Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
is there a live log?
« previous
next »
Print
Pages: [
1
]
Author
Topic: is there a live log? (Read 3239 times)
c-mu
Full Member
Posts: 210
Karma: 5
is there a live log?
«
on:
May 27, 2022, 08:41:39 am »
Hi,
we have not too long ago installed Zenarmor in the community edition for testing. We have left everything mostly on default settings and only the "Block Malware Activity" filter active.
Now we have noticed that sporadic network traffic between VLANs does not work properly. After a while it turned out that it was Zenarmor that was blocking the traffic. However, it was not directly obvious to us. I had looked under reports for threats and blocks, but did not see anything suspicious.
Long story short: is there a livelog where you can see blocking states directly?
Thank You!
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: is there a live log?
«
Reply #1 on:
May 27, 2022, 05:01:24 pm »
Hi,
Reports - Blocks - Live Blocked Session Explorer shows the blocked Sessions. If you can not see the block info there, most probably it could be a netmap issue. Did you protect the individual VLAN interface(s) or parent interface?
Logged
Mbl
Jr. Member
Posts: 78
Karma: 6
Re: is there a live log?
«
Reply #2 on:
June 19, 2022, 03:18:57 pm »
So I personally don't consider this a "live" log. The logging of sensei makes it extremely difficult to find out what was blocked, why.
That's why I asked in this thread for a combined logging (OPNsense & sensei):
https://forum.opnsense.org/index.php?topic=27812
Logged
sy
Hero Member
Posts: 593
Karma: 44
Re: is there a live log?
«
Reply #3 on:
June 21, 2022, 04:28:02 pm »
Hi,
Did you try the filter? It is located in the Report menu. You can filter local connections, source-destination IPs, ports or etc.
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: is there a live log?
«
Reply #4 on:
June 22, 2022, 03:18:34 pm »
There is live monitoring feature on each section.
See picture
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: is there a live log?
«
Reply #5 on:
June 22, 2022, 03:20:00 pm »
And the refresh rate is by default none, so you have to select it.
Again see the picture
Logged
Mbl
Jr. Member
Posts: 78
Karma: 6
Re: is there a live log?
«
Reply #6 on:
July 05, 2022, 04:32:07 pm »
From my point of view this does not fullfill the user experiance of „life log“…
Quote from: Vilhonator on June 22, 2022, 03:20:00 pm
And the refresh rate is by default none, so you have to select it.
Again see the picture
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: is there a live log?
«
Reply #7 on:
July 05, 2022, 05:27:34 pm »
not sure I understand your point... Do you understand that "live log" takes considerable resource? I'd recommend sending your data somewhere else to examine. OPSense should be busy to what it's doing not try to make it pretty watching page full of log blow right by the screen ever second.
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: is there a live log?
«
Reply #8 on:
July 05, 2022, 06:47:59 pm »
That's pretty much all you get
Only live logs you can have are what Zenarmor GUI offers, to make it faster etc. you can install Database to external DB server which is recommended unless you have 8TB storage and 128GB RAM installed on your opnsense depending of course how much traffic there is at what speeds.
Zenarmor isn't exactly resource efficent and logs do take quite a bit of space and RAM overtime, having real time live log would hang most systems running it in few seconds, which is why minimum refresh rate is 1 minute.
Logged
almodovaris
Sr. Member
Posts: 318
Karma: 15
Re: is there a live log?
«
Reply #9 on:
July 05, 2022, 11:22:24 pm »
Zenarmor only blocks public IPs and websites. So, it has otherwise little to do with traffic between VLANs, unless there is a bug.
Logged
OPNsense HW:
Minisforum Venus series UN100C, 16 GB RAM, 512 GB SSD
T-bao N9N Pro, 16 GB RAM, 512 GB SSD
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
is there a live log?