Unofficial E2guardian package for pfSense

marcelloc

@jetberrocal:

The squidanalyser, provide the information like that?

Not in realtime.

jetberrocal

@marcelloc:

@jetberrocal:

The log is showing the data from access.log?

yes. original e2guardian format.  If you want to see or grep the log, it's in /var/log/e2guardian/access.log

This can represent a problem. If the access.log file has to be in e2g format, then squidanalyser and SARG can not use it.

So using the real time gui will bring conflict with permanent reports.

pfsensation

We actually need a page that can save the data in real time, and can be filtered down based on user, IP address, banned category, or time.

An actual page in list view with a search function is what I had in mind… :P  Not a realtime tab like Squid.

EDIT: I tried adding HOST, FilterGroup back into my block page. And it caused my pfSense to crash again, and E2Guardian did not start up again, even with the watchguard script.

jetberrocal

@marcelloc:

@jetberrocal:

The squidanalyser, provide the information like that?

Not in realtime.

Real time is nice and is needed but permanent reports are also needed. Every time the access.log is recycled the data is lost and for business use you need to have long periods of data retantion.

jetberrocal

By the way, how is the access.log and dst something log being recycled. If its not then we have a huge problem. It will grow until Disc is full.

pfsensation

@jetberrocal:

@marcelloc:

@jetberrocal:

The squidanalyser, provide the information like that?

Not in realtime.

Real time is nice and is needed but permanent reports are also needed. Every time the access.log is recycled the data is lost and for business use you need to have long periods of data retantion.

Now we're getting somewhere. This is why I suggested having a page where all the data would be logged in real time, and we can filter and search based on user, blocked category, and see what site was blocked, why, banned phrase detected etc.

@Marcelloc, now I'm unable to turn off SSL certificate forging for certain groups. What's going on? Before I was able to easily turn it on or off in group settings, now whether SSL forging is on or off for a group. It still intercepts.

marcelloc

@pfsensation:

@Marcelloc, now I'm unable to turn off SSL certificate forging for certain groups. What's going on? Before I was able to easily turn it on or off in group settings, now whether SSL forging is on or off for a group. It still intercepts.

Did you closed the browser after changing it? Mozilla keeps "certificate cache" until you close the app.

pfsensation

@marcelloc:

@pfsensation:

@Marcelloc, now I'm unable to turn off SSL certificate forging for certain groups. What's going on? Before I was able to easily turn it on or off in group settings, now whether SSL forging is on or off for a group. It still intercepts.

Did you closed the browser after changing it? Mozilla keeps "certificate cache" until you close the app.

I'm on chrome, tried closing it, tried clearing history, cache etc. I tried another browser, and tried my mobile too. They're all being SSL intercepted, when they shouldn't be.

Any changes I make to the block page also don't seem to take effect… I tried saving and restarting, turning off e2guardian by unchecking. And still having problems.

EDIT: Tried uninstalling E2Guardian for a reinstall, while uninstalled somehow E2Guardian is still running. HOW? XD

pfsensation

@marcelloc:

@pfsensation:

I'm asking because FredB, over at GitHub recons that the blacklist categories not showing maybe due to not having the following :

# List categorisation
#listcategory: "Banned Sites"

Check it here: https://github.com/e2guardian/e2guardian/issues/244

try pkg 0.4.1.2

https://github.com/marcelloc/Unofficial-pfSense-packages/commit/113159cbac10e68568b77b8a0a22c65fdf4607ec

Have you pushed it out? Can't upgrade to it

marcelloc

@pfsensation:

EDIT: Tried uninstalling E2Guardian for a reinstall, while uninstalled somehow E2Guardian is still running. HOW? XD

It's running on memory. It's missing a stop services on uninstall script call.

marcelloc

@pfsensation:

Have you pushed it out? Can't upgrade to it

It's on 2.3 amd64 repo.

marcelloc

@pfsensation:

We actually need a page that can save the data in real time, and can be filtered down based on user, IP address, banned category, or time.

