New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Maltrail plugin just stopped detecting anything #1470
Comments
FYI, I retested after upgrading to 19.7.3 then leaving it over night and trying the two tests above - same thing, nothing gets logged. |
Hm, also doesn't work on 19.7.1, need to investigate ... |
Any idea when this might get fixed? Happy to help test any patches. |
Downgraded to 19.7, nothing found yet. Maybe a limitation of maltrail itself. Have to contact the author. |
As this is only on the forum and to save the author multiple hops to see the errors, I'll add it here as well:
|
The traces also occur when listening on LAN? |
Can you please give me the content of used |
@mimugmail same errors @stamparm it seems to be empty
The GUI does have a value set: When I manually set it to 86400 like the GUI I get this (I switched back to WAN):
|
Will fix this. But does this fix the pppoe problem? |
Note sure. I've commented the later steps here |
So how can I test this because I changed both /usr/local/share/maltrail/maltrail.conf and the template as per the fix, restarted the service and still nothing is recorded when I use the two tests. Nothing is getting logged in /var/log/maltrail except the error.log which only seems to log the service exits. |
Ok, I'm confused, how do I restart this correctly so that it rebuilds the .conf because I changed from WAN to LAN, went to the system diagnostics and restarted the maltrail service, and the .conf still says pppoe? |
When you apply the patch you also need to restart configd |
Did that, the generated file still remains the same |
Can somebody please send me a sample PCAP for a capture from such interface to |
I'll ask how to do that if I that's even possible in OPNsense, once I know the patch is effective - at the moment I don't even know if either WAN or LAN is working because the config doesn't change when I switch the interfaces through the GUI |
@stamparm I'll send you some, needed some time to get access to my home device with pppoe enabled. Can also offer root access if needed. |
Ok, so I was able to reboot the firewall in lieu of a proper way to restart whatever service is necessary, and it rebuilt the conf file with the LAN interfaces. I then ran the tests and got hits. I then changed it back to WAN (pppoe) and disabled/enabled the sensor (can we have some restart buttons please), and I saw the config had changed back to "pppoe". I ran the tests and once again nothing is being picked up - I deleted the new log file produced by the previous hits so I could definitely tell if it detected anything. The file has not been recreated. At least the fix for the update period being blank works. |
@mimugmail okie dokie. First PCAP, then "failback" root if required :) |
@Taomyn you can manually patch sensor.py: stamparm/maltrail@b06bd4b Or wait some weeks for maltrail 0.15 |
|
After realising that downloading the new sensor.py file did not work verywell, I manually patched just the four lines into the current version. After that and restarting the sensor, a few minutes later I started getting hits from various systems. Many thanks to both of you. |
This one can be closed, 0.15 shipped with 19.7.5 fixes it |
Close? |
I've had Maltrail running pretty well from 5th August to 12th August, but since then it's made zero detections.
The service is running, there is nothing in its error log. I restarted the firewall and still the same. I'm using the two test examples from the Maltrail readme:
Neither gets picked up.
I'm on OPNsense v19.7.2 and the plugin is v1.0 - Maltrail is monitoring the WAN interface.
Please forum thread for further on this: https://forum.opnsense.org/index.php?topic=13823
The text was updated successfully, but these errors were encountered: