Unofficial E2guardian package for pfSense
-
Hello forum
I also have problem with 2.4.4 broken content filter. I tried almost everything ( uninstall, new install...) and nothing works.
Content filter doesn't work, can someone give me any advice.
Regard
Bogdan -
@kenrutt said in Unofficial E2guardian package for pfSense:
Is anybody using the content lists under ACLs in e2guardian?
I have been experimenting with it and when I put in a more complex regex, e2guardian crashes when I go to certain web sites such as google.Regex requires a lot of cpu power, if you do it incorrectly its possible you're running out of resources.
-
@binkec said in Unofficial E2guardian package for pfSense:
Hello forum
I also have problem with 2.4.4 broken content filter. I tried almost everything ( uninstall, new install...) and nothing works.
Content filter doesn't work, can someone give me any advice.
Regard
BogdanWhat do you mean? Content filter was never broken. You most likely haven't set it up correctly. Go to ACLs and block any categories you don't want users accessing.
-
Thank you pfsensation for fast response.My mistake, content filtering is working ( sitelist, urllist ) problem is weighted list filter which doesn't work. I have few systems active hardware and virtual on 2.4.3 and they work OK. Try search in yahoo "f***ing" and 2.4.3 weighted filter block search, 2.4.4 with same settings doesn't.
-
@binkec said in Unofficial E2guardian package for pfSense:
Thank you pfsensation for fast response.My mistake, content filtering is working ( sitelist, urllist ) problem is weighted list filter which doesn't work. I have few systems active hardware and virtual on 2.4.3 and they work OK. Try search in yahoo "f***ing" and 2.4.3 weighted filter block search, 2.4.4 with same settings doesn't.
For encrypted sites like Yahoo, you need to make sure you have MITM enabled to phrase filter. You will need to generate a CA certificate and set it up within E2 Guardian and also deploy it to your clients.
-
I have done all that, like I said I have few working systems on 2.4.3, same configuration doesn't work on 2.4.4.
Here is a picture from 2.4.3 search -
@binkec said in Unofficial E2guardian package for pfSense:
I have done all that, like I said I have few working systems on 2.4.3, same configuration doesn't work on 2.4.4.
Here is a picture from 2.4.3 searchWorks perfectly fine for me and all the others. First time I'm hearing about this. The only issue we had on 2.4.4 was log rotation although that's already been fixed with an update. What authentication method are you using? I am 100% sure you have some configuration error, as the code itself is fine and I've used it on a few 2.4.4 system and also have it running at home without issues.
-
Thank you pfsensation, this information is very helpful. I will go over my config again and let you know. I use IP authentication.
-
@binkec said in Unofficial E2guardian package for pfSense:
Thank you pfsensation, this information is very helpful. I will go over my config again and let you know. I use IP authentication.
No problem, check the configuration again. See if E2 Guardian can see the traffic on the real time log and let us know if it works. :)
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
do you have time to fix the content scanner that was broken after they have fix for the rotate log ?
I think Marcello was talking to you earlier on his last post. He said to try the latest version, which I think you're already on?
Have you tried a reinstall?
Yes I am already on the latest E2G version as per package installation and pfsense 2.4.4 version. I also tried E2G package reinstallation.
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
do you have time to fix the content scanner that was broken after they have fix for the rotate log ?
I think Marcello was talking to you earlier on his last post. He said to try the latest version, which I think you're already on?
Have you tried a reinstall?
Yes I am already on the latest E2G version as per package installation and pfsense 2.4.4 version. I also tried E2G package reinstallation.
Are you getting any errors on the logs?
-
Hello Marcello.
I did try to "config sync" at eguardian, but i am seeing error abiut "ssl" and stopping machines running at eguardian that get config backup.
No problem when i trying server but all other machines send error about "eguardian 69897 certprivatekeypath is required when ssl is enabled"
This problem has continues when i editing and installing to other machines as same way.
Is there any reason about this problem? -
@susamlicubuk, are you syncing the private key created on first server?
-
edit the normal certificate I copied and pasted into the certificate of other servers
still gives error
Is there another way? -
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
do you have time to fix the content scanner that was broken after they have fix for the rotate log ?
I think Marcello was talking to you earlier on his last post. He said to try the latest version, which I think you're already on?
Have you tried a reinstall?
Yes I am already on the latest E2G version as per package installation and pfsense 2.4.4 version. I also tried E2G package reinstallation.
Are you getting any errors on the logs?
I have posted my logs previously.
-
@pfsensation Thanks for reply on the regex issue. That is a point I had not thought of, on regex using a lot of cpu power. However some sites will load fine and the regex will do fine. But whenever I go to google It will crash E2guardian immediately. I watched the cpu indicator at that point and it never even seemed to kickin much before crash. There must be something in expression that causes it. Here is a sample of what I was using.
"<a(?:(?!.</a>).).?facebook.com.*?</a>"->"-"
Don't know if you can see anything out of order or not.
Thanks -
@kenrutt said in Unofficial E2guardian package for pfSense:
@pfsensation Thanks for reply on the regex issue. That is a point I had not thought of, on regex using a lot of cpu power. However some sites will load fine and the regex will do fine. But whenever I go to google It will crash E2guardian immediately. I watched the cpu indicator at that point and it never even seemed to kickin much before crash. There must be something in expression that causes it. Here is a sample of what I was using.
"<a(?:(?!.</a>).).?facebook.com.*?</a>"->"-"
Don't know if you can see anything out of order or not.
ThanksI haven't used regex myself in a while, but why not use the site list ACL to block Facebook instead? It's a much more efficient way of doing it.
I'll have to test out regex further, just don't have much spare time at the moment. :/
-
any guides on how to make lightsquid log e2guardian network activities?
-
@sei-pine I have a blog post about Sarg to report E2guardian activities. Check the following link.
https://lifeoverlinux.com/how-to-configure-sarg-to-use-with-e2guardian/
For the Lightsquid, it's easy to setup. You can find how to by searching "e2guardian lightsquid" on the forum.
-
@ucribrahim i can't seem to get sargs to get report on e2guardian it shows this error
i already tried to do the troubleshoot guide on the page you provided.
edit:
this seems to be the problem, any idea on how to fix it ?
SARG: SARG version: 2.3.11 Jan-14-2018
SARG: Reading access log file: /var/log/e2guardian/access.log
SARG: Loop detected in getword_atoll after 2 bytes.
SARG: Line="92.168.137.5 https"
SARG: Record="92.168.137.5 https"
SARG: searching for 'x2f'
SARG: Invalid date in file "/var/log/e2guardian/access.log"