Messages

1

Zenarmor (Sensei) / Re: Zenarmor Devices - Hostname Change

« on: July 29, 2024, 04:07:49 pm »

Update:

The hostname of the device has now changed in Zenarmor devices. I'm not sure what caused the change. I applied the latest hotfix for opnsense (24.7_9) and I also rebooted the firewall post update (I know that's not required, but i always like to reboot ASAP after an upgrade).

I don't know if it was the update (unlikely based on release notes), the firewall reboot, or if Zenarmor refreshes hostnames for devices periodically.

2

Zenarmor (Sensei) / Re: Zenarmor Devices - Hostname Change

« on: July 29, 2024, 01:25:34 pm »

Hi

No, i mean the actual hostname that is shown under the device properties in Zenarmor. I have updated the name in Zenarmor to the correct new name, but the hostname is still showing as the old name.

I have attached a screenshot (some info redacted) that shows the Zenarmor device name and hostname mismatch.

3

Zenarmor (Sensei) / Zenarmor Devices - Hostname Change

« on: July 29, 2024, 01:09:52 pm »

I am a Zenarmor home subscriber and have a small issue with the 'Devices' feature.

I have changed the hostname of one of my devices but the hostname for the device is not updating in the devices list. I have removed the device, generated some traffic on the device to force it to appear again as a new device, marked it as a trusted device, but it is still showing the old hostname.

How do I update the hostname of the device in the Zenarmor device list or is there a method to force Zenarmor to re-query (reverse DNS lookup I assume) my DNS servers (unbound on Opnsense) to get the updated hostname?

Zenarmor is configured to use unbound DNS on Opnsense itself for DNS enrichment.

Performing a reverse DNS lookup of the IP address of the device that has had its hostname returns the correct hostname.

4

Zenarmor (Sensei) / Re: Remote Elasticsearch

« on: July 09, 2024, 06:53:29 pm »

Thank you.

5

Zenarmor (Sensei) / Remote Elasticsearch

« on: July 08, 2024, 07:00:50 pm »

I originally installed Zenarmour using SQLite but I wanted more than 2 days data retention. Although my firewall is powerful enough to install elasticsearch (quad core, 8gb RAM), I preferred to keep Elasticsearch separate from my firewall, so I purchased a mini server to act as my Elasticsearch server (I will use it for other data logging as well now that I have it).

The install of Zenarmour went well and everything is working well as far as I can see but when I check the database in settings I get the following warning:

‘We do not advise to set a data retention interval longer than 2 days for elasticsearchRemote backend’

It is currently set to 7 days.

Question; Why would using a much more powerful external Elasticsearch server for Zenarmor give a recommendation to only retain 2 days of logs while using Elasticsearch installed on the vastly less powerful firewall it is happy with a 7 day retention period?