@gnordli

Think it's there since 23.01.
23.05 shows :

[23.05-RELEASE][ssh@pfSense.lan]/root: zeek -v zeek version 5.0.7

@ShahidAkhter
We have same problem xvideos as name host. There must be a solution somwhere. Anyone any idea?

@thrx1 said in Ntopng service will not start because Redis service is not running:

What is the correct way to do this?
I tried going to shell and writing "redis-server /usr/local/etc/redis.conf" but keep getting the message "redis-server /usr/local/etc/redis.conf: Command not found".

Bump. Anyone able to help me here?

Thank you very much! I did some research before but never checked redmine. 😆

Problem solved with the patch

@buggz said in pfSense Zeek - walkthrough setup?:

Shrug, looks like it works with default values.
I did choose,
Zeek Interface(s): WAN
Local Network Configuration: my internal network, 192.168.2.0/16

Hi,

I have noticed it breaks when you try to add a script.
It has not started since, I have removed and deleted the script but still it won't start.

@adriftatlas yep I see the same.
Unfortunately one of the redmines linked has no activity since 2019.
Out of luck here my friend

@juanzelli OMG. I'm so DUMB. Thank you very much. I completely forgot that step. You're a scholar and a gentleman. THANK YOU!

@hulleyrob
Thank you, but I think it should be enough to save the "/var/db/vnstat/vnstat.db".

Greetz

@paulparisi my friend who runs pfsense assured me that you simply paste the maxmind password (looks like about 20 alphanumerics) and the GeoLite2 database loads though it may take a little while to complete. I tried it and it seems to work.

I had never used the custom feature before 23.01, so I don't know if it had worked previously or not. If not, then a blank end date defaulting to "now", or an option to select "now, would be a nice enhancement.

I spent last Fall updating an entire website from PHP 7.4 to 8.1, a month of tedium trying things, looking at the syslogs, fix, try again, etc. What a pain... I am still finding PHP warnings and deprecations in my logs that I have to chase.

@ermilan2309 said in softflowd netflow multiple collector:

Thanks for the suggestion but after editing that file It stays there until I reboot the firewall.

This is expected.

I would open a redmine ticket requesting this option (second IP:port) to be added to the package.
By doing this request, you don't need to worry about future updates overwriting your changes.

Today I upgraded to the 23.01 RC and the speedtests seem to be working! 😳 😀

67f743bb-3ffa-42ff-9358-edc40ef438f0-image.png

After the upgrade, I did get a few errors related to pfBlockerNG and 'Unbound Python' mode which I cleared by switching back to normal unbound, Force Reload, then back to unbound python, force reload, and then rebooting, and then deleting the py_error.log. Seemed that even though the errors were cleared, pfBlocker retained (and kept flagging) the old errors from earlier despite the issue being resolved.

@heper said in Your opinion about adding Smokeping for monitoring WAN and LAN links state as standard pfSense feature:

@sergei_shablovsky
https://github.com/pfsense/FreeBSD-ports
has the sourcecode for the packages.

https://docs.netgate.com/pfsense/en/latest/development/develop-packages.html
https://docs.netgate.com/pfsense/en/latest/development/package-directories.html

Thanks You. I able to read official web. ;)

I just asking for OTHER great sources with examples :)

@jrey why not just run smoke ping as a docker on something, like your nas? So clearly you have some network and your worried about like 5 different things that might go down. But you got not other than your edge firewall/router that you can run docker on?

What exactly are you wanting to monitor - are they available outside? If so use a tool from outside, now you have monitor of yoru internet link from outside (always good) and your services. I do this for a couple of services I run.. I would never think to running this internally - because the services are meant to be available to the internet - so they should be monitored from the internet... And if they are down because say pfsense is down. Kind of hard to get warning email out?

@ben_p In the UI, Diagnostics Menu | Command Prompt | Execute Shell Command

Here's some irony, it was working, now I'm getting a core dump again, joy!
Tried the how to, yea, I'll skip that.

@mdp716 Thanks. On your last investigation note:

A few pointers:
An easy way to do it would be to install one of the data summary packages in pfSense like “Bandwidthd”. There are others but I don’t know if they do it by hosts. They do by interface - if your tenants are on seperate VLANs

The slightly more blinky way of doing it would be to leverage the data from nTopNG and visualize it in Grafana. NtopNG has created a plugin for Grafana so you can query the data pr. Host or interface directly and both visualize and do math operations on (like summaries based om dates and what not).

