Zenarmor 1.14: External Elastic database - no data available in reports

[sy]

Hi,

What is the Elasticsearch version?

[idpitt]

It's 8.1

The majority of reports are working. This is the home edition. I don't need the prefix functionality.   Are some reports/logs disabled in this set up?   The Activity Explorer and some of the time based charts ( e.g. HTTP Transactions by source over time ) are broken. The same version of Zenarmor and license against the local elasticsearch instance provides full functionality.

[sy]

Hi,

It is not a license limitation. Please visit non-working reports, then share a report (select Zenarmor logs check box) by following the instructions in the following link.

https://www.zenarmor.com/docs/support/reporting-bug

[idpitt]

Done. Thanks.

[idpitt]

Hi all,

1.15 has fixes for the report charts. Can you try the reports after the update?

Still has the same problem.

For me, this ended up being a version issue.  Elasticsearch 8.1 deprecated the use of 'interval' and changed it to 'fixed_interval'.  I went through and modified  the impacted templates under Zenarmor to restore the charts.  As part of that journey, I also created similar charts directly in Grafana to remove the need to log into the firewall all the time so that's now my primary reviewing tool. I logged the bug with Zenarmor support and they say this will be sorted in a future release.

[jbhorner]

This is still a problem, as of 1.16.1. Understanding that this may be a version issue with Elasticsearch, 8.X and later is their latest version. (I think 8.12 is the latest as of this post's date.) Given the initiatation date of this thread, and the time that has elapsed, I'm surprised this has not been resolved.

If it is known not to work with certain versions of Elastic search, it should be checked prior to moving forward with the "external Elasticsearch" option. Worst case, don't provide the option. For individuals that are implementing Zenarmor for the first time, there will be time wasted trying to understand what is wrong--why certain reports do not display. It seems like a better solution to fix the defect, or prevent installation on a version that is known to not work correctly. Had I not stumbled on this thread (and it wasn't easy to find in a search), I would have continued to scratch my head and waste time.

Like others, I have a fundamental dislike of having my firewall/router also serving as a reporting database server.

[sy]

Hi,

Thanks for the valuable feedback. I'm going to forward the suggestion to the team.