.1.0.cdf
              Aug 28 10:41:10 	bandwidthd: Finished recovering 4016 records
              Aug 28 10:41:10 	bandwidthd: Recovering from log.1.1.cdf
              Aug 28 10:41:10 	bandwidthd: Finished recovering 4015 records
              Aug 28 10:41:10 	bandwidthd: Drawing initial graphs
              Aug 28 10:41:10 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:41:10 	bandwidthd: Opening em2
              Aug 28 10:41:10 	bandwidthd: Finished recovering 2696 records
              Aug 28 10:41:10 	bandwidthd: Recovering from log.2.0.cdf
              Aug 28 10:41:10 	bandwidthd: Finished recovering 1131 records
              Aug 28 10:41:10 	bandwidthd: Recovering from log.2.1.cdf
              Aug 28 10:41:10 	bandwidthd: Finished recovering 1208 records
              Aug 28 10:41:10 	bandwidthd: Drawing initial graphs
              Aug 28 10:41:10 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:41:10 	bandwidthd: Opening em2
              Aug 28 10:41:10 	bandwidthd: Finished recovering 123 records
              Aug 28 10:41:10 	bandwidthd: Recovering from log.1.2.cdf
              Aug 28 10:41:10 	bandwidthd: Recovering from log.4.0.cdf
              Aug 28 10:41:10 	bandwidthd: Recovering from log.2.2.cdf
              Aug 28 10:41:10 	bandwidthd: Recovering from log.3.0.cdf
              Aug 28 10:41:10 	bandwidthd: Monitoring subnet 192.168.5.0 with netmask 192.168.5.0
              Aug 28 10:41:10 	bandwidthd: Monitoring subnet 192.168.0.0 with netmask 192.168.0.0
              Aug 28 10:41:10 	check_reload_status: rc.newwanip starting ovpns1
              Aug 28 10:41:10 	kernel: ovpns2: link state changed to DOWN
              Aug 28 10:41:10 	kernel: in6_purgeaddr: node-local all-nodesmulticast address deletion error
              Aug 28 10:41:10 	kernel: ovpns1: link state changed to UP
              Aug 28 10:41:10 	check_reload_status: Reloading filter
              Aug 28 10:41:10 	php: rc.newwanip: Resyncing OpenVPN instances for interface WAN.
              Aug 28 10:41:08 	bandwidthd: Drawing initial graphs
              Aug 28 10:41:08 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:41:08 	bandwidthd: Opening em2
              Aug 28 10:41:08 	bandwidthd: Finished recovering 8648 records
              Aug 28 10:41:08 	bandwidthd: Drawing initial graphs
              Aug 28 10:41:08 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:41:08 	bandwidthd: Opening em2
              Aug 28 10:41:08 	bandwidthd: Drawing initial graphs
              Aug 28 10:41:08 	bandwidthd: Finished recovering 1761 records
              Aug 28 10:41:08 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:41:08 	bandwidthd: Recovering from log.1.0.cdf
              Aug 28 10:41:08 	bandwidthd: Opening em2
              Aug 28 10:41:08 	bandwidthd: Finished recovering 4016 records
              Aug 28 10:41:08 	bandwidthd: Finished recovering 2696 records
              Aug 28 10:41:08 	bandwidthd: Recovering from log.1.1.cdf
              Aug 28 10:41:08 	bandwidthd: Recovering from log.3.0.cdf
              Aug 28 10:41:08 	bandwidthd: Finished recovering 4015 records
              Aug 28 10:41:08 	bandwidthd: Drawing initial graphs
              Aug 28 10:41:08 	bandwidthd: Packet Encoding: Ethernet
              Aug 28 10:41:08 	bandwidthd: Opening em2
              Aug 28 10:41:08 	bandwidthd: Finished recovering 123 records
              Aug 28 10:41:08 	bandwidthd: Recovering from log.4.0.cdf
              Aug 28 10:41:08 	bandwidthd: Recovering from log.2.0.cdf
              Aug 28 10:41:08 	bandwidthd: Finished recovering 1131 records
              Aug 28 10:41:08 	bandwidthd: Recovering from log.2.1.cdf
              Aug 28 10:41:08 	bandwidthd: Finished recovering 1208 records
              Aug 28 10:41:08 	bandwidthd: Recovering from log.1.2.cdf
              Aug 28 10:41:08 	bandwidthd: Recovering from log.2.2.cdf
              Aug 28 10:41:08 	bandwidthd: Monitoring subnet 192.168.5.0 with netmask 192.168.5.0
              Aug 28 10:41:08 	bandwidthd: Monitoring subnet 192.168.0.0 with netmask 192.168.0.0
              Aug 28 10:41:08 	php: rc.start_packages: The command '/usr/local/etc/rc.d/bandwidthd.sh stop' returned exit code '1', the output was 'No matching processes were found'
              Aug 28 10:41:06 	php: rc.start_packages: The command '/usr/local/etc/rc.d/bandwidthd.sh stop' returned exit code '1', the output was 'No matching processes were found'
              Aug 28 10:41:06 	check_reload_status: Syncing firewall
              Aug 28 10:41:05 	lighttpd[21678]: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
