IPS/IDS filling my log file

Started by tekgeek, September 10, 2024, 07:01:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 10, 2024, 07:01:21 PM
I enable IPS/IDS last night using "ETPRO Telemetry edition". I assume this is causing the log to fill with:

Notice   send_telemetry.py   telemetry data collected 16 records in 0.01 seconds

every 60 seconds. Is there a way to keep this from getting logged? It makes the "Live Log" widget absolutely useless.
September 10, 2024, 07:30:21 PM #1
It's actually worse...  perhaps the below ticket should be renamed to "stop logging useless IDS junk".

https://github.com/opnsense/core/issues/7101
September 10, 2024, 07:46:39 PM #2
September 10, 2024, 07:49:54 PM #3
This is the offending line - https://github.com/opnsense/plugins/blob/5a02d3867d5e074837a1de8af7ffbaa46552a89f/security/etpro-telemetry/src/opnsense/scripts/etpro_telemetry/send_telemetry.py#L82

Feel free to file another ticket about it. Should be DEBUG at best. Noone cares about such nonsense.
September 10, 2024, 07:54:48 PM #4
AdSchellevis' attitude seems to be fix it yourself and give us your code or deal with it. It's kinda feeling like pfSense over here. I understand they are in the middle of a major GUI transition, but this seems like a sensible change and something the someone that works on OPNsense often could do one-handed in a few minutes. I wouldn't know where to start. I love OPNsense and I'm not going anywhere, but that interaction leaves a bad taste in my mouth.
September 10, 2024, 07:58:31 PM #5
Well, they have some deal with the signature vendor about telemetry. However, it should be kept within reasonable limits.

Finally did a PR for the original issue which should significantly (~40x) reduce the logs for the stats at least.  https://github.com/opnsense/core/pull/7857
September 10, 2024, 08:06:13 PM #6
I looked for a PR before I responded before. I see it now. I really don't care how often they send the data. Just make the logs sensible. Maybe collate the data and log it every hour.

Thankyou for your help and the PR.
September 10, 2024, 08:15:42 PM #7
Another one for your noise...

https://github.com/opnsense/plugins/pull/4228
September 10, 2024, 08:47:14 PM #8
 :o 🎉
October 31, 2024, 06:23:09 PM #9 Last Edit: October 31, 2024, 06:29:24 PM by badbroccoli
Quote from: doktornotor on September 10, 2024, 08:15:42 PM
Another one for your noise...

https://github.com/opnsense/plugins/pull/4228

Thanks! Subscribed to the issue. Hopefully it can get merged soon.

Edit: Just a few minutes after I posted this it was merged. Woot! Thanks all.
Print
Go Up Pages1
User actions