Messages

Yes,

as mentioned before, I can add servicechecks but not remove them.

Cheers, Stephan

Ok,

also die Meldungen

Filesystem '/' not mounted
   'RootFs' unable to read filesystem '/' state
   'RootFs' trying to restart

kommen nicht wie hier gemeldet https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219084

und der Status passt auch - hab ich ehrlichgesagt übersehen... ::)

Filesystem 'RootFs'
  status                       OK
  monitoring status            Monitored
  monitoring mode              active
  on reboot                    start
  filesystem type              ufs
  filesystem flags             soft updates, noatime, local, rootfs
  permission                   755
  uid                          0
  gid                          0
  block size                   4 kB
  space total                  18.4 GB (of which 8.0% is reserved for root user)
  space free for non superuser 9.0 GB [49.2%]
  space free total             10.5 GB [57.2%]
  inodes total                 2568190
  inodes free                  2526371 [98.4%]
  data collected               Wed, 13 Sep 2017 23:06:41

Muss man dann wohl bei freebsd monieren... 'müllt' halt auch das log alle 2 minuten voll :D

Wo Du gerade mitliest^^ - hast Du eine Idee zu meinem anderen Post im engl. Forum, wegen den Settings die nicht richtig gespeichert werden...?

Grüße,

Stephan

glad to here it worked  ;)

Hi!

Ähhmm...

This is Monit version 5.23.0

Sep 13 21:03:18 lifesense monit[60973]: filesystem statistics error -- cannot parse device '/dev/gpt/rootfs'

Sorry... also irgendwie doch nich so ganz...?

I had the problem after an unclean shutdown - the pid file didn't get deleted / or still was there and suricata refused to start .
After deleting the file  /var/run/suricata.pid it worked again

Hi,

there seems to be a bug with updating the config file.
Although I've finally removed (unchecked & tested & saved) all servicechecks - they still are active in the monitrc file.

Everything I add gets inserted correctly, but won't be removed if unchecked...

Hi,

I use a e-mail password with special chars - but monit does not accept / can't handle this.

Therefore the password needs to be in qoutes - I used single quotes and it seems to work. (the monit manual sates somewhere else to use duoble quotes...)

Here's the fix for the template (/usr/local/opnsense/service/templates/OPNsense/Monit/monitrc):

Line 19:

Code Select Expand

{%      set password = "password " ~ "'" ~ OPNsense.monit.general.password ~ "'" %}

Cheers,

Stephan

Hi,

thank You Fabian!

Could someone please change the default settings in the forward proxy tab to the ones from this documentation (- the defaults didn't work least for me)

Request Modify URL icap://[::1]:1344/avscan
Response Modify URL icap://[::1]:1344/avscan

Thank You!

Cheers, Stephan

Sorry, war noch auf Englisch  ::)

also Ad Schellevis hat einen Patch für das Problem gemacht:

https://github.com/opnsense/core/commit/30fde1ef05bebba9c37e0b5c85176bd3c663d79b

Es ist tatsächlich so, dass abuse.ch mittlerweile den Filestream von ihren Listen komprimiert und deshalb nur 'Müll' in den Dateien steht.

Grüße,

Stephan

O.k. - thanks to Ad Schellevis it is solved!  :)

In fact, it seems that abuse.ch meanwhile has compressed the filestream...

Here's the fix: https://github.com/opnsense/core/commit/30fde1ef05bebba9c37e0b5c85176bd3c663d79b

Cheers,

Stephan

Thank You Ad!

This fixed it!

Cheers,

Stephan

Btw - here's the patch: https://github.com/opnsense/core/commit/30fde1ef05bebba9c37e0b5c85176bd3c663d79b

Hi,

well - some more details would be helpful...!

We have a TAP bridged to local lan on opnSense - opnSense is behind a router which is connected to ISP - on the router portforwarding is set for the vpn connection. That's all.

Cheers, Stephan

Hi,

I constantly get the error:

<Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "‹" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.sslblacklist.rules at line 1

When I take a look at the /usr/local/etc/suricata/opnsense.rules/abuse.ch.* files, they all seem to be completly garbage!?

So I already deleteted them all (also @ suricata/rules folder) and started the rules downloader - still the same garbage in the files...

Any idea?

Thanx,

Stephan

Hi,

ich habe ständig den Fehler

<Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "‹" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.sslblacklist.rules at line 1

im suricata.log

Ich habe mir die  /usr/local/etc/suricata/opnsense.rules/abuse.ch.* Dateien mal angesehen - da steht meiner Meinung nach nur Müll drin...
Ich hab die Dateien bereits gelöscht und den Download neu angestoßen - kommt aber das selbe dabei raus...

Hat jemand von Euch IDS mit den abuse.ch Regeln aktiv? Und könnte mal bitte nachsehen, ob die o.g. Dateien bei Euch auch so zerschossen zu sein scheinen?

Danke!

Stephan

Hi,

I'd also like to know which algorithm to prefer / to know which one is more efficient - probably it's an implementation problem, as hyperscan is quite new (~1y) in opnsense?