Policy does not seem to get applied?
Figure 1. Sensei Policy Configuration
Please be noted that all policy criteria on Policy Configuration is evaluated with the “AND” logical operator, not the “OR” logical operator. So for a particular traffic to match a specific policy all criteria must be met. For instance, if you’ve created a policy and specified VLAN ID,IP and username criteria, A session must match all of those
I’ve received a Warning about Reporting DB Index Problems?
Figure 2. MongoDB Index Problem
When you receive a warning notification about Reporting DB Index Problems(whether MongoDB or ElasticSearch) you need to reset the database by running “Reset Reporting”
Elasticsearch seems to be a better alternative as the backend database. If you’re using the Mongodb backend and experiencing problems, it might be wise to switch to the Elasticsearch backend. You’ll need at least 8GB of RAM to be able to run ES along with Sensei.
I’ve allowed a specific App but it’s not working?
I allowed the application on policy but it still gets blocked.
Most probably a blocked web session is the root cause of this problem.You need to debug web sessions by using a live session explorer to find the related blocked web domain
Running Sensei along with Suricata
Figure 3. Sensei 1.8
When you use IPS & Sensei together, you can only use the WAN interface for Suricata.
Sensei will complain if you configured Suricata on one of its interfaces (even if Suricata is not running yet). Reason is they both use the same packet I/O interface and this interface allows only a single application to be active at any time.
Quick hack to bypass the hardware check:
Open
/usr/local/opnsense/scripts/OPNsense/Sensei/check_hardware.sh
with your favourite editor and add below line:
CPU_SCORE=300000
It Should look like:
if [ -f $CPU_SCORE_TMP ]; then
CPU_SCORE=$(cat $CPU_SCORE_TMP)
fi
CPU_SCORE=300000
if [ $CPU_SCORE -le 300000 ]; then
if [ $CPU_SCORE -ge 200000 ] && [ $NCPU -ge 8 ] ; then
CPU_PROPER="true"
else
Best Practices for Hardware Selection
Figure 4. Sensei
Sensei requires at least 2 GB of memory. Installer will not continue if you have less than 2 GB of RAM. We recommend at least 4 GB memory to have an improved experience.
Detailed Hardware requirements according to deployment size can be accessible from;
DB indexes grew large. How can I remove the index files?
You can set the log retention time (Configuration - Reporting & Data - Reports Data Management - Maximum number of days to store reporting data) or just erase the logs manually from (Configuration - Reporting & Data - Reports Data Management - Erase Reporting Data) then Select related fields to remove the older logs on the pop-up menu.
Can not update Sensei to the latest version?
Please make sure you’re running the latest platform (OPNsense, FreeBSD, Linux) version. If your system is not up-to-date; chances are high that you can not use the latest Sensei release
How do I reinstall the Reporting Database?
In some cases, you might need to reinstall the Reporting Database. For this, you don’t need to uninstall and reinstall Sensei; but do a configuration reset. To reinstall reporting DB:
- Log in to the console as
root rm -f /usr/local/sensei/etc/.configdone- Open any Sensei menu on the GUI
- The wizard will run and DB selection step will reinstall reporting DB.