Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - bringha

Pages: 1 ... 7 8 [9] 10 11 ... 17

121

18.7 Legacy Series / Re: Upgrade to 18.7.4: telegraf plugin broken?

« on: October 01, 2018, 11:16:30 pm »

OK - here we are with the issue:

There is a conflicting config in telegraf with the log files:

Via the GUI, telegraf is advised to write the log file /var/log/telegraf.log (see above), this is written to the telegraf config file

However, the start script for telegraf in /usr/local/etc/rc.d/telegraf configures:

Code: [Select]

(...)
name="telegraf"
rcvar=telegraf_enable
load_rc_config $name

: ${telegraf_enable:="NO"}
: ${telegraf_user:="telegraf"}
: ${telegraf_group:="telegraf"}
: ${telegraf_flags:="-quiet"}
: ${telegraf_conf:="/usr/local/etc/${name}.conf"}
: ${telegraf_options:="${telegraf_flags} -config=${telegraf_conf}"}

logfile="/var/log/telegraf/${name}.log"
pidfile="/var/run/${name}.pid"
command=/usr/sbin/daemon
start_precmd="telegraf_prestart"
start_cmd="telegraf_start"
stop_cmd="telegraf_stop"
(...)

this causes a conflict where to write ...

Only either or is possible ....

Solution would be to leave the log file entry in telegraf.conf

Code: [Select]

(...)
[agent]
  interval = "10s"
  round_interval = false
  metric_batch_size = 1000
  metric_buffer_limit = 10000
  collection_jitter = "0s"
  flush_jitter = "0s"
  precision = ""
  debug = false
  quiet = true
  logfile = ""    <--- leave empty
  hostname = "opnsense"
  omit_hostname = false
(...)

As I assume that this is again created automatically this requires change in the code

Br br

122

18.7 Legacy Series / Re: Upgrade to 18.7.4: telegraf plugin broken?

« on: September 30, 2018, 02:48:18 pm »

Well, the utmp error message disappeared, however still showing the error message

Code: [Select]

E! Unable to append to /var/log/telegraf.log (open /var/log/telegraf.log: permission denied), using stderr
E! Unable to append to /var/log/telegraf.log (open /var/log/telegraf.log: permission denied), using stderr

changed /var/log/telegraf to telegraf:telegraf, even there no change. Also the problem persists that throughput drops dramatically. have now temporarily switched off telegraf.

Note: we use telegraf in a larger cloud environment and observed some times that when telegraf wants to access files but cannot due to permission, CPU load on this node rises to 100% and machine more or less stops productive work ...

However, could it be that with the recent kernel/sys upgrade, utmp was replaced by some more modern utx? At least the man page on my sense indicate so .... Would then need some adaption in telegraf too ....

Br br

123

18.7 Legacy Series / Re: Upgrade to 18.7.4: telegraf plugin broken?

« on: September 29, 2018, 08:52:27 am »

Err - would love to but never done that before

Is it 'opnsense-revert -r 18.7.3 telegraf'

Br br

124

18.7 Legacy Series / Upgrade to 18.7.4: telegraf plugin broken?

« on: September 28, 2018, 10:19:08 pm »

Hi there,

after I upgraded to 18.7.4. I noticed that the telegraph plugin seems to be broken, mainly due to the input.systems module; I have no suddenly two log files, one in /var/log/telegraf/telegraf.log and one in /var/log/telegraf.log. Although the config says

Code: [Select]

[global_tags]

[agent]
  interval = "10s"
  round_interval = false
  metric_batch_size = 1000
  metric_buffer_limit = 10000
  collection_jitter = "0s"
  flush_jitter = "0s"
  precision = ""
  debug = false
  quiet = true
  logfile = "/var/log/telegraf.log"
  hostname = "opnsense"
  omit_hostname = false

[[outputs.influxdb]]
  urls = ["http://192.168.1.205:8086"]
  database = "telegraf"
  retention_policy = ""
  write_consistency = "any"
  timeout = "5s"
  username = "influx"
  password = "XXXXXXXXXX"




[[inputs.cpu]]
  percpu = true
  totalcpu = true
  collect_cpu_time = false

[[inputs.disk]]
  mount_points = ["/"]

[[inputs.diskio]]

[[inputs.mem]]

[[inputs.processes]]


[[inputs.system]]

[[inputs.net]]

that /var/log/telegraf.log shall be used, it uses the other one and writes tons of messages like

Code: [Select]

2018-09-28T19:20:23Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:20:33Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:20:43Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:20:53Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:21:03Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:21:13Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:21:23Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:21:33Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:21:43Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:21:53Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
2018-09-28T19:22:03Z E! Error in plugin [inputs.system]: open /var/run/utmp: no such file or directory
E! Unable to append to /var/log/telegraf.log (open /var/log/telegraf.log: permission denied), using stderr

/var/log/telegraf.log belongs now root:root but should root:telegraf (?),

The non-nice side effect is that opnsense throughput in downlink drops to <5% of the normal performance.

