Lcstyle
commented
1 year ago Open jn3va opened 1 year ago
Lcstyle
commented
1 year ago 
bigjohns97
commented
1 year ago I believe this was a bug with pfblockerng that was breaking the maxmind database download for a while, please confirm @jn3va
Hi
Most of the dashboard is showing data, but I am not seeing anything the IP-Src/Dst Blocked Geo panels. There are entries in the ip_block.log file but they do not seem to be making it into Influx.
In pfBlockerNG-devel, I have ip4 blocks and geo blocks, but I am not currently using any DNS Block Lists (DNSBL)
Are DNSBlock List required to be active to make this work?
I assume my next step is to try and run plug ins manually to troubleshoot. which plug in should I test, or should I run telegraph with --test? What would I look for to know if this part is working or not?
I have the contents of /config added to additional telegraf config and have added the 4 plugins using Filer and set the permissions to 555
Example log entries from /var/log/pfblockerng/ip_block.log
e.g. Dec 18 15:31:59,1770009044,igb0,WAN,block,4,6,TCP-S,91.210.107.28,71.120.0.216,52586,56074,in,Unk,pfB_Top_v4,91.210.104.0/22,RU_v4,Unknown,wan,null,+ Dec 18 15:32:07,1770009502,igb0,WAN,block,4,6,TCP-S,134.209.104.123,71.120.0.216,55520,8466,in,Unk,pfB_ASN_list_v4,134.209.96.0/20,AS14061_v4,Unknown,wan,null,+
Running pfBlockerNG-devel
I am seeing the count in IP-Blocked Packet Stats going up
Most of the rest of the dashboard is working but the map showing the blocks is not displaying anything.
When I use explore to query inFluxDB I get "no data" FROM default tail_ip_block_log Where + SELECT Field(value) count() GROUP BY time (1h) FORMAT AS Time Series
Thanks!