OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Wolfspyre on April 10, 2024, 10:29:45 pm

Title: Telemetry token missing in /usr/local/etc/suricata/rule-updater.config ???
Post by: Wolfspyre on April 10, 2024, 10:29:45 pm

so... I'm prolly totally doing it wrong... but

Code: [Select]

[root@evey /home/wolfspyre]# opnsense-log|awk '/token/ { $1="";$2=""; $5=""; $8="sequenceId=x]"; print }'|sort|uniq
  evey.wolfspyre.com send_telemetry.py  - [meta sequenceId=x] telemetry token missing in /usr/local/etc/suricata/rule-updater.config
[root@evey /home/wolfspyre]# opnsense-log|awk '/token/ { $1="";$2=""; $5=""; $8="sequenceId=x]"; print }'|wc -l
     927


Code: [Select]

[root@evey /home/wolfspyre]# cat /usr/local/etc/suricata/rule-updater.config|head -4
# autogenerated, do not edit.
[__properties__]
et_telemetry.token=9xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx7

(changed to remove actual key, but the rest is accutate)
I'm not sure why this message is getting logged....

anyone got a clue-by-four I can hit myself over the head with? :)

Title: Re: Telemetry token missing in /usr/local/etc/suricata/rule-updater.config ???
Post by: Wolfspyre on April 13, 2024, 03:59:37 am

https://docs.opnsense.org/manual/etpro_telemetry.html:

Quote

The plugin comes with a small script to print eve output yourself, it’s called dump_data.py, when used with the -p parameter, it will output the data as it will be sent to Proofpoint. All script code can be found in the following directory /usr/local/opnsense/scripts/ids_telemetry/

turns out this is actually:

Code: [Select]

/usr/local/opnsense/scripts/etpro_telemetry/dump_data.py

however running it with -p as suggested returns nothing... :/

I reinstalled the plugin
re-added the token,
save-clicky,
download-clicky

samesame tho :(

thots?