              Aug 28 10:41:04 	squid[33548]: Squid Parent: (squid-1) process 33781 started
              Aug 28 10:41:04 	squid[32797]: Squid Parent: (squid-1) process 33693 started
              Aug 28 10:41:04 	squid[33548]: Squid Parent: will start 1 kids
              Aug 28 10:41:04 	squid[32797]: Squid Parent: will start 1 kids
              Aug 28 10:41:01 	php: rc.start_packages: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was ''
              Aug 28 10:41:01 	squid[80084]: Squid Parent: (squid-1) process 80621 exited with status 0
              Aug 28 10:41:01 	check_reload_status: updating dyndns wan
              Aug 28 10:41:01 	squid[80808]: Squid Parent: (squid-1) process 81403 exited with status 0
              Aug 28 10:40:59 	dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process.
              Aug 28 10:40:58 	php: rc.newwanip: ROUTING: setting default route to x.x.208.1
              Aug 28 10:40:58 	php: rc.newwanip: ROUTING: setting IPv6 default route to 2001:470:x:x::1
              Aug 28 10:40:58 	kernel: in6_purgeaddr: link-local all-nodesmulticast address deletion error
              Aug 28 10:40:58 	php: rc.newwanip: ROUTING: setting IPv6 default route to 2001:470:x:x::1
              Aug 28 10:40:58 	php: rc.newwanip: The command '/sbin/ifconfig 'gif0' inet delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
              Aug 28 10:40:58 	php: rc.newwanip: The command '/sbin/ifconfig 'gif0' inet delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
              Aug 28 10:40:58 	php: rc.newwanip: ROUTING: setting IPv6 default route to 2001:470:x:x::1
              Aug 28 10:40:58 	dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process.
              Aug 28 10:40:58 	kernel: in6_purgeaddr: link-local all-nodesmulticast address deletion error
              Aug 28 10:40:58 	kernel: in6_purgeaddr: link-local all-nodesmulticast address deletion error
              Aug 28 10:40:58 	php: rc.newwanip: ROUTING: setting IPv6 default route to 2001:470:x:x::1
              Aug 28 10:40:58 	php: rc.newwanip: rc.newwanip: on (IP address: x.x.210.112) (interface: wan) (real interface: em3).
              Aug 28 10:40:58 	php: rc.newwanip: rc.newwanip: Informational is starting em3.
              Aug 28 10:40:57 	lighttpd[21678]: (connections.c.305) SSL: 1 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.start_packages: Not calling package sync code for dependency squidreverse of squid3-dev because some include files are missing.
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	php: rc.linkup: ROUTING: setting default route to x.x.208.1
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	kernel: if_rtdel: error 3
              Aug 28 10:40:56 	kernel: in6_purgeaddr: link-local all-nodesmulticast address deletion error
              Aug 28 10:40:56 	kernel:
              Aug 28 10:40:56 	php: rc.linkup: ROUTING: setting IPv6 default route to 2001:470:x:x::1
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:56 	check_reload_status: rc.newwanip starting em3
              Aug 28 10:40:56 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:55 	php: rc.start_packages: [Squid] - Squid_resync function call pr:1 bp:1 rpc:no
              Aug 28 10:40:54 	upsmon[61642]: Communications with UPS APC_Back-UPS_ES550@localhost established
              Aug 28 10:40:54 	upsd[61343]: User monuser@127.0.0.1 logged into UPS [APC_Back-UPS_ES550]
              Aug 28 10:40:51 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/ipmitool.xml
              Aug 28 10:40:51 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/ipmitool.xml
              Aug 28 10:40:49 	upsmon[61642]: Communications with UPS APC_Back-UPS_ES550@localhost lost
              Aug 28 10:40:49 	upsmon[61642]: Poll UPS [APC_Back-UPS_ES550@localhost] failed - Write error: Operation not permitted
              Aug 28 10:40:49 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:40:49 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:40:49 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:40:49 	php: rc.start_packages: No pfBlocker action during boot process.
              Aug 28 10:40:47 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/urlsnarf.xml
              Aug 28 10:40:47 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/urlsnarf.xml
              Aug 28 10:40:45 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/iftop.xml
              Aug 28 10:40:45 	php: rc.start_packages: XML error: SYSTEM or PUBLIC, the URI is missing at line 1 in /usr/local/pkg/iftop.xml
