Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - nas7

Pages1
#1
18.1 Legacy Series / [Bug Report] ***** Small typo in ClamAV service page
February 08, 2018, 01:03:44 AM

In the ClamAV service configuration screen the word executable appears as "executeable" in two of the options:

"Scan portable executeable"
"Scan executeable and linking format"

The help files seem to be right.

Just a small error, low priority but very easy to fix...
#2
18.1 Legacy Series / Re: Aliases dosen't work(?)
January 16, 2018, 11:19:24 PM
Hi.

By the way, I had this bug in 18.1.r1 but now it seems to be working.  I had to create the /var/db/aliastable directory manually and perform the alias refresh after each reboot.  Now with 18.1.r2 it seems to be working with my current configuration.  I will test it a bit more and let you know if the issue appears again.
#3
18.1 Legacy Series / Re: [18.1.r2] ***** is Insight working?
January 16, 2018, 04:19:52 PM
No I didn't.  Rebooted and now I confirm it working.  Fixed.  Thank you.
#4
18.1 Legacy Series / Re: [18.1.r2] ***** is Insight working?
January 16, 2018, 03:34:38 PM
Hello.

I installed the flowd 0.9.1_3 but this didn't fix the error.  The previous version of flowd seemed to work too.  I checked with flowd-reader /var/log/flowd.log and I can confirm data is being captured, but the Insight views don't seem to get the data from the captures.

Just to let you know that the problem persists.
#5
18.1 Legacy Series / [18.1.r2] ***** is Insight working?
January 16, 2018, 12:09:50 AM

Hi.

I have been unable to see any report in the Insight since 18.1.  Netflow is enabled (interfaces: WAN,LAN, egress:WAN, capture local, v9, dest: 127.0.0.1:2056), Netflow data and RRD data has been reset and firewall rebooted.  Data is being captured (/var/log/flowd.log is being updated) but no graphics nor detail appear when entering in Reporting->Insight.  flowd.conf is:

Code Select

logfile "/var/log/flowd.log"
listen on 127.0.0.1:2056
flow source 0.0.0.0/0
store ALL


I am just in OPNsense 18.1.r2-amd64 (FreeBSD 11.1-RELEASE-p6, OpenSSL 1.0.2n 7 Dec 2017) upgraded from 18.1.r1 (no patches).

Any hints how to debug this?
#6
Intrusion Detection and Prevention / [opnsense 18.1.r1 & suricata 4.0.3] issues with listAlertLogs.py
January 13, 2018, 03:18:05 AM
Just found similar error with listAlertLogs.py.  Patched code as:

Code Select
import datetime
from lib import suricata_alert_log
#from lib.log import reverse_log_reader

import sys
sys.path.insert(0, "/usr/local/opnsense/site-python")
from log_helper import reverse_log_reader

Seems to work now also.
#7
Intrusion Detection and Prevention / [opnsense 18.1.r1 & suricata 4.0.3] issues with queryInstalledRules.py
January 13, 2018, 02:58:48 AM
Hi.  I couldn't find this issue in the forums so I am reporting here with a possible fix.  I am testing opnsense 18.1.r1 which have suricata 4.0.3.  When using the GUI to check the rules the system reports:

Code Select
configd.py: [53df30fd-d29a-4b39-98f9-3dd8c2171b76] Script action failed with Command '/usr/local/opnsense/scripts/suricata/queryInstalledRules.py /limit '10' /offset '0' /filter '' /sort_by 'sid'' returned non-zero exit status 1

While debugging the issue I found that the queryInstalledRules.py imports update_params from lib.params which doesn't exist.  I patched the code to:

Code Select
import ujson
from lib.rulecache import RuleCache
#from lib.params import update_params

import sys
sys.path.insert(0, "/usr/local/opnsense/site-python")
from params import update_params

which seems to work.

I couldn't find a bug reporter for the 18.1 series so I am posting here the fix so far.

Regards,

nas7
Pages1