Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unofficial E2guardian package for pfSense

    Scheduled Pinned Locked Moved Cache/Proxy
    1.2k Posts 70 Posters 1.5m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfsensation @Sei Pine
      last edited by

      @sei-pine said in Unofficial E2guardian package for pfSense:

      @binkec its already on squid format. Well i did manage to log e2guardian using lightsquid earlier. Gonna monitor it for now.

      Manually clear your access.log visit some sites then try again. Sarg is complaining of an incorrect date and a loop.

      Glad to hear you got lightsquid working though, it's simple and it gets the job done.

      1 Reply Last reply Reply Quote 1
      • J
        jetberrocal @marcelloc
        last edited by

        @marcelloc are you still active with e2guardian? What is the status?

        P 1 Reply Last reply Reply Quote 0
        • R
          ravegen
          last edited by

          @marcelloc, don't we have update fix for the content scanner ?

          since the update they made for the rotate log fix, the content scanner is no longer working. it makes the pfsense gui hang and I need to restore previous config to make it work.

          P 1 Reply Last reply Reply Quote 0
          • P
            pfsensation @jetberrocal
            last edited by

            @jetberrocal said in Unofficial E2guardian package for pfSense:

            @marcelloc are you still active with e2guardian? What is the status?

            He's just very busy with work however he is slowly updating it whenever possible, last update was pretty recent.

            1 Reply Last reply Reply Quote 0
            • P
              pfsensation @ravegen
              last edited by

              @ravegen said in Unofficial E2guardian package for pfSense:

              @marcelloc, don't we have update fix for the content scanner ?

              since the update they made for the rotate log fix, the content scanner is no longer working. it makes the pfsense gui hang and I need to restore previous config to make it work.

              Are you able to provide any further info? Are you seeing any errors on logs? What's the resource usage like? Are you able to SSH into your box?

              Like I said earlier, content scanner is not a feature me or Marcelloc really use but let's try to find out why it crashes if possible.

              R 1 Reply Last reply Reply Quote 0
              • Sei PineS
                Sei Pine
                last edited by Sei Pine

                Ok here's my feedback about using Lightsquid to get logs on e2guardian, after 2 days it just stop logging e2guardian. i dunno what happened lol

                edit: seems like when i turn off the transparent proxy on squid proxy server, lightsquid doesn't work.

                gonna monitor it again for a few days if it'll stop logging.

                edit: good, its now running fine. earlier was kinda slow or something

                0_1542691727081_78cfc061-63ce-4204-9531-8ceb57315c2a-image.png

                1 Reply Last reply Reply Quote 0
                • R
                  ravegen @pfsensation
                  last edited by ravegen

                  @pfsensation, @marcelloc

                  attached is the error log.

                  0_1542682201493_1541384673350-error-resized.png

                  I have provided that screenshot, months before.

                  System resource usage is fine, load average 0.14, 0.10, 0.04, cpu & swap usage is 0%, memorage usage is 28%.

                  I am able to ssh to my box.

                  Like I said, the content scanner (clamdscan) was perfectly running before the rotate log fix was created and updated to the package.

                  Respectfully, I think it does not matter if the content scanner is a feature for you or for Marcelloc but rather for the use of the community since it is a feature placed in the package. Such content scanner should have been already removed if it is that useless.

                  What I am saying is the content scanner was broken since their was a fix on rotate log. Perhaps, the developers who modified the package can differential what changes they have done before and after the rotate log fix and made changes accordingly.

                  P 1 Reply Last reply Reply Quote 0
                  • P
                    pfsensation @ravegen
                    last edited by

                    @ravegen said in Unofficial E2guardian package for pfSense:

                    @pfsensation, @marcelloc

                    attached is the error log.

                    0_1542682201493_1541384673350-error-resized.png

                    I have provided that screenshot, months before.

                    System resource usage is fine, load average 0.14, 0.10, 0.04, cpu & swap usage is 0%, memorage usage is 28%.

                    I am able to ssh to my box.

