Enable IPS kills everything

Hi SLS Support,

Thank you for reaching out to Sophos Community.

What's the current pattern version on UTM? Confirm it with other location UTM units.

Please check IPS logs as well.

Go to Logging & Reporting > Subsystem: Intrusion Prevention System

==> To check IPS logs in to the advanced shell:

utm:/root # tail -f /var/log/ips.log

==> Please share output of below commands as well.

utm:/root # ls -lahr /var/storage/cores

utm:/root # version

The only thing I can tell is the Snort process fail to initialize.  

sophos-utm:/var/log # version

Current software version...: 9.705003
Hardware type..............: 210r3
Serial number..............: S230Dxxxxxxxxx
Installation image.........: 9.702-1.1
Installation type..........: ssi
Installed pattern version..: 197105
Downloaded pattern version.: 197105
Up2Dates applied...........: 3 (see below)
sys-9.702-9.703-1.3.3.tgz (Mar 6 23:01)
sys-9.703-9.704-3.2.3.tgz (Mar 6 23:02)
sys-9.704-9.705-2.3.1.tgz (Mar 6 23:02)
Up2Dates available.........: 0
Factory resets.............: 0
Timewarps detected.........: 1

sophos-utm:/var/log # ls -lahr /var/storage/cores
total 8.0K
drwxr-xr-x 13 root root 4.0K Nov 20 23:01 ..
drwx------ 2 root root 4.0K Jul 13 2020 .

