OPNsense Forum

English Forums => General Discussion => Topic started by: deekdeeker on April 23, 2019, 02:04:57 am

Title: ntop alerts to slack
Post by: deekdeeker on April 23, 2019, 02:04:57 am

Anyone using the ntop alerts via slack?? Just trying this for the first time and not really sure what is happening , I thought that it would just forward the alerts that are appearing the the "flow alerts" section of ntop but apparently not im just getting stuff like below that does not in any way match the alerted flows in ntop.. no more info than that . is this just a useless feature?

22/04/2019 20:00:08][Blacklisted Flow] Client, server or domain is blacklisted [Flow: xxx.176.26.66:52077 xxx.xxx.local:40100] [L4 Protocol: TCP]

Title: Re: ntop alerts to slack
Post by: lrosenman on April 23, 2019, 02:27:12 am

Even in the logs, I'm trying(!) to figure out what the hades this means.

Title: Re: ntop alerts to slack
Post by: deekdeeker on April 23, 2019, 02:31:52 am

well i can see that these logs are just random probes from mother russia. But i dont see these anywhere in ntop these are attacks straight to the FW itself. Very confusing and not very useful info as the purpose of slack would be to aggregate the logs that would normally see from NTOP - which do not seem to get logged. :P