Messages

1

19.7 Legacy Series / Re: os-clamav plugin only listens to 127.0.0.1

« on: December 25, 2019, 02:24:44 am »

Ok so, I take it nobody knows then. A compleat mystery, or...
I'm the only one using this plug in, or in this way at least.

Anybody care to point me in direction of the source code for this so I at least can have a go on finding out if it's a major bug or that it "works as designed".

Regards,

   /Jonas...

Skickat från min ONEPLUS A3003 via Tapatalk

2

19.7 Legacy Series / Re: os-clamav plugin only listens to 127.0.0.1

« on: December 20, 2019, 11:08:41 am »

Right now I have manually edited the clamd.conf and commented out the TCPAddr line and restarted the service clamav-clamd

This is my running clamd.conf.

Code: [Select]

LogFile /var/log/clamav/clamd.log
LogTime yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
#TCPAddr 127.0.0.1
MaxThreads 10
MaxQueue 100
IdleTimeout 30
MaxDirectoryRecursion 20
User clamav
ScanPE yes
ScanELF yes
ScanOLE2 yes
ScanPDF yes
ScanSWF yes
ScanXMLDOCS yes
ScanHWP3 yes
ScanMail yes
ScanHTML yes
ScanArchive yes
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000

A netstat gives only this.

Code: [Select]

# netstat -an | grep 3310
tcp4       0      0 *.3310                 *.*                    LISTEN
tcp6       0      0 *.3310                 *.*                    LISTEN

   /Jonas...

3

19.7 Legacy Series / os-clamav plugin only listens to 127.0.0.1

« on: December 19, 2019, 08:58:43 pm »

Hi!

Code: [Select]

OPNSense: v19.7.8
os-clamav: v1.7
I have recently started to play with the plugin os-clamav to be used by my mailserver (other machine on local network) for scanning mails.
As far as I can understand the configuration 'Enable TCP port' (This will enable TCP port 3310 in addition to the local socket) should make it listen to port 3310 and be available to other machines on the network.

It turns out that I only get it to listen to 127.0.0.1 port 3310 regardless if it's enabled or disabled in the configuration.

After having a look in /usr/local/etc/clamd.conf I can see the entry for this
TCPAddr 127.0.0.1

How do I get it to listen on either ALL interfaces (*) or the local LAN address of the OPNSense server?

Am I doing something wrong here?

Regards,

   /Jonas...

4

Hardware and Performance / Re: Ubiquity unifi ap

« on: January 30, 2017, 09:33:06 am »

Hi,
1. You need the Uniquiti Controller only for the first config of the AP. Afterwards thr AP working without the controller.
2. If you want you can install the Uniquiti controller software on a raspberry Pi. There are some manuals how it works into web.

Regards
Dirk

Not 100% sure but I think you can do the initial AP config from your Android phone also with the app UniFi.

I'm also running my UniFi controller from a Ubuntu VM in XenServer.

   /Jonas...

5

16.7 Legacy Series / Re: Quality for WAN does not get updated

« on: September 26, 2016, 09:21:13 pm »

Hmm, a restart of apinger made the trick.

Strange, why would I have to restart apinger to trigger this?

   /Jonas...

6

16.7 Legacy Series / Quality for WAN does not get updated

« on: September 26, 2016, 09:15:04 pm »

Hi!

Looks like the WAN_DHCP-quality.rrd has stopped getting updated. Other seams to work.

Code: [Select]

root@OPNsense:/var/db/rrd # ls -l
total 6284
-rw-r--r--  1 nobody  wheel   98784 Jul 19 23:43 OpenVPN_GW-quality.rrd
-rw-r--r--  1 nobody  wheel   98784 Sep 19 10:03 WAN_DHCP-quality.rrd
-rw-r--r--  1 nobody  wheel  393168 Sep 26 21:08 ipsec-packets.rrd
-rw-r--r--  1 nobody  wheel  393168 Sep 26 21:08 ipsec-traffic.rrd
-rw-r--r--  1 nobody  wheel  393168 Sep 26 21:08 lan-packets.rrd
-rw-r--r--  1 nobody  wheel  393168 Sep 26 21:08 lan-traffic.rrd
-rw-r--r--  1 nobody  wheel  882048 Sep 26 21:08 ntpd.rrd
-rw-r-----  1 nobody  wheel  393168 Sep 26 21:08 ovpns1-packets.rrd
-rw-r-----  1 nobody  wheel  393168 Sep 26 21:08 ovpns1-traffic.rrd
-rw-r-----  1 nobody  wheel   49720 Sep 26 21:08 ovpns1-vpnusers.rrd
-rw-r--r--  1 nobody  wheel  195704 Sep 26 21:08 system-cputemp.rrd
-rw-r--r--  1 nobody  wheel  588592 Sep 26 21:08 system-mbuf.rrd
-rw-r--r--  1 nobody  wheel  735320 Sep 26 21:08 system-memory.rrd
-rw-r--r--  1 nobody  wheel  245976 Sep 26 21:08 system-processor.rrd
-rw-r--r--  1 nobody  wheel  245976 Sep 26 21:08 system-states.rrd
-rw-r--r--  1 root    wheel    6530 Sep 23 08:37 updaterrd.sh
-rw-r--r--  1 nobody  wheel  393168 Sep 26 21:08 wan-packets.rrd
-rw-r--r--  1 nobody  wheel  393168 Sep 26 21:08 wan-traffic.rrd

I have verified that the GW is supposed to be monitored. See image.

