Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
ET Telemetry Edition having problems?
« previous
next »
Print
Pages: [
1
]
Author
Topic: ET Telemetry Edition having problems? (Read 6279 times)
JohnDoe17
Newbie
Posts: 40
Karma: 5
ET Telemetry Edition having problems?
«
on:
September 10, 2021, 08:54:50 pm »
I am running 21.1.9, and I've had the ET Telemetry Edition working fine for several months. But in the last couple of days, the Dashboard widget is just spinning when it is trying to get status from proofpoint.
When I look in the Intrusion Detection > Download tab, my Abuse.ch rule sets are downloading and updating fine. Only the ET rule sets are not downloading on schedule.
At first I chalked this up to a temporary issue on proofpoint's side (and maybe it still is), but it's dragged on for a couple of days now and I though it was time to ask if any others are seeing this...
Thanks.
Logged
joeyboon
Newbie
Posts: 41
Karma: 2
Re: ET Telemetry Edition having problems?
«
Reply #1 on:
September 11, 2021, 11:43:47 am »
Hi,
I'm experiencing similar problems on 21.7.2_1-amd64. General log only mentions
"connection error sending heartbeat to
https://opnsense.emergingthreats.net/api/v1/telemetry
"
Problem for me started on 09-09 (but that was after an update).
Logged
joeyboon
Newbie
Posts: 41
Karma: 2
Re: ET Telemetry Edition having problems?
«
Reply #2 on:
September 11, 2021, 05:55:32 pm »
The problem seems to be resolved with my instance.
Logged
joeyboon
Newbie
Posts: 41
Karma: 2
Re: ET Telemetry Edition having problems?
«
Reply #3 on:
September 12, 2021, 10:01:01 pm »
Andddd it's back.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: ET Telemetry Edition having problems?
«
Reply #4 on:
September 13, 2021, 02:06:32 pm »
We forwarded the report(s) to Proofpoint about issues with that URL last week. I'll follow up with a response as soon as we have it.
Cheers,
Franco
Logged
JohnDoe17
Newbie
Posts: 40
Karma: 5
Re: ET Telemetry Edition having problems?
«
Reply #5 on:
September 13, 2021, 06:07:34 pm »
Thanks, Franco and OPNsense team for passing this on to Proofpoint.
Like @joeyboon said, the "connection error sending heartbeat to
https://opnsense.emergingthreats.net/api/v1/telemetry
" issue appears to be back.
Edit: Anxious to hear about a resolution.
JD17
Logged
joeyboon
Newbie
Posts: 41
Karma: 2
Re: ET Telemetry Edition having problems?
«
Reply #6 on:
September 14, 2021, 11:24:38 am »
Thanks! for the reply. The log messages are a bit more detailed now
unexpected result from
https://opnsense.emergingthreats.net/api/v1/telemetry
(http_code 502)
Hopefully this helps.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: ET Telemetry Edition having problems?
«
Reply #7 on:
September 15, 2021, 08:23:24 pm »
Connectivity issue was fixed some time in the last 24 hours we've been told. Can you guys confirm it's working as expected again?
Thanks,
Franco
Logged
JohnDoe17
Newbie
Posts: 40
Karma: 5
Re: ET Telemetry Edition having problems?
«
Reply #8 on:
September 15, 2021, 11:25:31 pm »
Yes, the issues seem to be resolved for me - at least, the heartbeats are going through now apparently. Not sure how often the ET Pro Telemetry edition rules themselves are revved from Proofpoint's side, but the last set of rules the firewall downloaded were going on 16 hours old when I just checked (I have the firewall configured to download fresh rule sets every 6 hours).
Thanks for the help!
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: ET Telemetry Edition having problems?
«
Reply #9 on:
September 16, 2021, 07:25:16 am »
It might be updated every 24 hours but I'm not sure.
Thanks for the feedback!
Cheers,
Franco
Logged
joeyboon
Newbie
Posts: 41
Karma: 2
Re: ET Telemetry Edition having problems?
«
Reply #10 on:
September 16, 2021, 08:36:24 am »
@franco! Thanks for looking in to this! The issue seems to be resolved
Thanks again!
Logged
JohnDoe17
Newbie
Posts: 40
Karma: 5
Re: ET Telemetry Edition having problems?
«
Reply #11 on:
September 20, 2021, 09:11:37 pm »
Well... the heartbeats work as I reported a few days ago, but the ET Pro Telemetry rules have *NOT* been updated since September 18th.
Neither the "Services > Intrusion Detection > Log File" nor the "System > Log Files > General" indicate there is any error downloading new rules. Frankly it just looks like they haven't updated them for a few days.
Is Proofpoint still supporting the "ET Pro Telemetry" edition rules?
Thanks.
JD17
Edit: Added the missing word "*NOT*" in the first sentence. It was kind of important, lol.
«
Last Edit: September 21, 2021, 06:00:14 pm by JohnDoe17
»
Logged
JohnDoe17
Newbie
Posts: 40
Karma: 5
Re: ET Telemetry Edition having problems?
«
Reply #12 on:
September 21, 2021, 05:59:15 pm »
Perhaps this has been resolved too...? I did get an updated set of rules on Monday - finally.
Logged
abulafia
Full Member
Posts: 156
Karma: 8
Re: ET Telemetry Edition having problems?
«
Reply #13 on:
October 14, 2021, 12:50:28 pm »
Maybe new problem: Since yesterday, my Suricata instance (on 21.7.3_3) no longer updates the rules - neither the cron job nor a manual "Download & update rules" does anything.
I added a few rule categories yesterday and "enabled" and "saved" them. Since then -> downloads don't work.
--
EDIT: The issue was the "OPNsense-App-detect/test" rule. Once I disabled that, the rules would download again.
«
Last Edit: October 16, 2021, 07:47:42 pm by abulafia
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
ET Telemetry Edition having problems?