Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
No data in reports or dashboard, policies are working though
« previous
next »
Print
Pages: [
1
]
Author
Topic: No data in reports or dashboard, policies are working though (Read 1198 times)
SonicJoe
Newbie
Posts: 5
Karma: 0
No data in reports or dashboard, policies are working though
«
on:
July 11, 2023, 02:21:13 am »
I've been running Zenarmor on a Protectli 4B for about 7 months or so without issues (Home license). Due to the low amount of resources, I use a remote Elasticsearch DB. Within the last month I have hit a strange issue. Suddenly there is no data in my reporting database. Zenarmor is working. Blocks are being applied based on policies. I can confirm this by disabling or modifying policies and seeing that things work or don't. I believe everything was working fine on OPNSense 23.1.9. I haven't made any changes in a long time, other than updates. I ended up skipping 23.1.10 because it came out just before I went away on vacation and by the time i came back and was settled 23.1.11 was out. Somewhere in there a Zenarmor update occurred too.
Things I have tried:
1) Zenamor -> Configuration -> Reporting and Data -> Perform Index Check, result = "Everything looks good"
2) Try "Reset Reporting", result = "You cannot hard reset for remote database"
3) Try "Erase Reporting Data", result same as above
4) Create a brand new Elasticsearch DB, point Zenarmor at that, result = I see the Zenarmor indices created in the DB, and performing an index check still results in "Everything looks good", but no data shows up in reports
5) Factory reset Zenarmor, result = odd errors, packet engine won't start
6) Full uninstall/reinstall of Zenarmor, result = Zenarmor working again, but reporting issue persists
7) Reboot FW as a sanity check, result = no change, issue persists
I'm completely at a loss, so... any ideas? I did send logs to support but other than them asking if I tried "Reset Reporting" I haven't heard back.
«
Last Edit: July 11, 2023, 03:32:32 am by SonicJoe
»
Logged
sy
Hero Member
Posts: 591
Karma: 44
Re: No data in reports or dashboard, policies are working though
«
Reply #1 on:
July 11, 2023, 02:46:47 pm »
Hi,
Can you run the following command on OPNsense console as root and share the output?
curl -XGET
http://192.168.20.50:30003
Logged
SonicJoe
Newbie
Posts: 5
Karma: 0
Re: No data in reports or dashboard, policies are working though
«
Reply #2 on:
July 12, 2023, 04:03:21 am »
You must be the support person who has my case, since I didn't supply any IPs here in the forum. I responded to your E-mail. Curl fails due to the self-signed cert, but I provided you screen shots of the GUI showing that Zenarmor confirms it can connect and check the indices, as well as a screenshot of the Elasticsearch DB using Elasticvue that shows all the indices were created by Zenarmor, so it must be able to connect.
Also, and I will add this to the ticket, I just tried removing the certificate and making the connection as HTTP instead of HTTPS, but I have the same issue. Here's the output of the curl command when switching to HTTP:
curl -XGET
http://192.168.20.50:30003
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","ApiKey"]}},"status":401}
So that rules out a certificate issue.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Zenarmor (Sensei)
»
No data in reports or dashboard, policies are working though