"
I may have to go to a new ISP. The one I have now is unlimited bandwidth. If I move to another location, I may be limited to a certain amount of BW and need to chose the best ISP per price and bandwidth allowed. I therefore need to see how much bandwidth I am using a month. Is there any way I can monitor or log how much BW I am using daily/ weekly/monthly in OPNsense or Zenarmor? Is there a plugin that might be used for that?
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#16
General Discussion / Recording total bandwidth used during a period
October 03, 2024, 12:00:46 AM #17
Zenarmor (Sensei) / Re: Zenarmor will not run WAN along side of Suracata
October 01, 2024, 03:15:05 AM
Thanks. I received like info from someone else. Zenarmor is watching LAN and Surcata is watching WAN now.
#18
Intrusion Detection and Prevention / Re: Zenarmor or Suricata
September 30, 2024, 04:51:15 PM
Thanks. That is how I have it set up.
Also, see this what seems to be a bug in Zenarmor:
https://forum.opnsense.org/index.php?topic=43141.0
Also, see this what seems to be a bug in Zenarmor:
https://forum.opnsense.org/index.php?topic=43141.0
#19
Zenarmor (Sensei) / Zenarmor will not run WAN along side of Suracata
September 30, 2024, 04:05:33 PM
If I try to check both WAN and LAN boxes in settings, Zenarmor says that I can't run WAN on both Suracata and Zenarmor (see quote below). So if I uncheck 'Enable' and 'IPS mode' and all other boxes on the Suracata 'Services: Intrusion Detection: Administration' page, Zenarmor will still not allow me to check the WAN box in Zenarmor/Settings. There doesn't seem to be a way to only run Zenarmor.
"When you use IPS & Zenarmor together, you can only use the WAN interface for Suricata
It looks like you also have Suricata configured to run on this interface. Please be noted that Zenarmor and Suricata cannot be run on the same ethernet interface at the same time."
"When you use IPS & Zenarmor together, you can only use the WAN interface for Suricata
It looks like you also have Suricata configured to run on this interface. Please be noted that Zenarmor and Suricata cannot be run on the same ethernet interface at the same time."
#20
24.7, 24.10 Legacy Series / Re: OPNsense 24.7.5 broken?
September 30, 2024, 01:17:23 PM
Re-upgraded to 24.7.5 again this morning and everything running ok.
#21
24.7, 24.10 Legacy Series / OPNsense 24.7.5 broken? (Redacted)
September 30, 2024, 01:48:58 AM
I upgraded today and after upgrading via the interface, I could no longer login to root with a browser. I could no longer get through to web through OPNsense with my connecting computer. OPNsense is installed on another Dell. I reinstalled to 24.7. Rebooted everything.
#22
Intrusion Detection and Prevention / Zenarmor or Suricata
September 30, 2024, 01:38:20 AM
I installed Zenarmor today and there is a conflict between both Zenarmor and Suricata with both trying to use the WAN. Which system would by better to use? Suricata on WAN or LAN, Zenarmor on the opposites, or Zenarmor (MngoDB) on both and disregard Suricata ?
#23
General Discussion / Re: Migration to ZFS file system
September 24, 2024, 06:52:00 PM
Thanks, but bummer. That is what I was afraid of. I had to reinstall just yesterday because Opnsense suddenly refused to connect to my ISP modem. The reinstall fixed it.
#24
General Discussion / Migration to ZFS file system
September 24, 2024, 05:03:04 PM
The new Snapshot feature requires Opensense to be on the zfs file system. My Opensense is on the other one. The message that is given when your try to do a snapshot is:
"Snapshots are only available when a ZFS file system is used.
For more information on how to migrate to ZFS, please refer to our documentation or support resources."
I can't find any information on how to migrate to ZFS. Can anyone point me to this information?
Thanks
"Snapshots are only available when a ZFS file system is used.
For more information on how to migrate to ZFS, please refer to our documentation or support resources."
I can't find any information on how to migrate to ZFS. Can anyone point me to this information?
Thanks
#25
24.7, 24.10 Legacy Series / Services: Intrusion Detection: Administration / Schedule
September 24, 2024, 02:25:49 PM
When I click on the Schedule tab, it pops up an Edit Job box. After you set up and save a time, from that time onward you can't click the Schedule tab again to view to list of schedules because the Edit Job box always pops up and blocks the view. When you click Cancel on the Edit Job box, it closes out the Schedule tab by jumping to another tab so that you can't read or modify a check box in the list.
#26
Intrusion Detection and Prevention / Re: Suricata best choices
September 06, 2024, 07:54:25 PM
Thanks bimbar. I had given up on an answer, so my long reply. The ones you suggested is what I had already chosen.
