No data in reports or dashboard, policies are working though

[SonicJoe]

I've been running Zenarmor on a Protectli 4B for about 7 months or so without issues (Home license). Due to the low amount of resources, I use a remote Elasticsearch DB. Within the last month I have hit a strange issue. Suddenly there is no data in my reporting database. Zenarmor is working. Blocks are being applied based on policies. I can confirm this by disabling or modifying policies and seeing that things work or don't. I believe everything was working fine on OPNSense 23.1.9. I haven't made any changes in a long time, other than updates. I ended up skipping 23.1.10 because it came out just before I went away on vacation and by the time i came back and was settled 23.1.11 was out. Somewhere in there a Zenarmor update occurred too.

Things I have tried:

1) Zenamor -> Configuration -> Reporting and Data -> Perform Index Check, result = "Everything looks good"
2) Try "Reset Reporting", result = "You cannot hard reset for remote database"
3) Try "Erase Reporting Data", result same as above
4) Create a brand new Elasticsearch DB, point Zenarmor at that, result = I see the Zenarmor indices created in the DB, and performing an index check still results in "Everything looks good", but no data shows up in reports
5) Factory reset Zenarmor, result = odd errors, packet engine won't start
6) Full uninstall/reinstall of Zenarmor, result = Zenarmor working again, but reporting issue persists
7) Reboot FW as a sanity check, result = no change, issue persists

I'm completely at a loss, so... any ideas? I did send logs to support but other than them asking if I tried "Reset Reporting" I haven't heard back.

[sy]

Hi,

Can you run the following command on OPNsense console as root and share the output?
 
curl -XGET http://192.168.20.50:30003

[SonicJoe]

You must be the support person who has my case, since I didn't supply any IPs here in the forum. I responded to your E-mail. Curl fails due to the self-signed cert, but I provided you screen shots of the GUI showing that Zenarmor confirms it can connect and check the indices, as well as a screenshot of the Elasticsearch DB using Elasticvue that shows all the indices were created by Zenarmor, so it must be able to connect.

Also, and I will add this to the ticket, I just tried removing the certificate and making the connection as HTTP instead of HTTPS, but I have the same issue. Here's the output of the curl command when switching to HTTP:


curl -XGET http://192.168.20.50:30003
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}},"status":401}

So that rules out a certificate issue.