"
Thanks for the reply, I tried below settings but a ping to for example rutube.ru does not get blocked by IDS, whereas it does with Firewall rules:
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#16
18.7 Legacy Series / Re: Challenge: Alert on Firewall block - is this possible currently?
October 07, 2018, 08:05:30 PM #17
18.7 Legacy Series / Challenge: Alert on Firewall block - is this possible currently?
October 05, 2018, 09:10:52 PM
So first I tried setting up IDS with GeoIP block of Traffic to China and Russia, no blocking or alerts happened with Intrusion Detection and IDS enabled.
Made a Firewall LAN rule that blocks outgoing traffic to GeoIP of China and Russia.
That blocks, yay!
As for alerts:
I've setup a Monit Service Test with:
content = " 84,,, "
Which is the number of the rule used as found out by:
ping rutube.ru, resolves to: 185.165.123.77
cat /var/log/filter.log | grep 185.165.123.77
or
grep " 84,,," /var/log/filter.log
Oct 5 20:26:56 router filterlog:
84,,,0,igb0,match,block,in,4,0x0,,64,24176,0,DF,1,icmp,84,192.168.1.228,185.165.123.77,datalength=64
I've set up a Service like so:
Type: File
Path: /var/log/filter.log
Test: <name of Monit Service Test>
No alerts appear in my mailbox, I do see the message that Monit restarted.
Status page of Monit also shows no content matches
What am I missing?
Sources I looked at:
https://mmonit.com/monit/documentation/monit.html#FILE-CONTENT-TEST
https://forum.opnsense.org/index.php?topic=5303.0
Made a Firewall LAN rule that blocks outgoing traffic to GeoIP of China and Russia.
That blocks, yay!
As for alerts:
I've setup a Monit Service Test with:
content = " 84,,, "
Which is the number of the rule used as found out by:
ping rutube.ru, resolves to: 185.165.123.77
cat /var/log/filter.log | grep 185.165.123.77
or
grep " 84,,," /var/log/filter.log
Oct 5 20:26:56 router filterlog:
84,,,0,igb0,match,block,in,4,0x0,,64,24176,0,DF,1,icmp,84,192.168.1.228,185.165.123.77,datalength=64
I've set up a Service like so:
Type: File
Path: /var/log/filter.log
Test: <name of Monit Service Test>
No alerts appear in my mailbox, I do see the message that Monit restarted.
Status page of Monit also shows no content matches
What am I missing?
Sources I looked at:
https://mmonit.com/monit/documentation/monit.html#FILE-CONTENT-TEST
https://forum.opnsense.org/index.php?topic=5303.0
#18
18.7 Legacy Series / Re: Email notification
September 08, 2018, 11:45:22 AM
I'm curious about this as well, I can test notifications and get an email notification on said test and when monit restarts but that's all.
There is an option to add monit service test settings but I'm not sure what to fill in for updates.
From what i read more works needs to be done on monit but other features have a higher priority as per https://forum.opnsense.org/index.php?topic=6395.msg27322#msg27322
There is an option to add monit service test settings but I'm not sure what to fill in for updates.
From what i read more works needs to be done on monit but other features have a higher priority as per https://forum.opnsense.org/index.php?topic=6395.msg27322#msg27322
