upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-02-19 02:29:23 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-plugins/security/etpro-telemetry
History
Franco Fichtner a75a87d0b5 security/etpro-telemetry: always show an available status 
Bump version to clear the relatively hight revision count.
2025-10-06 15:11:42 +02:00
..
src security/etpro-telemetry: always show an available status 2025-10-06 15:11:42 +02:00
testdata etpro-telemetry, keep documentation and test data with product for development/internal use 2019-04-02 16:40:39 +02:00
Makefile security/etpro-telemetry: always show an available status 2025-10-06 15:11:42 +02:00
pkg-descr security/etpro-telemetry: adjust naming to other plugins 2019-01-28 09:00:28 +01:00
README.md ET Pro Telemetry: exit 0 if data not of interest, extend readme a bit while here. closes https://github.com/opnsense/plugins/issues/1642 2019-12-29 11:50:44 +01:00
requires.txt etpro-telemetry, keep documentation and test data with product for development/internal use 2019-04-02 16:40:39 +02:00

README.md

ETPRO telemetry edition

Telemetry tools, depends on rule-updater.config, which contains the device registration number provided by OPNsense.

for example.

# autogenerated, do not edit.
[__properties__]
et_telemetry.token=eeyahsei1nootu6aeJ5Eeghoohahxu4rahkiewu2bayeiv2eif

The scripts will be scheduled automatically using a cron job after installation of the ruleset / telemetry function.

General

All scripts described in the readme are available in the directory src/opnsense/scripts/etpro_telemetry

Requirements

Install requirements (default available on OPNsense)

pip install -r requires.txt

send_telemetry.py

Send anonymized telemetry data from Suricata eve log file, for details how the anonimisation works see EventCollector._get_local_networks() and `EventCollector.push()' where all local attached networks are used to strip off the first segments of the address before sending.

usage: send_telemetry.py [-h] [-e ENDPOINT] [-i] [-c CONFIG] [-l LOG]
                         [-s STATE]

optional arguments:
  -h, --help            show this help message and exit
  -e ENDPOINT, --endpoint ENDPOINT
                        Endpoint url to reach
  -i, --insecure        Insecure, skip certificate validation
  -c CONFIG, --config CONFIG
                        rule downloader configuration
  -l LOG, --log LOG     log directory containing eve.json files
  -s STATE, --state STATE
                        persistent state (and lock) filename
  -d DAYS, --days DAYS  Maximum number of days to look back on initial run
  -D, --direct          do not sleep before send (disable traffic spread)

to test using supplied configuration:

python send_telemetry.py -i -d 9999 -e https://endpoint -c testdata/rule-updater.config -l testdata/log/

State is saved /usr/local/var/run/et_telemetry.state by default.

send_heartbeat.py

Send a small heartbeat to proofpoint to signal the device is still active.

usage: send_heartbeat.py [-h] [-e ENDPOINT] [-i] [-c CONFIG]

optional arguments:
  -h, --help            show this help message and exit
  -e ENDPOINT, --endpoint ENDPOINT
                        Endpoint url to reach
  -i, --insecure        Insecure, skip certificate validation
  -c CONFIG, --config CONFIG
                        rule downloader configuration
  -D, --direct          do not sleep before send (disable traffic spread)
  -t, --test            test mode, output request/response to stdout

send_heartbeat.py

Dump suricata eve.log

usage: dump_data.py [-h] [-l LOG] [-t TIME] [-p] [-L LIMIT]

optional arguments:
  -h, --help            show this help message and exit
  -l LOG, --log LOG     log directory containing eve.json files
  -t TIME, --time TIME  max seconds to read from now()
  -p, --parsed          show data as shipped using send_telemetry
  -L LIMIT, --limit LIMIT
                        limit number of rows