@keyser

@keyser said in ntopng helping you troubleshoot:

so it’s not worth much when it comes to forensics.

Oh i absolutely agree. Im just trying to see how much i can do on a budget of nothing. :)
Considering NTOPNG is the community edition and there really isnt much in the way of usefulness that can really be gathered by the traffic identification i figured it was neat that the flows Suricata saw NTOP saw and reported it. That certainly wont be the case all the time.

From what i can tell, ntop is really good at figuring out current top talkers.
For more historical data im looking at NFSEN but i cant get that to run on Ubuntu 20.04. Documentation is very dated.

I use PVE. Everything is very stable and no problems.

@backspacemild Thank you.

@yasa Instead of a prepackaged FreeBSD, couldn't you download and install pfSense ISO on the VM? I planned on doing this (just waiting to buy a bare metal Lenovo) with OpenStack on VMware ESXI. If your project is for your home/lab, alternatively, you could try TNSR since it's based on Linux and the cloud version (AWS & Azure) starts at $0.127/hr.

@afcarvalho said in Help on rules:

If I check the reverse option I am doing what?

This is, at least on the english language side, called "Invert" meaning the switcher of NOT.

Check the box and it will say the IP is NOT the value of what you entered then do something.

If you're using a language translation and it is stating something that does not mean 'opposite' or 'invert' or 'not' then please let us know by opening a redmine :)

@stephenw10 I have just watched the video and its actually might help another issue with a raid card I have been having problems with as well so again extremely appreciated now

Ooops! 😉

@keyser said in IPS external logging:

but rather just have full monitoring and alerting of usage, issues and downtime.

I use a combination of Zabbix and Graylog for email notifications. You're right, pfelk was more for visualization as i had more than one pfsense out there and wanted a central dashboard. In the end, to be honest, its more cumbersome to get it all set up and sorted out.

There is a project out there that i use personally.
https://github.com/VictorRobellini/pfSense-Dashboard

I got a nice visualization in Grafana. My current dashboard

42b3c220-d41f-4b48-8d35-8977d05de613-image.png

@peterkrautle I suggest comparing the .xml config file backups from each to see if there’s a difference.

@danielayer said in DNS Whitelist Project:

DNS Whitelist project

Easy answer : you can't.
Making a list with allowed DNS hosts is impossible as it will take unimaginable resources to store this file (or even creating it).
And the moment you have it, it's already outdated, as thousands of new hosts have been created, and some have expired.
"whitelisting" the Internet is like managing a list with all the phone numbers on planet earth.

The way doing things is using lists with sites you don't want to access 😊
( I know, I knew you meant to do that )

The good news is : these lists already exist.
That's one of the reasons why the pfBlockerng-devel pfSense project has been created.

Btw : small detail :

3fb52aa8-ffba-4b1c-b3a4-87e5f4a3ec92-image.png

Go for "Null blocking (logging).
Like this :

ca458a55-7caa-40b1-a421-1508be5a35c2-image.png

The idea of showing a web page that informs the user he wanted to visit a site that is blocked doesn't work for 99,99 % of all cases.
The 0,001 % are the sites that are still http (not https). The number tells you : they don't exist anymore.

@michmoor said in Graylog server on a raspberry pi:

The 'count' in your charts. Should we assume thats how many sessions were created on the firewall, i.e. how many times a packet hit that rule?

Based on what I've observed so far, this would be the same thing you would see in System logs > Firewall in Pfsense logs.

Since its a game, it is probably using UDP, right? I never played Roblox.. So I can't tell.

You can click the play button inside this chart to take a look at each of those entries to check.

@nollipfsense

Merry Christmas and all the best!

I am having similar issue with EcoBee thermostat. It happens only after firmware updates. Unfortunately there is no means to disable it. If I try to reconnect ecobee back to AP it fails.
The fix for me is to reboot the AP and things start to work.

@joeseph said in Custom build or...:

Thank you for the reply.

Yes, definitely will support as reviews are great!

By managed do you mean this for example? "TP-Link 8 Port Gigabit Easy Smart Switch (TL-SG108E)"
And can you explain vlan, dmz or iot?

[https://www.amazon.ca/TP-Link-Ethernet-Unmanaged-Replacement-TL-SG108E/dp/B00K4DS5KU?th=1](link url)

Yes, a smart switch (managed) like that will do the trick :-)

@rcoleman-netgate I am exactly doing this for fun and education.
And at this point am curious why the drive does not come back.
If you can turn on/off hot swapping/plugging in the hardware's bios it us usually supported.