Hello,
In the Home Monitor app, is IPv6 supported for pfSense?
Thanks for the reply.
Best regards,
fred
I've been working on getting a version of the app to work with IPv6 on pfSesnse. I have a working prototype, and I'll need people who are actually seeing data in IPv6 to test it out. Check out the issue on my github page : https://github.com/amiracle/homemonitor/issues/2 and here is the alpha release : https://github.com/amiracle/homemonitor/releases/tag/4.3.1-alpha
To install, first backup your current version of the app :
splunk:> tar czvf homemonitor.tgz $SPLUNK_HOME/etc/apps/homemonitor/
Once you have the compressed file, go ahead and overwrite the homemonitor directory with the binary found in the alpha release page.
This should now extract src_ip, dest_ip, src_port and dest_port for IPv6 traffic. So far, I was able to test this on UDP traffic and it worked; I don't have TCP traffic, so I need your help to validate the extractions. I'm sure it will break so if you can provide some sample entries, then I can work on it and get it to work.
I've been working on getting a version of the app to work with IPv6 on pfSesnse. I have a working prototype, and I'll need people who are actually seeing data in IPv6 to test it out. Check out the issue on my github page : https://github.com/amiracle/homemonitor/issues/2 and here is the alpha release : https://github.com/amiracle/homemonitor/releases/tag/4.3.1-alpha
To install, first backup your current version of the app :
splunk:> tar czvf homemonitor.tgz $SPLUNK_HOME/etc/apps/homemonitor/
Once you have the compressed file, go ahead and overwrite the homemonitor directory with the binary found in the alpha release page.
This should now extract src_ip, dest_ip, src_port and dest_port for IPv6 traffic. So far, I was able to test this on UDP traffic and it worked; I don't have TCP traffic, so I need your help to validate the extractions. I'm sure it will break so if you can provide some sample entries, then I can work on it and get it to work.
I have not tested with IPv6, but according to the documentation (http://docs.splunk.com/Documentation/Splunk/6.2.4/SearchReference/Iplocation) the iplocation
command supports IPv6. If the IP shows up in the event, then the dashboards should be able to convert the IPv6 to a location and populate the dashboard.
Hello,
The error on the regex pfsense : EXTRACT-action,direction,protocol,length,src_ip,dest_ip,src_port,dest_port,data_length
view :
for IPV4 is OK:
https://www.evernote.com/l/AZoeMpJG9iJMR6fDgeGf4I7yYTCDZc8Iwe4
for IPV6 is NOK :
https://www.evernote.com/l/AZpNRthyMVNDwZW6cirk9obl5gy_fqELOVo
Thanks
fred