Messages

Update:

After removing all indices and data views relted to ZA from ES, managed at the third install to have the environment up and running.
Still having some issues with the reporting ("ZA detected 8 and blocked 0 potentially harmful activities" ??? ) but the ES part seems to be resolved.

For me the patch has not corrected the fact that with an external elasticsearch database, I am still unable to see any traffic reports.

Status:
- in the settings/configuration page
    - reporting database  - elasticsearch (remote) - cannot be changed either when the engine is running or stopped
     - the field "remote url" does not contain the port information, adding it it says "saved" nd after a page reload it is gone

- in the settings data management page
     - stream reporting data to elasticsearch - I have configured the url and enabled it.

- in the dashboard page
     - regardless of the setting of the stream reporting data to elasticsearch - the setting Reporting database shows "elasticsearch". If I click on start, it shows someting starting and there is an elasticsearch locally running on the firewall.

Next step - removing the module completely and installing again.

UPDATE - reinstalled ZenArmor, still same issue, it seems that it tries a local elasticsearch instance for reports and such even if it is configured with an external one

I will try and open a ticket with Zenarmor as well.

After updating to 1.14, there is no report available/no data available in the dashboard or in the reporting, live sessions, activity explorer, etc.
Reboots performed.
Accessing the firewall via the ip address, with FQDN all fields are "network error".

Running licensed Home version, OPNSense 23.7

So,update from me (Licensed Home version)
I can "access" the Zenarmor menus when accessing the FW with the IP address, but:
- all buttons are greyed out (clicking on them issues a message - "setting updated" but the  position of the switches is still "off") - quite disconcerting considering the privacy settings also cannot be actually viewed from the GUI either
- I run the reporting on an external Elasticsearch DB - cannot see any reports, the system says "network error".

UPDATE:
- in Safari the buttons are visible, in Firefox, even clearing cache / private window - no luck.

Same here, adding here for tracking.

Installer finished, rebooted twice, "Network error" everywhere in the new menus.

Serban

Observing the same problem

New version 1.10 apparently solves the issue of the file descriptors exhaustion.

thanks koushun for the dashboards, really interesting stuff !!

Thanks a lot !
Serban

A short update here:

Received a patch from Sensei about 3-5 days after the ticket was created on the system (thanks!). I have not applied it due to an OpSec issue - I was given an executable with extension .py to replace a python script (which is - in a way - a big no-no)

Was told that the changes will be reflected in the 1.10 version, that is supposed to move (partly) to a new language, hence the executable.

Decided to wait for the official release. Will update then again if the issue is solved.

Hi everybody!

I have the following issue with Sensei 1.9.3 on an external elastic search database. The number of opened sockets from OPNsense to ES is increasing around 1 TCP socket per second, and the sockets do not seem to be closing on either side (they show connected on both OPNSense and ES) at the same rate as they are being created. This leads to open file descriptors exhaustion on ES side, after a period of time.

I opened a ticket with SunnyValley as well, but wondering if there is some mitigation on the ES side. I tried setting a lower TCP keepalive interval, but this is usually good for connections passing through a firewall in order to avoid state table timeouts, but I do not think it is the case here.

thanks a lot,
Serban

Hi !

For reference here, an updated script was provided by SunnyValley, it seems to be doing its job. Matter closed, at least for the time being.

Thanks to the community !
Serban

Hi to the community !!

Started playing with Sensei, deployed 1.9.3 on 21.7 version with an external ES database. Installation runs just fine, indices are created and populated, etc....I am running this in passive mode.
Reports and the dahsboard looks fine, although not entirely populated. Device count is at 0, which is strange as it records connections and does reporting on types of traffic.
More problematic is that the status page is not loading, and on the configuration/uninstall the three options are all grayed out.

An install on the same FW with local ES or local Mongo runs just fine.

Anyone encountered this and has a solution? I also opened a ticket with SunnyValley.

Thanks a lot !!
Serban