Br br

125

German - Deutsch / Re: OPNSense Neuling sucht Hardware

« on: September 24, 2018, 09:24:33 am »

Nö, die Superdoms dümpeln bei mir bei 32 Grad rum

Was treibt Dich in die Frage nach viel Rechenleistung?

Der N3700 stoffwechselt bei mir mit durchschnittlich 3% CPU Last und in der Spitze 26% trotz zahlreicher Plugins (sipproxd, igmpproxy, Telegraf ...).Memory bei 4% avg, 11% Spitze (bei 8G)

Auf dem WAN habe ich 21 MBit Durchschnittstraffic (SIC!) wenn Entertain läuft

Mir reicht das also völlig aus

Br br

126

German - Deutsch / Re: OPNSense Neuling sucht Hardware

« on: September 23, 2018, 02:52:39 pm »

Hallo,

ich kann noob nur zustimmen, Preis Leistung und vor allem auch Betriebskosten sind mit dem X11SBA-LN4F sehr brauchbar. Das Board kann sowohl in Microrechnergehäusen als auch Rackmounted prima eingesetzt werden.

Sollte ggf auch ein gebrauchtes System in Frage kommen, würde ich dringend empfehlen darauf zu achten, die HW Revision 1.02 oder später einzusetzen (siehe https://forum.opnsense.org/index.php?topic=5869.msg25622#msg25622).

Bei mir laufen jetzt 2 der Systeme seit 2 Jahren ohne jede Probleme und haben jedes Upgrade problemlos mitgemacht; nach den anfänglichen Hickups (s.o.) bin ich sehr zufrieden!

Sehr effektiv bei ausschließlicher Nutzung als OPNsense hat sich auch der Einsatz von SuperDOMs als SSD Disks erwiesen (32 GB) ist klein, sparsam und völlig ausreichend. Mit 16GB Memory habe ich allerdings keine Erfahrung, Supermicro selbst empfiehlt lediglich max. 8 GB RAM)

Br br

127

18.1 Legacy Series / Re: UnboundDNS Stopped running - No errors ?

« on: July 27, 2018, 07:05:37 pm »

Hi there,

login into your sense with ssh and get a shell

cd into /var/log

check the resolver.log file with

clog resolver.log

Br br

128

18.1 Legacy Series / Re: IGMPProxy1.3 is not starting

« on: July 04, 2018, 06:54:33 pm »

Yes, this is a linux based igmp proxy solution which also support SSM and even IPv6 MLD. Some folks out of pfsense have started to port it to freebsd and made compilable however I could not find it publicly available as a working release as in the article below is said that it did not work as the kernel interface linux/freebsd is too different; see also

https://forum.netgate.com/topic/98494/pfsense-2-3-mit-telekom-entertain/20

Btw. the not yet complete freebsd port you can find on GitHub:

https://github.com/ViToni/mcproxy

Br br

129

18.1 Legacy Series / Re: IGMPProxy1.3 is not starting

« on: July 01, 2018, 02:55:26 pm »

Hi gliddie,

Your config is indeed a fair and valid option to stream TV via Entertain (tv) in your network, however Imho it is a different story:

I understood that frank wanted to use its new Entertain TV Box.

Getting access to Entertain via Kodi/tvheadend works via different mechanisms currently as I understand it:

If I remember correctly,
- tvheadend does not support igmpv3 either
- tvheadend does not yet support fully SSM
- Trying to access the new streams in the Entertain 87.XX range 'fall back' to the old Entertain addresses in the 193.X/232.X (ie Entertain v1) range
- Some had even reported that only using the ffmpeg pipe mechanisms of tvheadend brought Entertain V2 up. But this might have been fixed already with a newer version of tvheadend
(has been a while ago that I dealt with it)

Indeed you can watch tv via 'Entertain TV contract' then in your network but not yet fully using the foreseen technology mechanisms for Entertain TV technology platform. If you don't care - fine!

The official Entertain tv box requires mandatorily full igmpv3 support including source specific queries.

