OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Grenen on March 15, 2023, 10:13:25 am

Title: ET_telemetry not updating
Post by: Grenen on March 15, 2023, 10:13:25 am: Hi,

I have a problem with the my ET Telemetry-rules. The cronjob to update the rules at 02:30 every night works for the built in rules, but not for the ones from the ET Telemetry-list.

https://ibb.co/BTR9jKn (https://ibb.co/BTR9jKn)

Manual updating works.

Any idea why this happens?
Title: Re: ET_telemetry not updating
Post by: featheredfifth on April 20, 2023, 05:14:55 am: Have any update here? I have the same issue.
penalty kick online (https://penaltykickonline.com)
Title: Re: ET_telemetry not updating
Post by: Grenen on April 26, 2023, 09:37:41 pm: Quote from: featheredfifth on April 20, 2023, 05:14:55 am
Have any update here? I have the same issue.
penalty kick online (https://penaltykickonline.com)

I still have the same issue. It updates a few times per week but not every night per the cronjob. Never found a reason. At most its usualy 2-3 days without updates.
Title: Re: ET_telemetry not updating
Post by: deajan on May 02, 2023, 06:10:15 pm: Probably not the problem here, but it's worth a shot.
I've installed IDS PT Research ruleset by mistake.
This prevented me from downloading ET Telemetry rules. Once I disabled the ruleset, I could update telemetry rules again.
Title: Re: ET_telemetry not updating
Post by: Grenen on May 16, 2023, 08:48:11 am: I don't have the IDS-PT Research installed, but thanks for adding your findings if someone else has the same problem.

I still have the issue, and nothing in the logs give any indication on why its happening. Today i manually updated the rules this morning. All other rules was updated 02:30 as per cron-job, but the ET-Telemetry wasn't updated since the 12th of may.

Log files:

Code: [Select]
2023-05-16T07:58:13 Notice suricata [100486] <Notice> -- rule reload complete 2023-05-16T07:56:32 Notice suricata [100486] <Notice> -- rule reload starting 2023-05-16T02:32:02 Notice suricata [100486] <Notice> -- rule reload complete 2023-05-16T02:30:22 Notice suricata [100486] <Notice> -- rule reload starting 2023-05-15T02:32:07 Notice suricata [100486] <Notice> -- rule reload complete 2023-05-15T02:30:22 Notice suricata [100486] <Notice> -- rule reload starting 2023-05-14T02:32:03 Notice suricata [100486] <Notice> -- rule reload complete 2023-05-14T02:30:22 Notice suricata [100486] <Notice> -- rule reload starting 2023-05-13T02:32:16 Notice suricata [100486] <Notice> -- rule reload complete 2023-05-13T02:30:33 Notice suricata [100486] <Notice> -- rule reload starting 2023-05-12T02:32:13 Notice suricata [100486] <Notice> -- rule reload complete 2023-05-12T02:30:33 Notice suricata [100486] <Notice> -- rule reload starting
So everything seems "fine", and no difference between the 12th and the other dates.

Anyone got a clue why this is happening?