Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
IPS/IDS filling my log file
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPS/IDS filling my log file (Read 723 times)
tekgeek
Newbie
Posts: 25
Karma: 1
IPS/IDS filling my log file
«
on:
September 10, 2024, 07:01:21 pm »
I enable IPS/IDS last night using "ETPRO Telemetry edition". I assume this is causing the log to fill with:
Notice send_telemetry.py telemetry data collected 16 records in 0.01 seconds
every 60 seconds. Is there a way to keep this from getting logged? It makes the "Live Log" widget absolutely useless.
Logged
doktornotor
Hero Member
Posts: 709
Karma: 70
Re: IPS/IDS filling my log file
«
Reply #1 on:
September 10, 2024, 07:30:21 pm »
It's actually worse... perhaps the below ticket should be renamed to "stop logging useless IDS junk".
https://github.com/opnsense/core/issues/7101
Logged
planetf1
Newbie
Posts: 41
Karma: 1
Re: IPS/IDS filling my log file
«
Reply #2 on:
September 10, 2024, 07:46:39 pm »
Interesting - I posted earlier to
https://forum.opnsense.org/index.php?topic=42729.0
and also to the suricata board
https://community.emergingthreats.net/t/opnsense-suricata-rule-update-for-et-telemetry/1952/2
Logged
doktornotor
Hero Member
Posts: 709
Karma: 70
Re: IPS/IDS filling my log file
«
Reply #3 on:
September 10, 2024, 07:49:54 pm »
This is the offending line -
https://github.com/opnsense/plugins/blob/5a02d3867d5e074837a1de8af7ffbaa46552a89f/security/etpro-telemetry/src/opnsense/scripts/etpro_telemetry/send_telemetry.py#L82
Feel free to file another ticket about it. Should be DEBUG at best. Noone cares about such nonsense.
Logged
tekgeek
Newbie
Posts: 25
Karma: 1
Re: IPS/IDS filling my log file
«
Reply #4 on:
September 10, 2024, 07:54:48 pm »
AdSchellevis' attitude seems to be fix it yourself and give us your code or deal with it. It's kinda feeling like pfSense over here. I understand they are in the middle of a major GUI transition, but this seems like a sensible change and something the someone that works on OPNsense often could do one-handed in a few minutes. I wouldn't know where to start. I love OPNsense and I'm not going anywhere, but that interaction leaves a bad taste in my mouth.
Logged
doktornotor
Hero Member
Posts: 709
Karma: 70
Re: IPS/IDS filling my log file
«
Reply #5 on:
September 10, 2024, 07:58:31 pm »
Well, they have some deal with the signature vendor about telemetry. However, it should be kept within reasonable limits.
Finally did a PR for the original issue which should significantly (~40x) reduce the logs for the stats at least.
https://github.com/opnsense/core/pull/7857
Logged
tekgeek
Newbie
Posts: 25
Karma: 1
Re: IPS/IDS filling my log file
«
Reply #6 on:
September 10, 2024, 08:06:13 pm »
I looked for a PR before I responded before. I see it now. I really don't care how often they send the data. Just make the logs sensible. Maybe collate the data and log it every hour.
Thankyou for your help and the PR.
Logged
doktornotor
Hero Member
Posts: 709
Karma: 70
Re: IPS/IDS filling my log file
«
Reply #7 on:
September 10, 2024, 08:15:42 pm »
Another one for your noise...
https://github.com/opnsense/plugins/pull/4228
Logged
tekgeek
Newbie
Posts: 25
Karma: 1
Re: IPS/IDS filling my log file
«
Reply #8 on:
September 10, 2024, 08:47:14 pm »
🎉
Logged
badbroccoli
Newbie
Posts: 11
Karma: 1
Re: IPS/IDS filling my log file
«
Reply #9 on:
October 31, 2024, 06:23:09 pm »
Quote from: doktornotor on September 10, 2024, 08:15:42 pm
Another one for your noise...
https://github.com/opnsense/plugins/pull/4228
Thanks! Subscribed to the issue. Hopefully it can get merged soon.
Edit: Just a few minutes after I posted this it was merged. Woot! Thanks all.
«
Last Edit: October 31, 2024, 06:29:24 pm by badbroccoli
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
IPS/IDS filling my log file