#27
Intrusion Detection and Prevention / Suricata best choices
August 14, 2024, 04:15:26 PM
Can someone tell me what are some important Suricata modules to chose? I actually downloaded and enabled all of them, but youtube would only play for about 15 seconds and then stop with an error message.
abuse.ch/Feodo Tracker
abuse.ch/SSL Fingerprint Blacklist
abuse.ch/SSL IP Blacklist
abuse.ch/ThreatFox
abuse.ch/URLhaus
ET open/botcc
ET open/botcc.portgrouped
ET open/ciarmy
ET open/compromised
ET open/drop
ET open/dshield
ET open/emerging-activex
ET open/emerging-adware_pup
ET open/emerging-attack_response
ET open/emerging-chat
ET open/emerging-coinminer
ET open/emerging-current_events
ET open/emerging-deleted
ET open/emerging-dns
ET open/emerging-dos
ET open/emerging-exploit
ET open/emerging-exploit_kit
ET open/emerging-ftp
ET open/emerging-games
ET open/emerging-hunting
ET open/emerging-icmp
ET open/emerging-icmp_info
ET open/emerging-imap
ET open/emerging-inappropriate
ET open/emerging-info
ET open/emerging-ja3
ET open/emerging-malware
ET open/emerging-misc
ET open/emerging-mobile_malware
ET open/emerging-netbios
ET open/emerging-p2p
ET open/emerging-phishing
ET open/emerging-policy
ET open/emerging-pop3
ET open/emerging-rpc
ET open/emerging-scada
ET open/emerging-scan
ET open/emerging-shellcode
ET open/emerging-smtp
ET open/emerging-snmp
ET open/emerging-sql
ET open/emerging-telnet
ET open/emerging-tftp
ET open/emerging-user_agents
ET open/emerging-voip
ET open/emerging-web_client
ET open/emerging-web_server
ET open/emerging-web_specific_apps
ET open/emerging-worm
ET open/tor
OPNsense-App-detect/file-transfer
OPNsense-App-detect/mail
OPNsense-App-detect/media-streaming
OPNsense-App-detect/messaging
OPNsense-App-detect/social-networking
OPNsense-App-detect/test
OPNsense-App-detect/uncategorized
abuse.ch/Feodo Tracker
abuse.ch/SSL Fingerprint Blacklist
abuse.ch/SSL IP Blacklist
abuse.ch/ThreatFox
abuse.ch/URLhaus
ET open/botcc
ET open/botcc.portgrouped
ET open/ciarmy
ET open/compromised
ET open/drop
ET open/dshield
ET open/emerging-activex
ET open/emerging-adware_pup
ET open/emerging-attack_response
ET open/emerging-chat
ET open/emerging-coinminer
ET open/emerging-current_events
ET open/emerging-deleted
ET open/emerging-dns
ET open/emerging-dos
ET open/emerging-exploit
ET open/emerging-exploit_kit
ET open/emerging-ftp
ET open/emerging-games
ET open/emerging-hunting
ET open/emerging-icmp
ET open/emerging-icmp_info
ET open/emerging-imap
ET open/emerging-inappropriate
ET open/emerging-info
ET open/emerging-ja3
ET open/emerging-malware
ET open/emerging-misc
ET open/emerging-mobile_malware
ET open/emerging-netbios
ET open/emerging-p2p
ET open/emerging-phishing
ET open/emerging-policy
ET open/emerging-pop3
ET open/emerging-rpc
ET open/emerging-scada
ET open/emerging-scan
ET open/emerging-shellcode
ET open/emerging-smtp
ET open/emerging-snmp
ET open/emerging-sql
ET open/emerging-telnet
ET open/emerging-tftp
ET open/emerging-user_agents
ET open/emerging-voip
ET open/emerging-web_client
ET open/emerging-web_server
ET open/emerging-web_specific_apps
ET open/emerging-worm
ET open/tor
OPNsense-App-detect/file-transfer
OPNsense-App-detect/mail
OPNsense-App-detect/media-streaming
OPNsense-App-detect/messaging
OPNsense-App-detect/social-networking
OPNsense-App-detect/test
OPNsense-App-detect/uncategorized
#28
General Discussion / Re: ISP changed my modem box - no more Opensense???
August 14, 2024, 04:05:00 AM
I thought I had tried that, but that worked! Opensense would not be worth much without Sercata.
Thanks
Thanks
#29
General Discussion / Re: ISP changed my modem box - no more Opensense???
August 14, 2024, 03:11:58 AM
OK, got it figured out. I went into the (attachment below) window by way of another example on the web and it worked. Thanks for pointing me in the right direction.
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::6848:1ada:22cb:c4e1%11
IPv4 Address. . . . . . . . . . . : 192.168.2.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
------------------------------------------------------------
But I now cannot get into the GUI with 192.168.1.1. Is there any way to change the GUI's address?
C:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::6848:1ada:22cb:c4e1%11
IPv4 Address. . . . . . . . . . . : 192.168.2.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
------------------------------------------------------------
But I now cannot get into the GUI with 192.168.1.1. Is there any way to change the GUI's address?
#30
General Discussion / Re: ISP changed my modem box - no more Opensense???
August 14, 2024, 02:30:46 AM
Thanks for replying.
I changed the LAN to 192.168.2.1 (.0 wouldn't take). Did the unplug/re-plug etc. I kind of thought that would work and tried changing the LAN before. Still no connection. I thought that my PC would find the Opensense LAN automatically, but no. I rebooted the PC and it is back to the 'Autoconfiguration IPv4 Address. . : 169.254.196.225'. I never had to configure my PC to point to a specific address, maybe that has to be done. Not sure how to do that.
I changed the LAN to 192.168.2.1 (.0 wouldn't take). Did the unplug/re-plug etc. I kind of thought that would work and tried changing the LAN before. Still no connection. I thought that my PC would find the Opensense LAN automatically, but no. I rebooted the PC and it is back to the 'Autoconfiguration IPv4 Address. . : 169.254.196.225'. I never had to configure my PC to point to a specific address, maybe that has to be done. Not sure how to do that.