                    Like I said, the content scanner (clamdscan) was perfectly running before the rotate log fix was created and updated to the package.

                    Respectfully, I think it does not matter if the content scanner is a feature for you or for Marcelloc but rather for the use of the community since it is a feature placed in the package. Such content scanner should have been already removed if it is that useless.

                    What I am saying is the content scanner was broken since their was a fix on rotate log. Perhaps, the developers who modified the package can differential what changes they have done before and after the rotate log fix and made changes accordingly.

                    OK, those errors look config related. I'll have a chat with @marcelloc and then we'll see if we can send out another patch for it. Comparing the last build to your current, there doesn't seem to be any specific changes that would effect the content scanner.

                    1 Reply Last reply Reply Quote 0
                    • Sei PineS
                      Sei Pine
                      last edited by

                      i switched to sarg to log e2guardian. lightsquid is totally not working after few hours.

                      0_1542761130085_26ae12be-41bc-4f08-9cee-2aa089756247-image.png

                      P 1 Reply Last reply Reply Quote 0
                      • P
                        pfsensation @Sei Pine
                        last edited by

                        @sei-pine said in Unofficial E2guardian package for pfSense:

                        i switched to sarg to log e2guardian. lightsquid is totally not working after few hours.

                        0_1542761130085_26ae12be-41bc-4f08-9cee-2aa089756247-image.png

                        How long have you set E2 Guardian to keep logs for? And how often are you log rotating? I've not come across this issue so it maybe a config issue.

                        Sei PineS 1 Reply Last reply Reply Quote 0
                        • Sei PineS
                          Sei Pine @pfsensation
                          last edited by Sei Pine

                          @pfsensation i leave all lightsquid settings as default (should be fine i guess) but when i try to configure squid and turn off its transparent proxy and mitm (this is interfering with e2guardian so...) lightsquid doesn't log anything.

                          i dunno, maybe i need to make lightsquid listen to e2guardian ? anyways, i set my e2guardian to keep 20 log files.

                          P 1 Reply Last reply Reply Quote 0
                          • B
                            binkec @pfsensation
                            last edited by

                            @pfsensation
                            Hi, I was busy past two weeks and I tried to install 2.4.4 again and I can see real time traffic. E2g is working except "weighted phrases". I went trough working configuration(2.4.3) and non working(2.4.4) and I couldn't see any difference.
                            The only difference is in log,
                            2.4.4 I have this error:
                            Nov 25 20:47:12 e2guardian 97044 I seem to be running already!
                            Nov 25 20:54:23 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 0
                            Nov 25 20:54:23 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 1
                            Nov 25 20:57:44 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 0
                            Nov 25 21:00:13 e2guardian 15579 I seem to be running already!
                            Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 0
                            Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 1
                            Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 2
                            Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 3
                            Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 0
                            Nov 25 21:14:32 e2guardian 62358 I seem to be running already!
                            Nov 25 21:17:16 e2guardian 3849 listen0_proxy: 1: Error 53 on accept: errorcount 0
                            Nov 25 21:17:36 e2guardian 3849 listen0_proxy: 1: Error 53 on accept: errorcount 0

                            In working 2.4.3 system there is no error.
                            Regards

                            P 1 Reply Last reply Reply Quote 0
                            • R
                              ravegen
                              last edited by

                              @pfsensation ,

                              Is there a progress on the content scanner fix ?

                              P 1 Reply Last reply Reply Quote 0
                              • P
                                pfsensation @ravegen
                                last edited by

                                @ravegen said in Unofficial E2guardian package for pfSense:

                                @pfsensation ,

                                Is there a progress on the content scanner fix ?

                                I've already asked @marcelloc to have a look into it. He believes it could be an ICAP issue, I'm not sure if he's had a chance yet to try implement a fix.

                                R 1 Reply Last reply Reply Quote 0
                                • P
                                  pfsensation @Sei Pine
                                  last edited by

                                  @sei-pine said in Unofficial E2guardian package for pfSense:

                                  @pfsensation i leave all lightsquid settings as default (should be fine i guess) but when i try to configure squid and turn off its transparent proxy and mitm (this is interfering with e2guardian so...) lightsquid doesn't log anything.

