Loss of Internet and High Memory Usage in 8.3.1

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Loss of Internet and High Memory Usage in 8.3.1

breda
Hi, I lost all  Internet traffic and having High Memory Usage 90% I'm running v1.51 SP1 + Hotfix May 28  Version 8.3.1   I have tried to rest but the Memory Usage shoots back up to 90% I have attached the system logs any help would be appreciated


system_logs.txt






Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

user8446
Administrator
Your Dnsmasq and snort isn't loaded causing the high memory available. According to your logs you have an error with a rule so just clear out your rules so you can restart. As for dnsmasq check line 13 of /var/etc/dnsmasq.conf
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

Roadrunnere42

Bread
You have a rule which has something wrong in its layout

Wed Jun 22 09:16:51 2016 daemon.err snort[4886]: FATAL ERROR: /etc/snort/rules/snort.rules(3601) Unknown rule type: sid:drop.

Just find this rule and either delete or put # at the beginning to comment out the rule, then restart the shield.

Roadrunnere42

On 23 Jun 2016 20:28, "user8446 [via Itus Networks Owners Forum]" <[hidden email]> wrote:
Your Dnsmasq and snort isn't loaded causing the high memory available. According to your logs you have an error with a rule so just clear out your rules so you can restart. As for dnsmasq check line 13 of /var/etc/dnsmasq.conf
Running in bridge mode, 1.51 SP1 fw



If you reply to this email, your message will be added to the discussion below:
http://itus.accessinnov.com/Loss-of-Internet-and-High-Memory-Usage-in-8-3-1-tp1043p1044.html
To start a new topic under Technical Discussion, email [hidden email]
To unsubscribe from Itus Networks Owners Forum, click here.
NAML
Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

breda
Thanks @ Roadrunnere42 and @user8446 it happened right after the daily IPS updates can you confirm where I can change the rules at please is it via LuCI or CLI?

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

user8446
Administrator
Just search for "sid:drop" and comment out as mentioned or delete your whole ruleset out and update it again. Your rules are at /etc/snort/rules/snort.rules
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

Wisiwyg
user8446 wrote
or delete your whole ruleset out and update it again. Your rules are at /etc/snort/rules/snort.rules
This is the easiest solution... rename /etc/snort/rules/snort.rules to something like /etc/snort/rules/snort.rules.sav and then manually run the fw_upgrade script. It will regenerate the snort.rules file.
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

breda
Hi, Wisiwyg that great Idea just to confirm I would run the  fw_upgrade. 8.3 via SSH?

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

breda
In reply to this post by Wisiwyg
Thanks @Wisiwyg @user8446 @Roadrunnere42 it worked I'm back up I did see few errors  but have full internet and Memory back to 49% I renamed the /snort/rules


Sat Jun 25 11:31:23 2016 daemon.emerg procd: 42544 66620.334   69208.0     61.6  63069082.5  46829.2         0
Sat Jun 25 11:31:23 2016 user.notice root: Successful NTP clock adjust (0.us.pool.ntp.org).
Sat Jun 25 11:31:23 2016 daemon.info procd: - init complete -
Sat Jun 25 11:31:47 2016 kern.info kernel: [  168.349165] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

Wisiwyg
Glad it worked!
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
Reply | Threaded
Open this post in threaded view
|

Re: Loss of Internet and High Memory Usage in 8.3.1

breda
Thanks for the shortcut  it saved me a lot of time