This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Initializing Snort

Yesterday our customers experienced a 30 - 45 second outage(I know that nota long time but our application can't handle any outages). Neither of the UTM's went down nor did we have a failover between the two of them. The only thing I can find in the logs matching the outage time is a "--== Initializing Snort ==--" in the IPS log. When the initialization was completed we then got a "Commencing packet processing"

Did the IPS reinitialize midday?
Is this normal behavior?
Could have someone tried to do something malicious/ignorant to cause this to happen?

TIA

TPires

This thread was automatically locked due to age.

0 BAlfson over 12 years ago

Hi, and welcome to the User BB!

I see you registered almost three years ago, so this probably isn't a new installation or a configuration problem. Check the User Authentication log to see if anyone was in WebAdmin at the time. Check the SSH Server log to see if anyone was at the command line remotely. I don't know if logins from the console are logged.

Cheers - Bob
PS When starting a thread, please remember to state the exact version - 8.309?
Cancel
Vote Up 0 Vote Down

Cancel
0 tpires over 12 years ago

Thanks for the Response Bob.

Nope these particular 320's have been up for almost 2 years now. They are currently running 8.308.

The SSH logs are at 0 bytes as shell access is disabled. I've also went through the WebAdmin log's. There have been no changes to any of the IPS settings in at least the last week.

Thanks Again,
Tpires
Cancel
Vote Up 0 Vote Down

Cancel
0 ManuelKarl over 12 years ago in reply to tpires

Hello,

maybe an up2date-package (snort) causes the ips-module to restart?

Greetings,

Manuel
Cancel
Vote Up 0 Vote Down

Cancel