An actual page in list view with a search function is what I had in mind… :P  Not a realtime tab like Squid.

EDIT: I tried adding HOST, FilterGroup back into my block page. And it caused my pfSense to crash again, and E2Guardian did not start up again, even with the watchguard script.

You can tail -f the /var/log/e2guardian/ access.log to filter realtime logs.

Fully php report shows all the info you need on report page, including host. try it with wpad package.

marcelloc

With fully report, I can create a deny log with full info.

This way you keep report logs in squid mode and full info will have what you want, both on realtime tab.

pfsensation

@marcelloc:

@pfsensation:

Have you pushed it out? Can't upgrade to it

It's on 2.3 amd64 repo.

I'm running 0.4.1.2 I believe, no new updates available. However sites banned by ShallaList, don't show their categories.

@marcelloc:

@pfsensation:

EDIT: Tried uninstalling E2Guardian for a reinstall, while uninstalled somehow E2Guardian is still running. HOW? XD

It's running on memory. It's missing a stop services on uninstall script call.

I have suspicions that E2Guardian is not reloading itself, and is somehow running old instances. That's why when I modify my block page, it doesn't update.

EDIT: I changed another setting in group settings, now I'm able to turn off SSL MITM weirdly enough. Not sure why that happened, must be a one off bug in config writing.

marcelloc

@pfsensation:

I'm running 0.4.1.2 I believe, no new updates available. However sites banned by ShallaList, don't show their categories.

This is the version I've pushed to fix the missing line on config from

https://github.com/e2guardian/e2guardian/issues/244

marcelloc

Hi guys!

Version 0.4.2 is ready for download.

whats new:

• Included sample logic rotine to html report page, so you can back to original file at any time if you want

• Improved e2gerror logic and added a denied only log feature to the package

• Added e2guradian real time tab, processing e2guardian default logs, e2g squid format logs and logs form e2gerror.php page

pfsensation

@marcelloc:

Hi guys!

Version 0.4.2 is ready for download.

whats new:

• Included sample logic rotine to html report page, so you can back to original file at any time if you want

• Improved e2gerror logic and added a denied only log feature to the package

• Added e2guradian real time tab, processing e2guardian default logs, e2g squid format logs and logs form e2gerror.php page

Jun 25 08:22:58	php-fpm	286	/rc.dyndns.update: Dynamic Dns (opendns.com): Current WAN IP: 92.0.182.57 Cached IP: 92.0.182.57
Jun 25 08:22:58	php-fpm	286	/rc.dyndns.update: phpDynDNS (opendns.com): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry.
Jun 25 08:23:00	php		/usr/local/www/e2guardian_scheds.php: e2guardian - change on schedules, reapplying config.
Jun 25 08:23:00	php		/usr/local/www/e2guardian_scheds.php: [E2guardian] - Save settings package call pr:1 bp:1 rpc:yes
Jun 25 08:23:00	check_reload_status		Syncing firewall
Jun 25 08:23:01	check_reload_status		Syncing firewall
Jun 25 08:23:03	check_reload_status		Syncing firewall
Jun 25 08:23:03	check_reload_status		Syncing firewall
Jun 25 08:23:06	e2guardian	1776	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:23:15	kernel		pid 11259 (e2guardian), uid 106: exited on signal 11
Jun 25 08:23:15	check_reload_status		Syncing firewall
Jun 25 08:23:15	check_reload_status		Syncing firewall
Jun 25 08:23:16	php-fpm	35776	/rc.start_packages: [E2guardian] - Detected boot process pr:1 bp:1 rpc:no
Jun 25 08:23:18	login		login on ttyv0 as root
Jun 25 08:23:18	sshlockout	41995	sshlockout/webConfigurator v3.0 starting up
Jun 25 08:23:22	e2guardian	17100	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:23:22	e2guardian	40941	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:23:23	e2guardian	25884	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:23:23	e2guardian	40941	I seem to be running already!
Jun 25 08:23:23	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
Jun 25 08:23:23	e2guardian	25884	I seem to be running already!
Jun 25 08:23:23	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
Jun 25 08:24:14	kernel		pid 42996 (e2guardian), uid 106: exited on signal 11
Jun 25 08:24:19	e2guardian	85838	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:25:14	kernel		pid 86010 (e2guardian), uid 106: exited on signal 11
Jun 25 08:25:19	e2guardian	26270	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:26:16	kernel		pid 26606 (e2guardian), uid 106: exited on signal 11
Jun 25 08:26:24	e2guardian	68286	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:26:24	e2guardian	70077	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:26:25	e2guardian	70077	I seem to be running already!
Jun 25 08:26:25	root		/usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
Jun 25 08:27:01	kernel		pid 70629 (e2guardian), uid 106: exited on signal 11
Jun 25 08:27:09	e2guardian	8362	Reporting_level is : 0 file /usr/local/etc/e2guardian/e2guardianf3.conf
Jun 25 08:27:16	check_reload_status		Linkup starting re0

