OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: c-mu on May 27, 2022, 08:41:39 am
-
Hi,
we have not too long ago installed Zenarmor in the community edition for testing. We have left everything mostly on default settings and only the "Block Malware Activity" filter active.
Now we have noticed that sporadic network traffic between VLANs does not work properly. After a while it turned out that it was Zenarmor that was blocking the traffic. However, it was not directly obvious to us. I had looked under reports for threats and blocks, but did not see anything suspicious.
Long story short: is there a livelog where you can see blocking states directly?
Thank You!
-
Hi,
Reports - Blocks - Live Blocked Session Explorer shows the blocked Sessions. If you can not see the block info there, most probably it could be a netmap issue. Did you protect the individual VLAN interface(s) or parent interface?
-
So I personally don't consider this a "live" log. The logging of sensei makes it extremely difficult to find out what was blocked, why.
That's why I asked in this thread for a combined logging (OPNsense & sensei): https://forum.opnsense.org/index.php?topic=27812
-
Hi,
Did you try the filter? It is located in the Report menu. You can filter local connections, source-destination IPs, ports or etc.
-
There is live monitoring feature on each section.
See picture
-
And the refresh rate is by default none, so you have to select it.
Again see the picture
-
From my point of view this does not fullfill the user experiance of „life log“…
And the refresh rate is by default none, so you have to select it.
Again see the picture
-
not sure I understand your point... Do you understand that "live log" takes considerable resource? I'd recommend sending your data somewhere else to examine. OPSense should be busy to what it's doing not try to make it pretty watching page full of log blow right by the screen ever second.
-
That's pretty much all you get
Only live logs you can have are what Zenarmor GUI offers, to make it faster etc. you can install Database to external DB server which is recommended unless you have 8TB storage and 128GB RAM installed on your opnsense depending of course how much traffic there is at what speeds.
Zenarmor isn't exactly resource efficent and logs do take quite a bit of space and RAM overtime, having real time live log would hang most systems running it in few seconds, which is why minimum refresh rate is 1 minute.
-
Zenarmor only blocks public IPs and websites. So, it has otherwise little to do with traffic between VLANs, unless there is a bug.