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:42 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:39 	upsd[61343]: User monuser@127.0.0.1 logged into UPS [APC_Back-UPS_ES550]
              Aug 28 10:40:39 	upsmon[61581]: Startup successful
              Aug 28 10:40:39 	upsd[61343]: Startup successful
              Aug 28 10:40:39 	upsd[61014]: Connected to UPS [APC_Back-UPS_ES550]: usbhid-ups-APC_Back-UPS_ES550
              Aug 28 10:40:39 	upsd[61014]: listening on 127.0.0.1 port 3493
              Aug 28 10:40:39 	upsd[61014]: listening on ::1 port 3493
              Aug 28 10:40:39 	usbhid-ups[60672]: Startup successful
              Aug 28 10:40:37 	ntpd_intres[52667]: host name not found: 3.pool.ntp.org
              Aug 28 10:40:37 	ntpd_intres[52667]: host name not found: 2.pool.ntp.org
              Aug 28 10:40:37 	ntpd_intres[52667]: host name not found: 1.pool.ntp.org
              Aug 28 10:40:37 	ntpd_intres[52667]: host name not found: 0.pool.ntp.org
              Aug 28 10:40:36 	php: rc.filter_configure_sync: Message sent to cino@com OK
              Aug 28 10:40:34 	usbhid-ups[46776]: Signal 15: exiting
              Aug 28 10:40:34 	upsd[46865]: Signal 15: exiting
              Aug 28 10:40:34 	upsd[46865]: mainloop: Interrupted system call
              Aug 28 10:40:34 	upsd[46865]: User monuser@127.0.0.1 logged out from UPS [APC_Back-UPS_ES550]
              Aug 28 10:40:34 	upsmon[46997]: Signal 15: exiting
              Aug 28 10:40:31 	dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process.
              Aug 28 10:40:31 	php: rc.filter_configure_sync: New alert found: There were error(s) loading the rules: pfctl: DIOCADDALTQ: Device busy - The line in question reads [0]:
              Aug 28 10:40:30 	php: rc.linkup: The command '/sbin/ifconfig 'em3' inet delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
              Aug 28 10:40:30 	php: rc.linkup: HOTPLUG: Configuring interface wan
              Aug 28 10:40:30 	php: rc.linkup: DEVD Ethernet attached event for wan
              Aug 28 10:40:28 	kernel: rn_addmask: mask impossibly already in tree
              Aug 28 10:40:28 	php: rc.linkup: ROUTING: setting IPv6 default route to 2001:470:x:x::1
              Aug 28 10:40:28 	check_reload_status: updating dyndns wan
              Aug 28 10:40:28 	php: rc.linkup: The command '/sbin/ifconfig gif0 tunnel x.x.161.14' returned exit code '1', the output was 'ifconfig: 'tunnel' requires 2 arguments'
              Aug 28 10:40:28 	php: rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em3 > /tmp/em3_output 2> /tmp/em3_error_output' returned exit code '15', the output was ''
              Aug 28 10:40:28 	php: rc.linkup: DEVD Ethernet detached event for wan
              Aug 28 10:40:27 	check_reload_status: Syncing firewall
              Aug 28 10:40:27 	kernel: em3: link state changed to UP
              Aug 28 10:40:27 	check_reload_status: Linkup starting em3
              Aug 28 10:40:25 	dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process.
              Aug 28 10:40:25 	php: rc.linkup: The command '/sbin/ifconfig 'em3' inet delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
              Aug 28 10:40:25 	php: rc.linkup: HOTPLUG: Configuring interface wan
              Aug 28 10:40:25 	php: rc.linkup: DEVD Ethernet attached event for wan
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:24 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:23 	kernel: em3: link state changed to DOWN
              Aug 28 10:40:23 	check_reload_status: Linkup starting em3
              Aug 28 10:40:22 	kernel: em3: link state changed to UP
              Aug 28 10:40:22 	check_reload_status: Linkup starting em3
              Aug 28 10:40:22 	php: rc.linkup: ROUTING: setting IPv6 default route to 2001:470:x:x::1
              Aug 28 10:40:22 	php: rc.linkup: The command '/sbin/ifconfig gif0 tunnel x.x.161.14' returned exit code '1', the output was 'ifconfig: 'tunnel' requires 2 arguments'
              Aug 28 10:40:22 	php: rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em3 > /tmp/em3_output 2> /tmp/em3_error_output' returned exit code '15', the output was ''
              Aug 28 10:40:22 	php: rc.linkup: DEVD Ethernet detached event for wan
              Aug 28 10:40:19 	kernel: em3: link state changed to DOWN
              Aug 28 10:40:19 	check_reload_status: Linkup starting em3
              Aug 28 10:40:19 	sshd[37303]: fatal: Write failed: Operation not permitted
              Aug 28 10:40:19 	sshd[37303]: fatal: Write failed: Operation not permitted
