Some of the data isn't showing on graph.

[SHoover80]

Here in the first picture, I'm not able to get it to show the uptime, The GEO map was working but now it's not showing anything.
Not sure if I missed something up while I was trying to figure out the issue with the uptime but I ended up doing a fresh install of PFSense +, Then upgraded it to 23.01 Beta from 22.05 I was previously running, I spun up a fresh InfluxDB, and Grafana starting all from scratch and still not getting either the uptime or GEO Map.

Now some of these in the below picture I circled, I presume may not be showing up because I dont have anything setup to block any outgoing traffic, only incoming is being blocked at this time. I'm hoping that's all it is.

In this last picture, as with the GEO Map, it was showing the total traffic for my WAN interface but now after starting from scratch and upgrading PFSense+ I'm not getting any data for it.

Here's a couple screen shots from after my intial install. Before I upgraded to 23.1, and started troubleshooting why I couldn't get anything to show for the uptime, DNSBL-BlockingDomain, DNSBL-SourceIP and DNSBL-Top 10 Blocked Domains. The Geo Map and the WAN totals were working before upgrade so I'm not sure if something changed with 23.01 Beta causing those two not to work now. or if it's User error ;-)

I'm a complete Noob with Grafana and these dashboards so I have no clue where to start with troubleshooting. I've read through the posted issues to see if any applied to this issue. I made sure I added "if" to status on line 64 of telegraf_pfifgw.php. I'm using influxdb 1.8.3-alpine and the latest version of Grafana. I wanted to use the influxdb2, but trying to get it to work with this dashboard was problematic for me currently. Figured I'd start with what this dashboard was designed to work with first, and as I learned more try to get it to work with latest version of InfluxDB later down the road.

Thank you in advance, Amazing dashboard.

[SHoover80]

Issue #42 Helped me get the uptime working, I got the months total for WAN working. I havn't figured out the GEO Map yet. Any suggestions where to look would be greatly appreciated.

[Lcstyle]

BTW, this solution is only for the GEO MAP, refer to instructions in issue #42 or #58 (comment) for possible solutions to other problems.

This solution addresses only the GeoMap and assumes all your other data is working correctly.

First Problem

make sure your feeds under Firewall/pfBlockerNG/IP/IPV4/PRI1 are enabled (and for any other feed category that is listed, i.e. PRI1, PRI2) etc. In my instance, I discovered that the individual feeds were disabled and so nothing was being blocked.

Second Problem (query)

you can also login to your influx db using these commands, there should be entries listed in the result set and the country code should appear under the geoip_code column for each entry.

# influx
# use pfsense (or configured pfsense db name)
# show measurements
# select * from tail_ip_block_log limit 20

Solution

SELECT count("action") FROM "tail_ip_block_log" WHERE ("host" =~ /^$Host$/ AND "action" = 'block' AND "direction" = 'in') AND $timeFilter GROUP BY time(10m), "geoip_code"

appears to return 0 Results

However,

SELECT count("action") FROM "tail_ip_block_log" WHERE ("host" =~ /^$Host$/ AND "action" = 'block' AND "direction" = 'in') AND $timeFilter GROUP BY "geoip_code"
seems to work correctly.

I believe this is a defect, but would like the author or someone else to confirm.

[SHoover80]

@Lcstyle Thank you for the response.

I got everything to work but the geomap and DNSBL-blocking domain, DNSBL Feeds, DNSBL-Source IP, and DNSBL -Top10. I followed issue #58 steps listed below:

UPDATED PATCH for pfSense 2.6/21.x IP Logging Issues

There are some further improvements to this logging issue. It seems to have resolved the issues for most, but for some pfSense is logging incorrectly to the filter.log file? There is a Redmine issue here:

https://redmine.pfsense.org/issues/12868

If you can test the following patch and report back it would be appreciated:

1.	Download the following patch to the pfSense box

curl -o /usr/local/pkg/pfblockerng/pfblockerng.inc “https://gist.githubusercontent.com/BBcan177/7cb8635199446866d511b97166d65296/raw/”

1.	Restart the “pfb_filter” Service
2.	See if the IP Blocks are being reported to the pfB Logs

For info, the changes here:

https://gist.github.com/BBcan177/7cb8635199446866d511b97166d65296/revisions

Thanks

And doing that broke something where I was no longer getting any data using PFSense + 22.05. So I had to reinstall PFSense to get everything working. I'm running influxdb:1.8.10-alpine in docker/portainer which doesn't have a webui so I havn't figured out how to follow your recomendations to do the following:

influx

use pfsense (or configured pfsense db name)

show measurements

select * from tail_ip_block_log limit 20

[SHoover80]

@Lcstyle Just wanted to update this. I guess I didn't have my settings in PFSense right. I was troubleshooting my PFSense dealing with other issues and started from scratch. After I tuned my firewall settings further I seen data start to show up on the Grafana dashboard filling up all areas now.