I installed and configured maltrail plugin and it seems it is working OK, I can connect to the web interface, I can see the maltrail alias BlocklistMaltrail populated, I can use the alias in rules.
I found some strange behavior, maybe is my fault or misunderstanding:
1. Every time I save the Services/Maltrail/Sensor configuration, the number of "sensor.py" processes is raising by the $CPU_COUNT, resulting in consuming more memory and CPU. No way to see something is wrong from Webui, except from the Lobby/Dashboard graphs (Memory percentage is greater, CPU peaks going to 100% from time to time)
2. In the list of services there is only "maltrailserver" service. Stopping the maltrailserver service, it stops the "server.py" process, all the "sensor.py" processes stay alive. I have to kill them manually from CLI
3. Starting by the Webui the maltrailserver service, only the "server.py" process is started, there is no "sensor.py" processes, until I press the "Save" button in Services/Maltrail/Sensor
So practically there is no way of effectively control the maltrail from web ui. I have to use both CLI and web ui to have it started or stopped as expected. Once started and if not touched/reconfigured, all is OK.
Am I doing or expecting something wrong, or it something with the installation?
This all seems to be the case even now in January 2024, I last tried it back in 2022 with similar issues, the worst being when I made a few changes and nothing seemed different even after restarting the service, was forced to disable/enable the server/sensor (even though general settings states at the stop it should be re-startable, there is no control in either server/sensor pages.
The worst as mentioned by the OP is that python processes just accumulate and I ended up with low RAM and having to kill them all manually. Even uninstalling the plug-in left all of them running.
Either this plugin is looked at and updated, because it's quite a few releases of Maltrail behind now, or it gets removed from OPNsense as unfit for purpose. A shame, as I like Maltrail and serves my needs as I find Suricata to complex.