Messages

[really]

@Franco,

[Sorry I took so long: I have been extremely busy]

Thanks for the reply, and I do understand. My 0xbeef was with the original answer. You see, I used to teach Computer Science at undergrad and post-grad level, which might skew my expectations of a forum as opposed to, say, a manual or FAQ.

A near-permanent sign on my office door said "RTFM" — when students came with a question I first checked whether they tried to answer it for themselves. If not, I said RTFM and showed them (it on) the door.

In the light of that, look at how my question was framed and my follow-up written.

I really appreciate what you all have accomplished here and over time as I (expect to) use OPNsense I will contribute as best I can, given my resources (time probably being the least of them). When I do, it shall be as complete as I am able within my constraints.

Thanks again! (Now to take my OPNsense installation from virtual to physical  ;D)

@Franco:

Exactly! Reading the tutorial style non-tl;dr text shows that that is pretty much what I did (though I did not know about pkg rquery, which is incredibly useful; thanks!).

My point is that the original answer assumes I already have the requisite knowledge to solve the problem. If that were the case, I would not have asked. Since I asked, I did not have it.

That leaves me wondering about the answer: was it true and useful (to the person asking), or only true?

I see your man pkg-rquery and raise you a pointer to an article at  (Shock! Horror!) Microsoft: https://devblogs.microsoft.com/scripting/how-to-answer-a-technical-question-a-guide-for-presenters/

;)

[tl;dr]

tl;dr

Code Select Expand

pkg info | grep ntop  # FYI: this was way faster than pkg search ntop
pkg query %M ntopng

Thanks for the reply, but...

To be blunt: being told to trawl through github is a serious waste of time, especially since you can get the information directly from the command line.

Point 1 really needs to be addressed, but this is all about point 2.

Meta level thought: I expect that for most people who use OPNsense this is their only and first BSD installation. Thus they won't know how BSD does things. This is my first BSD installation for a very, very long time so I had to learn a lot to get to the answer.

So, if you want to learn from how I went about discovering this (a useful skill), read on!

---

Since mimugmail's first point used pkg, I went to the command line and ran man pkg. A few lines down I noticed that it accesses /var/db/pkg/local.sqlite, so there must be a local record of installed packages! It seems BSD now also has package management these days — I started with UNIX when tar files via ftp was the way to install things you didn't write yourself once you got the network stack working after compiling the driver for your shiny new NIC (you got the source via sneakernet).

From here on it was a case of reading the man page. From experience (and logic), searching for a command like list or an option like -l (or the new-fangled --list) would be a good idea. Bingo! pkg -l returns with a list of all the available command names. Further reading made me decide to try this:

Code Select Expand

pkg info | grep ntop   # FYI: this was way faster than pkg search ntop

This returned

Code Select Expand

ntopng-4.0.d20200326,1         Network monitoring tool with command line and web interfaces
os-ntopng-1.2                  Traffic Analysis and Flow Collection

which shows us that the OPNsense PLUGIN called os-ntopng is at version 1.2 and installed the actual ntopng PACKAGE, version 4.0.d20200326,1.

I discovered that running pkg -f pkg-name does NOT "display full information about the packages matching pkg-name", as shown by the difference between the output of these commands:

Code Select Expand

pkg info -f ntopng
pkg info -D ntopng

-f is is supposed to be full info and -D should show just the pkg-message, yet in this instance each returns very different text for the Description field.

After further reading and wrangling, here is the low-down. First get the name of the package to query:

Code Select Expand

pkg info | grep ntop

and then run each of the following on each of the returned packages. Here I use ntopng.

Code Select Expand

pkg query %e ntopng
pkg query %M ntopng

If you're into minimalism, go with pkg query %c ntopng, but since the idea here was to get the stuff I missed during the install, %M was the most useful.

Et voilà!

[System ‣ Firmware ‣ Plugins]

Thanks for the reply, but the reality is (and reality always wins) that I have not written compiled code this millennium, and do not use Git.

Nevertheless, I had a look to see how much work it would be, but I am afraid there is zero chance that I am going to follow pages and pages of instructions to create a local copy of an entire source tree merely to change a few sentences in documentation.

So, here are the changes if someone who has done all of this would like to improve the documentation.

These changes are to Docs > Community Plugins > Reporting > ntopng

[The entire Installation section should be replaced by the following]

Redis is a prerequisite for ntopng, so if you have not installed it, first do so via System ‣ Firmware ‣ Plugins, where you would install plugin os-redis. Once installed, change to Services ‣ Redis and in the General Settings tab enable the service. Ensure that Listen Interfaces is set to "Nothing selected" and that Enable Protected Mode is ticked. This causes Redis to be bound to localhost.

NOTE: ntopng breaks when Redis has a password. You need to protect Redis by binding it to localhost as explained above. In the Restrictions tab make sure that Server Password is blank. [Why is this? See (from 2016) https://github.com/ntop/ntopng/issues/685, or does it not apply?]

Now install the os-ntopng plugin from System ‣ Firmware ‣ Plugins. Once done, follow on below.

[Problem summary:]

Hi All,

Problem summary:

1. Laborious method of installing multiple plugins.
2. Cannot find post-install messages once Updates tab window is closed.

I can't change point 1 myself and while I would probably be able to figure out (2) after more time, the answer might help others in the same boat. So, in the interest of the community of similarly-confused people, I am asking for a friend ;-)

Details:

1. Is there a way one could install plugins only after selecting all the plugins to install? It's not something one does often, but it would really speed up initial installation if you don't have to install one plugin, wait for the installion to complete, do a page reload, scroll down to where you (think you) were, install the next one, repeat...

2. In my blank state of mind engendered from installing a lot of plugins I noticed that one of those with a short install report had above the reams of output in the Updates tab window some post-installion instructions. Mmmm... I probably missed some of those, and I expect them to be rather important. The thing is, where are they now?

I looked in all the logs that seemed to make sense and even ran /usr/libexec/locate.updatedb so that I could search the entire file system without needing to make coffee while find does its thing. Nada. All I can think of now is to look inside the plugin installation files, but I have no idea (a) where they are; (b) how to look inside them; (c) if they still exist.

Does anyone know?

[Problem:]

Hi All,

I am busy configuring OPNsense (20.1.4) in a VirtualBox before I let it loose in production. I am taking copious notes and am considering posting them as a HOWTO once done. So far I am seriously impressed! Thank you for the incredible work.

That said, I'd rather post this bit now, given how much of my time this has wasted.

Problem: ntopng doesn't start.

Solution:

1. Install and enable os-redis plugin
2. Do NOT define a password under Services > Redis > Restrictions > Server Password


Requests:

1. In Docs > Community Plugins > ntopng:

Change the Installation section to highlight the os-redis prerequisite before explaining how to go about installing ntopng. As it is now you are pretty much saying "Install ntopng. Notice that it doesn't work. That's because you should first have installed Redis."

2.1. Until the os-ntopng source has been updated, remove the os-redis plugin option to enter a Server Password, especially since its help text says "Choose a secure value. It is recommended that you generate this password." What is interesting to me is that I discovered this statement (from 2016!) that says it has been fixed: https://github.com/ntop/ntopng/issues/685.

2.2. Assuming the above, append "NB: If you are going to make changes to the Redis configuration by hand, do not enable a password, as that will break ntopng. Rather protect it by binding it to localhost." That would be for those of us who want it set up more securely and tend to mess around with (up!) config files.

Again, thanks for what thus far seems a truly splendid system!