less ips.log

2021:04:02-10:52:38 sophos-utm snort[2914]: Enabling inline operation
2021:04:02-10:52:38 sophos-utm snort[2914]: Running in IDS mode
2021:04:02-10:52:38 sophos-utm snort[2914]:
2021:04:02-10:52:38 sophos-utm snort[2914]: --== Initializing Snort ==--
2021:04:02-10:52:38 sophos-utm snort[2914]: Initializing Output Plugins!
2021:04:02-10:52:38 sophos-utm snort[2914]: Initializing Preprocessors!
2021:04:02-10:52:38 sophos-utm snort[2914]: Initializing Plug-ins!
2021:04:02-10:52:38 sophos-utm snort[2914]: Parsing Rules file "/etc/snort/snort.conf"
2021:04:02-10:52:39 sophos-utm snort[2914]: PortVar 'HTTP_PORTS' defined :
2021:04:02-10:52:39 sophos-utm snort[2914]: [ 80 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
2021:04:02-10:52:39 sophos-utm snort[2914]:
2021:04:02-10:52:39 sophos-utm snort[2914]: PortVar 'FILE_DATA_PORTS' defined :
2021:04:02-10:52:39 sophos-utm snort[2914]: [ 80 110 143 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
2021:04:02-10:52:39 sophos-utm snort[2914]:
2021:04:02-10:52:39 sophos-utm snort[2914]: PortVar 'SHELLCODE_PORTS' defined :
2021:04:02-10:52:39 sophos-utm snort[2914]: [ 0:79 81:65535 ]
2021:04:02-10:52:39 sophos-utm snort[2914]:
2021:04:02-10:52:39 sophos-utm snort[2914]: PortVar 'ORACLE_PORTS' defined :
2021:04:02-10:52:39 sophos-utm snort[2914]: [ 1024:65535 ]
2021:04:02-10:52:39 sophos-utm snort[2914]:
2021:04:02-10:52:39 sophos-utm snort[2914]: PortVar 'SSH_PORTS' defined :
2021:04:02-10:52:39 sophos-utm snort[2914]: [ 22 ]
2021:04:02-10:52:39 sophos-utm snort[2914]:
2021:04:02-10:52:39 sophos-utm snort[2914]: PortVar 'FTP_PORTS' defined :
2021:04:02-10:52:39 sophos-utm snort[2914]: [ 21 2100 3535 ]
2021:04:02-10:52:39 sophos-utm snort[2914]:
2021:04:02-10:52:39 sophos-utm snort[2914]: PortVar 'SIP_PORTS' defined :
2021:04:02-10:52:39 sophos-utm snort[2914]: [ 5060:5061 5600 ]
2021:04:02-10:52:39 sophos-utm snort[2914]:
2021:04:02-10:52:39 sophos-utm snort[2914]: Detection:
2021:04:02-10:52:39 sophos-utm snort[2914]: Search-Method = AC-Full-Q
2021:04:02-10:52:39 sophos-utm snort[2914]: Search-Method-Optimizations = enabled
2021:04:02-10:52:39 sophos-utm snort[2914]: Tagged Packet Limit: 256
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading all dynamic detection libs from /usr/lib/snort/so_rules/...
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//server-other.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-other.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//server-oracle.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//malware-other.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-webkit.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//netbios.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//file-image.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-other.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//pua-p2p.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//malware-cnc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-dns.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-tftp.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//server-mail.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-nntp.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//server-iis.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//exploit-kit.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//indicator-shellcode.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//policy-other.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//os-linux.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//file-other.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-chrome.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-snmp.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//file-pdf.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-scada.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//file-office.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-voip.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-ie.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//server-mysql.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//server-apache.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//os-windows.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//server-webapp.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//file-flash.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//os-other.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//file-java.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//file-executable.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//policy-social.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic detection library /usr/lib/snort/so_rules//file-multimedia.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Finished Loading all dynamic detection libs from /usr/lib/snort/so_rules/
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading all dynamic preprocessor libs from /usr/lib/snort/...
