Maltrail sensor processes

Started by wstemb, March 10, 2023, 12:15:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 10, 2023, 12:15:57 PM Last Edit: March 13, 2023, 08:22:11 AM by wstemb
I installed and configured maltrail plugin and it seems it is working OK, I can connect to the web interface, I can see the maltrail alias BlocklistMaltrail populated, I can use the alias in rules. 

I  found some strange behavior, maybe is my fault or misunderstanding:

1. Every time I save the Services/Maltrail/Sensor configuration, the number of "sensor.py" processes is raising by the $CPU_COUNT, resulting in consuming more memory and CPU. No way to see something is wrong from Webui, except from the Lobby/Dashboard graphs (Memory percentage is greater, CPU peaks going to 100% from time to time) 

2. In the list of services there is only "maltrailserver" service. Stopping the maltrailserver service, it stops the "server.py" process, all the "sensor.py" processes  stay alive. I have to kill them manually from CLI 

3. Starting by the Webui the maltrailserver service, only the "server.py" process is started, there is no "sensor.py" processes, until  I press the "Save" button in  Services/Maltrail/Sensor

So practically there is no way of effectively control the maltrail from web ui. I have to use both CLI and web ui to have it started or stopped as expected. Once started and if not touched/reconfigured, all is OK. 

Am I doing or expecting something wrong, or it something with the installation?
January 22, 2024, 09:28:40 AM #1
This all seems to be the case even now in January 2024, I last tried it back in 2022 with similar issues, the worst being when I made a few changes and nothing seemed different even after restarting the service, was forced to disable/enable the server/sensor (even though general settings states at the stop it should be re-startable, there is no control in either server/sensor pages.


The worst as mentioned by the OP is that python processes just accumulate and I ended up with low RAM and having to kill them all manually. Even uninstalling the plug-in left all of them running.


Either this plugin is looked at and updated, because it's quite a few releases of Maltrail behind now, or it gets removed from OPNsense as unfit for purpose. A shame, as I like Maltrail and serves my needs as I find Suricata to complex.
Print
Go Up Pages1
User actions