ET_telemetry not updating

Started by Grenen, March 15, 2023, 10:13:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 15, 2023, 10:13:25 AM
Hi,

I have a problem with the my ET Telemetry-rules. The cronjob to update the rules at 02:30 every night works for the built in rules, but not for the ones from the ET Telemetry-list.

https://ibb.co/BTR9jKn

Manual updating works.

Any idea why this happens?
April 20, 2023, 05:14:55 AM #1
Have any update here? I have the same issue.
penalty kick online
April 26, 2023, 09:37:41 PM #2
Quote from: featheredfifth on April 20, 2023, 05:14:55 AM
Have any update here? I have the same issue.
penalty kick online

I still have the same issue. It updates a few times per week but not every night per the cronjob. Never found a reason. At most its usualy 2-3 days without updates.
May 02, 2023, 06:10:15 PM #3
Probably not the problem here, but it's worth a shot.
I've installed IDS PT Research ruleset by mistake.
This prevented me from downloading ET Telemetry rules. Once I disabled the ruleset, I could update telemetry rules again.
The world has 6 strings, and I got a pick ;)
May 16, 2023, 08:48:11 AM #4
I don't have the IDS-PT Research installed, but thanks for adding your findings if someone else has the same problem.

I still have the issue, and nothing in the logs give any indication on why its happening. Today i manually updated the rules this morning. All other rules was updated 02:30 as per cron-job, but the ET-Telemetry wasn't updated since the 12th of may.

Log files:

Code Select
2023-05-16T07:58:13 Notice suricata [100486] <Notice> -- rule reload complete
2023-05-16T07:56:32 Notice suricata [100486] <Notice> -- rule reload starting
2023-05-16T02:32:02 Notice suricata [100486] <Notice> -- rule reload complete
2023-05-16T02:30:22 Notice suricata [100486] <Notice> -- rule reload starting
2023-05-15T02:32:07 Notice suricata [100486] <Notice> -- rule reload complete
2023-05-15T02:30:22 Notice suricata [100486] <Notice> -- rule reload starting
2023-05-14T02:32:03 Notice suricata [100486] <Notice> -- rule reload complete
2023-05-14T02:30:22 Notice suricata [100486] <Notice> -- rule reload starting
2023-05-13T02:32:16 Notice suricata [100486] <Notice> -- rule reload complete
2023-05-13T02:30:33 Notice suricata [100486] <Notice> -- rule reload starting
2023-05-12T02:32:13 Notice suricata [100486] <Notice> -- rule reload complete
2023-05-12T02:30:33 Notice suricata [100486] <Notice> -- rule reload starting

So everything seems "fine", and no difference between the 12th and the other dates.

Anyone got a clue why this is happening?
Print
Go Up Pages1
User actions