search

VictorRobellini / pfSense-Dashboard

A functional and useful dashboard for pfSense that utilizes influxdb, grafana and telegraf
672 stars 188 forks source link

Pfblocker Metrics [Null] #15

Closed DustyArmstrong closed 4 years ago

DustyArmstrong commented 4 years ago

Firstly, thank you for this dashboard.

I'm having a couple of problems with the Pfblocker metrics, not sure if it's Telegraf on the box or Grafana / Influx. More likely to be on box.

They do seem to work for a while (and again after a reboot), but they inevitably die off after an arbitrary period of time. Not sure why this happens. I suspected at first that the Telegraf "additional config" area wasn't working, but my Interfaces (if up/down) tab in Grafana seems to be OK. All other metrics seem to be OK (though uptime and user count seems to N/A a lot).

I have all of the scripts with the correct permissions (as far as I'm aware). The result of select * from dnsbl_log limit 20 seems to just show the same ones over and over, so I assume that it's not running.

Have you experienced this before yourself? Does it run normally 24/7 for you? If yes, at least I know it's something that can be fixed!

VictorRobellini commented 4 years ago

Mine runs 24/7 and I haven't see this issue before. Is the pfblocker log file being updated? If the logs are being updated, then I would suggest running telegraf with debug logging enabled. If the data stops flowing into influx, dig through the telegraf logs. If the data stops flowing and there's nothing in the telegraf logs, I would dig into the influx logs.

DustyArmstrong commented 4 years ago

Thanks for the info, at least I know it's some other issue.

Out of interest - do you have a large number of Nvidia domain blocks? I (and others) had an obscene number of events for g.events.nvidia.com, we're talking once per second, thousands upon thousands.

I opted to block that at the host file level on all devices running an Nvidia card, and all my metrics have come back up (without any sort of reboot). I'm wondering if the sheer volume of blocks for that address caused the logfile to fall over?

I'll keep an eye on this and post an update. Thank you for getting back to me.

DustyArmstrong commented 4 years ago

Had no issues so far since blocking events.gfe.nvidia.com.

I also noticed that I had a listen queue overflow fairly regularly in my system logs, that has also stopped since. I will write this one up to essentially a denial of service attack by Nvidia DNS queries. Will close this off, thanks.