ntopng completely broken

[Unspec]

Hi, ever since the 24.7 update, ntopng is borked. I've tried complete resets (e.g. removing all files associated with ntopng and redis), resetting the redis db, whatever, nothing works. ntopng just refuses to admit that redis is running.

I have confirmed redis is running. Always the same story: ERROR: Connection error [Operation timed out]

[franco]

I wouldn't be surprised. But also check out https://forum.opnsense.org/index.php?topic=42475.msg211425#msg211425 ;)


Cheers,
Franco

[Unspec]

I actually already tried that post, and have the packages "properly" updated.

No dice. The only thing in the /var/db/redis folder is dmp.rdb as well. In /var/db/ntopng, I only see a .lock file. No logs even.

Edit: The other person's initial problem also appears to at least be able to get redis connected before crashing. I can't even get redis to connect.

[Unspec]

It appears the bug is with opnsense, not ntopng. This is evident by the fact that I have now noticed that crowdsec cannot contact the LAPI either. Please advise.

[Unspec]

Under Firewall > Diagnostics > Sessions, lots of syn_sent:closed errors.

127.0.0.1:37989   127.0.0.1:1405   127.0.0.1:6379   SYN_SENT:CLOSED

[franco]

To be frank: I doubt it. :)


Cheers,
Franco

[Patrick M. Hausen]

Crowdsec works just as it always did on 24.7 here.

[Unspec]

I doubt it's just a coincidence that ntopng and crowdsec both cannot contact their respective ports (6379 for ntopng and 8088 for crowdsec) after the update. They were working just fine prior. In fact, in my crowdsec security engine (before I tore it all down in an effort to fix this issue), it showed my bouncer as offline on the exact day I updated to 24.7. That's far too close to be a coincidence.

Edit: Most definitely an opnsense issue with TCP ports. Even running cscli metrics, metrics can't get a response from port 6060.

[Patrick M. Hausen]

Did you check with netstat -na | grep LISTEN if the services are indeed listening on 127.0.0.1:<port>?

[Unspec]

Did you check with netstat -na | grep LISTEN if the services are indeed listening on 127.0.0.1:<port>?

Yes. For redis, I see 127.0.0.1.6379 *.* LISTEN. For crowdsec, I see it listening on 6060 and 8088.

In the firewall live logs, I can also see ntopng and crowdsec being allowed to contact those ports. So clearly, the services are listening, are being allowed, but not talking back.

[meyergru]

I had squid do the same thing (port open but no connections). A restart always fixed it.

Seems to have something to do with it listening to specific IP addresses instead of 0.0.0.0.

[Unspec]

I had squid do the same thing (port open but no connections). A restart always fixed it.

Seems to have something to do with it listening to specific IP addresses instead of 0.0.0.0.

Unfortunately, restarts and complete resets of the plugins aren't doing anything. It seems specific to TCP - my unbound (UDP) is working fine

[Unspec]

The new 24.7.4 update has fixed both ntopng and crowdsec.

[franco]

It probably wasn't broken. People who reported issues all had multiple repositories active.


Cheers,
Franco