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_imap_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_reputation_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ssh_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dnp3_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_modbus_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dce2_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_sip_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dns_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_sdf_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_s7commplus_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_pop_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_smtp_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ftptelnet_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ssl_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Loading dynamic preprocessor library /usr/lib/snort//libsf_gtp_preproc.so...
2021:04:02-10:52:39 sophos-utm snort[2914]: done
2021:04:02-10:52:39 sophos-utm snort[2914]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort/
2021:04:02-10:52:39 sophos-utm snort[2914]: Log directory = /var/log/snort
2021:04:02-10:52:39 sophos-utm snort[2914]: Normalizer config:
2021:04:02-10:52:39 sophos-utm snort[2914]: ip4: on
2021:04:02-10:52:39 sophos-utm snort[2914]: ip4::df: off
2021:04:02-10:52:39 sophos-utm snort[2914]: ip4::rf: off
2021:04:02-10:52:39 sophos-utm snort[2914]: ip4::tos: off
2021:04:02-10:52:39 sophos-utm snort[2914]: ip4::trim: off
2021:04:02-10:52:39 sophos-utm snort[2914]: ip4::ttl: on (min=1, new=5)
2021:04:02-10:52:39 sophos-utm snort[2914]: Normalizer config:
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp: on
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::ecn: stream
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::block: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::rsv: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::pad: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::req_urg: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::req_pay: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::req_urp: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::urp: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::opt: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::ips: on
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::trim_syn: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::trim_rst: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::trim_win: off
2021:04:02-10:52:39 sophos-utm snort[2914]: tcp::trim_mss: off
2021:04:02-10:52:39 sophos-utm snort[2914]: Normalizer config:
2021:04:02-10:52:39 sophos-utm snort[2914]: icmp4: on
2021:04:02-10:52:39 sophos-utm snort[2914]: Normalizer config:
2021:04:02-10:52:39 sophos-utm snort[2914]: ip6: on
2021:04:02-10:52:39 sophos-utm snort[2914]: ip6::hops: on (min=1, new=5)
2021:04:02-10:52:39 sophos-utm snort[2914]: Normalizer config:
2021:04:02-10:52:39 sophos-utm snort[2914]: icmp6: on
2021:04:02-10:52:39 sophos-utm snort[2914]: Frag3 global config:
2021:04:02-10:52:39 sophos-utm snort[2914]: Max frags: 65536
2021:04:02-10:52:39 sophos-utm snort[2914]: Fragment memory cap: 4194304 bytes
2021:04:02-10:52:39 sophos-utm snort[2914]: Frag3 engine config:
2021:04:02-10:52:39 sophos-utm snort[2914]: Bound Address: default
2021:04:02-10:52:39 sophos-utm snort[2914]: Target-based policy: WINDOWS
2021:04:02-10:52:39 sophos-utm snort[2914]: Fragment timeout: 180 seconds
2021:04:02-10:52:39 sophos-utm snort[2914]: Fragment min_ttl: 1
2021:04:02-10:52:39 sophos-utm snort[2914]: Fragment Anomalies: Alert
2021:04:02-10:52:39 sophos-utm snort[2914]: Overlap Limit: 10
2021:04:02-10:52:39 sophos-utm snort[2914]: Min fragment Length: 100
2021:04:02-10:52:39 sophos-utm snort[2914]: Max Expected Streams: 768
2021:04:02-10:52:39 sophos-utm snort[2914]: Stream global config:
2021:04:02-10:52:39 sophos-utm snort[2914]: Track TCP sessions: ACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: Max TCP sessions: 262144
2021:04:02-10:52:39 sophos-utm snort[2914]: TCP cache pruning timeout: 30 seconds
2021:04:02-10:52:39 sophos-utm snort[2914]: TCP cache nominal timeout: 3600 seconds
2021:04:02-10:52:39 sophos-utm snort[2914]: Memcap (for reassembly packet storage): 8388608
2021:04:02-10:52:39 sophos-utm snort[2914]: Track UDP sessions: ACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: Max UDP sessions: 131072
2021:04:02-10:52:39 sophos-utm snort[2914]: UDP cache pruning timeout: 30 seconds
2021:04:02-10:52:39 sophos-utm snort[2914]: UDP cache nominal timeout: 180 seconds
2021:04:02-10:52:39 sophos-utm snort[2914]: Track ICMP sessions: INACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: Track IP sessions: INACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: Log info if session memory consumption exceeds 1048576
2021:04:02-10:52:39 sophos-utm snort[2914]: Send up to 2 active responses
2021:04:02-10:52:39 sophos-utm snort[2914]: Wait at least 5 seconds between responses
