OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • ntop alerts to slack
« previous next »
  • Print
Pages: [1]

Author Topic: ntop alerts to slack  (Read 2667 times)

deekdeeker

  • Newbie
  • *
  • Posts: 36
  • Karma: 4
    • View Profile
ntop alerts to slack
« on: April 23, 2019, 02:04:57 am »
Anyone using the ntop alerts via slack?? Just trying this for the first time and not really sure what is happening , I thought that it would just forward the alerts that are appearing the the "flow alerts" section of ntop but apparently not im just getting stuff like below that does not in any way match the alerted flows in ntop.. no more info than that . is this just a useless feature?

22/04/2019 20:00:08][Blacklisted Flow] Client, server or domain is blacklisted [Flow: xxx.176.26.66:52077 xxx.xxx.local:40100] [L4 Protocol: TCP]
Logged

lrosenman

  • Full Member
  • ***
  • Posts: 197
  • Karma: 8
    • View Profile
Re: ntop alerts to slack
« Reply #1 on: April 23, 2019, 02:27:12 am »
Even in the logs, I'm trying(!) to figure out what the hades this means.
Logged

deekdeeker

  • Newbie
  • *
  • Posts: 36
  • Karma: 4
    • View Profile
Re: ntop alerts to slack
« Reply #2 on: April 23, 2019, 02:31:52 am »
well i can see that these logs are just random probes from mother russia. But i dont see these anywhere in ntop these are attacks straight to the FW itself. Very confusing and not very useful info as the purpose of slack would be to aggregate the logs that would normally see from NTOP - which do not seem to get logged. :P
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • ntop alerts to slack
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2