OPNsense Forum

Hello,

In general I have the message:
Updates in this section need also a restart via sensor or server menu.

As Maltrail doesn't work and I can't find the way,

I would like to know what its path is in console mode.
I am looking for the installation directory of SENSOR and SERVER to start it in manual.


Regards,

Hello,

I found

/usr/local/share/maltrail/maltrail.conf

but the following commands do not work,

python sensor.py
python server.py

what is the PYTHON instruction under freebsd & opnsence ?

Regards,

You need to append the version like for example python2.7

Thank you

Hello,

After entering the correct synthax in console mode, I do not know why MALTRAIL still does not work.

It always shows me in maltrail / general: "Updates to this section also require a restart via the Sensor or Server menu."

Although in dashboard / services / maltrailderver is activated, also in console mode (Sensor & server = running).

But I am nothing by consulting the port 8338 on my local ip.

It worked for several weeks, but now maltrail does not activate on my configurations, I would like to know who or who is blocking this plugin from me.

I only monitor the wan.

Would there be an activity log to consult and where?

An idea ?

Regards,

This is just a info which stays forever so you know that when you change something in general you also have to save in server/sensor to make them active.

thank you,

I don't understand the meaning of your answer, maybe translation problem.

After modification, what to do in server / sensor?

Regards,

sensor asks me to install 'schedtool'

I don't know where to find the version for freebsd.

If you can give me an "http" link to deploy it with wget

Thank you.

Looking forward to hearing from you,

Regards,

Quote from: Darkopnsense on January 22, 2020, 10:37:49 AM
thank you,

I don't understand the meaning of your answer, maybe translation problem.

After modification, what to do in server / sensor?

Regards,

Just hit "Save" :)

Thank you for the answer.

It's a good joke.

Of course, I am going first in the submenus of MALTRAIL (general, sensor, server) to save and see if it changes anything.

So this is not the right track.

Regards,

I have a reflection.

The following plugins are functional:
etpro-telemetry is in python3.7
sensei is in python3.7

While the malfunctioning plugin does not work on a module:
pcapy is in python2.7

Regards,

Maybe at first check if the port is really listening, via CLI:

sockstat -4 | grep 8338

Thank you for the answer.

Here is the return of the order:

root@Pare-Feu:/ # sockstat -4 | grep 8338
root     python2.7  52758 3  tcp4   192.168.66.66:8338    *:*

This does not speak to me, I do not know how to interpret the result.

Regards,

From a purely technical perspective, Python 2.7 and 3.7 do neatly coexist so we need a relevant error or health audit issue to assume it does not.


Cheers,
Franco

Quote from: Darkopnsense on January 22, 2020, 11:28:10 PM
Thank you for the answer.

Here is the return of the order:

root@Pare-Feu:/ # sockstat -4 | grep 8338
root     python2.7  52758 3  tcp4   192.168.66.66:8338    *:*

This does not speak to me, I do not know how to interpret the result.

Regards,

So the server is running on port 8338. What happens when you surf to this IP with http (not https)?
Do you get an error? Blocked packet?

Hi,

Franco
In console mode SENSOR requests the installation of 'schedtool'

mimugmail
no error message when browsing https or https with different browser on this address.

cordially,

Quote from: Darkopnsense on January 23, 2020, 12:43:45 PM
mimugmail
no error message when browsing https or https with different browser on this address.

cordially,

OK, and where exactly is the problem? I'm a bit confused

Hi,

According to my analysis and my understanding, I had traffic and reports in MALTRAIL then nothing.

I noticed and researched why the message "Updates to this section also require a restart via the Sensor or Server menu." stay in maltrail / general.
In console mode, SENSOR asks me to install 'schedtool'.

But I don't know where to find the version of freebsd.
If you can give me an "http" link to deploy it with wget


cordially

the schedtool is just a info, not a requirement.
Are you on the latest version? Can you set Listen Interface on LAN?
Maybe it need an hour to load all trail to see new data.

os-Maltrail 1.3
Maltrail 0.16
Py27-pcapy 0.11.1
Sensor 0.15.56
Server 0.15.56

Also when you set listening port on LAN? Usually this only happens when you set this on PPPoE

Hi,

I made a point mimugmail.

In Services / maltrail / General -> I listen to LAN, WAN, WIFI

In Services / maltrail / sensor -> I capture all

When connecting to http: // my-ip: 8338, there is nothing all white and zero.

