2014:02:22-10:41:20 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 233 ssns remain. memcap: 8087184/8388608
2014:02:22-10:41:23 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 238 ssns remain. memcap: 8182072/8388608
2014:02:22-10:41:23 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 240 ssns remain. memcap: 8125371/8388608
2014:02:22-10:41:23 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 239 ssns remain. memcap: 8286820/8388608
2014:02:22-10:41:24 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 239 ssns remain. memcap: 8307715/8388608
2014:02:22-10:41:24 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 235 ssns remain. memcap: 8261371/8388608
2014:02:22-10:41:24 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 233 ssns remain. memcap: 8220404/8388608
2014:02:22-10:41:25 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 233 ssns remain. memcap: 8214837/8388608
2014:02:22-10:41:25 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 231 ssns remain. memcap: 8194401/8388608
2014:02:22-10:41:25 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 229 ssns remain. memcap: 8245679/8388608
2014:02:22-10:41:25 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 227 ssns remain. memcap: 8154712/8388608
2014:02:22-10:41:28 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 235 ssns remain. memcap: 8219175/8388608
2014:02:22-10:41:28 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 234 ssns remain. memcap: 8240161/8388608
2014:02:22-10:41:28 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 231 ssns remain. memcap: 8236323/8388608
2014:02:22-10:41:29 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 234 ssns remain. memcap: 8267112/8388608
2014:02:22-10:41:30 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 234 ssns remain. memcap: 8249319/8388608
2014:02:22-10:41:30 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 232 ssns remain. memcap: 8214192/8388608
2014:02:22-10:41:30 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 231 ssns remain. memcap: 8222402/8388608
2014:02:22-10:41:31 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 234 ssns remain. memcap: 8265557/8388608
2014:02:22-10:41:31 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 232 ssns remain. memcap: 8167157/8388608
2014:02:22-10:41:34 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 241 ssns remain. memcap: 8176331/8388608
2014:02:22-10:41:40 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 248 ssns remain. memcap: 8272455/8388608
2014:02:22-10:41:43 utm snort[7111]: S5: Pruned 5 sessions from cache for memcap. 250 ssns remain. memcap: 8276746/8388608
It's not just these rules, but they are continuing to keep coming (a lot). I have a lot of traffice 20+ Mbps on the WAN on the In - side of the interface list (so looks like traffic coming in). Youtube suddenly isn't watchable anymore (a lot of long freezes).
While I am typing this, the traffic stopped and youtube is normal again. Also the traffic seems normal again.
Firewall log didn't show anything strange and looked quite normal.
Memory usage was about normal.
I did however shut down my IPv6 Tunnel, since that was also showing a high bandwidth usage, but the snort rules kept coming for several minutes after shutting down IPv6.
Going to re-enable the IPv6 tunnel now and will see if this comes back.
This thread was automatically locked due to age.
