Intrusion detection no longer showing alerts since last update

Started by kezman83, April 14, 2019, 01:24:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 14, 2019, 01:24:30 AM
Hi
Since the most recent update I am no longer seeing alerts being displayed in the alerts tab.
I can see the service is running and the the log file is being populated(Indicating the intrusion detection is working). 
If this issue due to the update breaking something?
April 14, 2019, 10:51:18 AM #1
I'm not sure why this needs repeating. Please provide version information: last good version, first bad version. "latest update" is loosely related in space and time.


Cheers,
Franco
April 14, 2019, 12:36:19 PM #2
Hi Franco
Apologies for being so vague in my post.
Last good version = 19.1.5
First bad version = 19.1.6
Thank you

Regards,
Alex
April 20, 2019, 07:46:13 PM #3
Hi Alex,

Depends a bit, there was a fix that mutes alerts that are not supposed to alert:

https://github.com/opnsense/core/issues/3386

And there's a small cleanup:

https://github.com/opnsense/core/commit/a0b3ddc57247

It is likely the first change which should be normal and the previous alerts were not meant to be shown at all. Does that make sense in your env?


Cheers,
Franco
April 23, 2019, 05:03:41 AM #4
Hi Franco
Thanks for getting back to me, this looks like it makes sense.
An example of an alert the system was giving me is below(Could you confirm if this is an alert that should be muted).

Alert   FILE-IDENTIFY MP4 file download request  (This is set to drop).

Regards,
Alex

Print
Go Up Pages1
User actions