Br br

130

18.1 Legacy Series / Re: IGMPProxy1.3 is not starting

« on: July 01, 2018, 10:30:52 am »

... and also your network config would be fine

Otherwise look here (its in German)

https://forum.opnsense.org/index.php?topic=4785.0

You can see in your log: igmp type 0x22 is not known (this is a igmpv3 membership report)

Br br

131

18.1 Legacy Series / Re: IGMPProxy1.3 is not starting

« on: June 29, 2018, 09:04:00 pm »

Ok - can you tell me which Network your

192.168.2.0
10.0.x.x

are?

Your 192.168.2.1 is the IP Address of What?

Anyway, your igmpproxy does not recognize the upstream vif properly ...

In my config (no pppoe upstream) it look like:

Code: [Select]

root@OPNsense:~ # /usr/local/sbin/igmpproxy -d -v /usr/local/etc/igmpproxy.conf
adding VIF, Ix 0 Fl 0x0 IP 0x0101a8c0 igb0, Threshold: 1, Ratelimit: 0
adding VIF, Ix 1 Fl 0x0 IP 0x6502a8c0 igb1, Threshold: 1, Ratelimit: 0
joinMcGroup: 224.0.0.2 on igb0
joinMcGroup: 224.0.0.22 on igb0
RECV V2 member report   from 192.168.1.1     to 224.0.0.2
The IGMP message was from myself. Ignoring.
RECV V2 member report   from 192.168.1.1     to 224.0.0.22
The IGMP message was from myself. Ignoring.
(...)
// Here it start to join the entertain group for ARD
RECV V2 member report   from 192.168.1.83    to 239.35.10.4
Inserted route table entry for 239.35.10.4 on VIF #0
joinMcGroup: 239.35.10.4 on igb1
Adding MFC: 193.158.35.251 -> 239.35.10.4, InpVIf: 1
The IGMP message was local multicast. Ignoring.
// Upstream igmpv3 report:
RECV V3 member report   from 192.168.2.101   to 224.0.0.22
(..)
// Client membership report for ARD
RECV V2 member report   from 192.168.1.83    to 239.35.10.4
Updated route entry for 239.35.10.4 on VIF #0
Adding MFC: 193.158.35.251 -> 239.35.10.4, InpVIf: 1
The IGMP message was local multicast. Ignoring.
RECV V2 member report   from 192.168.1.1     to 224.0.0.22
The IGMP message was from myself. Ignoring.
(..)

BR br

132

18.1 Legacy Series / Re: IGMPProxy1.3 is not starting

« on: June 29, 2018, 01:57:50 pm »

Correct

igmpproxy uses upstream the kernel internal multicast router/igmp protocol implementation which supports igmpv3. Downstream it has an igmpv2 implementation. I am working since a while on an architectural redesign however am just stuck due some missing freebsd kernel documentation items.

All Fritzbox and Speedports support igmpv3 implicetly, connecting the receiver to them works fine

Nevertheless would love to see the debug output of the igmpproxy on your system to get some more insights where to improve the igmpproxy

Br br

133

18.1 Legacy Series / Re: IGMPProxy1.3 is not starting

« on: June 29, 2018, 07:49:39 am »

Hi there,

not to throw water in the wine: Much likely you won't get Telekom Entertain v3 up and running with igmpproxy: Telekom Entertain v3 needs full upstream and downstream igmpv3 which igmpproxy is currently not supporting. It is doing igmpv3 on uplink and igmpv2 on downlink only.

Nevertheless, to get a little bit more insight what might happen is to start the igmpproxy with the -d -v options from terminal. It gives you some output right at the beginning what kind of VIF it is getting from kernel. Might be that this can be a hint where it hangs ...

Perhaps you can post the output then ..

Br br

134

18.1 Legacy Series / Re: 18.1.10: dpinger activation -how to replace apinger

« on: June 22, 2018, 01:26:12 pm »

Thanks Franco,

Hmmmmm - this is one option how to do it ....

However, concept of dpinger creates individual instances per gateway. It would make sense, to allow selective gateway monitoring. Latest when replacing apinger, an individual activation in the gateway screen would more intuitive.

Just my 10 cents

Br br

135

18.1 Legacy Series / Re: 18.1.10: dpinger activation -how to replace apinger

« on: June 21, 2018, 08:17:15 pm »

Thanks a lot, it works!

I have to admit that I never would have looked under firewall.

There is a dedicated gateway menu under 'system' which also allows to switch Gateway monitoring on/off. What is the concept idea behind to put this tick box under firewall configuration?

Br br

Pages: 1 ... 7 8 [9] 10 11 ... 17