Forums

Resolved
0 votes
Over the past few days, I've noticed my ClearOS 6.6 gateway forcibly rebooting itself a couple of times a day. I was previously having some problems with the firewall entering a panic state, but now I'm suspecting that snort is causing an issue.

When I look in /var/log/messages, I see the following (or similar) log entries shortly before ClearOS completely reboots itself:

Oct 26 16:40:57 gateway snort[3366]: S5: Session exceeded configured max bytes to queue 1048576 using 1049202 bytes (client queue). xxx.xxx.xxx.xxx 53384 --> 69.16.xxx.xxx 80 (0) : LWstate 0x9 LWFlags 0x406007

Oct 26 10:50:08 gateway snort[3368]: S5: Session exceeded configured max bytes to queue 1048576 using 1049400 bytes (client queue). xxx.xxx.xxx.xxx 49185 --> 74.125.xxx.xxx 80 (0) : LWstate 0x9 LWFlags 0x6007

In /var/log/snortsam, I'm seeing various errors where snort is trying to unblock previously blocked IP addresses, but the command fails:

2015/10/26, 10:20:06, -, 1, iptables, Info: UnBlocking ip 81.218.125.109
2015/10/26, 10:20:06, -, 1, iptables, Error: Command2 /sbin/iptables -D INPUT -i eth0 -d 81.218.125.109 -j DROP Failed

Running Intrusion Prevention module version 1.5.0-1
ClearOS Professional 6.6.0
Kernel version 2.6.32-504.23.4.v6.x86_64
Monday, October 26 2015, 10:47 PM
Share this post:
Responses (0)
  • There are no replies here yet.
Your Reply