L1ghtn1ng
commented
2 years ago I have confirmed that the reason the DNSBL is not working is for some reason the blacklist.txt file is not being written to
Closed L1ghtn1ng closed 2 years ago
L1ghtn1ng
commented
2 years ago I have confirmed that the reason the DNSBL is not working is for some reason the blacklist.txt file is not being written to
mimugmail
commented
2 years ago sed changed in 13: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253893
No idea why logging in UI doesn't work anymore, via CLI everything get's logged fine
jkellerer
commented
2 years ago Hi @mimugmail, had a quick look at it. Logging is broken because of the new severities filter, e.g.:
# configctl "system diag log" 10 0 "*" dnscryptproxy query ""
{"filters":"*","rows":[{"timestamp":null,"parser":null,"facility":1,"severity":3,"process_name":"","pid":null,"rnum":2,"line":"[2022-01-29 23:34:41]..."
# configctl "system diag log" 10 0 "*" dnscryptproxy query "Emergency,Alert,Critical,Error,Warning,Notice,Informational,Debug"
{"filters":"*","rows":[],"total_rows":0,"origin":"query"}
# configctl "system diag log" 10 0 "*" core system "Emergency,Alert,Critical,Error,Warning,Notice,Informational,Debug"
{"filters":"*","rows":[{"timestamp":"2022-01-29T23:35:02","parser":"SysLogFormatRFC5424","facility":1,"severity":"Notice","process_name":"\/update_tables.py","pid":"42864","rnum":2,"line":"...By default, the severities are preselected and this leads to no results when severities don't match (which is the case when comparing result of the first call with the second).
As a workaround one can unselect severities (enable "Multiselect" in the drop down and unselect all) and logs are shown again. This is the same for all plugins that reuse the built-in log viewer without being supported by it directly. Should likely be fixed in core to have some sort of compatibility mode when the log format is unsupported.
L1ghtn1ng
commented
2 years ago Odd as I tried that and still nothing
Thanks, Jay
jkellerer
commented
2 years ago Hmm, yes. Just tried it with all 3 logs of dnscrypt proxy and the workaround does it for me for the moment.
L1ghtn1ng
commented
2 years ago okay, yeah it was me getting confused, re-read your message and can confirm your workaround does work, also though DNSBL still does not work though as it is not writting things to the blacklist.txt file
L1ghtn1ng
commented
2 years ago The other issue is that the version of DNScrypt-proxy is also out of date
L1ghtn1ng
commented
2 years ago @kulikov-a Can you have a look at this please?
L1ghtn1ng
commented
2 years ago @kulikov-a As from looking at the core repo commits it seems you created the filter logging?
kulikov-a
commented
2 years ago @L1ghtn1ng Hi not exactly. @AdSchellevis made this ) @8191 and i were only involved in adding the "Multiselect" toggle. from what (sorry, not using it but added for testing) I see the real problem is in the DNScrypt-proxy logging format. although the logs were displayed, they already looked ugly on 21.7 with clog disabled.
as a non-obvious workaround (already mentioned by @jkellerer ), you can switch "multiselect" toggle to "on" and deselct all severities.
as a (global?) temporary workaround for this kind of situations i would suggested something like https://github.com/kulikov-a/core/commit/0fa7f0a09371e3208e0711fc6079b3c099432aac @AdSchellevis what would you say?
but something needs to be done with the DNScrypt-proxy logging format.
If I understand the DNScrypt-proxy docs correctly, it allows to use syslog for logging. but only for the main log? the request log is only file in tsv or ltsv formats and will a separate parser be needed (if the plugin does not take care of displaying the logs on its own)?
AdSchellevis
commented
2 years ago @kulikov-a just open a PR and I'll take a look, Error level might be a bit harsh if not found, but we can discuss about that.
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
[-] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
[-] I have searched the existing issues and I'm convinced that mine is new.
[-] The title contains the plugin to which this issue belongs
Describe the bug A clear and concise description of what the bug is, including last known working version (if any).
Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)
To Reproduce Steps to reproduce the behavior: After upgrading to 22.1 dnscrypt-proxy logging broke as there are no logs for it at all on all the log sections in the ui and it also is not blocking ad's with the DNSBL but dns queries are working Expected behavior Have logs and block domains that are in the DNSBL
Screenshots If applicable, add screenshots to help explain your problem.
Relevant log files If applicable, information from log files supporting your claim.
Additional context Add any other context about the problem here.
Environment Software version used and hardware type if relevant. e.g.:
OPNsense 22.1 amd64 OpenSSL