@user202 said in ntopng - You're not supposed to be here!:

As I've stated here

On the left menu bar at the lower end there is the option "Developer"
hoover over it, select "Plugins" on the top right select "Reload Plugins"
It should again be working now

This worked for me, thanks!

@saggittarius seem you do yes. Perhaps some leftover data from your original install is causing redis to crash.

Stop your Ntopng service even though it is crashed.

Delete the following directory: /var/db/ntopng

See if it will start now.

@michmoor said in Squid Double auth:

Curious how effective do you find Squid as a tool for monitoring website monitoring?

i use Squid to monitor to which web sites entering users, and squid does it good

Looking at this myself, haven't tested yet though.

Appears that syslog-ng (an available package) will collect messages from text files. So similar to filebeats or splunkd, it should be able to read the files in from /usr/local/logs/current/. for remote delivery.

https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.17/administration-guide/18#TOPIC-989607

@scottlindner Bit late of a reply, but this data is stored using vnstat. The data is stored in /var/db/vnstat/vnstat.db You can copy it over using WinSCP then restore it. Assuming the interface names are the same it'll match up.

@gertjan thank you sir!! And Happy New Year!

@michmoor said in Wish list for Traffic Graph widget and Status: Traffic Graph?:

I think what you are asking for is already possible. I set the parameters of the traffic graph. Select my interface. Display. Mode..Then click the save button. Everytime i go back to it my default view i set is there.

I am so embarrassed. I've been using pfsense for 10 years and I never noticed the Save button 🤦‍♂️

Hi, Running ntopng on a Raspberry Pi 3+ with the latest version for some weeks, I ran a sudo apt-get update and upgrade.Red badges cps-tester.co are often symptoms of problems. For example, if the active hosts ore flows badges are red it means that the ntopng hash tables are full and some ...A good introduction and discussion of how to use timeseries, flows and pcaps to investigate issues is available in blog post Drill Down Deeper: Using ntopng ...

@luckman212 said in SNGREP would be a great tool to have!:

fetch https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/sngrep-1.4.8.txz

Trying to fetch this file comes up with not found. Could you assist at all?

regards
cyber7 (aka Aubrey)

It's been ~24 hours and it seems to still be running. I'll keep an eye on it, but I hope it's stable.

Just seems silly that the package defaults to such a low amount of memory that it can't auto-start. During my googling adventures, I found someone had posted a formula to calculate how much RAM you should allocate, and if that's accurate then I wonder why the devs didn't just compute that for you...

Anyways, I appreciate the response and I'm happy it's now working.

The zeek error above is on pfSense 2.6.0
do anyone have it working on pfSense 2.6.0

@kreki1986 The version number of the Zabbix agent. Look at Package Dependencies shown at the bottom of the package description.

@gertjan said in Heavy traffic monitoring at service or application level:

@jt40

Looks like you could consider using System > Package Manager > Available Packages > ntopng

ntopng builds 'html' pages to show, so no php that parses huge logs files, and goes "time out" doing so.
ntopng can't see what LAN devices 'consume' per process, of course. It can only see : what IP, what ports used.

I'm not using ntopng myself.
Warning : don't install ntopng an walk away. Check disk space used, process power used, etc. daily.

Thanks for the suggestions, but I see that it's not a ready-made solution:

I need to install a couple of things and configure them, I have skill to follow those procedures, but I really don't like to mess up in BSD, I don't know that extremely well :D , same for the distro on top...

It will weight on my system, I have 16GB of Ram and 8 threads, pretty recent CPU, but I don't think it's enough for what I need, not over a couple of months of HA required to catch these network spikes... Eventually, I should set up another machine for that, but it's gonna be another expense...

I've seen that Redis is a DB in memory, I hope it doesn't run in that way in Pfsense as a package, or that at least I can change the configuration.

Is there anything else you would recommend?
I can search online, but it's better to get advices on my specific requirements.

@denis_ju
My static ip was replaced with the hostname "startpage.com".

Otherwise with other hostnames.