This is so annoying…

EDIT:

I've nearly had enough, and am about to change squid port to 8080.... It keeps turning off and when it's on, performance is abysmal. Extremely slow!

EDIT 2: Reinstalled the package, using the reinstall button and wiped squid cache. Now everything seems to be working properly…I don't know why there's so much inconsistency, the installation and uninstallation scripts definitely need some work to properly remove old binaries, and junk data.

Jdwind

I installed it on PfSense 2.3.4 with Squid package and it won't start. I'm sure that is my fault, but configure it is not easy.

marcelloc

@pfsensation:

[
EDIT 2: Reinstalled the package, using the reinstall button and wiped squid cache. Now everything seems to be working properly…I don't know why there's so much inconsistency, the installation and uninstallation scripts definitely need some work to properly remove old binaries, and junk data.
[/quote]

Check how often watchdog script is starting e2guardian. Maybe you are getting crashes on daemon.

pfsensation

@marcelloc:

@pfsensation:

[
EDIT 2: Reinstalled the package, using the reinstall button and wiped squid cache. Now everything seems to be working properly…I don't know why there's so much inconsistency, the installation and uninstallation scripts definitely need some work to properly remove old binaries, and junk data.
[/quote]

Check how often watchdog script is starting e2guardian. Maybe you are getting crashes on daemon.

