OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of r111 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - r111

Pages: [1]
1
Intrusion Detection and Prevention / Re: ET Pro Telemetry rules not loading
« on: July 07, 2021, 10:47:45 pm »
This is now resolved.

After experimenting around I tried subscribing to Snort and loading their rules instead. Those wouldn't load either. This suggested to me that it was not a problem with a particular ruleset or source of rulesets. In the end what helped was to go to the Download tab, check all the rulesets I had enabled and choose "Disable selected". I did this and many more rulesets suddenly showed up in the Download list, including both ET Telemetry and Snort rules. I selected some, then pressed "Save" and "Download & Update Rules", and now I have more rules than I know what to do with.

I guess something had become corrupted in the list of available rulesets. Disabling all of them seemed to fix that so I could start again.

2
Intrusion Detection and Prevention / ET Pro Telemetry rules not loading
« on: July 07, 2021, 05:10:30 pm »
I'm trying to get the ET Pro Telemetry rules to load. I have enabled Intrusion Detection, IPS mode, Promiscuous mode, Hyperscan, and chosen the LAN and WAN interfaces (I understand this is how to do it when VLANs are in use). I have installed the os-etpro-telemetry plugin and entered my et_telemetry.token. Under "Download" I have selected all of the ET telemetry rules and enabled them.

When I press "Download & Update Rules" it spins for a bit and then stops. No rules appear under the Rules tab. The Suricata log file (Services > Intrusion Detection > Log File) shows this:

2021-07-07T10:46:34   suricata[83728]   [100170] <Notice> -- rule reload complete   
2021-07-07T10:46:34   suricata[83728]   [100170] <Warning> -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - 7 rule files specified, but no rule was loaded at all!   
2021-07-07T10:46:34   suricata[83728]   [100170] <Notice> -- rule reload starting

The system log (System > Log Files > General) shows the following:

2021-07-07T10:46:34   /rule-updater.py[4309]   version response for https://opnsense.emergingthreats.net/api/v1/ruleset/version : {"ruleset": "opnsense-rules.tar.gz", "version": "9790"}

So it looks like it's downloading something, but Suricata is not receiving any rules. Can anyone help me figure out what's going on here? Thanks.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2