              Aug 28 10:40:19 	php: rc.start_packages: Restarting/Starting all packages.
              Aug 28 10:40:17 	sshlockout[6346]: sshlockout/webConfigurator v3.0 starting up
              Aug 28 10:40:17 	sshd[53059]: fatal: Write failed: Operation not permitted
              Aug 28 10:40:17 	sshd[53059]: fatal: Write failed: Operation not permitted
              Aug 28 10:40:16 	check_reload_status: Starting packages
              Aug 28 10:40:16 	php: rc.newwanip: pfSense package system has detected an ip change 172.16.50.1 -> 172.16.50.1 ... Restarting packages.
              Aug 28 10:40:14 	php: rc.newwanip: Creating rrd update script
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (opt1).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:11 	php: rc.filter_configure_sync: Could not find IPv4 gateway for interface (wan).
              Aug 28 10:40:09 	php: rc.newwanip: rc.newwanip: on (IP address: 172.16.50.1) (interface: opt2) (real interface: ovpns2).
              Aug 28 10:40:09 	php: rc.newwanip: rc.newwanip: Informational is starting ovpns2.
              Aug 28 10:40:06 	check_reload_status: rc.newwanip starting ovpns2
              Aug 28 10:40:06 	kernel: ovpns2: link state changed to UP
              Aug 28 10:40:06 	kernel: ovpns2: link state changed to DOWN
              Aug 28 10:40:06 	kernel: in6_purgeaddr: node-local all-nodesmulticast address deletion error
              Aug 28 10:40:06 	php: rc.openvpn: OpenVPN: Resync server2 Site-to-Site VPN
              Aug 28 10:40:06 	kernel: ovpns1: link state changed to DOWN
              Aug 28 10:40:06 	kernel: arpresolve: can't allocate llinfo for x.x.208.1
              Aug 28 10:40:05 	php: rc.openvpn: OpenVPN: Resync server1 Road Warrior OpenVPN
              Aug 28 10:40:05 	php: rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use WAN_DHCP.
              Aug 28 10:40:03 	check_reload_status: Reloading filter
              Aug 28 10:40:03 	check_reload_status: Restarting OpenVPN tunnels/interfaces
              Aug 28 10:40:03 	check_reload_status: Restarting ipsec tunnels
              Aug 28 10:40:03 	check_reload_status: updating dyndns WAN_DHCP
              Aug 28 10:39:55 	kernel: arpresolve: can't allocate llinfo for x.x.208.1
              Aug 28 10:39:50 	check_reload_status: updating dyndns wan
              Aug 28 10:39:47 	dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process.
              Aug 28 10:39:47 	php: rc.linkup: The command '/sbin/ifconfig 'em3' inet delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
              Aug 28 10:39:47 	php: rc.linkup: HOTPLUG: Configuring interface wan
              Aug 28 10:39:47 	php: rc.linkup: DEVD Ethernet attached event for wan
              Aug 28 10:39:45 	kernel: arpresolve: can't allocate llinfo for x.x.208.1
              Aug 28 10:39:45 	kernel: em3: link state changed to UP
              Aug 28 10:39:45 	check_reload_status: Linkup starting em3
              Aug 28 10:39:44 	php: rc.linkup: ROUTING: setting IPv6 default route to 2001:470:x:x::1
              Aug 28 10:39:44 	php: rc.linkup: The command '/sbin/ifconfig gif0 tunnel x.x.161.14' returned exit code '1', the output was 'ifconfig: 'tunnel' requires 2 arguments'
              Aug 28 10:39:44 	php: rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf em3 > /tmp/em3_output 2> /tmp/em3_error_output' returned exit code '15', the output was ''
              Aug 28 10:39:44 	php: rc.linkup: DEVD Ethernet detached event for wan
              Aug 28 10:39:42 	kernel: em3: link state changed to DOWN
              Aug 28 10:39:42 	check_reload_status: Linkup starting em3
              Aug 28 10:39:35 	kernel: arpresolve: can't allocate llinfo for x.x.208.1
              Aug 28 10:39:31 	php: rc.linkup: The command '/sbin/ifconfig 'em3' inet delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address'
              Aug 28 10:39:31 	php: rc.linkup: HOTPLUG: Configuring interface wan
              Aug 28 10:39:31 	php: rc.linkup: DEVD Ethernet attached event for wan
              Aug 28 10:39:29 	php: rc.linkup: Clearing states to old gateway x.x.208.1.
              Aug 28 10:39:29 	kernel: em3: link state changed to UP
              Aug 28 10:39:29 	check_reload_status: Linkup starting em3
              Aug 28 10:39:28 	php: rc.linkup: DEVD Ethernet detached event for wan
              Aug 28 10:39:26 	kernel: em3: link state changed to DOWN
              Aug 28 10:39:26 	check_reload_status: Linkup starting em3
              Aug 28 10:29:46 	syslogd: kernel boot file is /boot/kernel/kernel
              
