Messages

1

Hardware and Performance / Re: mellanox connectx-3 lan ips issues...

« on: June 09, 2020, 10:54:34 pm »

Do you have any 10g cards that you are currently using and can verify work with IPS?  I'm going to first try a fresh install just in case there is something wonky causing the issue; but if that doesn't fix it, I'll be in the market for another brand I guess :/

2

Hardware and Performance / Re: mellanox connectx-3 lan ips issues...

« on: June 09, 2020, 03:40:48 pm »

Yup, promisc mode is on and only selecting the main LAN interface. 

Does it work for you?  I can still hit the opnsense ip from the lan network, but no cross vlan work...

3

Hardware and Performance / mellanox connectx-3 lan ips issues...

« on: June 08, 2020, 05:35:29 pm »

Hey all,

Added in a mellanox connectx-3 into the mix and followed mimugmail's excellent guide for updating the firmware off the get go.  I'm running into a bit of a strange issue however; I've realized that if I have IPS turned on the LAN interface (promiscuous mode on) I lose ability to access anything across vlan's or out on the net.  I can access the LAN interface of opnsense, but that's it...

The method I went through to install / move vlans and Lan interface over:
Installed card
Added mlx4en_load="YES" to the /boot/loader.conf.local
Upgraded firmware
Went into interfaces / other types / vlans and changed the all of the vlan's over to interface mlxen0
Went to interfaces / assignments and changed LAN over to mlxen0
inserted cable, interface up.

Things I've tried for the hell of it; turned off promiscuous mode and that killed all connections; so I know that's not a fix . 

Does anyone use these cards with IPS turned on and have vlans?  I feel like i'm missing something simple here or that my method for moving the interfaces over wasn't right.   IPS was working fine when I was over on the copper gigabit Intel 350 NIC.

For the time being i've turned off IPS Mode but would like to have it back on for my LAN as I find it incredibly useful.

Thanks in advance for any guidance you can offer. 

EDIT: MODS: just realized I might should have put this in the IPS forum, please feel free to move it if so

4

Hardware and Performance / Re: Question on expected performance of setup

« on: May 19, 2020, 11:06:43 pm »

Added a test case 4 after talking another member on a PM:

test case 4) Netflow monitoring all interfaces, suricata monitoring LAN only and geoip on.  With this setup for some reason I get almost equal performance to without suricata... pushing 930-940/870-880

Not really sure why test case 4 is better than test case 3... Also not sure if monitoring only the LAN is doing as much protection. 

5

Hardware and Performance / Question on expected performance of setup

« on: May 19, 2020, 05:32:02 pm »

Hey all,

Been using opnsense for a few months now and am absolutely in love.  With that said, I am trying to best tune my environment for performance and seem to be hitting some issues. 

Setup:  (this is an older box I am repurposing)
CPU: i7-3770
Memory: 32gb
Nic: Intel i350-t4
opnsense: 20.1.6
VLANs: 4

I have made all changes listed in the sticky thread regarding intel nic tuning

Test Case 1) Without things like netflow (insights), suricata, and GeoIP I can saturate my Verizon fios 940/880. 
Test Case 2) Netflow / Suricata (19,000 rules set to drop, monitoring WAN and LAN interfaces) / GeoIP  my speeds are dropping down to 400/400.
Test Case 3) Netflow / Suricata GeoIP running but Suricata ONLY monitoring WAN, I can manage to get it back up to 800/800.

During the testing, I can see suricata is definitely using up all 8 threads on the cpu (750-780% CPU usage) via top in test case 2.  This drops down to 300-400% CPU usage in test case 3.

Is this CPU / older box simply too old to run at line rate?  I don't mind investing in a newer gen; I just want to make sure that a newer gen xeon type setup will run at the full line rate with everything turned on (monitoring WAN and LAN).

Thanks!

6

General Discussion / Re: Best log viewer?

« on: April 19, 2020, 09:17:16 pm »

@fabian,

Curious, do you use your elk stack for anything else or is it just devoted to opnsense output? 

7

General Discussion / Re: Best log viewer?

« on: April 19, 2020, 03:02:24 am »

That one? https://rubygems.org/gems/logstash-filter-opnsensefilter

install:

Code: [Select]

logstash-plugin install logstash-filter-opnsensefilter


Hate brining up an older thread; but don't see the need in making a new one since the topic is the same.

Hoping you can help get this running.. I've got your plugin installed, i'm running 7.6 version of the elk stack.  I've edited my conf file that I was already collecting syslog's on port 5514 to include the main body of your conf file. 

For some reason when i'm looking in kibana it's still showing the crappy layout of unparsed info instead of using what you've built. 

Does your stuff work with the latest elk stack versions?  And anything else i'm missing?