visualizer halting

Murus
Post Reply
baxsc01
Posts: 7
Joined: Fri Jul 10, 2015 4:45 am

visualizer halting

Post by baxsc01 » Tue Dec 22, 2015 5:46 pm

I'm running Murus 1.3.2 and just upgraded the visualizer a few minutes ago. I am having trouble with notifications halting a few days after a system restart (rebooting system will more often than not restart notifications) and visualizer will not function either. I also have to enter my logon credentials every reboot which is annoying. The cessation of notifications, when they and visualizer once worked just fine, is a significant concern that has me questioning firewall function.

hany
Posts: 481
Joined: Wed Dec 10, 2014 5:20 pm

Re: visualizer halting

Post by hany » Tue Dec 22, 2015 8:11 pm

Hello,
this is a strange behavior and it should not happen. The notification system in Murus Logs Visualizer has not been changed since the very first releases, the code has always been the same, so newer versions should work exactly like the old ones. Can you please provide me some more information about your overall setup? Did you make a system upgrade since the time when "visualizer once worked just fine" ? Did you remember which Visualizer/OSX version you were using when your first discovered this issue?
I am having trouble with notifications halting a few days after a system restart (rebooting system will more often than not restart notifications) and visualizer will not function either
The problem may be in Visualizer or in the logging system. If it happens again you should verify if PF logging is working, looking at /var/log/pffirewall.log. If pf logging system is working but notifications are not working, then it's definitely a Visualizer bug. You should simply try quitting Visualizer and restarting it to see if notifications work. This thing is very useful for us to troubleshoot your issues, so please let us now :)

FYI In the past we had a customer with similar problems. It was a system-related issue (pf logging stopped, and thus notifications stopped as well) and has been fixed using a "cleaning" utility (like Onyx or Cocktail, I don't remember).
just upgraded the visualizer a few minutes ago
well, let us now if this behaves the same way or not :)

baxsc01
Posts: 7
Joined: Fri Jul 10, 2015 4:45 am

Re: visualizer halting

Post by baxsc01 » Wed Feb 03, 2016 6:32 am

I have upgraded to murus 1.3.6 and visualizer 1.3.3. Visualizer is not feeding notifications and nothing shows up in realtime simplified log. I checked /var/log/pffirewall.log and I have entries that I think should be feeding visualizer. I have a rule match on rule 36 block inbound, but nothing shows up in visualizer. How may I diagnose? I checked my notifications configuration and Murus visualizer should be sending alerts.

hany
Posts: 481
Joined: Wed Dec 10, 2014 5:20 pm

Re: visualizer halting

Post by hany » Wed Feb 03, 2016 12:36 pm

Are you using some cache cleaning tools for OSX? Have you done any kind of mod to the system?
Try reinstalling Visualizer and removing all system tweaks. Try also to fix permissions on boot volume using disk utility.
If pffirewall.log is populated by significant logs then Murus Logs Visualizer *must* see these logs. If it doesn't then is for these reasons:
1) you are using an OS X beta version
2) your OS X has permission/cache problems caused by third party apps
3) your pf rules do not produce significant logs (a lot of garbage is simply ignored by Logs Visualizer)

I have entries that I think should be feeding visualizer.
can you please show me an example of those entries?

baxsc01
Posts: 7
Joined: Fri Jul 10, 2015 4:45 am

Re: visualizer halting

Post by baxsc01 » Thu Feb 04, 2016 1:27 am

I now have notifications by basically tossing my former ruleset (saved it just in case) then doing a manual configuration driven by the wizard. I bounced the firewall and notifications started working. The thing that interests me is that formerly notifications would work as they are now, then for some unknown reason they would stop. I'm going to be carefully watching notifications and will try to capture logs as soon as I detect cessation of notifications. I have certain hosts on my network that are repeatedly making DNS and SMB requests and they are explicitly blocked. I will always see a notification from them so I have a reliable source of events. I should look at Onyx or another cleaner. in the mean time I'll be closely monitoring things. My OSX version is 10.11.3 beta 15D9C. I have to get off the beta somehow.

MRSTANG
Posts: 5
Joined: Thu Jan 07, 2016 5:17 pm

Re: visualizer halting

Post by MRSTANG » Fri Feb 05, 2016 1:14 pm

I had a somewhat similar issue.
I imported a Murus Configuration from a test server and when I tried to view the logs with visualizer it quit out.
To resolve this I went to the Murus Log Preferences and clicked the Save Log File Rotation Settings.
Then Visualizer started working
LJS

baxsc01
Posts: 7
Joined: Fri Jul 10, 2015 4:45 am

Re: visualizer halting

Post by baxsc01 » Sun Feb 07, 2016 1:33 am

I'll check the rotation setting. Thank you very much for sharing your experience. Notifications halted, but as I was diagnosing the issue I was viewing the firewall log and 3 blocking entries were created while I was in the log looking at the latest, and I received no notification. I checked the murus log and did not find anything stating that murus visualizer had halted. Something caused visualizer to halt and I'm hoping it's a rotation issue (lack of) that's maybe filling a static log then halting further notices. I have no idea otherwise.

Post Reply