All Apps and Add-ons

Does the Home Monitor app provide IPv6 support for pfSense?

Explorer

Hello,

In the Home Monitor app, is IPv6 supported for pfSense?

Thanks for the reply.

Best regards,

fred

1 Solution

Splunk Employee
Splunk Employee

I've been working on getting a version of the app to work with IPv6 on pfSesnse. I have a working prototype, and I'll need people who are actually seeing data in IPv6 to test it out. Check out the issue on my github page : https://github.com/amiracle/homemonitor/issues/2 and here is the alpha release : https://github.com/amiracle/homemonitor/releases/tag/4.3.1-alpha

To install, first backup your current version of the app :

splunk:> tar czvf homemonitor.tgz $SPLUNK_HOME/etc/apps/homemonitor/

Once you have the compressed file, go ahead and overwrite the homemonitor directory with the binary found in the alpha release page.

This should now extract srcip, destip, srcport and destport for IPv6 traffic. So far, I was able to test this on UDP traffic and it worked; I don't have TCP traffic, so I need your help to validate the extractions. I'm sure it will break so if you can provide some sample entries, then I can work on it and get it to work.

View solution in original post

Splunk Employee
Splunk Employee

I've been working on getting a version of the app to work with IPv6 on pfSesnse. I have a working prototype, and I'll need people who are actually seeing data in IPv6 to test it out. Check out the issue on my github page : https://github.com/amiracle/homemonitor/issues/2 and here is the alpha release : https://github.com/amiracle/homemonitor/releases/tag/4.3.1-alpha

To install, first backup your current version of the app :

splunk:> tar czvf homemonitor.tgz $SPLUNK_HOME/etc/apps/homemonitor/

Once you have the compressed file, go ahead and overwrite the homemonitor directory with the binary found in the alpha release page.

This should now extract srcip, destip, srcport and destport for IPv6 traffic. So far, I was able to test this on UDP traffic and it worked; I don't have TCP traffic, so I need your help to validate the extractions. I'm sure it will break so if you can provide some sample entries, then I can work on it and get it to work.

View solution in original post

Splunk Employee
Splunk Employee

I have not tested with IPv6, but according to the documentation (http://docs.splunk.com/Documentation/Splunk/6.2.4/SearchReference/Iplocation) the iplocation command supports IPv6. If the IP shows up in the event, then the dashboards should be able to convert the IPv6 to a location and populate the dashboard.

Explorer

Hello,

The error on the regex pfsense : EXTRACT-action,direction,protocol,length,srcip,destip,srcport,destport,data_length

view :

for IPV4 is OK:
https://www.evernote.com/l/AZoeMpJG9iJMR6fDgeGf4I7yYTCDZc8Iwe4

for IPV6 is NOK :
https://www.evernote.com/l/AZpNRthyMVNDwZW6cirk9obl5gy_fqELOVo

Thanks

fred

0 Karma

Explorer
0 Karma