Messages

Hi,

OPNsense remove after cron service restart if you add a manuel entry to cron file. To make it permanent in GUI please do the followings

1- create a file in "/usr/local/opnsense/service/conf/actions.d/actions_reportingdb.conf"

2- File content should be
[start]
command:service elasticsearch restart
parameters:
type:script
message:Zenarmor Reporting DB is restarting
description:Zenarmor Reporting DB Restart

3- Navigate System - Settings - Cron

4- Add a new cron, set the time and date settings and select "Zenarmor Reporting DB Restart" in Command field and save the cron.

Just what the doctor ordered!  Many thanks - will try this shortly!

Hi,

Use the following command to restart Elasticsearch: service elasticsearch restart.

Thanks - can I schedule that with cron to happen right after the backup?  If yes - any hints on how?  I'm not the strongest using cron . . .

Hi,

Which database are you using? Could you please share its version?

Elasticsearch 8.11.3

I have been successfully running my OPNSense box under Proxmox as a VM - all works well with Zenarmor - but once a week I perform a PBS backup of the VM (using snapshot mode) - and every time the Zenarmor reporting database seems to stop after the backup and needs to be manually restarted ??  Naturally I can schedule a fresh reboot of the VM after the backup, but that seems harsh . . . not sure if there's a way to simply restart Zenarmor or just the reporting database using cron or something ?? 

Any tips welcome!

It's a miracle!! Patch worked . . . Thanks for the quick response! ;-)

Not sure these are related - just trying to understand the console output showing netmap_transit messages (see first screenshot) and the lack of data in netflow cache (see screenshot #2) showing ksocket_netflow_vtnetX for various node devices - yet showing no pkts or data ?!?

I've searched around but not found any decent references - any hints welcome!

root@FoxOPN:/home/rfox # ngctl list
There are 16 total nodes:
  Name: vtnet0          Type: ether           ID: 00000002   Num hooks: 2
  Name: vtnet1          Type: ether           ID: 00000003   Num hooks: 2
  Name: vtnet2          Type: ether           ID: 00000004   Num hooks: 2
  Name: vtnet3          Type: ether           ID: 00000005   Num hooks: 2
  Name: vtnet4          Type: ether           ID: 00000006   Num hooks: 2
  Name: netflow_vtnet3  Type: netflow         ID: 00000009   Num hooks: 3
  Name: ksocket_netflow_vtnet3 Type: ksocket         ID: 0000000f   Num hooks: 1
  Name: netflow_vtnet2  Type: netflow         ID: 00000014   Num hooks: 3
  Name: ngctl25640      Type: socket          ID: 00000058   Num hooks: 0
  Name: ksocket_netflow_vtnet2 Type: ksocket         ID: 0000001a   Num hooks: 1
  Name: netflow_vtnet0  Type: netflow         ID: 0000001f   Num hooks: 3
  Name: ksocket_netflow_vtnet0 Type: ksocket         ID: 00000025   Num hooks: 1
  Name: netflow_vtnet4  Type: netflow         ID: 0000002a   Num hooks: 3
  Name: ksocket_netflow_vtnet4 Type: ksocket         ID: 00000030   Num hooks: 1
  Name: netflow_vtnet1  Type: netflow         ID: 00000035   Num hooks: 3
  Name: ksocket_netflow_vtnet1 Type: ksocket         ID: 0000003b   Num hooks: 1

(my assumption, at least) ... factory defaults would throw away any configuration you had done using the OPNsense UI, but would not "fix" other changes that had been changed to the system, including any tweaks made using a shell, or (I think) potentially anything that had been put in place by plugin installations (especially from third party repos). If you want a truly "clean slate", a fresh install would be the only way I would completely trust...

That's very helpful!  I've updated the system to 25.1 over time originally from 22.x - so not sure if there is some leftover cruft - a fresh install would be the cleanest indeed.  I just wasn't sure what the reset factory defaults did in comparison to a clean install.  Thx.

[without a restored config]

Thanks for the quick response - Not sure it's clear . . .  If "I Reset to factory defaults" - is that equivalent to performing a fresh install plus restored config?

No. A reset to factory default erases all your configuration so it is the equivalent to a fresh install without a restored config.

Gotcha!  I was thinking to re-install regarding a dashboard traffic problem - but maybe a "reset" and restore config will be enough . . . will try!  Thx.

Just wondering - is there a big difference between a fresh install with recover from previous config backup - versus using option 4 in the console which says "Reset to factory defaults"?

Reset to factory defaults leaves the firewall with factory defaults.
Install with your saved configuration leaves the firewall with your saved configuration.

Depending on how much your saved configuration differs from the factory defaults ... that defines how big the difference is.

Thanks for the quick response - Not sure it's clear . . .  If "I Reset to factory defaults" - is that equivalent to performing a fresh install plus restored config?

Logically, I would assume a reset to defaults sets everything back to default (including the FW rules, plugins, reporting, etc.) and requires a reload of a backup config file for rulesets, etc. 

A fresh install would wipe the disk clean (so can change file system for example to ZFS)

Just want to make sure I got that right ??

Just wondering - is there a big difference between a fresh install with recover from previous config backup - versus using option 4 in the console which says "Reset to factory defaults" ??

Thanks in advance -

Thanks!  Is there any other way to reset the reporting outside of resetting the reporting database?  Like resetting the dashboard back to defaults, but doing that with the traffic reporting ??

Any other suggestions before I try a complete fresh 25.1 install ??

re-create the database maybe? Reporting > Settings

Already tried that . . . :-(

After update from 24.7.12_4 to 25.1 - I noticed that every time I hit the widget edit/expand button on the dashboard (top right corner) of a widget - I get a new tab in my browser ?? Tested with Chrome & Firefox - is this new?  I don't recall this behavior in 24.7 ?

I disabled Zenarmor - but didn't seem to help.  I did discover that when I change the interfaces in the Reporting > Traffic Graph page - the dashboard doesn't change (stays with only LAN,WAN) - So VLANs not being shown on dashboard ?!? See attached . . .