Maltrail apparently works but does not record any traffic.

An idea ?

Regards,

What is the type of your WAN? Pppoe, dhcp, static?

DHCP

Ok, try to select only LAN and do a ping from internal to the one test IP in the docs

Hi,

I modified
In Services / maltrail / General/Monitor Interface -> LAN,

I have a problem of misunderstanding following the translation
"ping internally to one test IP in documents"

Did I have to understand

root@Pare-Feu:/usr/local/share/maltrail # ping 192.168.66.66
PING 192.168.66.66 (192.168.66.66): 56 data bytes
64 bytes from 192.168.66.66: icmp_seq=0 ttl=64 time=0.083 ms
64 bytes from 192.168.66.66: icmp_seq=1 ttl=64 time=0.031 ms
64 bytes from 192.168.66.66: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from 192.168.66.66: icmp_seq=3 ttl=64 time=0.048 ms
64 bytes from 192.168.66.66: icmp_seq=4 ttl=64 time=0.044 ms

Regards,

Hi,

After reading the following link
https://github.com/stamparm/maltrail

Here are my results :

root@Pare-Feu:/ # ping -c 1 192.168.66.66
PING 192.168.66.66 (192.168.66.66): 56 data bytes
64 bytes from 192.168.66.66: icmp_seq=0 ttl=64 time=0.043 ms

--- 192.168.66.66 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.043/0.043/0.043/0.000 ms


root@Pare-Feu:/ # cat /var/log/maltrail/$(date +"%y-%m-%d").log
Illegal variable name.


root@Pare-Feu:/ # nslookup morphed.ru
nslookup: Command not found.


I'm stunned!

Regards,

You have to ping this IP from a LAN PC: 136.161.101.53
And then check the GUI if you see an alert.

Hi,

If I understood correctly

on a windows computer
cmd
ping 136.161.101.53 -t
= Réponse de 136.161.101.53 : octets=32 temps=98 ms TTL=47


on Maltrail
= no matching threats found

above my results

Regards,

When you go to CLI, what happens when you type:

/usr/local/etc/rc.d/opnsense-maltrailsensor stop
python2.7 /usr/local/share/maltrail/sensor.py

Output please ...

root@Pare-Feu:/ # /usr/local/etc/rc.d/opnsense-maltrailsensor stop
Stopping maltrailsensor.
Waiting for PIDS: 89396.
root@Pare-Feu:/ # python2.7 /usr/local/share/maltrail/sensor.py
Maltrail (sensor) #v0.15.56

using configuration file '/usr/local/share/maltrail/maltrail.conf'
using '/root/var/log/maltrail' for log storage
[?] at least 384MB of free memory required
using '/root/.maltrail/trails.csv' for trail storage (last modification: 'Fri, 24 Jan 2020 08:53:09 GMT')
loading trails...
1,593,791 trails loaded
opening interface 'em0'
opening interface 'ath0_wlan1'
setting capture filter 'ip or ip6'
preparing capture buffer...
creating 3 more processes (out of total 4)
[?] please install 'schedtool' for better CPU scheduling

• running...
  
  TEST
  
  on a windows computer
  cmd
  ping 136.161.101.53 -t
  = Réponse de 136.161.101.53 : octets=32 temps=98 ms TTL=47
  
  
  on Maltrail (http://192.168.66.66:8338)
  = no matching threats found
  

Not wanting to hijack someone's thread, especially whilst fixing the problem is still in progress...

But I'm interested to see how this works out. I've just installed Maltrail and also getting no events showing in the GUI (but it's only been running ~20 minutes, so will wait a while longer ;)

Quote from: apiods on January 24, 2020, 03:32:13 PM
Not wanting to hijack someone's thread, especially whilst fixing the problem is still in progress...

But I'm interested to see how this works out. I've just installed Maltrail and also getting no events showing in the GUI (but it's only been running ~20 minutes, so will wait a while longer ;)

Update on my install...

I still didn't see any events for a while.
I had the Monitor Interface set to listen on a 'trunk' interface (i.e. the interface has no native vlan).
I changed this to listen on a particular vlan interface (i.e. local network), pinged the 'bad IP' and the event showed up in Maltrain GUI straight away  :)
Will continue to monitor.

Hi,

The solution is elsewhere than on this post.

I am wonderful, another post that I self-repaired

Thank you for your mimugmail involvement.

Regards,