1
21.1 Legacy Series / Re: Problem with sending logs to graylog
« on: August 05, 2021, 11:58:50 am »
I have now tried to upgrade to latest Opnsense version 21.7, but still it doesn't work as it should.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
21.1 Legacy Series / Re: Problem with sending logs to graylog
« on: July 29, 2021, 11:44:48 am »
Actually it started to work on the same day when i wrote original post here. Well at least it is sending the messages to graylog, but there still seems to be one problem. For some of the opnsense events it takes over 1,5hours to send the message. I have checked that the problem is on the opnsense side as the message arrives to graylog 1,5hours later and it has current timestamp from opnsense although event happened 1,5hours before.
Some of the messages are sent right way such as the messages which can be seen on this thread in the screenshot (for example message: "OPNsense.hosts openvpn[37083]: MANAGEMENT....".
For me it looks like the messages that have "MANAGEMENT" text in it are sent right away and everything else takes longer time.
Some of the messages are sent right way such as the messages which can be seen on this thread in the screenshot (for example message: "OPNsense.hosts openvpn[37083]: MANAGEMENT....".
For me it looks like the messages that have "MANAGEMENT" text in it are sent right away and everything else takes longer time.
3
21.1 Legacy Series / Problem with sending logs to graylog
« on: July 22, 2021, 03:15:33 pm »
I have Opnsense 21.1.8_1-amd64 installed on APU2 board. I have also setup working Graylog 4.0.9 server, which I have used to log all messages from different servers and devices.
I tried to get opnsense to send audit and openvpn logs (system ->settings->logging /targets options) to graylog, but it sends only openvpn logs. All other servers are working as expected and those can send logs to graylog, but opnsense doesn't. I have setup opnsense to send logs to syslog UDP input, but only openvpn logs are coming in.
I also noticed that opnsense sends some of the openvpn logs to the graylog. For example it does not send this openvpn log event "openvpn[37083] USERHERE/IPHERE:PORT SIGTERM[soft,remote-exit] received, client-instance exiting", but this is sent to graylog "openvpn[37083] MANAGEMENT: CMD 'quit'".
The weird part is that it worked yesterday when I setup remote logging, but after I changed graylog ip address (as the server was moved) it stopped to work and opnsense sent only some of the messages (only openvpn logs).
This is what I have tried so far:
-remove logging and recreate the settings-
-reboot
-restart services
I have attached screenshots of the opnsense setup and events from graylog that are sent to graylog.
I tried to get opnsense to send audit and openvpn logs (system ->settings->logging /targets options) to graylog, but it sends only openvpn logs. All other servers are working as expected and those can send logs to graylog, but opnsense doesn't. I have setup opnsense to send logs to syslog UDP input, but only openvpn logs are coming in.
I also noticed that opnsense sends some of the openvpn logs to the graylog. For example it does not send this openvpn log event "openvpn[37083] USERHERE/IPHERE:PORT SIGTERM[soft,remote-exit] received, client-instance exiting", but this is sent to graylog "openvpn[37083] MANAGEMENT: CMD 'quit'".
The weird part is that it worked yesterday when I setup remote logging, but after I changed graylog ip address (as the server was moved) it stopped to work and opnsense sent only some of the messages (only openvpn logs).
This is what I have tried so far:
-remove logging and recreate the settings-
-reboot
-restart services
I have attached screenshots of the opnsense setup and events from graylog that are sent to graylog.
4
Web Proxy Filtering and Caching / haproxy SSL offload and nextcloud
« on: March 27, 2020, 02:02:44 pm »
I have haproxy running in opnsense system. Opnsense offloads the SSL and passes the connection nextcloud, which is located in the docker container. Is there any possibility to pass real client IP address to this nextcloud setup?
5
19.7 Legacy Series / Re: Problem with settings up Opnsense & Graylog
« on: July 22, 2019, 02:49:41 pm »
so i don't need to setup that "logging" section for graylog at all? I should only configure "logging /targets" section and disable remote logging in "logging" section?
6
19.7 Legacy Series / Re: Problem with settings up Opnsense & Graylog
« on: July 22, 2019, 02:12:54 pm »
I just tested the setup with older version 19.1.x and it seems to be working ok. When i upgrade the system to version 19.7 it stops sending logs to graylog.
Also I noticed that there is new logging section in opnsense called "Settings" -> "Logging / targets", but there is no guide/manual about that part. Is that something that needs to be set in version 19.7?
Also I noticed that there is new logging section in opnsense called "Settings" -> "Logging / targets", but there is no guide/manual about that part. Is that something that needs to be set in version 19.7?
7
19.7 Legacy Series / Problem with settings up Opnsense & Graylog
« on: July 21, 2019, 11:30:49 pm »
I have Opnsense 19.7 installed on APU2 board. I have also setup working Graylog 2.4.7 server, which I have used to log all messages from different servers for many years.