2021:04:02-10:52:39 sophos-utm snort[2914]: Protocol Aware Flushing: ACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: Maximum Flush Point: 16000
2021:04:02-10:52:39 sophos-utm snort[2914]: Stream TCP Policy config:
2021:04:02-10:52:39 sophos-utm snort[2914]: Bound Address: default
2021:04:02-10:52:39 sophos-utm snort[2914]: Reassembly Policy: WINDOWS
2021:04:02-10:52:39 sophos-utm snort[2914]: Timeout: 180 seconds
2021:04:02-10:52:39 sophos-utm snort[2914]: Limit on TCP Overlaps: 10
2021:04:02-10:52:39 sophos-utm snort[2914]: Maximum number of bytes to queue per session: 1048576
2021:04:02-10:52:39 sophos-utm snort[2914]: Maximum number of segs to queue per session: 2621
2021:04:02-10:52:39 sophos-utm snort[2914]: Options:
2021:04:02-10:52:39 sophos-utm snort[2914]: Require 3-Way Handshake: YES
2021:04:02-10:52:39 sophos-utm snort[2914]: 3-Way Handshake Timeout: 180
2021:04:02-10:52:39 sophos-utm snort[2914]: Detect Anomalies: YES
2021:04:02-10:52:39 sophos-utm snort[2914]: Reassembly Ports:
2021:04:02-10:52:39 sophos-utm snort[2914]: 21 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 22 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 23 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 25 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 42 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 53 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 79 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 80 client (Footprint-IPS) server (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 81 client (Footprint-IPS) server (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 109 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 110 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 111 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 113 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 119 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 135 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 136 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 137 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 139 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 143 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: 161 client (Footprint-IPS)
2021:04:02-10:52:39 sophos-utm snort[2914]: additional ports configured but not printed.
2021:04:02-10:52:39 sophos-utm snort[2914]: Stream UDP Policy config:
2021:04:02-10:52:39 sophos-utm snort[2914]: Timeout: 180 seconds
2021:04:02-10:52:39 sophos-utm snort[2914]: HttpInspect Config:
2021:04:02-10:52:39 sophos-utm snort[2914]: GLOBAL CONFIG
2021:04:02-10:52:39 sophos-utm snort[2914]: Detect Proxy Usage: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: IIS Unicode Map Filename: /etc/snort/unicode.map
2021:04:02-10:52:39 sophos-utm snort[2914]: IIS Unicode Map Codepage: 1252
2021:04:02-10:52:39 sophos-utm snort[2914]: Memcap used for logging URI and Hostname: 150994944
2021:04:02-10:52:39 sophos-utm snort[2914]: Max Gzip Memory: 838860
2021:04:02-10:52:39 sophos-utm snort[2914]: Max Gzip Sessions: 2688
2021:04:02-10:52:39 sophos-utm snort[2914]: Gzip Compress Depth: 65535
2021:04:02-10:52:39 sophos-utm snort[2914]: Gzip Decompress Depth: 65535
2021:04:02-10:52:39 sophos-utm snort[2914]: DEFAULT SERVER CONFIG:
2021:04:02-10:52:39 sophos-utm snort[2914]: Server profile: All
2021:04:02-10:52:39 sophos-utm snort[2914]: Ports (PAF): 80 311 591 593 901 1220 1414 2301 2381 2809 3128 3702 7777 7779 8000 8008 8028 8080 8118 8123 8180 8243 8280 8888 9443 9999 11371
2021:04:02-10:52:39 sophos-utm snort[2914]: Server Flow Depth: 0
2021:04:02-10:52:39 sophos-utm snort[2914]: Client Flow Depth: 0
2021:04:02-10:52:39 sophos-utm snort[2914]: Max Chunk Length: 500000
2021:04:02-10:52:39 sophos-utm snort[2914]: Max Header Field Length: 750
2021:04:02-10:52:39 sophos-utm snort[2914]: Max Number Header Fields: 100
2021:04:02-10:52:39 sophos-utm snort[2914]: Max Number of WhiteSpaces allowed with header folding: 200
2021:04:02-10:52:39 sophos-utm snort[2914]: Inspect Pipeline Requests: YES
2021:04:02-10:52:39 sophos-utm snort[2914]: URI Discovery Strict Mode: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Allow Proxy Usage: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Disable Alerting: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Oversize Dir Length: 500
2021:04:02-10:52:39 sophos-utm snort[2914]: Only inspect URI: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Normalize HTTP Headers: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Inspect HTTP Cookies: YES
2021:04:02-10:52:39 sophos-utm snort[2914]: Inspect HTTP Responses: YES
2021:04:02-10:52:39 sophos-utm snort[2914]: Extract Gzip from responses: YES
2021:04:02-10:52:39 sophos-utm snort[2914]: Decompress response files:
