OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: c-mu on May 27, 2022, 08:41:39 am

Title: is there a live log?
Post by: c-mu on May 27, 2022, 08:41:39 am: Hi,
we have not too long ago installed Zenarmor in the community edition for testing. We have left everything mostly on default settings and only the "Block Malware Activity" filter active.

Now we have noticed that sporadic network traffic between VLANs does not work properly. After a while it turned out that it was Zenarmor that was blocking the traffic. However, it was not directly obvious to us. I had looked under reports for threats and blocks, but did not see anything suspicious.

Long story short: is there a livelog where you can see blocking states directly?

Thank You!
Title: Re: is there a live log?
Post by: sy on May 27, 2022, 05:01:24 pm: Hi,

Reports - Blocks - Live Blocked Session Explorer shows the blocked Sessions. If you can not see the block info there, most probably it could be a netmap issue. Did you protect the individual VLAN interface(s) or parent interface?
Title: Re: is there a live log?
Post by: Mbl on June 19, 2022, 03:18:57 pm: So I personally don't consider this a "live" log. The logging of sensei makes it extremely difficult to find out what was blocked, why.
That's why I asked in this thread for a combined logging (OPNsense & sensei): https://forum.opnsense.org/index.php?topic=27812
Title: Re: is there a live log?
Post by: sy on June 21, 2022, 04:28:02 pm: Hi,

Did you try the filter? It is located in the Report menu. You can filter local connections, source-destination IPs, ports or etc.
Title: Re: is there a live log?
Post by: Vilhonator on June 22, 2022, 03:18:34 pm: There is live monitoring feature on each section.

See picture
Title: Re: is there a live log?
Post by: Vilhonator on June 22, 2022, 03:20:00 pm: And the refresh rate is by default none, so you have to select it.

Again see the picture
Title: Re: is there a live log?
Post by: Mbl on July 05, 2022, 04:32:07 pm: From my point of view this does not fullfill the user experiance of „life log“…

Quote from: Vilhonator on June 22, 2022, 03:20:00 pm
And the refresh rate is by default none, so you have to select it.

Again see the picture
Title: Re: is there a live log?
Post by: lilsense on July 05, 2022, 05:27:34 pm: not sure I understand your point... Do you understand that "live log" takes considerable resource? I'd recommend sending your data somewhere else to examine. OPSense should be busy to what it's doing not try to make it pretty watching page full of log blow right by the screen ever second.
Title: Re: is there a live log?
Post by: Vilhonator on July 05, 2022, 06:47:59 pm: That's pretty much all you get

Only live logs you can have are what Zenarmor GUI offers, to make it faster etc. you can install Database to external DB server which is recommended unless you have 8TB storage and 128GB RAM installed on your opnsense depending of course how much traffic there is at what speeds.

Zenarmor isn't exactly resource efficent and logs do take quite a bit of space and RAM overtime, having real time live log would hang most systems running it in few seconds, which is why minimum refresh rate is 1 minute.
Title: Re: is there a live log?
Post by: almodovaris on July 05, 2022, 11:22:24 pm: Zenarmor only blocks public IPs and websites. So, it has otherwise little to do with traffic between VLANs, unless there is a bug.