              

              Snort Processes after WAN interface was bounced

              
              root    4146  0.3  3.7 376720 114452  ??  SNs  10:42AM   0:01.01 /usr/pbi/snort-i386/bin/snort -R 60770 -D -q -l /var/log/snort/snort_em360770 --pid-path /var/run --nolock-pidfile -G 60770 -c /usr/pbi/snort-i386/et
              root    8189  0.1  3.7 376720 114308  ??  SNs  10:43AM   0:01.03 /usr/pbi/snort-i386/bin/snort -R 60770 -D -q -l /var/log/snort/snort_em360770 --pid-path /var/run --nolock-pidfile -G 60770 -c /usr/pbi/snort-i386/et
              root    7005  0.0  1.6 317552 48632  ??  SNs  10:43AM   0:00.36 /usr/pbi/snort-i386/bin/snort -R 59292 -D -q -l /var/log/snort/snort_em359292 --pid-path /var/run --nolock-pidfile -G 59292 -c /usr/pbi/snort-i386/et
              root    9784  0.0  2.9 360560 91932  ??  SNs  10:43AM   0:00.69 /usr/pbi/snort-i386/bin/snort -R 5622 -D -q -l /var/log/snort/snort_em25622 --pid-path /var/run --nolock-pidfile -G 5622 -c /usr/pbi/snort-i386/etc/s
              root   11440  0.0  2.9 360560 92036  ??  SNs  10:43AM   0:00.70 /usr/pbi/snort-i386/bin/snort -R 5622 -D -q -l /var/log/snort/snort_em25622 --pid-path /var/run --nolock-pidfile -G 5622 -c /usr/pbi/snort-i386/etc/s
              root   70314  0.0  2.9 359584 91004  ??  SNs  10:42AM   0:00.07 /usr/pbi/snort-i386/bin/snort -R 63656 -D -q -l /var/log/snort/snort_em0_vlan563656 --pid-path /var/run --nolock-pidfile -G 63656 -c /usr/pbi/snort-i
              