2021:04:02-10:52:39 sophos-utm snort[2914]: Unlimited decompression of gzip data from responses: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Normalize Javascripts in HTTP Responses: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Normalize HTTP Cookies: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Enable XFF and True Client IP: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Log HTTP URI data: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Log HTTP Hostname data: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Extended ASCII code support in URI: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Ascii: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Double Decoding: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: %U Encoding: YES alert: YES
2021:04:02-10:52:39 sophos-utm snort[2914]: Bare Byte: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: UTF 8: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: IIS Unicode: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Multiple Slash: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: IIS Backslash: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Directory Traversal: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Web Root Traversal: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: Apache WhiteSpace: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: IIS Delimiter: YES alert: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
2021:04:02-10:52:39 sophos-utm snort[2914]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
2021:04:02-10:52:39 sophos-utm snort[2914]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
2021:04:02-10:52:39 sophos-utm snort[2914]: Legacy mode: NO
2021:04:02-10:52:39 sophos-utm snort[2914]: rpc_decode arguments:
2021:04:02-10:52:39 sophos-utm snort[2914]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
2021:04:02-10:52:39 sophos-utm snort[2914]: alert_fragments: INACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: alert_large_fragments: INACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: alert_incomplete: INACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: alert_multiple_requests: INACTIVE
2021:04:02-10:52:39 sophos-utm snort[2914]: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_S7COMMPLUS version 1.0.1 (-1)
2021:04:02-10:52:44 sophos-utm snort[2933]: Enabling inline operation
2021:04:02-10:52:44 sophos-utm snort[2933]: Running in IDS mode
2021:04:02-10:52:44 sophos-utm snort[2933]:
2021:04:02-10:52:44 sophos-utm snort[2933]: --== Initializing Snort ==--
2021:04:02-10:52:44 sophos-utm snort[2933]: Initializing Output Plugins!
2021:04:02-10:52:44 sophos-utm snort[2933]: Initializing Preprocessors!
2021:04:02-10:52:44 sophos-utm snort[2933]: Initializing Plug-ins!
2021:04:02-10:52:44 sophos-utm snort[2933]: Parsing Rules file "/etc/snort/snort.conf"
2021:04:02-10:52:45 sophos-utm snort[2933]: PortVar 'HTTP_PORTS' defined :
2021:04:02-10:52:45 sophos-utm snort[2933]: [ 80 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
2021:04:02-10:52:45 sophos-utm snort[2933]:
2021:04:02-10:52:45 sophos-utm snort[2933]: PortVar 'FILE_DATA_PORTS' defined :
2021:04:02-10:52:45 sophos-utm snort[2933]: [ 80 110 143 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
2021:04:02-10:52:45 sophos-utm snort[2933]:
2021:04:02-10:52:45 sophos-utm snort[2933]: PortVar 'SHELLCODE_PORTS' defined :
2021:04:02-10:52:45 sophos-utm snort[2933]: [ 0:79 81:65535 ]
2021:04:02-10:52:45 sophos-utm snort[2933]:
2021:04:02-10:52:45 sophos-utm snort[2933]: PortVar 'ORACLE_PORTS' defined :
2021:04:02-10:52:45 sophos-utm snort[2933]: [ 1024:65535 ]
2021:04:02-10:52:45 sophos-utm snort[2933]:
2021:04:02-10:52:45 sophos-utm snort[2933]: PortVar 'SSH_PORTS' defined :
2021:04:02-10:52:45 sophos-utm snort[2933]: [ 22 ]
2021:04:02-10:52:45 sophos-utm snort[2933]:
2021:04:02-10:52:45 sophos-utm snort[2933]: PortVar 'FTP_PORTS' defined :
2021:04:02-10:52:45 sophos-utm snort[2933]: [ 21 2100 3535 ]
2021:04:02-10:52:45 sophos-utm snort[2933]:
2021:04:02-10:52:45 sophos-utm snort[2933]: PortVar 'SIP_PORTS' defined :
2021:04:02-10:52:45 sophos-utm snort[2933]: [ 5060:5061 5600 ]
2021:04:02-10:52:45 sophos-utm snort[2933]:
2021:04:02-10:52:45 sophos-utm snort[2933]: Detection:
2021:04:02-10:52:45 sophos-utm snort[2933]: Search-Method = AC-Full-Q
2021:04:02-10:52:45 sophos-utm snort[2933]: Search-Method-Optimizations = enabled
2021:04:02-10:52:45 sophos-utm snort[2933]: Tagged Packet Limit: 256
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading all dynamic detection libs from /usr/lib/snort/so_rules/...
