Arpwatch not downloading vendor ID's
-
Hey all, here is a version of the pfSense ANDwatch package for testing.
You'll need to have the andwatch package itself installed (posted a few days ago here) before installing the pfSense package.
Note that you can remove /usr/local/www/andwatch_database.php as it is no longer used.
Feedback welcome. Bonus points for finding bugs.
-
@dennypage
Yes I mean interface.
So it should say “igc3” or if using vlans “igc3.14” -
@michmoor said in Arpwatch not downloading vendor ID's:
So it should say “igc3” or if using vlans “igc3.14”
There are three levels of interface names in pfSense:
Friendly interface name -> Internal interface name -> Real interface name.Some examples:
LAN -> lan -> ix0 GUEST -> opt2 -> igc0.2 DEVICE -> opt3 -> igc0.3You can see the mapping in Status / Interfaces. The Internal and Real names are shown in parens following the Friendly name.
Pretty much everywhere in the GUI the Friendly name is the one used. If you go to Service / DHCP Server for instance, you will see "LAN", GUEST", "DEVICE", etc. Unless you are defining an interface you generally don't see/use the Internal or Real names. Friendly names are what administrators are most familiar with.
ANDwatch uses the Friendly name in the notification for this reason.
-
@dennypage nice!
Thanks for the quick response Denny -
@dennypage I installed the two pkg on a 2.7.2 CE (on Proxmox), not sure that's supported at all.
Great work! Looks cool to me :o) ... some feedback:
- there is no menu entry in the 'Status' menu, the status can only be access through the service 'ANDwatch'
- there are two interface in my installation, LAN and TEST. On the LAN interface it shows a client and pfSense itself, all with the correct IP, MAC and hostname.
For the TEST network the connected client shows up correct but for the pfSense interface for network TEST the hostname is displayed as "(unknown)" (IP 200.1 in the picture). The other client with name "(unknown)" is disconnected. - maybe the icons search and clear icons are taller then they have to be :)
TEST with pfSense name as "unkown"
login-to-viewMissing Status menu entry
login-to-view -
@patient0 said in Arpwatch not downloading vendor ID's:
there is no menu entry in the 'Status' menu, the status can only be access through the service 'ANDwatch'
Something is really wrong. Did you refresh the pages after the install? There is no way to access Status from the Services / ANDwatch page--did you type in the URL by hand?
If refresh doesn't bring it up, check your config please. Look for the following:
<menu> <name>ANDwatch</name> <tooltiptext>ANDwatch Settings</tooltiptext> <section>Services</section> <url>/andwatch.php</url> </menu> <menu> <name>ANDwatch</name> <tooltiptext>ANDwatch Status</tooltiptext> <section>Status</section> <url>/andwatch_status.php</url> </menu>For the TEST network the connected client shows up correct but for the pfSense interface for network TEST the hostname is displayed as "(unknown)" (IP 200.1 in the picture). The other client with name "(unknown)" is disconnected.
If you log into your pfSense box, and run the command "host 10.99.200.104". This should respond with "Host 104.200.99.10.in-addr.arpa not found: 3(NXDOMAIN)"
maybe the icons search and clear icons are taller then they have to be :)
Very strange. You also don't have the icons. It should look identical to the Search panel on the DHCP Status page. Mine (24.11 & 25.03 beta) look like this:
Two questions:
- What browser are you using?
- I don't have a 2.7.2 CE system. Can you run the following command on your system and send me the result please?
grep -i btn /usr/local/www/status_dhcp_leases.phpThanks.
-
@dennypage if it's too much work to support 2.7.2 CE just tell me, yes? Maybe it's easier to wait for 2.8.0 CE? Can only be a few months away.
Did you refresh the pages after the install? There is no way to access Status from the Services / ANDwatch page-
I did log out and in again, yes. The icon to access the status is in the service page, next to the "?":
login-to-viewcheck your config please. Look for the following
That section appears exactly like that in
/usr/local/pkg/andwatch.xml. I assume Netgate made changes to the GUI framework in the newer versions.If you log into your pfSense box, and run the command "host 10.99.200.104". This should respond with "Host 104.200.99.10.in-addr.arpa not found: 3(NXDOMAIN)"
You are right - although I was talking about 10.99.200.1 - pfSense itself on the TEST interface is not getting resolved. That way ANDwatch can't know the name, of course.
It should look identical to the Search panel on the DHCP Status page
I see, again probably changes to the GUI framework. I'll compare it with other package configs and see if I can see a difference.
What browser are you using?
