Messages

This sounds like one of the symptoms of the issue I experienced on upgrading to 25, where the box was chewing through all of its memory within 30 seconds or so of booting. More info here.

I'm not sure that's completely right. I tried disabling DHCPv6 on WAN before reinstalling, and it didn't solve the RAM utlisation issue.

I think there are at least two issues at play here. One is the Zen issue, which is resolved by disabling DHCPv6 on WAN. But I think there is also another issue causing the box to chew through all of its RAM within 30 seconds or so of boot in some circumstances.

Small update on this. I ended up reinstalling from scratch and restoring my config. That dealt with the immediate memory leak, but I still saw usage steadily increasing over time until - as sunbeam60 mentioned - I disabled IPv6 on my WAN interface (I am also with Zen in the UK). Memory usage is now holding and stable.

I have an image of the problematic install, if useful.

I am also seeing this since updating from 24.7.12 to 25.1.1. Memory usage jumps to 96-99% within a couple of minutes of boot. Looking at top -o size, I can see this: imgur

Logs seems to be full of errors relating to various processes failing or being killed too. See extract from log here: pastebin

Any and all help greatly appreciated!

I am also seeing this. Running opnsense 24.1 (although it appeared in the logs prior to the upgrade from 23.7 too), Zenarmor is up to date (engine 1.16.2, database 1.16.24012617, agent 1.16.4), using a local Elasticsearch database.

I also noted that the Audit log shows the following error in configd.py every hour: "action sensei.update-install.os-sensei-db not found for user root".

Zenarmor seems to be running fine.  I do wonder whether it has something to do with this older thread:

https://forum.opnsense.org/index.php?topic=22363.0

Thank you!

If your quite sure its a false positive

Thanks. I guess the issue is I'm not sure if it is or not, and I'm struggling to find any useful info to help me find out. Do you happen to know if there is anywhere I can look up why it was matched?

Hello,

I'm a pretty new user of Zenarmor, having only recently upgraded from a consumer-grade home router to an OPNsense box (which I'm very happy with).

I am seeing a lot of blocks of outgoing connections from my phone to a host called "prod-mobile-api.jn3cx6xo36.net", which Zenarmor seems to be categorising as "Malware/Virus". I suspect it is a false positive, but it is obviously concerning and I am struggling to find any info on what it is, or why Zenarmor might be categorising it as malware.

Googling for that hostname leads to a few auto-generated "we've scanned this host for viruses and found nothing" type pages, which tell me very little.

The regular posters in this forum seem to be pretty experienced and knowledgeable, and I wondered if anyone can give me some pointers in tracking down what's going on here please? For example, do any of you know what databases Zenarmor draws its blocklists from?

If the mods think this is OT then my apologies, and do feel free to bin.

Thank you all in advance for any help you're able to give.