OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: dave on April 02, 2020, 08:44:32 am
-
Think I may have found a bug in Maltrail.
Logging works fine so long as Monitor Interface is set to Nothing Selected.
Since I've got nothing listening on the WAN I specified internal interfaces only and everything stopped working.
If i manually specify all interfaces logging stops working; if I uncheck everything, Maltrail starts working again.
Two of my interfaces are vlans though, so would that mess things up? Should I just be selecting the parent interface for inspection?
-
You can try this, yes. Never tested with vlans
-
Looks like something's not working as it should.
Torrents generate reports, so I've been using Ubuntu to test.
Judging from CPU and memory usage (which goes through the roof with heuristics enabled), Maltrail is monitoring regardless of its config.
With Maltrail disabled I manually selected all int’s (physical and logical), started the service, and logs were generated.
I switched to physical int’s only and restarted the service, and continued to see new reports.
Then switched to internal physical int’s, restarted the service, but still saw WAN reports unrelated to torrents.
Finally switched to internal physical and logical int’s, rebooted, and now I’m only seeing reports related to internal interfaces.
Hope that made some kind of sense.
-
I tried as #1 said but it wasn't good either.