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//server-other.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-other.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//server-oracle.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//malware-other.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-webkit.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//netbios.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//file-image.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-other.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//pua-p2p.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//malware-cnc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-dns.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-tftp.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//server-mail.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-nntp.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//server-iis.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//exploit-kit.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//indicator-shellcode.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//policy-other.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//os-linux.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//file-other.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-chrome.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-snmp.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//file-pdf.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-scada.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//file-office.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-voip.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-ie.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//server-mysql.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//server-apache.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//os-windows.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//server-webapp.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//file-flash.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//os-other.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//file-java.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//file-executable.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//policy-social.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic detection library /usr/lib/snort/so_rules//file-multimedia.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Finished Loading all dynamic detection libs from /usr/lib/snort/so_rules/
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading all dynamic preprocessor libs from /usr/lib/snort/...
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_imap_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_reputation_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ssh_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dnp3_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_modbus_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dce2_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_sip_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dns_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_sdf_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_s7commplus_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_pop_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_smtp_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ftptelnet_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ssl_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Loading dynamic preprocessor library /usr/lib/snort//libsf_gtp_preproc.so...
2021:04:02-10:52:45 sophos-utm snort[2933]: done
2021:04:02-10:52:45 sophos-utm snort[2933]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort/
2021:04:02-10:52:45 sophos-utm snort[2933]: Log directory = /var/log/snort
2021:04:02-10:52:45 sophos-utm snort[2933]: Normalizer config:
2021:04:02-10:52:45 sophos-utm snort[2933]: ip4: on
2021:04:02-10:52:45 sophos-utm snort[2933]: ip4::df: off
2021:04:02-10:52:45 sophos-utm snort[2933]: ip4::rf: off
2021:04:02-10:52:45 sophos-utm snort[2933]: ip4::tos: off
2021:04:02-10:52:45 sophos-utm snort[2933]: ip4::trim: off
2021:04:02-10:52:45 sophos-utm snort[2933]: ip4::ttl: on (min=1, new=5)
2021:04:02-10:52:45 sophos-utm snort[2933]: Normalizer config:
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp: on
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::ecn: stream
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::block: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::rsv: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::pad: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::req_urg: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::req_pay: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::req_urp: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::urp: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::opt: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::ips: on
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::trim_syn: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::trim_rst: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::trim_win: off
2021:04:02-10:52:45 sophos-utm snort[2933]: tcp::trim_mss: off
2021:04:02-10:52:45 sophos-utm snort[2933]: Normalizer config:
2021:04:02-10:52:45 sophos-utm snort[2933]: icmp4: on
2021:04:02-10:52:45 sophos-utm snort[2933]: Normalizer config:
2021:04:02-10:52:45 sophos-utm snort[2933]: ip6: on
2021:04:02-10:52:45 sophos-utm snort[2933]: ip6::hops: on (min=1, new=5)
2021:04:02-10:52:45 sophos-utm snort[2933]: Normalizer config:
2021:04:02-10:52:45 sophos-utm snort[2933]: icmp6: on
