OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Maltrail sensor processes
« previous next »
  • Print
Pages: [1]

Author Topic: Maltrail sensor processes  (Read 2336 times)

wstemb

  • Newbie
  • *
  • Posts: 32
  • Karma: 1
    • View Profile
Maltrail sensor processes
« on: March 10, 2023, 12:15:57 pm »
I installed and configured maltrail plugin and it seems it is working OK, I can connect to the web interface, I can see the maltrail alias BlocklistMaltrail populated, I can use the alias in rules. 

I  found some strange behavior, maybe is my fault or misunderstanding:

1. Every time I save the Services/Maltrail/Sensor configuration, the number of "sensor.py" processes is raising by the $CPU_COUNT, resulting in consuming more memory and CPU. No way to see something is wrong from Webui, except from the Lobby/Dashboard graphs (Memory percentage is greater, CPU peaks going to 100% from time to time) 

2. In the list of services there is only "maltrailserver" service. Stopping the maltrailserver service, it stops the "server.py" process, all the "sensor.py" processes  stay alive. I have to kill them manually from CLI 

3. Starting by the Webui the maltrailserver service, only the "server.py" process is started, there is no "sensor.py" processes, until  I press the "Save" button in  Services/Maltrail/Sensor

So practically there is no way of effectively control the maltrail from web ui. I have to use both CLI and web ui to have it started or stopped as expected. Once started and if not touched/reconfigured, all is OK. 

Am I doing or expecting something wrong, or it something with the installation?
« Last Edit: March 13, 2023, 08:22:11 am by wstemb »
Logged

Taomyn

  • Sr. Member
  • ****
  • Posts: 444
  • Karma: 20
    • View Profile
Re: Maltrail sensor processes
« Reply #1 on: January 22, 2024, 09:28:40 am »
This all seems to be the case even now in January 2024, I last tried it back in 2022 with similar issues, the worst being when I made a few changes and nothing seemed different even after restarting the service, was forced to disable/enable the server/sensor (even though general settings states at the stop it should be re-startable, there is no control in either server/sensor pages.


The worst as mentioned by the OP is that python processes just accumulate and I ended up with low RAM and having to kill them all manually. Even uninstalling the plug-in left all of them running.


Either this plugin is looked at and updated, because it's quite a few releases of Maltrail behind now, or it gets removed from OPNsense as unfit for purpose. A shame, as I like Maltrail and serves my needs as I find Suricata to complex.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Maltrail sensor processes
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2