Send IPS alerts by e-mail

Started by moware, October 17, 2019, 03:19:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 17, 2019, 03:19:58 PM
I successfully set up and configured IPS in opnsense. If I try to open a TCP connection from inside my network to a host listed, e.g., in the ET botnet list, the connection is blocked and I get an alert. So far, so good.

The problem is: The alert shows up in the opnsense web UI. I don't want to regularly check the web UI for alerts. If an alert happens, I'd like to be notified (by e-mail), so that I can investigate whether this is a security incident or a false positive.

Is there some built-in functionality in opnsense to activate this kind of e-mail notification? I activated Monit, but none of the built-in service alerts seems to relate to the IPS.

Thanks and best regards
October 17, 2019, 08:21:56 PM #1
No, only via external syslog or similar
October 21, 2019, 09:45:42 AM #2
OK, thanks for the quick reply!
October 21, 2019, 12:04:00 PM #3
Ok Thanks, I had the same question a week ago.

https://forum.opnsense.org/index.php?topic=14648.0
September 04, 2020, 03:12:24 PM #4
For future readers: An example for how to set this up has been added to the opnSense/monit documentation:

https://docs.opnsense.org/manual/monit.html

Credit goes to this thread: https://forum.opnsense.org/index.php?topic=17967.0; my thanks go to FullyBorked for finding out how to do it and to mimugmail for adding it to the docs!
Print
Go Up Pages1
User actions