ET PRO Telemetry not working anymore

Started by guenti_r, January 09, 2025, 11:24:41 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 09, 2025, 11:24:41 AM
Hi all,

on one of my OPNSense-Instances (24.10.1) this plug-in is not working anymore.
It downloads the wrong rules (et-open) because the heartbeat does not work.
Also the widget shows nothing.
These OPNSense is running since 2021 without any changes, the sensor token is also the same since ordered in 2021.

/sensor_info.py shows

Code Select
{"sensorId":"--REMOVED--","sensor_status":"DISABLED","last_heartbeat":"2025-01-09T10:12:05+00:00","last_rule_download":"2025-01-09T09:30:38+00:00","event_received":"2022-12-30T21:11:36+00:00","created":"2021-12-15T13:00:09+00:00","disable_date":"2023-01-04T21:11:36+00:00","status":"ok"}
The bad thing is, if the sensor is disabled some time, it downloads a VERY outdated et_open rule package, which is very dangerous because the implemented policies does not working with these outdated rules. So suricata blockes randomely many wrong traffic wich is catastrophical!
Print
Go Up Pages1
User actions