Any suggestions?

   /Jonas...

7

16.7 Legacy Series / Re: [SOLVED] Why are some outbound connections being blocked?

« on: September 07, 2016, 10:27:08 pm »

I found my answer, but thanks for the help.

http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html

Sorry. I arrived a bit late to the party.
This has been bugging me to and I have found sort of the same answer as you did, but still... Isn't there a way to get rid of all these false positives in the log?
I really like to see all blocked traffic but not these leftovers. Can't that be filtered out somehow?

   /Jonas...


Skickat från min A0001 via Tapatalk

8

16.7 Legacy Series / Re: Cannot create bootable USB stick

« on: September 03, 2016, 08:34:18 pm »

EDIT: Mental note to myself, read all of the posts before replying....

   /Jonas...

9

16.7 Legacy Series / Re: Netflow Insight No Data Available

« on: September 02, 2016, 04:39:49 pm »

Ok, so case closed and some leftover work for you guys to decide on how to proceed.

Thanks again for a super awesome piece of software and the same for your time and effort put into supporting it here in the forums.

Now I have to try to find the next anomaly that I can dig deeper into...

   /Jonas...

10

16.7 Legacy Series / Re: Netflow Insight No Data Available

« on: September 02, 2016, 04:32:35 pm »

Hmm...

Looks like /usr/local/opnsense/scripts/netflow/flowd_aggregate.py has something to do with this...

Code: [Select]

...
MAX_FILE_SIZE_MB=10
MAX_LOGS=10
...
def check_rotate():
    """ Checks if flowd log needs to be rotated, if so perform rotate.
        We keep [MAX_LOGS] number of logs containing approx. [MAX_FILE_SIZE_MB] data, the flowd data probably contains
        more detailed data then the stored aggregates.
    :return: None
...

That's why my old data went away when I ditched the SQL DB. Only 10 flowd.log files are kept to not flood the filesystem. The rest of the aggregated data is in the SQL DB, and nowhere else.

I think that solves the mystery.

Comments?

   /Jonas...
 

11

16.7 Legacy Series / Re: Netflow Insight No Data Available

« on: September 02, 2016, 04:07:11 pm »

Code: [Select]

root@OPNsense:/var/log # ls -lah /var/log/flowd*
-rw-------  1 root  wheel   2.1M Sep  2 12:50 /var/log/flowd.log
-rw-------  1 root  wheel    11M Sep  2 12:21 /var/log/flowd.log.000001
-rw-------  1 root  wheel    11M Sep  2 10:25 /var/log/flowd.log.000002
-rw-------  1 root  wheel    11M Sep  2 08:12 /var/log/flowd.log.000003
-rw-------  1 root  wheel    11M Sep  2 05:58 /var/log/flowd.log.000004
-rw-------  1 root  wheel    11M Sep  2 03:29 /var/log/flowd.log.000005
-rw-------  1 root  wheel    11M Sep  2 00:58 /var/log/flowd.log.000006
-rw-------  1 root  wheel    11M Sep  1 22:46 /var/log/flowd.log.000007
-rw-------  1 root  wheel    11M Sep  1 20:17 /var/log/flowd.log.000008
-rw-------  1 root  wheel   107M Sep  1 17:56 /var/log/flowd.log.000009
-rw-------  1 root  wheel    11M Aug 31 20:39 /var/log/flowd.log.000010
root@OPNsense:/var/log #


Something strange is going on here! You say that the flowd.log files are not touched or deleted. Compare the above from earlier today with this from now.

Code: [Select]

root@OPNsense:/var/log # ls -lah /var/log/flowd*
-rw-------  1 root  wheel   8.4M Sep  2 16:03 /var/log/flowd.log
-rw-------  1 root  wheel    11M Sep  2 14:25 /var/log/flowd.log.000001
-rw-------  1 root  wheel    11M Sep  2 12:21 /var/log/flowd.log.000002
-rw-------  1 root  wheel    11M Sep  2 10:25 /var/log/flowd.log.000003
-rw-------  1 root  wheel    11M Sep  2 08:12 /var/log/flowd.log.000004
-rw-------  1 root  wheel    11M Sep  2 05:58 /var/log/flowd.log.000005
-rw-------  1 root  wheel    11M Sep  2 03:29 /var/log/flowd.log.000006
-rw-------  1 root  wheel    11M Sep  2 00:58 /var/log/flowd.log.000007
-rw-------  1 root  wheel    11M Sep  1 22:46 /var/log/flowd.log.000008
-rw-------  1 root  wheel    11M Sep  1 20:17 /var/log/flowd.log.000009
-rw-------  1 root  wheel   107M Sep  1 17:56 /var/log/flowd.log.000010
root@OPNsense:/var/log #

Who rotates my flowd logs?

