Messages

1

Zenarmor (Sensei) / Re: ZenArmor 1.17 memory consumption

« on: June 25, 2024, 03:38:30 pm »

Right now I'm using Elastisearch, I have tried MongoDB thinking that maybe it would be better. I could switch back and try again but my question is...how would I disable Java then?

2

Zenarmor (Sensei) / Re: ZenArmor 1.17 memory consumption

« on: June 25, 2024, 03:33:28 pm »

I've tried MongoDB with the same results.

3

Zenarmor (Sensei) / Re: ZenArmor 1.17 memory consumption

« on: June 25, 2024, 03:27:36 pm »

Here we go, as expected memory utilization is climbing this morning and it looks like Java based with elasticearch and eastpect are the to two which I believe are related to ZenArmor

4

Zenarmor (Sensei) / Re: ZenArmor 1.17 memory consumption

« on: June 24, 2024, 09:21:43 pm »

I just restarted the Zen engine so it will be a few hours, but as I recall the top processes are usually the database (elastisearch) and eastpect. I'll copy the output of top into here the next time it really starts to get hungry (probably this time tomorrow).

I also restarted the database engine and it cleared the swap out too...seems like something isn't releasing memory properly.

5

Zenarmor (Sensei) / Re: ZenArmor 1.17 memory consumption

« on: June 24, 2024, 09:08:00 pm »

I am honestly at a loss. I really want to like Zenarmor and what it brings to the table but frankly this memory consumption issue has me about ready to uninstall it for a while.

I'm using the Elastisearch Data base (whatever the version 5 one is, but have also tried version . I have tried the mongoDB option. No matter what after about 2-3 days I am pretty much out of RAM and SWAP space.

I'm willing to help contribute logs, etc to whatever/whomever in order to fix this because it really is a good product, one I have considered opening my wallet for, but I just can't until this gets resolved.

Any other ideas of what I could try? Every time I change something, restart the Zen Engine, or reboot, my IPv6 prefix changes which means that DNS overrides need to be updated, firewall rules need to be updated, and my external DNS needs to be updated (yes I know I could probably automate some of this, but I haven't had time because I'm always fighting Zenarmor).

Thanks in advance,
~T

6

Zenarmor (Sensei) / Re: ZenArmor 1.17 memory consumption

« on: June 20, 2024, 09:54:47 pm »

Sweet...forgive my ignorance...how do I do that?

I just dropped into terminal and tried nmap and got command not found so I'm guessing I'm not using nmap.

7

Zenarmor (Sensei) / Re: ZenArmor 1.17 memory consumption

« on: June 20, 2024, 07:38:22 pm »

How did you end up dealing with this? I'm seeing the same behavior and I'm sure that I'm encountering the same problem.

8

22.7 Legacy Series / Re: Throughput with IDS/IPS Enabled

« on: November 12, 2022, 12:13:56 am »

The short answer is yes....

But in the end it depends on the hardware at hand.

Can you elaborate? It has 10 cores of a dual e5-2450v2 setup which turbos to 2.5 ghz. Is surricata single threaded? If so that would explain why throwing more cores at it doesn't seem to be really helping.

9

22.7 Legacy Series / Re: Throughput with IDS/IPS Enabled

« on: November 12, 2022, 12:12:21 am »

Did you disable all hardware offloading as the help on the IPS line warns you to do before enabling?

Yes I did

10

22.7 Legacy Series / Throughput with IDS/IPS Enabled

« on: November 11, 2022, 11:39:05 pm »

Good Day Everyone,

I have been trying to wrap my head around the Intrusion Detection system. I have attached screenshots of the configuration that I have instead of trying to explain it all. The long and the short of it is that when I have Intrusion Detection/Intrusion Prevention enabled I see the throughput of my WAN drop from 550ish to 480 or so.

I have attached screenshots of everything I can think of. Is the IDS system just that much of a power hog? If so perhaps the system requirements page needs an update to reflect this because from my understanding I should be running a lot better than I am. I do know I'm a little light on RAM that is being addressed tomorrow when my order shows up (I hope). For the observant among you this is a virtualized install with a passed through Intel dual gigabit nic.

Thanks in advance,

~T

11

22.7 Legacy Series / Re: Proxmox Internal Error after upgrade from 22.7.6

« on: October 16, 2022, 04:35:04 pm »

Good call, don't know why I didn't think of that. Only instead of making a new VM I just did a fresh install like you would if it was bare metal because I can always still restore from backup.

Not only was I able to successfully upgrade to 22.7.6, my RAM utilization fell off the face of the earth. I was at 94% utilization of 8GB, now I'm at 7%. Seems to me like I ended up with a corrupted install somewhere down the line.

Now to see if maybe my IDS/IPS issues are resolved through the fresh install as well.

Thanks

~T

12

22.7 Legacy Series / Proxmox Internal Error after upgrade from 22.7.6

« on: October 16, 2022, 04:02:08 am »

Good Evening Everyone,

I am running Opnsense inside a Proxmox VM with a dual port Intel NIC passed through to the VM. I tried to install the update from 22.7.4 to 22.7.6 several times now and each time I do the update appears to complete and in the course of rebooting the whole thing stops responding and I see a yellow triangle next to the VM name which when I hover over it gives me a little textbox that says "Internal Error". I cannot boot the VM without restoring a backup I took prior to the upgrade which effectively rolls me back to 22.7.4

I'm having another issue involving IDS but I'll save that for another thread once I get this upgrade working. I would prefer not to build a new VM and install a fresh copy of Opnsense. I could if I have to but I'm hoping I don't.

Anyway thank you for your thoughts!

~Travis

13

19.1 Legacy Series / Re: Insight problems

« on: April 19, 2019, 03:36:47 pm »

Ok so a little update.

It does seem that insight is working ("Kinda") but with quite a delay in terms of reporting the traffic on VLAN's other than my "Main" VLAN which is not making a whole lot of sense to me.

14

19.1 Legacy Series / Insight problems

« on: April 17, 2019, 03:20:58 pm »

Good Morning Everyone,

I am a recent convert from that other "sense" firewall to OpnSense. Loving OpnSense so far!

I am having one problem that is not making sense to me. Specifically with Insight. Earlier in the day yesterday Insight was reading all my traffic, making fantastic graphs that I found very "insight"-ful (see what I did there?) with regards to how traffic was moving from the web through my network (Multiple VLANS, etc). All was good in the land. However about 6:40 or so last night that all stopped working. I had been adding rules to my firewall about that time to allow access to various servers in the network at the time it stopped working fo I'm wondering if I messed something up there.

Steps I have taken to remedy the issue:

• Remove Firewall rules
• Reset Router configuration to prior know working configurations

[ii]Reset data, repaired database, etc. (All of these steps has "Minimal success" in that I am now able to get "a little traffic" to show up on the graphs but only for one VLAN and graph's are not accurate.[/ii]
[/list]

I am sure there are other steps that I took as well but they all revolved around trying to figure out what I broke and undo it so it involved adding and removing firewall rules, NAT rules, etc.

I am sure you'll need to see logs and I will provide them once I know what logs you need and how to access them as I am still learning this product.

Thanks in advance.

~Travis