Unofficial E2guardian package for pfSense

pfsensation

@binkec said in Unofficial E2guardian package for pfSense:

Thank you pfsensation, this information is very helpful. I will go over my config again and let you know. I use IP authentication.

No problem, check the configuration again. See if E2 Guardian can see the traffic on the real time log and let us know if it works. :)

ravegen

@pfsensation said in Unofficial E2guardian package for pfSense:

@ravegen said in Unofficial E2guardian package for pfSense:

@marcelloc ,

do you have time to fix the content scanner that was broken after they have fix for the rotate log ?

I think Marcello was talking to you earlier on his last post. He said to try the latest version, which I think you're already on?

Have you tried a reinstall?

Yes I am already on the latest E2G version as per package installation and pfsense 2.4.4 version. I also tried E2G package reinstallation.

pfsensation

@ravegen said in Unofficial E2guardian package for pfSense:

@pfsensation said in Unofficial E2guardian package for pfSense:

@ravegen said in Unofficial E2guardian package for pfSense:

@marcelloc ,

do you have time to fix the content scanner that was broken after they have fix for the rotate log ?

I think Marcello was talking to you earlier on his last post. He said to try the latest version, which I think you're already on?

Have you tried a reinstall?

Yes I am already on the latest E2G version as per package installation and pfsense 2.4.4 version. I also tried E2G package reinstallation.

Are you getting any errors on the logs?

susamlicubuk

Hello Marcello.
I did try to "config sync" at eguardian, but i am seeing error abiut "ssl" and stopping machines running at eguardian that get config backup.
No problem when i trying server but all other machines send error about "eguardian 69897 certprivatekeypath is required when ssl is enabled"
This problem has continues when i editing and installing to other machines as same way.
Is there any reason about this problem?

marcelloc

@susamlicubuk, are you syncing the private key created on first server?

susamlicubuk

edit the normal certificate I copied and pasted into the certificate of other servers
still gives error
Is there another way?

ravegen

@pfsensation said in Unofficial E2guardian package for pfSense:

@ravegen said in Unofficial E2guardian package for pfSense:

@pfsensation said in Unofficial E2guardian package for pfSense:

@ravegen said in Unofficial E2guardian package for pfSense:

@marcelloc ,

do you have time to fix the content scanner that was broken after they have fix for the rotate log ?

I think Marcello was talking to you earlier on his last post. He said to try the latest version, which I think you're already on?

Have you tried a reinstall?

Yes I am already on the latest E2G version as per package installation and pfsense 2.4.4 version. I also tried E2G package reinstallation.

Are you getting any errors on the logs?

I have posted my logs previously.

kenrutt

@pfsensation Thanks for reply on the regex issue. That is a point I had not thought of, on regex using a lot of cpu power. However some sites will load fine and the regex will do fine. But whenever I go to google It will crash E2guardian immediately. I watched the cpu indicator at that point and it never even seemed to kickin much before crash. There must be something in expression that causes it. Here is a sample of what I was using.
"<a(?:(?!.</a>).).?facebook.com.*?</a>"->"-"
Don't know if you can see anything out of order or not.
Thanks

pfsensation

@kenrutt said in Unofficial E2guardian package for pfSense:

@pfsensation Thanks for reply on the regex issue. That is a point I had not thought of, on regex using a lot of cpu power. However some sites will load fine and the regex will do fine. But whenever I go to google It will crash E2guardian immediately. I watched the cpu indicator at that point and it never even seemed to kickin much before crash. There must be something in expression that causes it. Here is a sample of what I was using.
"<a(?:(?!.</a>).).?facebook.com.*?</a>"->"-"
Don't know if you can see anything out of order or not.
Thanks

I haven't used regex myself in a while, but why not use the site list ACL to block Facebook instead? It's a much more efficient way of doing it.

I'll have to test out regex further, just don't have much spare time at the moment. :/

Sei Pine

any guides on how to make lightsquid log e2guardian network activities?

ucribrahim

@sei-pine I have a blog post about Sarg to report E2guardian activities. Check the following link.

https://lifeoverlinux.com/how-to-configure-sarg-to-use-with-e2guardian/

For the Lightsquid, it's easy to setup. You can find how to by searching "e2guardian lightsquid" on the forum.

Sei Pine

@ucribrahim i can't seem to get sargs to get report on e2guardian it shows this error
0_1542164612328_8dee63bf-4888-4367-a35d-8157e2eec336-image.png

i already tried to do the troubleshoot guide on the page you provided.

edit:

this seems to be the problem, any idea on how to fix it ?

SARG: SARG version: 2.3.11 Jan-14-2018
SARG: Reading access log file: /var/log/e2guardian/access.log
SARG: Loop detected in getword_atoll after 2 bytes.
SARG: Line="92.168.137.5 https"
SARG: Record="92.168.137.5 https"
SARG: searching for 'x2f'
SARG: Invalid date in file "/var/log/e2guardian/access.log"

binkec

@sei-pine
Hello
Check log format in e2g "Report and log" configuration, it must be in "squid format"

pfsensation

@binkec said in Unofficial E2guardian package for pfSense:

@sei-pine
Hello
Check log format in e2g "Report and log" configuration, it must be in "squid format"

+1

This should fix the error.

Sei Pine

@binkec its already on squid format. Well i did manage to log e2guardian using lightsquid earlier. Gonna monitor it for now.

pfsensation

@sei-pine said in Unofficial E2guardian package for pfSense:

@binkec its already on squid format. Well i did manage to log e2guardian using lightsquid earlier. Gonna monitor it for now.

Manually clear your access.log visit some sites then try again. Sarg is complaining of an incorrect date and a loop.

Glad to hear you got lightsquid working though, it's simple and it gets the job done.

jetberrocal

@marcelloc are you still active with e2guardian? What is the status?

ravegen

@marcelloc, don't we have update fix for the content scanner ?

since the update they made for the rotate log fix, the content scanner is no longer working. it makes the pfsense gui hang and I need to restore previous config to make it work.

pfsensation

@jetberrocal said in Unofficial E2guardian package for pfSense:

@marcelloc are you still active with e2guardian? What is the status?

He's just very busy with work however he is slowly updating it whenever possible, last update was pretty recent.

pfsensation

@ravegen said in Unofficial E2guardian package for pfSense:

@marcelloc, don't we have update fix for the content scanner ?

since the update they made for the rotate log fix, the content scanner is no longer working. it makes the pfsense gui hang and I need to restore previous config to make it work.

Are you able to provide any further info? Are you seeing any errors on logs? What's the resource usage like? Are you able to SSH into your box?

Like I said earlier, content scanner is not a feature me or Marcelloc really use but let's try to find out why it crashes if possible.