Opnsense suricata rule update for ET Telemetry

Feedback & Support
1

I’m running opnsense 24.7.3 & have been using ET Telemetry Pro for about 4 months.

I’m seeing various errors like

2024-09-09T06:00:02 Error send_heartbeat.py unexpected result from https://opnsense.emergingthreats.net/api/v1/telemetry (http_code 502)

2024-09-09T00:00:02 Error rule-updater.py download failed for https://opnsense.emergingthreats.net/api/v1/ruleset/engine/suricata/5 (http_code: 502)

2024-09-09T00:00:01 Error rule-updater.py download failed for https://opnsense.emergingthreats.net/api/v1/ruleset/version (http_code: 502)

These have been happening since 2024-09-04 and occur daily.

No network issues I"m aware of
I have an et_telemetry.token

Could the token be expired? Any tips as to what to check?

2

Hey @planetf1 - thanks for joining The Community!

Which log file are you seeing the errors in? I just got a new install setup today and not seeing anything similar to what you’ve shared.

I think the first thing to check is the validity of your token. Going off the docs it looks like the easiest way to check the health of your subscription is to add a widget to the dashboard.

Here are the instructions on how to get the widget added:

  1. Go to the dashboard Lobby ‣ Dashboard
  2. Click on “Add widget” in the top right corner, click “Telemetry status” in the list
  3. Close dialog and click “Save settings” on the right top of the dashboard
  4. Open Lobby ‣ Dashboard again to refresh the content

Here is a screenshot of what my status looks like. Let me know what your telemetry status is and we can go from there :+1:

Screenshot 2024-09-09 at 1.44.13 PM

1 Like
3

Thanks for the reply!

Screenshot 2024-09-10 at 07.00.15
Screenshot 2024-09-10 at 07.00.151082×582 27.6 KB

Looks fairly good, yet in System->Log Files->General (Warning) I still see entries like:

Screenshot 2024-09-10 at 07.01.50
Screenshot 2024-09-10 at 07.01.501578×314 22.2 KB

These repeat each night, hence the uncertainty about whether it’s actually updating properly…

4

The last rule download was prior to the error, but isn’t too hold, which suggests it might be intermittent. Here’s a lot with more detail:

[Date](javascript:void(0):wink: [Severity](javascript:void(0):wink: [Process](javascript:void(0):wink: [Line](javascript:void(0):wink:
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-worm.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-web_specific_apps.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-web_server.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-web_client.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-voip.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-user_agents.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-tftp.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-telnet.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-sql.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-snmp.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-smtp.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-shellcode.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-scan.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-scada.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-rpc.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-pop3.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-policy.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-phishing.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-p2p.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-netbios.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-mobile_malware.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-misc.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-malware.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-ja3.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-info.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-inappropriate.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-imap.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-icmp_info.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-icmp.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-hunting.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-games.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-ftp.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-exploit_kit.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-exploit.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-dos.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-dns.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-deleted.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-current_events.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-coinminer.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-chat.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-botcc_portgrouped.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-attack_response.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-adware_pup.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py download skipped emerging-activex.rules, same version
2024-09-10T00:00:11 Notice rule-updater.py version response for https://opnsense.emergingthreats.net/api/v1/ruleset/version : {“ruleset”: “opnsense-rules.tar.gz”, “version”: “10683”}
2024-09-10T00:00:07 Notice rule-updater.py download completed for https://opnsense.emergingthreats.net/api/v1/ruleset/engine/suricata/5
2024-09-10T00:00:01 Error rule-updater.py download failed for https://opnsense.emergingthreats.net/api/v1/ruleset/version (http_code: 502)
2024-09-09T06:00:02 Error send_heartbeat.py unexpected result from https://opnsense.emergingthreats.net/api/v1/telemetry (http_code 502)
2024-09-09T00:00:06 Notice rule-updater.py download skipped emerging-worm. Rules, same version
5

Thanks for sharing the detailed information! I initially installed OPNSense on a local VM which wasn’t running all night so I haven’t seen any errors on my end.

I installed a new instance in a cloud provider which checks for updates hourly so I’ll let that run for the next day and report back what I’m seeing in my logs.

6

Hello,
I have the same issue, and the message appears very frequently and at irregular intervals since September 9 at 9:00 AM.
My FW is working perfectly, my IPS as well, I have no network issues, and my token is still valid.

DeepinScreenshot_select-area_20240911043529
DeepinScreenshot_select-area_20240911043529911×571 93.4 KB

DeepinScreenshot_select-area_20240911043905

1 Like
7

thanks for sharing @Mika4D - we’re looking at it now