                                  i dunno, maybe i need to make lightsquid listen to e2guardian ? anyways, i set my e2guardian to keep 20 log files.

                                  You shouldn't have transparent proxy on Squid anyways. Set E2 Guardian log format to Squid and make sure you install the custom Inc file so that light squid listens to E2 Guardian. It's higher up in this thread.

                                  1 Reply Last reply Reply Quote 0
                                  • P
                                    pfsensation @binkec
                                    last edited by

                                    @binkec said in Unofficial E2guardian package for pfSense:

                                    @pfsensation
                                    Hi, I was busy past two weeks and I tried to install 2.4.4 again and I can see real time traffic. E2g is working except "weighted phrases". I went trough working configuration(2.4.3) and non working(2.4.4) and I couldn't see any difference.
                                    The only difference is in log,
                                    2.4.4 I have this error:
                                    Nov 25 20:47:12 e2guardian 97044 I seem to be running already!
                                    Nov 25 20:54:23 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 0
                                    Nov 25 20:54:23 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 1
                                    Nov 25 20:57:44 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 0
                                    Nov 25 21:00:13 e2guardian 15579 I seem to be running already!
                                    Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 0
                                    Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 1
                                    Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 2
                                    Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 3
                                    Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 0
                                    Nov 25 21:14:32 e2guardian 62358 I seem to be running already!
                                    Nov 25 21:17:16 e2guardian 3849 listen0_proxy: 1: Error 53 on accept: errorcount 0
                                    Nov 25 21:17:36 e2guardian 3849 listen0_proxy: 1: Error 53 on accept: errorcount 0

                                    In working 2.4.3 system there is no error.
                                    Regards

                                    Which ports are you running E2 Guardian on? Are you using other packages like pfblockerng?

                                    B 1 Reply Last reply Reply Quote 0
                                    • B
                                      binkec @pfsensation
                                      last edited by

                                      @pfsensation
                                      Hi
                                      I am using default port 8080 in direct connect widhout squid, no transparent mode and fresh install, only E2g and sarg on VMWARE. Like I sad I vent trough working config step by step several times and I didn't find any difference, it should be something in E2g.

                                      Regards

                                      P 1 Reply Last reply Reply Quote 0
                                      • P
                                        pfsensation @binkec
                                        last edited by pfsensation

                                        @binkec said in Unofficial E2guardian package for pfSense:

                                        @pfsensation
                                        Hi
                                        I am using default port 8080 in direct connect widhout squid, no transparent mode and fresh install, only E2g and sarg on VMWARE. Like I sad I vent trough working config step by step several times and I didn't find any difference, it should be something in E2g.

                                        Regards

                                        Which interfaces are you listening on? Make sure it's set to LAN and localhost. I run my system in VMWare ESXi without any issues.

                                        B 1 Reply Last reply Reply Quote 0
                                        • B
                                          binkec @pfsensation
                                          last edited by

                                          @pfsensation
                                          Hi
                                          I have set to both, are you using "phase list" filtering.
                                          0_1543420915226_28_11.png

                                          P 1 Reply Last reply Reply Quote 0
                                          • P
                                            pfsensation @binkec
                                            last edited by pfsensation

                                            @binkec said in Unofficial E2guardian package for pfSense:

                                            @pfsensation
                                            Hi
                                            I have set to both, are you using "phase list" filtering.
                                            0_1543420915226_28_11.png

                                            Of course, I use black list and phrase list. Phrase based filtering is actually one of the core functions of E2 Guardian and what makes it vastly better than other systems like SquidGuard. I'm on 2.4.4 and haven't had those issues and doesn't look like anyone else has either. So I'd be interested to know why it would happen.

                                            Are you running just vmware work station or ESXi?

                                            Edit: put the HTTP workers up, I have mine at 3072.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.