              

              snort_em360770 WAN Blocking
              snort_em359292 WAN Alerting
              snort_em25622 LAN Alerting
              snort_em0_vlan563656 Guest WiFi Alerting

              Stephen

              1 Reply Last reply Reply Quote 0
              • bmeeksB Offline
                bmeeks
                last edited by

                @Cino:

                Bill,

                For a test to grab clean logs of the issue, I bounced my cable modem.. Hope this helps and enjoying labor day… I know I will be

                Stephen

                Thanks!  These logs sure do help.  I'm thinking VLANs are somehow the culprit.  I don't have any defined on my systems, and I do not see the multiple processes.  So far, the folks who are seeing multiple processes (too many processes, actually), all seem to have VLANs defined on their Snort interfaces.  I'm taking that as a good indicator of where to start looking… ;)

                Bill

                1 Reply Last reply Reply Quote 0
                • C Offline
                  Cino
                  last edited by

                  @bmeeks:

                  @Cino:

                  Bill,

                  For a test to grab clean logs of the issue, I bounced my cable modem.. Hope this helps and enjoying labor day… I know I will be

                  Stephen

                  Thanks!  These logs sure do help.  I'm thinking VLANs are somehow the culprit.  I don't have any defined on my systems, and I do not see the multiple processes.  So far, the folks who are seeing multiple processes (too many processes, actually), all seem to have VLANs defined on their Snort interfaces.  I'm taking that as a good indicator of where to start looking… ;)

                  Bill

                  Your welcome and thank you for many updates to this fine package.. Only 1 of my sensors is a vlan.. I'm going to disable it and see if that changes anything… If that doesn't, i'll remove the config... Can't remove the vlan interface itself without redoing a lot of work so it will have to stay

                  1 Reply Last reply Reply Quote 0
                  • G Offline
                    gogol
                    last edited by

                    @gogol:

                    To resume:

                    The boot process is interfering with Snort Startup in my opinion or the other way around.

                    • rc.newwanip detects an ip change while there isn't one and triggers a restart packages while Snort is starting, which takes a while

                    • check_reload_status is also Starting Packages

                    Sometimes there is the -E argument instead of the -D in the process.

                    I believe it is still under investigation. And I don't have VLAN's.

                    My opinion is that Snort is starting up, no PID file until the process is completely started. In the meanwhile another Snort start is invoked by a script and no PID file is detected, so the first process is not stopped and a new Snort process is started.

                    1 Reply Last reply Reply Quote 0
                    • C Offline
                      Cino
                      last edited by

                      Even tho I've disabled a sensor.. I still see a process for it when I reboot my box… The GUI tells me its disabled, but ps -ax shows me its running...  I've seen this before when en/disabling rules... I would enable a a few rules then later turn them off to find that they weren't disabled.. Only work around i've found is to remove the package and re-install so it will read the config.xml and generate fresh config files

                      1 Reply Last reply Reply Quote 0
                      • P Offline
                        pfSenseRocks
                        last edited by

                        So I bought me a dual gigabit NIC. I now have WAN, LAN and the Guest LAN on three physical NICs as opposed to VLANs. I still have the same problem with multiple snort processes all on the same interface. I am clueless. Please help!

                        At start up

                        
                        [2.1-RC2][admin@sense.home]/root(2): ps -ax | grep snort
                        33426  ??  IWN    0:00.00 /bin/sh /usr/local/etc/rc.d/snort.sh start
                        34178  ??  DNL    6:45.45 /usr/pbi/snort-amd64/bin/snort -R 62688 -D -q -l /var/log/snort/snort_em062688 --pid-path /var/run --nolock-pidfile -G 62688 -c /usr/pbi/snort-amd64/etc/snort/snort_62688_em0/snort.conf -i em0
                        62838  ??  IWN    0:00.00 /bin/sh /usr/local/etc/rc.d/snort.sh start
                        64327  ??  DNL    6:25.72 /usr/pbi/snort-amd64/bin/snort -R 62688 -D -q -l /var/log/snort/snort_em062688 --pid-path /var/run --nolock-pidfile -G 62688 -c /usr/pbi/snort-amd64/etc/snort/snort_62688_em0/snort.conf -i em0
                        54725  v0- IW     0:00.00 /bin/sh /usr/local/etc/rc.d/snort.sh start
                        57256  v0- R      6:32.50 /usr/pbi/snort-amd64/bin/snort -R 62688 -D -q -l /var/log/snort/snort_em062688 --pid-path /var/run --nolock-pidfile -G 62688 -c /usr/pbi/snort-amd64/etc/snort/snort_62688_em0/snort.conf -i em0
                        48672   0  DL+    0:00.00 grep snort
                        [2.1-RC2][admin@sense.home]/root(3):
                        