2021:04:02-10:52:45 sophos-utm snort[2933]: Frag3 global config:
2021:04:02-10:52:45 sophos-utm snort[2933]: Max frags: 65536
2021:04:02-10:52:45 sophos-utm snort[2933]: Fragment memory cap: 4194304 bytes
2021:04:02-10:52:45 sophos-utm snort[2933]: Frag3 engine config:
2021:04:02-10:52:45 sophos-utm snort[2933]: Bound Address: default
2021:04:02-10:52:45 sophos-utm snort[2933]: Target-based policy: WINDOWS
2021:04:02-10:52:45 sophos-utm snort[2933]: Fragment timeout: 180 seconds
2021:04:02-10:52:45 sophos-utm snort[2933]: Fragment min_ttl: 1
2021:04:02-10:52:45 sophos-utm snort[2933]: Fragment Anomalies: Alert
2021:04:02-10:52:45 sophos-utm snort[2933]: Overlap Limit: 10
2021:04:02-10:52:45 sophos-utm snort[2933]: Min fragment Length: 100
2021:04:02-10:52:45 sophos-utm snort[2933]: Max Expected Streams: 768
2021:04:02-10:52:45 sophos-utm snort[2933]: Stream global config:
2021:04:02-10:52:45 sophos-utm snort[2933]: Track TCP sessions: ACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: Max TCP sessions: 262144
2021:04:02-10:52:45 sophos-utm snort[2933]: TCP cache pruning timeout: 30 seconds
2021:04:02-10:52:45 sophos-utm snort[2933]: TCP cache nominal timeout: 3600 seconds
2021:04:02-10:52:45 sophos-utm snort[2933]: Memcap (for reassembly packet storage): 8388608
2021:04:02-10:52:45 sophos-utm snort[2933]: Track UDP sessions: ACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: Max UDP sessions: 131072
2021:04:02-10:52:45 sophos-utm snort[2933]: UDP cache pruning timeout: 30 seconds
2021:04:02-10:52:45 sophos-utm snort[2933]: UDP cache nominal timeout: 180 seconds
2021:04:02-10:52:45 sophos-utm snort[2933]: Track ICMP sessions: INACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: Track IP sessions: INACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: Log info if session memory consumption exceeds 1048576
2021:04:02-10:52:45 sophos-utm snort[2933]: Send up to 2 active responses
2021:04:02-10:52:45 sophos-utm snort[2933]: Wait at least 5 seconds between responses
2021:04:02-10:52:45 sophos-utm snort[2933]: Protocol Aware Flushing: ACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: Maximum Flush Point: 16000
2021:04:02-10:52:45 sophos-utm snort[2933]: Stream TCP Policy config:
2021:04:02-10:52:45 sophos-utm snort[2933]: Bound Address: default
2021:04:02-10:52:45 sophos-utm snort[2933]: Reassembly Policy: WINDOWS
2021:04:02-10:52:45 sophos-utm snort[2933]: Timeout: 180 seconds
2021:04:02-10:52:45 sophos-utm snort[2933]: Limit on TCP Overlaps: 10
2021:04:02-10:52:45 sophos-utm snort[2933]: Maximum number of bytes to queue per session: 1048576
2021:04:02-10:52:45 sophos-utm snort[2933]: Maximum number of segs to queue per session: 2621
2021:04:02-10:52:45 sophos-utm snort[2933]: Options:
2021:04:02-10:52:45 sophos-utm snort[2933]: Require 3-Way Handshake: YES
2021:04:02-10:52:45 sophos-utm snort[2933]: 3-Way Handshake Timeout: 180
2021:04:02-10:52:45 sophos-utm snort[2933]: Detect Anomalies: YES
2021:04:02-10:52:45 sophos-utm snort[2933]: Reassembly Ports:
2021:04:02-10:52:45 sophos-utm snort[2933]: 21 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 22 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 23 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 25 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 42 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 53 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 79 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 80 client (Footprint-IPS) server (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 81 client (Footprint-IPS) server (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 109 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 110 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 111 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 113 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 119 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 135 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 136 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 137 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 139 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 143 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: 161 client (Footprint-IPS)
2021:04:02-10:52:45 sophos-utm snort[2933]: additional ports configured but not printed.
2021:04:02-10:52:45 sophos-utm snort[2933]: Stream UDP Policy config:
2021:04:02-10:52:45 sophos-utm snort[2933]: Timeout: 180 seconds
2021:04:02-10:52:45 sophos-utm snort[2933]: HttpInspect Config:
2021:04:02-10:52:45 sophos-utm snort[2933]: GLOBAL CONFIG
2021:04:02-10:52:45 sophos-utm snort[2933]: Detect Proxy Usage: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: IIS Unicode Map Filename: /etc/snort/unicode.map
2021:04:02-10:52:45 sophos-utm snort[2933]: IIS Unicode Map Codepage: 1252
2021:04:02-10:52:45 sophos-utm snort[2933]: Memcap used for logging URI and Hostname: 150994944
2021:04:02-10:52:45 sophos-utm snort[2933]: Max Gzip Memory: 838860
2021:04:02-10:52:45 sophos-utm snort[2933]: Max Gzip Sessions: 2688
