Login  Register

Re: Bridge mode bugfix and performance improvement

Posted by Roadrunnere42 on Mar 31, 2016; 4:05pm
URL: https://itus.accessinnov.com/Bridge-mode-bugfix-and-performance-improvement-tp561p595.html

Hi user8446

I followed your instruction running router mode and copied over the two modified snort rules 7 / 8, disabled processes as instructed reboot and it failed to connect to internet. Looked at sysrem log and found
Thu Mar 31 15:56:35 2016 daemon.notice netifd: Network device 'eth0' link is down
Thu Mar 31 15:56:35 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Thu Mar 31 15:56:35 2016 daemon.notice netifd: wan (3340): Received SIGTERM
Thu Mar 31 15:56:36 2016 daemon.err snort[3323]: FATAL ERROR: /etc/snort/snort8.conf(120) Unknown rule type: prune_log_max.
Thu Mar 31 15:56:36 2016 user.emerg procd: Cannot change large-receive-offload
Thu Mar 31 15:56:38 2016 daemon.notice netifd: Network device 'eth0' link is up
Thu Mar 31 15:56:38 2016 daemon.notice netifd: Interface 'wan' has link connectivity
Thu Mar 31 15:56:38 2016 daemon.notice netifd: Interface 'wan' is setting up now
Thu Mar 31 15:56:38 2016 kern.notice kernel: [   75.354303] eth0: 1000 Mbps Full duplex, port 0
Thu Mar 31 15:56:38 2016 daemon.notice netifd: wan (3983): udhcpc (v1.23.2) started
Thu Mar 31 15:56:38 2016 daemon.notice netifd: wan (3983): Sending discover...
Thu Mar 31 15:56:39 2016 daemon.err snort[3391]: FATAL ERROR: /etc/snort/snort7.conf(120) Unknown rule type: prune_log_max.
Thu Mar 31 15:56:39 2016 user.emerg procd: Cannot change large-receive-offload
Thu Mar 31 15:56:41 2016 kern.notice kernel: [   78.304013] eth2: Link down


did find this in snort 7 about prune_log_max

preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp yes, \
   max_tcp 10000, \
   max_udp 10000, \
   max_active_responses 2, \
   min_response_seconds 5
   prune_log_max 1120810preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp yes, \
   max_tcp 10000, \
   max_udp 10000, \
   max_active_responses 2, \
   min_response_seconds 5
   prune_log_max 1120810
 any idea what to do to  or is then because i'm running 8942 rules?

reverted back at present.

Keep up the good work

roadrunnere42