Firefox 128.7.0esr on Debian 12
grep -i btn /usr/local/.../status_dhcp_leases.phpBelow is output of the call:
[2.7.2-RELEASE][root@pfsense.home.arpa]/root: grep -i btn /usr/local/www/status_dhcp_leases.php <a id="btnsearch" title="<?=gettext("Search")?>" class="btn btn-primary btn-sm"><i class="fa fa-search icon-embed-btn"></i><?=gettext("Search")?></a> <a id="btnclear" title="<?=gettext("Clear")?>" class="btn btn-info btn-sm"><i class="fa fa-undo icon-embed-btn"></i><?=gettext("Clear")?></a> <a class="btn btn-info" href="status_dhcp_leases.php?all=0"><i class="fa fa-minus-circle icon-embed-btn"></i><?=gettext("Show Active and Static Leases Only")?></a> <a class="btn btn-info" href="status_dhcp_leases.php?all=1"><i class="fa fa-plus-circle icon-embed-btn"></i><?=gettext("Show All Configured Leases")?></a> <a class="btn btn-danger no-confirm" id="cleardhcp"><i class="fa fa-trash icon-embed-btn"></i><?=gettext("Clear All DHCP Leases")?></a> $("#btnsearch").prop('type', 'button'); $("#btnclear").prop('type', 'button'); $("#btnsearch").click(function() { $("#btnclear").click(function() { $("#btnsearch").get(0).click();Thanks you for taking the time!
-
@patient0 said in Arpwatch not downloading vendor ID's:
That section appears exactly like that in /usr/local/pkg/andwatch.xml.
Can you check in your actual running config please? Like download it via Backup and see if both sections are in there?
@patient0 said in Arpwatch not downloading vendor ID's:
The icon to access the status is in the service page, next to the "?":
Ah, my bad. I forgot about the shortcuts.
@patient0 said in Arpwatch not downloading vendor ID's:
Below is output of the call:
Yep, that's got it. They changed from "fa" to "fa-solid" a couple of releases ago. Not sure why.
Anyway, if you edit andwatch_status.php and change occurrences of "fa-solid" to just "fa" it should look like it's supposed to.
-
@dennypage said in Arpwatch not downloading vendor ID's:
Can you check in your actual running config please? Like download it via Backup and see if both sections are in there?
That section is not in the backup file, I'll investigate. Installed HAproxy and compared the config, looks really the same confused
-
@patient0 You might try a re-install of the package.
-
@dennypage I dove into
pkg createand tried a few things. In the end it was simple as often:On 2.7.2 CE in andwatch.xml the menu item name for "Status" can't be the same as for "Services". Renaming the
<name>tag value of the menu item forStatusfrom "ANDwatch" to "ANDwatch Status" resolved it. It still works works on 25.03-BETA :)Btw: the value of the
<name>tag right after the</copyright>tag seems to be lower case for the other packages I checked (HAproy, Shellcmd, Avahi, LCDproc). Made no functional difference though. -
@patient0 said in Arpwatch not downloading vendor ID's:
On 2.7.2 CE in andwatch.xml the menu item name for "Status" can't be the same as for "Services". Renaming the <name> tag value of the menu item for Status from "ANDwatch" to "ANDwatch Status" resolved it. It still works works on 25.03-BETA :)
Excellent catch. I'll change that. Thanks.
@patient0 said in Arpwatch not downloading vendor ID's:
Btw: the value of the <name> tag right after the </copyright> tag seems to be lower case for the other packages I checked (HAproy, Shellcmd, Avahi, LCDproc). Made no functional difference though.
I think that one is okay. There are a few on my system that aren't all lower case:
- System Patches
- RRD Summary
- Netgate Firmware Upgrade
-
@patient0 Here is an updated package. You should remove the prior package before installing the new version.
Note that it still has the "fa-solid", so you'll need to make that change again, except the file name to edit is now status_andwatch.php rather than andwatch_status.php in order to match naming convention.
-
@dennypage Thanks a lot, you are awesome :)
For the
fa-solidtofaconversion I have created a patch and applied via System patches.It's attached for reference if someone else would need it:
andwatch-2.0_pfSense-CE-272-status-CSS-fix.diff
In System / Patches, set "Path Strip Count" set to 0, leave the other settings as they are.
-
Group,
Here is an updated version of the base level andwatch package. This version fixes a serious issue which may trigger a kernel panic in the version of FreeBSD currently being used in pfSense. If you have v2.0.0 installed, please install v2.1.0.
-
Below is an update to the pfSense level package. This addresses the issues with the shortcuts at the top of the pages. Also, the button at the bottom of the status page has been renamed from "Display All Records" to "Display Historical Records" which hopefully clarifies its meaning a little.
I think this is ready for submission, so if anyone has any additional feedback I'd love to hear. Thanks!
-
And away we go...
Redmine issue and GitHub PR.
-
@dennypage said in Arpwatch not downloading vendor ID's:
And away we go...
Redmine issue and GitHub PR.
Thanks for all your hard work on this @dennypage - looking forward to trying out this new package once it has been made available / merged in.
-
@tman222 Welcome. If you want to give it a go, it’s available for download above. If you wait for merge, you’ll probably be waiting a long time. New ports take a while. mDNS-Bridge (replacement for Avahi routing) has been hanging out for over three months.