Sun Jun 25 11:36:09 BST 2017	start
Sun Jun 25 11:34:29 BST 2017	start
Sun Jun 25 11:34:28 BST 2017	start
Sun Jun 25 10:56:40 BST 2017	start
Sun Jun 25 10:52:45 BST 2017	start
Sun Jun 25 09:13:07 BST 2017	start
Sun Jun 25 09:13:07 BST 2017	start
Sun Jun 25 09:13:07 BST 2017	start
Sun Jun 25 09:12:56 BST 2017	start
Sun Jun 25 09:12:46 BST 2017	start
Sun Jun 25 09:12:45 BST 2017	start
Sun Jun 25 09:12:30 BST 2017	start
Sun Jun 25 09:12:25 BST 2017	start
Sun Jun 25 09:11:55 BST 2017	start
Sun Jun 25 09:11:45 BST 2017	start
Sun Jun 25 09:11:45 BST 2017	start
Sun Jun 25 09:10:09 BST 2017	start
Sun Jun 25 09:10:09 BST 2017	start
Sun Jun 25 09:10:09 BST 2017	start
Sun Jun 25 09:09:56 BST 2017	start
Sun Jun 25 09:09:46 BST 2017	start
Sun Jun 25 09:09:36 BST 2017	start
Sun Jun 25 09:09:26 BST 2017	start
Sun Jun 25 09:09:26 BST 2017	start
Sun Jun 25 09:09:26 BST 2017	start
Sun Jun 25 09:09:10 BST 2017	start
Sun Jun 25 09:09:09 BST 2017	start
Sun Jun 25 09:09:09 BST 2017	start
Sun Jun 25 09:09:08 BST 2017	start
Sun Jun 25 09:08:55 BST 2017	start
Sun Jun 25 09:08:51 BST 2017	start
Sun Jun 25 09:08:40 BST 2017	start
Sun Jun 25 09:08:36 BST 2017	start
Sun Jun 25 09:08:36 BST 2017	start
Sun Jun 25 09:08:26 BST 2017	start
Sun Jun 25 09:08:25 BST 2017	start
Sun Jun 25 09:08:25 BST 2017	start
Sun Jun 25 09:08:15 BST 2017	start
Sun Jun 25 09:08:13 BST 2017	start
Sun Jun 25 09:07:48 BST 2017	start
Sun Jun 25 09:07:38 BST 2017	start
Sun Jun 25 09:07:24 BST 2017	start
Sun Jun 25 09:07:15 BST 2017	start
Sun Jun 25 09:07:05 BST 2017	start
Sun Jun 25 09:07:05 BST 2017	start
Sun Jun 25 09:06:54 BST 2017	start
Sun Jun 25 09:04:50 BST 2017	start
Sun Jun 25 09:04:50 BST 2017	start
Sun Jun 25 09:04:35 BST 2017	start
Sun Jun 25 09:04:35 BST 2017	start
Sun Jun 25 09:04:19 BST 2017	start
Sun Jun 25 09:03:19 BST 2017	start
Sun Jun 25 09:03:09 BST 2017	start
Sun Jun 25 09:01:54 BST 2017	start
Sun Jun 25 09:01:44 BST 2017	start
Sun Jun 25 09:01:34 BST 2017	start
Sun Jun 25 09:01:24 BST 2017	start
Sun Jun 25 09:01:15 BST 2017	start
Sun Jun 25 09:01:05 BST 2017	start
Sun Jun 25 09:01:05 BST 2017	start
Sun Jun 25 09:00:55 BST 2017	start
Sun Jun 25 08:58:05 BST 2017	start
Sun Jun 25 08:58:05 BST 2017	start
Sun Jun 25 08:56:05 BST 2017	start
Sun Jun 25 08:56:05 BST 2017	start
Sun Jun 25 08:55:05 BST 2017	start
Sun Jun 25 08:55:05 BST 2017	start
Sun Jun 25 08:53:05 BST 2017	start
Sun Jun 25 08:53:05 BST 2017	start
Sun Jun 25 08:51:15 BST 2017	start
Sun Jun 25 08:51:05 BST 2017	start
Sun Jun 25 08:51:05 BST 2017	start
Sun Jun 25 08:51:02 BST 2017	start
Sun Jun 25 08:50:05 BST 2017	start
Sun Jun 25 08:50:05 BST 2017	start
Sun Jun 25 08:50:00 BST 2017	start
Sun Jun 25 08:49:05 BST 2017	start
Sun Jun 25 08:49:05 BST 2017	start
Sun Jun 25 08:47:54 BST 2017	start
Sun Jun 25 08:46:54 BST 2017	start
Sun Jun 25 08:45:54 BST 2017	start
Sun Jun 25 08:45:30 BST 2017	start
Sun Jun 25 08:43:49 BST 2017	start