                        

                        After executing killing these processes and manually restarting…

                        
                        [2.1-RC2][admin@sense.home]/root(5): ps -ax | grep snort
                          715  ??  Ss     0:00.08 /usr/pbi/snort-amd64/bin/snort -R 22796 -D -q -l /var/log/snort/snort_re122796 --pid-path /var/run --nolock-pidfile -G 22796 -c /usr/pbi/snort-amd64/etc/snort/snort_22796_re1/snort.conf -i re1
                        51274  ??  Ss     0:04.80 /usr/pbi/snort-amd64/bin/snort -R 62688 -D -q -l /var/log/snort/snort_em062688 --pid-path /var/run --nolock-pidfile -G 62688 -c /usr/pbi/snort-amd64/etc/snort/snort_62688_em0/snort.conf -i em0
                        73396  ??  Ss     0:00.66 /usr/pbi/snort-amd64/bin/snort -R 26667 -D -q -l /var/log/snort/snort_re026667 --pid-path /var/run --nolock-pidfile -G 26667 -c /usr/pbi/snort-amd64/etc/snort/snort_26667_re0/snort.conf -i re0
                        68790   0  S+     0:00.00 grep snort
                        [2.1-RC2][admin@sense.home]/root(6):
                        
                        
                        1 Reply Last reply Reply Quote 0
                        • bmeeksB Offline
                          bmeeks
                          last edited by

                          @pfSenseRocks:

                          So I bought me a dual gigabit NIC. I now have WAN, LAN and the Guest LAN on three physical NICs as opposed to VLANs. I still have the same problem with multiple snort processes all on the same interface. I am clueless. Please help!

                          At start up

                          
                          [2.1-RC2][admin@sense.home]/root(2): ps -ax | grep snort
                          33426  ??  IWN    0:00.00 /bin/sh /usr/local/etc/rc.d/snort.sh start
                          34178  ??  DNL    6:45.45 /usr/pbi/snort-amd64/bin/snort -R 62688 -D -q -l /var/log/snort/snort_em062688 --pid-path /var/run --nolock-pidfile -G 62688 -c /usr/pbi/snort-amd64/etc/snort/snort_62688_em0/snort.conf -i em0
                          62838  ??  IWN    0:00.00 /bin/sh /usr/local/etc/rc.d/snort.sh start
                          64327  ??  DNL    6:25.72 /usr/pbi/snort-amd64/bin/snort -R 62688 -D -q -l /var/log/snort/snort_em062688 --pid-path /var/run --nolock-pidfile -G 62688 -c /usr/pbi/snort-amd64/etc/snort/snort_62688_em0/snort.conf -i em0
                          54725  v0- IW     0:00.00 /bin/sh /usr/local/etc/rc.d/snort.sh start
                          57256  v0- R      6:32.50 /usr/pbi/snort-amd64/bin/snort -R 62688 -D -q -l /var/log/snort/snort_em062688 --pid-path /var/run --nolock-pidfile -G 62688 -c /usr/pbi/snort-amd64/etc/snort/snort_62688_em0/snort.conf -i em0
                          48672   0  DL+    0:00.00 grep snort
                          [2.1-RC2][admin@sense.home]/root(3):
                          
                          

                          After executing killing these processes and manually restarting…

                          
                          [2.1-RC2][admin@sense.home]/root(5): ps -ax | grep snort
                            715  ??  Ss     0:00.08 /usr/pbi/snort-amd64/bin/snort -R 22796 -D -q -l /var/log/snort/snort_re122796 --pid-path /var/run --nolock-pidfile -G 22796 -c /usr/pbi/snort-amd64/etc/snort/snort_22796_re1/snort.conf -i re1
                          51274  ??  Ss     0:04.80 /usr/pbi/snort-amd64/bin/snort -R 62688 -D -q -l /var/log/snort/snort_em062688 --pid-path /var/run --nolock-pidfile -G 62688 -c /usr/pbi/snort-amd64/etc/snort/snort_62688_em0/snort.conf -i em0
                          73396  ??  Ss     0:00.66 /usr/pbi/snort-amd64/bin/snort -R 26667 -D -q -l /var/log/snort/snort_re026667 --pid-path /var/run --nolock-pidfile -G 26667 -c /usr/pbi/snort-amd64/etc/snort/snort_26667_re0/snort.conf -i re0
                          68790   0  S+     0:00.00 grep snort
                          [2.1-RC2][admin@sense.home]/root(6):
                          