   /Jonas...

12

16.7 Legacy Series / Re: Netflow Insight No Data Available

« on: September 02, 2016, 04:00:22 pm »

I can't recall that I pushed the "Reset Netflow Data" button.

There is no "flush netflow" in system.log. There is not even any "flush" in system.log...

There are however netflow entries as long back as 25/8 in system.log. (I don't know if it's relevant)

Code: [Select]

Aug 25 22:36:40 OPNsense configd.py: [13707223-0fe2-4f3d-8efb-2ddb7f7b13a1] request netflow data aggregator timeseries for FlowInterfaceTotals
Aug 25 22:36:41 OPNsense configd.py: [f20f15a8-f87e-4cce-9b24-d0fc76ea3bac] request netflow data aggregator top usage for FlowDstPortTotals
Aug 25 22:36:41 OPNsense configd.py: [6fc0132c-0251-4824-95c6-fe4a7a8590ea] request netflow data aggregator top usage for FlowSourceAddrTotals
Aug 25 22:36:41 OPNsense configd.py: [2f73198c-0c5e-442d-bdc9-4f37b9ceb6c1] request netflow data aggregator top usage for FlowInterfaceTotals
Aug 25 22:36:42 OPNsense configd.py: [dc3bab3e-56d6-46bd-b5aa-5c5f3460be54] request netflow data aggregator top usage for FlowInterfaceTotals
Aug 25 22:36:42 OPNsense configd.py: [14cbc454-8242-460d-aa01-7685e70afd36] request netflow data aggregator metadata
Aug 25 22:37:02 OPNsense configd.py: [1df39fb7-ebbb-414e-9e55-e55101168b30] request netflow data aggregator top usage for FlowSourceAddrDetails
Aug 26 12:25:48 OPNsense configd.py: [da581fa7-52a4-4a88-84d1-819b653fdd85] retrieve flow cache statistics

Looks like we are not able to find the cause of this unless you have any more clevver way of checking things.

It's not like the end of the day if I don't have the data, it just bugs me that I don't know why they disappeared.

   /Jonas...

13

16.7 Legacy Series / Re: Netflow Insight No Data Available

« on: September 02, 2016, 01:09:14 pm »

Just a thought...

To me this looks like a logrotated set up. If it is then I would understand that my old data is gone since I have ditched the SQL DB that hold that data. (To solve the previous problems)

Code: [Select]

root@OPNsense:/var/log # ls -lah /var/log/flowd*
-rw-------  1 root  wheel   2.1M Sep  2 12:50 /var/log/flowd.log
-rw-------  1 root  wheel    11M Sep  2 12:21 /var/log/flowd.log.000001
-rw-------  1 root  wheel    11M Sep  2 10:25 /var/log/flowd.log.000002
-rw-------  1 root  wheel    11M Sep  2 08:12 /var/log/flowd.log.000003
-rw-------  1 root  wheel    11M Sep  2 05:58 /var/log/flowd.log.000004
-rw-------  1 root  wheel    11M Sep  2 03:29 /var/log/flowd.log.000005
-rw-------  1 root  wheel    11M Sep  2 00:58 /var/log/flowd.log.000006
-rw-------  1 root  wheel    11M Sep  1 22:46 /var/log/flowd.log.000007
-rw-------  1 root  wheel    11M Sep  1 20:17 /var/log/flowd.log.000008
-rw-------  1 root  wheel   107M Sep  1 17:56 /var/log/flowd.log.000009
-rw-------  1 root  wheel    11M Aug 31 20:39 /var/log/flowd.log.000010
root@OPNsense:/var/log #

   /Jonas...

14

16.7 Legacy Series / Re: Netflow Insight No Data Available

« on: September 02, 2016, 12:47:35 pm »

I've been up for about 40 days with this install and I might not have enabled NetFlow from day one but it was certainly before 31/8.
Somehow the flowd logs have been removed. It might even have been me that have made that happen but I don't know how. Is it possible to make it happen from the GUI? Like when you press Apply in the NetFlow Capture window again?
I know that I have not removed any files in the console (SSH), that's for sure.

   /Jonas...

15

16.7 Legacy Series / Re: Netflow Insight No Data Available

« on: September 02, 2016, 12:41:36 pm »

I'm a bit puzzled myself here. I'll backtrack my steps to see if we have removed anything there.

This is the output.

Code: [Select]

root@OPNsense:~ # df -h
Filesystem      Size    Used   Avail Capacity  Mounted on
/dev/ada0s1a     77G    1.7G     69G     2%    /
devfs           1.0K    1.0K      0B   100%    /dev
devfs           1.0K    1.0K      0B   100%    /var/dhcpd/dev
root@OPNsense:~ #