Sun Jun 25 08:42:39 BST 2017	start
Sun Jun 25 08:28:25 BST 2017	start
Sun Jun 25 08:28:25 BST 2017	start
Sun Jun 25 08:27:25 BST 2017	start
Sun Jun 25 08:27:24 BST 2017	start
Sun Jun 25 08:27:09 BST 2017	start
Sun Jun 25 08:26:25 BST 2017	start
Sun Jun 25 08:26:25 BST 2017	start
Sun Jun 25 08:25:19 BST 2017	start
Sun Jun 25 08:24:19 BST 2017	start
Sun Jun 25 08:23:23 BST 2017	start
Sun Jun 25 08:23:23 BST 2017	start
Sun Jun 25 08:15:06 BST 2017	start
Sun Jun 25 08:15:06 BST 2017	start
Sun Jun 25 08:15:02 BST 2017	start
Sun Jun 25 08:14:45 BST 2017	start
Sun Jun 25 08:14:45 BST 2017	start
Sun Jun 25 08:14:30 BST 2017	start
Sun Jun 25 08:14:30 BST 2017	start
Sun Jun 25 08:14:20 BST 2017	start
Sun Jun 25 08:14:19 BST 2017	start
Sun Jun 25 08:14:10 BST 2017	start
Sun Jun 25 08:14:09 BST 2017	start
Sun Jun 25 08:13:54 BST 2017	start
Sun Jun 25 08:13:39 BST 2017	start
Sun Jun 25 08:13:30 BST 2017	start
Sun Jun 25 08:13:27 BST 2017	start
Sun Jun 25 08:13:20 BST 2017	start
Sun Jun 25 08:13:17 BST 2017	start
Sun Jun 25 08:13:09 BST 2017	start
Sun Jun 25 08:13:07 BST 2017	start
Sun Jun 25 08:12:57 BST 2017	start
Sun Jun 25 08:12:52 BST 2017	start
Sun Jun 25 08:12:42 BST 2017	start
Sun Jun 25 08:12:42 BST 2017	start
Sun Jun 25 08:12:25 BST 2017	start
Sun Jun 25 08:12:25 BST 2017	start
Sun Jun 25 08:12:10 BST 2017	start
Sun Jun 25 08:11:54 BST 2017	start
Sun Jun 25 08:11:30 BST 2017	start
Sun Jun 25 08:11:20 BST 2017	start
Sun Jun 25 08:11:20 BST 2017	start
Sun Jun 25 08:11:15 BST 2017	start
Sun Jun 25 08:11:10 BST 2017	start
Sun Jun 25 08:11:10 BST 2017	start
Sun Jun 25 08:11:10 BST 2017	start
Sun Jun 25 08:11:05 BST 2017	start
Sun Jun 25 08:11:05 BST 2017	start
Sun Jun 25 08:11:00 BST 2017	start
Sun Jun 25 08:11:00 BST 2017	start
Sun Jun 25 08:11:00 BST 2017	start
Sun Jun 25 08:10:55 BST 2017	start
Sun Jun 25 08:10:51 BST 2017	start
Sun Jun 25 08:10:50 BST 2017	start
Sun Jun 25 08:10:45 BST 2017	start
Sun Jun 25 08:10:41 BST 2017	start
Sun Jun 25 08:10:40 BST 2017	start
Sun Jun 25 08:10:35 BST 2017	start
Sun Jun 25 08:10:31 BST 2017	start
Sun Jun 25 08:10:30 BST 2017	start
Sun Jun 25 08:10:20 BST 2017	start
Sun Jun 25 08:10:11 BST 2017	start
Sun Jun 25 08:10:10 BST 2017	start
Sun Jun 25 07:45:10 BST 2017	start
Sun Jun 25 07:45:10 BST 2017	start
Sun Jun 25 07:44:30 BST 2017	start
Sun Jun 25 07:44:20 BST 2017	start
Sun Jun 25 07:44:19 BST 2017	start
Sun Jun 25 07:44:10 BST 2017	start
Sun Jun 25 07:44:09 BST 2017	start
Sun Jun 25 07:43:59 BST 2017	start
Sun Jun 25 07:43:49 BST 2017	start
Sun Jun 25 07:43:39 BST 2017	start
Sun Jun 25 07:43:09 BST 2017	start
Sun Jun 25 00:56:05 BST 2017	start
Sun Jun 25 00:56:05 BST 2017	start

Looks like I am when looking at this.  However, after reinstalling, and wiping squid. I haven't had crashes for the last two hours or so, and by the way ShallaList categories are still not being displayed even on the latest 0.4.2.