1
23.7 Legacy Series / Re: change in remote filterlog format after update to 23.7.4
« on: September 18, 2023, 03:33:13 pm »
Hi Franco,
thanks for the tipp, this fixed it
bye Josef
thanks for the tipp, this fixed it
bye Josef
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
23.7 Legacy Series / change in remote filterlog format after update to 23.7.4
« on: September 15, 2023, 12:17:28 am »
Hi,
I use graylog as syslog-target for opnsense. After the update to 23.7.4 there is no leading "hostname filterlog[PID]:" in the remote syslog messages.
bye Josef
I use graylog as syslog-target for opnsense. After the update to 23.7.4 there is no leading "hostname filterlog[PID]:" in the remote syslog messages.
bye Josef
3
Intrusion Detection and Prevention / Re: Problem starting IPS because of bad rules from urlhaus
« on: September 23, 2020, 04:25:25 pm »
I found the problem in my setup.
In the past 10 days there was a huge amount of new submissions to urlhaus, which results in a big increase of rules (from 30000 to 160000)
https://urlhaus.abuse.ch/statistics/
My hardware (APU 2G RAM) was probably to poor in performance to load all rules in a reasonable time.
In the past 10 days there was a huge amount of new submissions to urlhaus, which results in a big increase of rules (from 30000 to 160000)
https://urlhaus.abuse.ch/statistics/My hardware (APU 2G RAM) was probably to poor in performance to load all rules in a reasonable time.
4
Intrusion Detection and Prevention / Problem starting IPS because of bad rules from urlhaus
« on: September 21, 2020, 03:29:02 pm »
Hi all,
I just want to inform, in the actual (21.9.2020 15:00 CEST) abuse.ch/URLhaus rules is a bug wich prevents the IPS from starting
[100151] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (510560)"; flow:established,from_client; content:"GET"; http_method; conte" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.urlhaus.rules at line 73508
OPNsense 20.7.2-amd64
FreeBSD 12.1-RELEASE-p8-HBSD
OpenSSL 1.1.1g 21 Apr 2020
CPU Type AMD G-T40N Processor (2 cores)
I just want to inform, in the actual (21.9.2020 15:00 CEST) abuse.ch/URLhaus rules is a bug wich prevents the IPS from starting
[100151] <Error> -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (510560)"; flow:established,from_client; content:"GET"; http_method; conte" from file /usr/local/etc/suricata/opnsense.rules/abuse.ch.urlhaus.rules at line 73508
OPNsense 20.7.2-amd64
FreeBSD 12.1-RELEASE-p8-HBSD
OpenSSL 1.1.1g 21 Apr 2020
CPU Type AMD G-T40N Processor (2 cores)
5
20.7 Legacy Series / Re: Better wifi support with 20.7/BSD12.1 ?
« on: August 26, 2020, 10:31:04 pm »
I tried it with a WLE200NX but no luck. It seems that there is a driver missing.
6
German - Deutsch / Re: VoIP - Anrufe kommen nur sporadisch an
« on: February 20, 2020, 10:16:29 am »
Ist die Intrusion Detection aktiv? Wenn ja schalte sie mal aus.
Pages: [1]