Hi faisal,Than it must be the cpu score. There is a 300.000 minimum cpu score requirement for Elasticsearch. Here's a quick hack:1. Remove /usr/local/sensei/etc/.configdoneCode: [Select]rm /usr/local/sensei/etc/.configdone3. Edit /usr/local/opnsense/scripts/OPNsense/Sensei/check_hardware.sh file and locate these lines:Code: [Select]if [ $CPU_SCORE -le 300000 ]; then CPU_PROPER="false"else CPU_PROPER="true"fiChange 300000 to a lower value, like 200000. 4. Do a browser refresh on the OPNsense UI, and click on any sensei menu. It'll re-run the config wizard. Now it should select Elasticsearch.Now I'm thinking: for cpu scores between 200K and 300K and if there is enough memory (>=8GB) I think we should let the user decide on the database backend.
rm /usr/local/sensei/etc/.configdone
if [ $CPU_SCORE -le 300000 ]; then CPU_PROPER="false"else CPU_PROPER="true"fi
Hi @Antaris,This looks good and should've worked. But with 1.5 database selection will be optional if the device has enough memory but weak cpu (e.g. 200.000<>300.000 cpu score).We hope to release 1.5 late this month. By the way, I think this was your request, you can now request re-classification for a web site through Sunny Valley website https://www.sunnyvalley.io/site-classification/
Hi @deibit,I think every Intel Core with AES and 4 or more cores @3GHz or more is OK for OPNsense with Sensei and Elastic. In the incoming 1.5 you will have the option to choose backend database manually and this misunderstanding will be solved. May be it's good to upgrade cpu to non-L Haswell or Broadwell cpu for better VPN throughput. Also you have to know that for some strange reason Ubench rates Haswell Xeons way lower than non-xeon i5 on same clocks...
@mb sensei is still running very smooth for me Any news/eta on those botnet and DNS tunneling features already shown in the policy?
during Sensei installation I get the following message: "Oops, it looks like LAN interface is also in use by Suricata"But I do not have Suricata running
I still wonder why the single core performance is so important for elasticsearch though...
But I do not have Suricata running, Intrusion detection is completely disabled. I did have it running few weeks back, but disabled it a week ago. So to be sure I rebooted my router/fw before installing Sensei, but still same message.
Ok, makes sense.So I got Sensei to work, but then I found my wifi access point (Unifi AP-HD) stopped working right after.And after some troubleshooting I saw that it could not reach the controller anymore (running on server in same LAN). Since Sensei was the only and most recent change in my network I disabled it and within seconds the UAP-HD came online again an I was able to adopt it again in the controller.So it seems Sensei is blocking my Unifi AP to reach the controller (http://ip-of-controller:8080/inform) somehow. I'm using the hostname.domain of my controller, perhaps it's something to do with DNS being blocked or so?
