Messages

I've not used ntop in a few years since they went more commercial, but moving from my old fortigate to opnsense I am, and find ntop is a bit of a bastard in leaking memory over time.  I gave the box 8gb (I run it inside proxmox), but even though top said it wasn't using memory, observed with snmp it started hitting swap (via librenms polling).  I upped it to 16gb, and while it climbed for the first day or two, plateau'd out in terms of use, but top/htop still report nowhere near the levels of memory use snmp did (and swap when it gets/got there).  Weird, but not terrible.

That said usual troubleshooting applies with getting opnsense and all these plugins working.  Use netstat -4an, make sure the port(s, if ssl) are running, and services are working.  Try restarting ntop via the gui, and if not, check any system logs what is failing.  If you need to, "service ntopng restart" and check logs at "/var/db/ntopng/ntopng.log" (maybe others...), but most of my problems have been related to it just chewing up resources over time to kick it occasionally.  I might just reboot the darn thing via cron once a week to keep it sane, but at least 16gb memory helps.

Using ntop for some ~20 years, it's never without challenges, but often worth it, and a great pairing with opnsense since not needing to buy a netflow or dpdk license for more home use.  ;)

Sadly until recently my freebsd experience is ~2 decades old, being a linux mule for the past eras, but not dealt with ntopng just not working period on opnsense, just it being a memory hog over time.

[missing filling in the allow-query]

Hi, new user to opnsense, but everything has been great, but found an odd bug today in the bind package I have to work around for now.  I did just install after upgrade to 23.1.6 today, and os-bind package 1.26_3.

I setup bind with ACL's in use for query/recursion/transfer with my new setup replicating what I have from my prior setup, and bind would not start.  I had to reverse engineer a bit how opnsense starts it to try manually, and found it was missing a configuration bit, so the startup was failing to start.

Code Select Expand

# /usr/local/etc/rc.d/named start
/usr/local/etc/namedb/named.conf:26: expected IP match list element near ';'
/usr/local/etc/rc.d/named: ERROR: named-checkconf for /usr/local/etc/namedb/named.conf failed

Sure enough, it was missing filling in the allow-query, or rather filling it in badly!

Code Select Expand

options {

        directory       "/usr/local/etc/namedb/working";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

        listen-on port 53530 { 127.0.0.1; };
        listen-on-v6 port 53530 { ::; };
        forwarders    { 127.0.0.1; };

        recursion          yes;
        allow-recursion {
                Trust_Local;
        };

        allow-transfer {
                HomeServices1;
        };

        allow-query {
                ;  # <<<<<<<<  wtf
        };

        max-cache-size    80%;
        dnssec-validation    no;
};

It leaves allow-query just the semicolon there with no acl and breaks it (it DOES have a value in the gui).  Manually adding the proper acl lets it start then from the gui or manually, but every change resets and breaks it again.  Good enough for now, but annoying when I'm still adding host entries and updating this right now to manually fix the config each time.

Please fix?  Otherwise this is working awesome and appreciate all this work! I was a bit annoyed I didn't have domain options directly in unbound under opnsense, but this works out well enough linking bind behind unbound too, assuming it starts correctly.