Sensei on OPNsense - Application based filtering

[siga75]

www pornhub com is not in pornography category, really?

[Darkopnsense]

obviously it is an entertainment site !!! ;)

[colourcode]

How are you people going about excluding OPNsense traffic?
I have a bunch of vlans, all going to a Pihole (for now) then back to unbound and out from there.
IIRC i lose the lookup if u exclude all but one interface in Unbound aswell.

Sensei doesnt seem to take 127.0.0.1 / self as an exclusion.

Looking for ideas on how to set this up the best way :)

[mb]

www pornhub com is not in pornography category, really?

Hi @siga75, it looks like it's correct in the database. Let's see what happened in your case. Kindly send a PR through Report a bug menu located in the upper right hand corner of the UI.

[mb]

@mb just one question. it would be interesting to be able to export or import report data. because if you have to uninstall sensei and erase the data (for whatever reason - hardware change or other problems), it would be great to be able to import the previously recorded data again afterwards. is just an idea. greetings rene

maybe you could try the snapshot function of elastic-dump (Github) or just curl:
CURL -XPUT 'localhost:9200/_snapshot/<backup_folder name>/<backupname>' -d '{
    "indices": "<index_name>",
    "ignore_unavailable": true,
    "include_global_state": false
}'

@marcri, thanks for the hint.

@opnsenseuser, good idea. My only concern is that it might take really long to do an export/import. Needs careful processing.

One question: in our roadmap this year we have "external elasticsearch" in which you get to chose using an external database instead of installing elastic locally.

Would that also do the trick?

[siga75]

www pornhub com is not in pornography category, really?

Hi @siga75, it looks like it's correct in the database. Let's see what happened in your case. Kindly send a PR through Report a bug menu located in the upper right hand corner of the UI.

OK, report just submitted.

Thanks a lot :)

[opnsenseuser]

@mb just one question. it would be interesting to be able to export or import report data. because if you have to uninstall sensei and erase the data (for whatever reason - hardware change or other problems), it would be great to be able to import the previously recorded data again afterwards. is just an idea. greetings rene

maybe you could try the snapshot function of elastic-dump (Github) or just curl:
CURL -XPUT 'localhost:9200/_snapshot/<backup_folder name>/<backupname>' -d '{
    "indices": "<index_name>",
    "ignore_unavailable": true,
    "include_global_state": false
}'

@marcri, thanks for the hint.

@opnsenseuser, good idea. My only concern is that it might take really long to do an export/import. Needs careful processing.

One question: in our roadmap this year we have "external elasticsearch" in which you get to chose using an external database instead of installing elastic locally.

Would that also do the trick?

due to my hardware, i can only use mongodb. will this also possible with this database?

[opnsenseuser]

@mb just one question. it would be interesting to be able to export or import report data. because if you have to uninstall sensei and erase the data (for whatever reason - hardware change or other problems), it would be great to be able to import the previously recorded data again afterwards. is just an idea. greetings rene

maybe you could try the snapshot function of elastic-dump (Github) or just curl:
CURL -XPUT 'localhost:9200/_snapshot/<backup_folder name>/<backupname>' -d '{
    "indices": "<index_name>",
    "ignore_unavailable": true,
    "include_global_state": false
}'

@marcri, thanks for the hint.

@opnsenseuser, good idea. My only concern is that it might take really long to do an export/import. Needs careful processing.

One question: in our roadmap this year we have "external elasticsearch" in which you get to chose using an external database instead of installing elastic locally.

Would that also do the trick?

due to my hardware, i can only use mongodb. will this also possible with this database?

or is the database always external so that the own system resources no longer matter?

[mb]

or is the database always external so that the own system resources no longer matter?

Correct. Database puts some weight on the device, we think offloading it would provide a lot of flexibility. Engine itself consumes as low as 256MB memory. This way it could be possible to run Sensei even in 512MB memory.

[actionhenkt]

How do additional policies work ? I wanted to set up an exclusion for a part of the default policy. In the default policy I selected "firstly seen sites" to be blocked, but this breaks my TV and I dont want to disable it completely.

Made a new policy besides the default and disabled "firstly seen sites", re-enabled on the default. The policy isnt being picked up. How can I work the policy so I can set exclusions in it while keeping the settings in the default policy ?

Thanks!

[mb]

Hi @actionhenkt,

It's probably both policy descriptions overlap and the first in the policy list is matching packets. Click "Contact Team" on the right hand corner of the UI. And team member will follow up with you shortly.

[Wyrm]

Hi,
I have some problems with Sensei on PC Engines APU - mainly with graphs and reports.
HW is PC Engines APU4, 4GB RAM, CPU AMD GX-412TC SOC (4 cores), 128GB SSD.
There is new updated opnsense to 20.1(libressl) and sensei latest install. I repeated also install today again.
Sensei shows in status it is OK, but I do not see any graphs or reports.
Is there some advice how to solve this ?

[mb]

Hi @Wyrm,

This is due to firewall being shut down abruptly or that /var is a temp filesytem.

If none is valid for your case, just shoot a Problem Report (top right hand corner of the UI) and a team member will follow up with you shortly.

[Wyrm]

Thank you for reply.
I checked now Dashboard and I see this:

Disk usage   
9% / [ufs] (8.9G/108G)
0% /usr/local/sensei/output/active/temp [ufs] (8.0K/9.3M)

In attachement is screenshot...

What does it mean ?

[mb]

@Wyrm, all welcome.

"/usr/local/sensei/output/active/temp" directory is auto-created by Sensei, so it is ok.
I don't see /var here, which tells me that /var is not tmpfs.

Send a Problem Report  (top right hand corner of the UI), and we'll have a look.