some questions and problems with opnsense

[Rout3rx]

Hello everybody

i want to add persian language in opnsense and i can't know how can i do this? i see just some files on github.
can i translate a file and send to the core developers to add it in language?

i want to install clamav on opnsense and use it in local, how can i do that? if i buy the commercial support they can help me?

i want to see some graphs for linke kibana. can i get a help to do this?

thanks

[fabian]

Hello everybody

i want to add persian language in opnsense and i can't know how can i do this? i see just some files on github.
can i translate a file and send to the core developers to add it in language?

You need access to the translation server. Instructions: https://docs.opnsense.org/contribute.html#translations

i want to install clamav on opnsense and use it in local, how can i do that? if i buy the commercial support they can help me?

It is in the FreeBSD repository. You can enable it if you like but you should not keep it enabled. If you are talking about scanning HTTP(S) traffic, you should use a separate server. Here is a tutorial from a 3rd party: http://www.tcptechs.com/opnsense-transparent-caching-filtering-proxy-with-virus-scanning/

i want to see some graphs for linke kibana. can i get a help to do this?

thanks

Why not use kibana? Just forward syslog messages to a logstash server and send it to elasticsearch. Can be the same server as the ICAP server but it should not for security reasons (for example you can make two different containers).

[csmall]

To see kibana graphs you need to send logs to elk stack. Enable syslog and point it at your elk installation. I don't know if elk supports netflow or not but if it does point netflow there.

[Rout3rx]

You need access to the translation server. Instructions: https://docs.opnsense.org/contribute.html#translations
need an invitation i think, registration was closed!

It is in the FreeBSD repository. You can enable it if you like but you should not keep it enabled. If you are talking about scanning HTTP(S) traffic, you should use a separate server. Here is a tutorial from a 3rd party: http://www.tcptechs.com/opnsense-transparent-caching-filtering-proxy-with-virus-scanning/

/usr/ports was not found on opnsense, how can i add this? and via pkg, package not found to install


Why not use kibana? Just forward syslog messages to a logstash server and send it to elasticsearch. Can be the same server as the ICAP server but it should not for security reasons (for example you can make two different containers).
thanks, i need an interface for show which country attacked and who blocked...

another question, why the GeoIP list is short? and many of country isn't there? how can i complete and fill up?

[csmall]

Elk stack can use geoip databases to show countries based on ip and display that information in kibana.

In opnsense you can start typing a country and it will filter. It doesn't display all countries in the dropdown menu.

[fabian]

You need access to the translation server. Instructions: https://docs.opnsense.org/contribute.html#translations
need an invitation i think, registration was closed!

No, accounts are created  when requested per mail.

/usr/ports was not found on opnsense, how can i add this? and via pkg, package not found to install

this is a /usr/ports is a repository that can be cloned from here: https://github.com/opnsense/ports

thanks, i need an interface for show which country attacked and who blocked...

Logstash: https://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html
Sample for a web server log: https://www.digitalocean.com/community/tutorials/how-to-map-user-location-with-geoip-and-elk-elasticsearch-logstash-and-kibana

[Rout3rx]

thanks for csmall and fabian.

No, accounts are created  when requested per mail.

sorry fabian, could you explain more? how can i request with my email?

another question,
why the first 4 ruleset can not installed? and always write not-installed!
and how can i add a custom rule? i found some field in user-defiend section...is it all that?

[Rout3rx]

a new question,
where can i see the blocked ip addresses? for IPS or firewall?

and a bug!
when i add a defined rule in IDS againest a country to block that, it's not worked!
should i do anything else?

[fabian]

a new question,
where can i see the blocked ip addresses? for IPS or firewall?

Both (IPS and firewall) have a log file.

[Rout3rx]

where can i see the blocked ip list by the IPS? and do unblocking

[Rout3rx]

is there anyone to help me?
thanks