                          

                          I'm still looking into this.  Thus far I can't reproduce the problem in my VMware test setup, so it's still a bit of a mystery as to the root cause.  I am not throwing in the towel yet, though.

                          Bill

                          1 Reply Last reply Reply Quote 0
                          • P Offline
                            pfSenseRocks
                            last edited by

                            Thanks Bill! How can I help?

                            1 Reply Last reply Reply Quote 0
                            • P Offline
                              pfSenseRocks
                              last edited by

                              Attaching a few screenshots of my snort configuration.

                              SNortGlobal.PNG
                              SNortGlobal.PNG_thumb
                              SnortIf.PNG
                              SnortIf.PNG_thumb
                              SnortLANCat.PNG
                              SnortLANCat.PNG_thumb
                              SnortWANCat.PNG
                              SnortWANCat.PNG_thumb
                              SnortWANSettings.PNG
                              SnortWANSettings.PNG_thumb

                              1 Reply Last reply Reply Quote 0
                              • S Offline
                                Supermule Banned
                                last edited by

                                Hi Bill

                                I run a bunch of VLANS's and dont have this issue.

                                @bmeeks:

                                @Cino:

                                Bill,

                                For a test to grab clean logs of the issue, I bounced my cable modem.. Hope this helps and enjoying labor day… I know I will be

                                Stephen

                                Thanks!  These logs sure do help.  I'm thinking VLANs are somehow the culprit.  I don't have any defined on my systems, and I do not see the multiple processes.  So far, the folks who are seeing multiple processes (too many processes, actually), all seem to have VLANs defined on their Snort interfaces.  I'm taking that as a good indicator of where to start looking… ;)

                                Bill

                                1 Reply Last reply Reply Quote 0
                                • bmeeksB Offline
                                  bmeeks
                                  last edited by

                                  @Supermule:

                                  Hi Bill

                                  I run a bunch of VLANS's and dont have this issue.

                                  Thanks for the feedback Brian.  This a peculiar bug that does not seem to be easily reproduced.  For the folks that have it, they are reporting it is 100% reproducible on their systems.  For other systems…??

                                  Bill

                                  1 Reply Last reply Reply Quote 0
                                  • bmeeksB Offline
                                    bmeeks
                                    last edited by

                                    @pfSenseRocks:

                                    Thanks Bill! How can I help?

                                    Thanks for the screenshots.  I also sent you a PM asking for a little more information if you can share it.

                                    Bill

                                    1 Reply Last reply Reply Quote 0
                                    • P Offline
                                      pfSenseRocks
                                      last edited by

                                      Done! Let me know when you receive it. Also, let me know if I can provide any other information.

                                      1 Reply Last reply Reply Quote 0
                                      • bmeeksB Offline
                                        bmeeks
                                        last edited by

                                        @pfSenseRocks:

                                        Done! Let me know when you receive it. Also, let me know if I can provide any other information.

                                        I have it.  Thanks.  As I mentioned in my reply e-mail, I will be busy until the weekend and can take a look then.

                                        Bill

                                        1 Reply Last reply Reply Quote 0
                                        • P Offline
                                          pfSenseRocks
                                          last edited by

                                          Any luck, Bill?

                                          1 Reply Last reply Reply Quote 0
                                          • bmeeksB Offline
                                            bmeeks
                                            last edited by

                                            @pfSenseRocks:

                                            Any luck, Bill?

                                            Not yet.  I can't reproduce the problem in my test environment.  Does this only happen on a reboot for you, or does it also happen with the auto-rule updates in Snort?

                                            EDIT:  Never mind on the question.  I looked back and see you provided the answer several posts back.  You said it happens usually on restarts after the Snort rule updates.

                                            Bill

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.