I now tried to get opnsense to send logs (settings ->logging->remote logging options) to graylog, but it doesn't seem to be sending any logs at all. All other servers are working as expected and those can send logs to graylog, but opnsense doesn't. I have setup opnsense to send logs to syslog UDP input, but nothing is coming in. Any suggestions what I'm doing wrong in here? I also checked opnsense firewall log, but nothing is being sent out to graylog according to those logs.
I now tried to get opnsense to send logs (settings ->logging->remote logging options) to graylog, but it doesn't seem to be sending any logs at all. All other servers are working as expected and those can send logs to graylog, but opnsense doesn't. I have setup opnsense to send logs to syslog UDP input, but nothing is coming in. Any suggestions what I'm doing wrong in here? I also checked opnsense firewall log, but nothing is being sent out to graylog according to those logs.
8
17.7 Legacy Series / Re: APU2 board not booting installer from USB stick
« on: November 29, 2017, 05:09:20 pm »
Hi,
Thank you for your reply. I tried with fourth usb stick and that worked. I guess the system was bit picky on what usb brank to use. All of the sticks were USB 2.0.
Thank you for your reply. I tried with fourth usb stick and that worked. I guess the system was bit picky on what usb brank to use. All of the sticks were USB 2.0.
9
17.7 Legacy Series / APU2 board not booting installer from USB stick
« on: November 22, 2017, 08:27:45 am »
I yesterday tried to install OPNsense to my APU2 board, but got an error message saying "Mounting from ufs:/dev/ufs/OPNsense_Install failed with error 19.". This is what I have tried so far:
-boot from 3 different usb sticks (sandisk, samsung and lexar) all usb sticks had over 1gb space
-tinycore boots ok
-i managed to install opnsense nano image to msata disk with tinycore from usb stick. but i need the full version. Or is there possibility to change nano to full version somehow?
-used command at the boot loader: set kern.cam.boot_delay="10000"
-tried 17.1 and 17.7 amd64 serial images: OPNsense-17.7.5-OpenSSL-serial-amd64.img.bz2 and OPNsense-17.1.4-OpenSSL-serial-amd64.img.bz2.
-I have another APU2 board working, but can't remember which opnsense version I used back then. That board gives same errors with those 3 usb sticks.
-Used DD and win32imager to write the image to usb sticks
Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]...
mountroot: waiting for device /dev/ufs/OPNsense_Install ...
Mounting from ufs:/dev/ufs/OPNsense_Install failed with error 19.
Loader variables:
vfs.root.mountfrom=ufs:/dev/ufs/OPNsense_Install
vfs.root.mountfrom.options=ro,noatime
Manual root filesystem specification:
<fstype>:<device> [options]
Mount <device> using filesystem <fstype>
and with the specified (optional) option list.
eg. ufs:/dev/da0s1a
zfs:tank
cd9660:/dev/acd0 ro
(which is equivalent to: mount -t cd9660 -o ro /dev/acd0 /)
? List valid disk boot devices
. Yield 1 second (for background tasks)
<empty line> Abort manual input
mountroot>
-boot from 3 different usb sticks (sandisk, samsung and lexar) all usb sticks had over 1gb space
-tinycore boots ok
-i managed to install opnsense nano image to msata disk with tinycore from usb stick. but i need the full version. Or is there possibility to change nano to full version somehow?
-used command at the boot loader: set kern.cam.boot_delay="10000"
-tried 17.1 and 17.7 amd64 serial images: OPNsense-17.7.5-OpenSSL-serial-amd64.img.bz2 and OPNsense-17.1.4-OpenSSL-serial-amd64.img.bz2.
-I have another APU2 board working, but can't remember which opnsense version I used back then. That board gives same errors with those 3 usb sticks.
-Used DD and win32imager to write the image to usb sticks
Trying to mount root from ufs:/dev/ufs/OPNsense_Install [ro,noatime]...
mountroot: waiting for device /dev/ufs/OPNsense_Install ...
Mounting from ufs:/dev/ufs/OPNsense_Install failed with error 19.
Loader variables:
vfs.root.mountfrom=ufs:/dev/ufs/OPNsense_Install
vfs.root.mountfrom.options=ro,noatime
Manual root filesystem specification:
<fstype>:<device> [options]
Mount <device> using filesystem <fstype>
and with the specified (optional) option list.
eg. ufs:/dev/da0s1a
zfs:tank
cd9660:/dev/acd0 ro
(which is equivalent to: mount -t cd9660 -o ro /dev/acd0 /)
? List valid disk boot devices
. Yield 1 second (for background tasks)
<empty line> Abort manual input
mountroot>
Pages: [1]