Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 2600 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Log snort: WARNING: SMTP memcap exceeded.

LHerzog

Hi,

I'm seeing this logs on our SG 430 9.705-3

2021:02:02-09:57:08 firewall-2 ulogd[12675]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected"......
2021:02:02-09:58:05 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded.
2021:02:02-09:58:50 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded.
2021:02:02-09:59:34 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded.
2021:02:02-09:59:34 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded.
2021:02:02-09:59:41 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded.
2021:02:02-09:59:52 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded.
2021:02:02-09:59:56 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded.
2021:02:02-10:00:27 firewall-2 ulogd[12675]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected"......

Looks like it's still working as some blocks are also logged.

What does this mean? Found a very old post hera about the issue but no explanation.



This thread was automatically locked due to age.
  • 0

    We have exactly the same behaviour. 

    Model: SG430

    Firmwareversion: 9.705-3

    2021:02:09-12:56:28 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:56:29 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:56:32 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:56:32 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:56:32 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:56:41 ssl-2 ulogd[9994]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" ...
    2021:02:09-12:56:41 ssl-2 ulogd[9994]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" ...
    2021:02:09-12:56:41 ssl-2 ulogd[9994]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" ...
    2021:02:09-12:59:09 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:59:09 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:59:10 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:59:10 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
    2021:02:09-12:59:12 ssl-2 snort[4603]: WARNING: SMTP memcap exceeded.
  • 0

    Same here. UTM is randomly restarting also

Unfiltered HTML