Forums

Subscribe via email Subscribe via email
Subscribe via rss
Guest
or Ask a Question
Add a reply View Replies (6) →
HotRod
HotRod
Offline

Intrusion Prevention keeps stopping

Resolved
0 votes
As subject suggest...

My Intrusion Prevention keeps stopping several times during a week and I have to start it manually again.
Any suggestion to what's wrong?
In Intrusion Detection and Prevention
Thursday, October 25 2012, 12:37 AM
Subscribe via email
Share this post:
Responses (6)

  • Accepted Answer

    HotRod
    HotRod
    Offline
    Thursday, October 25 2012, 10:42 PM - #Permalink
    Resolved
    0 votes
    There are no disconnections at all.
    The reply is currently minimized Show

  • Accepted Answer

    Nick Howitt
    Nick Howitt
    Offline
    Thursday, October 25 2012, 03:12 PM - #Permalink
    Resolved
    0 votes
    HotRod wrote:
    Philippe Eveleigh wrote:
    Isn't this the old problem with snort leaving its lock file behind when a pppoe connection would die? HotRod what type of wan connection do you have?

    I recall the solution for ClearOS 5... was to add to the following file: /etc/ppp/ip-up.local
    /etc/init.d/snort restart 
    
/etc/init.d/snortsam restart


    I'm on a 60/60Mbit fiber connection trough a bridged fiber interface.

    I did this change when I ran CO5, but it did not make any difference then.
    I have changed hardware after that and installed CO6.3 64bit.
    Can you check /var/log/syswatch to see if you are getting any disconnections. The problem is not restricted to PPPoE interfaces but the solution is not as neat. I run an hourly cron job to check the services are still running and restart them if necessary.
    The reply is currently minimized Show

  • Accepted Answer

    HotRod
    HotRod
    Offline
    Thursday, October 25 2012, 02:41 PM - #Permalink
    Resolved
    0 votes
    Philippe Eveleigh wrote:
    Isn't this the old problem with snort leaving its lock file behind when a pppoe connection would die? HotRod what type of wan connection do you have?

    I recall the solution for ClearOS 5... was to add to the following file: /etc/ppp/ip-up.local
    /etc/init.d/snort restart 
    
/etc/init.d/snortsam restart


    I'm on a 60/60Mbit fiber connection trough a bridged fiber interface.

    I did this change when I ran CO5, but it did not make any difference then.
    I have changed hardware after that and installed CO6.3 64bit.
    The reply is currently minimized Show

  • Accepted Answer

    HotRod
    HotRod
    Offline
    Thursday, October 25 2012, 02:35 PM - #Permalink
    Resolved
    0 votes
    Ben Chambers wrote:
    Your system is running out of memory? OOM killer is coming along and trying to free up resources. Try:
    grep -i "Killed process" /var/log/*


    Ben


    I don't think the system should run out of mem. Got 8GB RAM in the system and 500GB harddrive.. Don't know how big the swap is, if there is one...

    GUI states that there is 63% free memory.

    I ran the command, did not see any change... What did this do?
    I'll give it a few days to see if it makes any difference.

    BTW, i'm running CO6.3 x64
    The reply is currently minimized Show

  • Accepted Answer

    Philippe Eveleigh
    Philippe Eveleigh
    Offline
    Thursday, October 25 2012, 02:21 AM - #Permalink
    Resolved
    0 votes
    Isn't this the old problem with snort leaving its lock file behind when a pppoe connection would die? HotRod what type of wan connection do you have?

    I recall the solution for ClearOS 5... was to add to the following file: /etc/ppp/ip-up.local
    /etc/init.d/snort restart 
    
/etc/init.d/snortsam restart
    The reply is currently minimized Show

  • Accepted Answer

    Ben Chambers
    Ben Chambers
    Offline
    Thursday, October 25 2012, 02:06 AM - #Permalink
    Resolved
    0 votes
    Your system is running out of memory? OOM killer is coming along and trying to free up resources. Try:
    grep -i "Killed process" /var/log/*


    Ben
    The reply is currently minimized Show
Your Reply