2021:04:02-10:52:45 sophos-utm snort[2933]: Gzip Compress Depth: 65535
2021:04:02-10:52:45 sophos-utm snort[2933]: Gzip Decompress Depth: 65535
2021:04:02-10:52:45 sophos-utm snort[2933]: DEFAULT SERVER CONFIG:
2021:04:02-10:52:45 sophos-utm snort[2933]: Server profile: All
2021:04:02-10:52:45 sophos-utm snort[2933]: Ports (PAF): 80 311 591 593 901 1220 1414 2301 2381 2809 3128 3702 7777 7779 8000 8008 8028 8080 8118 8123 8180 8243 8280 8888 9443 9999 11371
2021:04:02-10:52:45 sophos-utm snort[2933]: Server Flow Depth: 0
2021:04:02-10:52:45 sophos-utm snort[2933]: Client Flow Depth: 0
2021:04:02-10:52:45 sophos-utm snort[2933]: Max Chunk Length: 500000
2021:04:02-10:52:45 sophos-utm snort[2933]: Max Header Field Length: 750
2021:04:02-10:52:45 sophos-utm snort[2933]: Max Number Header Fields: 100
2021:04:02-10:52:45 sophos-utm snort[2933]: Max Number of WhiteSpaces allowed with header folding: 200
2021:04:02-10:52:45 sophos-utm snort[2933]: Inspect Pipeline Requests: YES
2021:04:02-10:52:45 sophos-utm snort[2933]: URI Discovery Strict Mode: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Allow Proxy Usage: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Disable Alerting: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Oversize Dir Length: 500
2021:04:02-10:52:45 sophos-utm snort[2933]: Only inspect URI: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Normalize HTTP Headers: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Inspect HTTP Cookies: YES
2021:04:02-10:52:45 sophos-utm snort[2933]: Inspect HTTP Responses: YES
2021:04:02-10:52:45 sophos-utm snort[2933]: Extract Gzip from responses: YES
2021:04:02-10:52:45 sophos-utm snort[2933]: Decompress response files:
2021:04:02-10:52:45 sophos-utm snort[2933]: Unlimited decompression of gzip data from responses: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Normalize Javascripts in HTTP Responses: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Normalize HTTP Cookies: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Enable XFF and True Client IP: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Log HTTP URI data: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Log HTTP Hostname data: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Extended ASCII code support in URI: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Ascii: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Double Decoding: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: %U Encoding: YES alert: YES
2021:04:02-10:52:45 sophos-utm snort[2933]: Bare Byte: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: UTF 8: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: IIS Unicode: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Multiple Slash: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: IIS Backslash: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Directory Traversal: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Web Root Traversal: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: Apache WhiteSpace: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: IIS Delimiter: YES alert: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
2021:04:02-10:52:45 sophos-utm snort[2933]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
2021:04:02-10:52:45 sophos-utm snort[2933]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
2021:04:02-10:52:45 sophos-utm snort[2933]: Legacy mode: NO
2021:04:02-10:52:45 sophos-utm snort[2933]: rpc_decode arguments:
2021:04:02-10:52:45 sophos-utm snort[2933]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
2021:04:02-10:52:45 sophos-utm snort[2933]: alert_fragments: INACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: alert_large_fragments: INACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: alert_incomplete: INACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: alert_multiple_requests: INACTIVE
2021:04:02-10:52:45 sophos-utm snort[2933]: FATAL ERROR: Failed to initialize dynamic preprocessor: SF_S7COMMPLUS version 1.0.1 (-1)

This is apparently not a configuration error and you're probably not concerned with losing logs or reporting data, so I think I would get several configuration backups off the unit and reload it from ISO.  From UTM Support Downloads, use the ssi ISO for a Sophos appliance and the asg ISO for other computers.  Once you've re-imaged the device, restore by rebooting with a USB memory stick inserted that has a config backup in its root directory.Let us know your results.

Cheers - Bob

This is apparently not a configuration error and you're probably not concerned with losing logs or reporting data, so I think I would get several configuration backups off the unit and reload it from ISO.  From UTM Support Downloads, use the ssi ISO for a Sophos appliance and the asg ISO for other computers.  Once you've re-imaged the device, restore by rebooting with a USB memory stick inserted that has a config backup in its root directory.Let us know your results.

Cheers - Bob