Messages

16

20.7 Production Series / A tale of two installs

« on: August 01, 2020, 05:50:32 pm »

Having migrated from 20.1 to 20.7 with no real issues, I took a backup.
I have noticed that since initially installing opnsense vers 19, the disk usage has been creeping up.
The disk is a 442Gb SSD, and the usage was about 70% of the disk.
I then had issue with the flowed-aggregate service not starting, remote syslog also a non starter (and its not used anyway).
A reset and recover from the earlier backup did not improve matters.
I then took the decision to reinstall from scratch using a fresh 20.7 download.
Then I restored, installed sensei and the other missing plugins such as smartd.
The current disk usage is now 2.5G (1%)!!
Hopefully the system will run a bit cooler (its a fanless device) and all the services will stay up.

17

20.7 Production Series / Re: Call for testing: netmap on 20.7

« on: August 01, 2020, 08:28:10 am »

No not yet. I don't fully understand the ramifications of disabling the hardware options.

18

20.7 Production Series / Re: Call for testing: netmap on 20.7

« on: August 01, 2020, 08:22:09 am »

My system has

em0@pci0:0:31:6:   class=0x020000 card=0x00008086 chip=0x156f8086 rev=0x21 hdr=0x00

used on the WAN, the rest are igb.

All looks ok, except WAN does not appear in the sensei list (but i think it didn't in 20.1)

19

20.7 Production Series / Re: Nut, APC ups, another way

« on: May 31, 2020, 10:57:52 pm »

I only installed the collectd plugin. (ie I did not use pkg on the command line)

20

20.7 Production Series / Re: Nut, APC ups, another way

« on: May 31, 2020, 07:11:12 pm »

Hi
Thanks for that.
Now here is a bit of a mystery.
I setup collectd to send apsupsd information to my influxdb and grafana reporting system.
I added the relevant lines to /usr/local/etc/collectd.conf and got data into the database, along with the plot.
I rebooted opnsense, and when I checked /usr/local/etc/collectd.conf, the entries had been removed, but the data is still being received by influx and plotting is working.
Where did my additions go?

21

20.7 Production Series / Nut, APC ups, another way

« on: May 31, 2020, 08:09:35 am »

Never managed to get NUT working with my APC Backup UPS, so I did this

pkg install apcupsd

pkg install nano (easier to edit files)

edit /usr/local/etc/apcupsd/apcupsd.conf for your ups model

edit more /etc/rc.conf.d/apcupsd

apcupsd_enable="YES"

run apctest , select test alarm, listen for a beep.

service apcupsd start

service apcupsd status

Don't use an apcupsd from free bsd, it wont work, use the one from opnsense's repository.

Did the reboot test, still running, not sure if an update will remove any changes?

22

General Discussion / Re: gpsd

« on: February 12, 2020, 05:41:32 pm »

@siga75

Hi

Will give it another try sometime, perhaps there has been a change of programmers with a better attitude.
Re gps and usb, yes I know it is not the best approach as there is no PPS, but its purely a backup if the internet fails and there is no ntp service.

23

General Discussion / Re: gpsd

« on: February 11, 2020, 06:48:05 pm »

I think it is natively supported by ntp daemon. Modern ublox devices should support nmea output so you may try it out to switch it to nmea mode and run ntpd afterwards. At least it would be an explanation why it would not work (ublox also has a vendor specific binary protocol)

UBLOX-M8 is working on my system, running latest version of opnsense, using the ublox option which sends the correct nmea to set it up. Device is cuaU0, on a usb3 port, speed 9600bps.
Gpsd support for UBLOX binary mode was not very well supported when I last tried to use it, ie if you want it then do it yourself.

24

19.7 Legacy Series / Re: Firewall, Automatically generated rules logging disable.

« on: January 01, 2020, 04:59:42 pm »

Hi

Yes I think that is what I require, still testing.
However, as user defined rule logging can be disabled within the Firewall Section by toggling the i option, why not the automatic pre-defined rules?

