Messages

Curiously, this happens for 2h5m each time (the past three times it has happened in the past couple weeks).  The probe is every 5 minutes, but the 2h mark is interesting, as it's not just that it's unavailable for a period, but that it's unavailable for a consistent period.

It's strange that it goes on for the same interval.  It seems to have a random start time (23:50, 17:50, 8:10) though has happened 3 times in the past two weeks.

Hopeful someone might have run into this and can help point me in the right direction.

Have OPNsense on physical hardware, with both public and private and provider nets on it.  Net-SNMP is listening on only the private Net on one internal IP. 

About once a week, for about 2.5 hours:

Net-SNMP has started simply not responding (timing out) to MRTG. It simply resumes on its own with no interaction or involvement after maybe 2.5 hours.  This happens for all targets (interfaces) on OPNsense [ie: \igc4:MYSECRET@10.100.70.1:::::2 / \lagg0:MYSECRET@10.100.70.1:::::2 / \wg0:MYSECRET@10.100.70.1:::::2].

MRTG works for all other hosts it polls.  There is no configuration change in it from when it was working.  We see it in the logs for MRTG with OPNsense timing out and any other router/server processing correctly.

OPNsense continues to route 15-20Mbps of traffic problem-free during that time, answer DNS queries, and do everything else it is supposed to.  Reporting|Health shows normal traffic on all interfaces during this time.  Processor load is about 6%.  States, CPU temp, memory (12% used), etc are all fairly constant.  Disk is used 2%.

There is nothing I have found in the logs on why it might not respond to SNMP requests.  The fact that it just starts working again hours later takes me away from configuration issues.  The fact that the host is otherwise accessible takes me away from thinking anything is wrong on the networking side.

Any insight on where I might look next?

[Is there any reason this is on by default? Is there any reason this should stay on (or be on by default)?]

The default firewall rules has a `let out anything from firewall host itself` and `let out anything from firewall host itself (force gw)`.  These have logging on by default (Firewall | Settings | Advanced | Logging -> Log packets matched from the default pass rules).

Is there any reason this is on by default?  Is there any reason this should stay on (or be on by default)?
Is the best choice to turn off this log once we know things are working?
Is the best choice just to add a manually-placed explicit rule that does the same thing but without logging?

If I understand correctly, this will effectively log every connection out from OPNsense, at a period where the docs say that there is limited log space available. 

If there any way to just make these still log but log to memory?  I'm fine with the logging, but don't want to wear out the SSD with writes.

Any guidance is appreciated.  Just surprised such a log heavy option was on by default.