2.1.3 Randomly dies
-
Not sure exactly which forum this fits in so mods please move if need be.
I think this started in 2.1.2. I have a watchguard x-core 1250e with pfSense installed on a flash card.
Everyone once in a while I will lose all Internet, and the firewall becomes unresponsive. I even connect on the serial port and nothing happens, after rebooting it tends to fix it for another period of time. 2.1.4 seems to be more effected, I was rebooting about every day sometimes multiple times a day on that build, that's why I'm running 2.1.3 now.
When the device becomes unresponsive and drops all traffic, I managed to be connected to the console port when it did it, and captured a screenshot, attached is a screenshot of that.
On another note, Snort will no longer start on the WAN interface (might be a separate issue) Snort version is: 2.9.6.2 pkg v3.1.1, tried upgrading to 2.9.6.2 pkg v3.1.2 (latest) and got the same result. The Service is started, and shows green, but when you Menu > Services > Snort and click on the red button to enable snort on the interface, it never starts. Snort stopped working within the last week or so.
Hopefully someone can make sense of this. I can post any log files if need be, upon request.
Thanks for any and all help.
 -
Failing drive?
-
i'd also say its related to a failing harddrive
-
He's running Nano on a CF card so it would be unusual to see a failure, but not unheard of. ;)
Is this a new CF card? Does the system mark the filesystem as dirty when you reboot? Does it find and fix problems?
Trying another card is the first thing I'd do.Steve
-
I know - But I see a error with writing and I think "Check for disk error".
Could be out of memory also I suppose?
-
Running out of space on the harddrive?
-
I'm not arguing that it isn't a bad drive (card) just pointing out why it might not be that.
Out of space is a good call. What Nano image size are you using? Are you using huge Snort lists? ;)Steve
-
I am using a 4GB CF card with the 4GB pfSense image. As for Snort I only using Community rules with ET Open rules, and have IPS Policy set to Balanced.
It was running fine for about a month or 2, but has since started to fail. I suppose to CF Card could be filling up.
I ran a df and it looks like it might be filling up? I'm not entirely linux savvy (on and off for several years but never as a primary OS)
Attached is a screenshot of the output.
 -
I am using a 4GB CF card with the 4GB pfSense image. As for Snort I only using Community rules with ET Open rules, and have IPS Policy set to Balanced.
It was running fine for about a month or 2, but has since started to fail. I suppose to CF Card could be filling up.
I ran a df and it looks like it might be filling up? I'm not entirely linux savvy (on and off for several years but never as a primary OS)
Attached is a screenshot of the output.
The current Snort package does a poor job of managing its log file growth. For conventional hard disk installs this is not much of an issue, but for CF installs it gets to be a bigger deal. I'm working on an update now for Snort that will bring all the Log Management features into Snort that are now in Suricata. These include enforced log limit sizes and retention periods for rotated logs. This will help out CF installs where space in /var is at a premium. I hope to be posting the update for review by the pfSense team later this week or early next week.
Bill
-
Looks like you have plenty of space left currently. Check it again after a few days.
I would still suspect the card might be failing.Steve
-
I ended up formatting the CF Card and reinstalling 2.1.5 fresh and only restoring certain sets of the config that I absolutely needed (firewall rules, aliases and such) and then I reconfigured DHCP and Snort manually. It seems to be running smooth for the last couple days, but I may shut it down and dd the CF card for a good bare-metal backup and still order a new CF card (or made a HDD??? so many choices!!)