Hiding the option within the System area seems to be inconsistent and illogical.

Thanks for your help.

25

19.7 Legacy Series / Firewall, Automatically generated rules logging disable.

« on: December 30, 2019, 07:21:40 pm »

Hi
Trying to debug my firewall, and I cannot disable via the gui the automatically generated rules logging.
This is making my debugging quite difficult.
Any advice constructive would be appreciated.
Thanks

26

19.7 Legacy Series / Re: telegraf & unbound

« on: August 01, 2019, 07:28:17 am »

Just found the plugin page!! after a reboot of opnsense.
More testing to do 

27

19.7 Legacy Series / Unidentified entries in netstat

« on: July 30, 2019, 07:24:54 pm »

opnsense-wan 7351  30.111.235.35.bc.https
opnsense-wan 52046 server-176.53.43.mdns

Any Ideas as to what these are doing in the netstat. Seem to be there after a reboot.

28

General Discussion / Re: Trying to get Grafana to work with Opnsense

« on: July 30, 2019, 04:50:16 pm »

In case you haven't sorted this out
1. ensure opnsense can see the influxdb server (ping)
2. using chronograf (part of the influxdata suite)  access the database, and see if there is a database called telegraf (this is the setting in the telegraf.conf file on the sending system, be aware of issues using telegraf, see my post dated 30 July 2019), or if you have changed it the database name will be in the list, on cronograf
3. if the database is visible using chronograf, then use it to show the data (it may be empty if you inputs are wrong, if so back to the sender, run
telegraf --test --debug --config /usr/local/etc/telegraf.conf
to test the config. All ok then
telegraf --debug --config /usr/local/etc/telegraf.conf
and you should see (be patient) lines of data submitted to influx.

If all ok (use chronograf) then in grafana you set up a connection to the influxdb, the db name is telegraf (unless you changed it), the connection name may be whatever, ie foo.
You need to enter the host name or ip of the system influx is running on.

Now the fun starts as you need to create a dashboard, add a graph and then set the name of the connection you just made (foo for example) and select the input item from the drop down list, add fields and hopefully you will see some graphs.

Try a simple input scenario first , for example memory usage.

It is really worth the effort as grafana is improving all the time and I use it constantly to monitor network, weather, power etc.

Just remember to keep a copy of telegraf.conf as a reboot appears to wipe out all your hard work

opnsense --> telegraf --> influxdb --> grafana
<.     opnsense system. >< other system.       >

Good Luck

ps

https://forum.opnsense.org/index.php?topic=13650.msg62882#msg62882

29

19.7 Legacy Series / telegraf & unbound

« on: July 30, 2019, 12:45:29 pm »

Hi

Issues with telegraf & unbound input

1. the file /usr/local/etc/telegraf.conf gets reset to zero length on reboot, which prevents the starting of telegraf

2. installed version is 1.10.2  whereas the plugin list reports 1.7.5

3. using the unbound input is proving difficult, despite trying all the options on the relevant page
regarding the setup (groups, sudo) it will not function unless the telegraf service is run as root .
adding unbound group to the telegraf user gets removed after a reboot

4. the /usr/local/etc/rc.d/telegraf file used as the service startup is subtlety changed to reset the user back to telegraf after a reboot.

5 the telegraf service when attempting to start gives
Cannot 'start' telegraf. Set telegraf_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.
despite telegraf_enable="YES" being present in this file.

6. running the service under telegraf results in an error as it cannot access the pid file
/usr/local/etc/rc.d/telegraf: DEBUG: pid file (/var/run/telegraf.pid): not readable.
-rw-------  1 root  wheel  5 Jul 30 11:35 /var/run/telegraf.pid

Any advice on how to get this working correctly would be appreciated.


Thanks

30

Sensei / Re: Sensei on OPNsense - Application based filtering

« on: July 12, 2019, 08:31:29 pm »

I didn't try it as the UI seemed to intimate a site (www.google.com)   not a domain, (google.com)
Can you confirm that entering google.com will work, or does it need wildcard character/regex?
Tks