Telegram notification setup
-
@jacob-bisror said in Telegram notification setup:
How can I be alerted that a node down? Audit success? Admin login? Reboot? VPN event and so on...
Do I need to install additional packages like watchdogs or UPS or other SMTP alert packages?
NUT can use the notification system when a power events arrives.
This one : Installed Packages Notification will notify you when a pfSense package or pfSense FreeBSD packages is available for upgrading.
In the OpenVPN forum you will find a scripts that notifies you when a remote OpenVPN client connects to your OpenVPN server.
A pfSense shutdown, reboot or "upgrade in progress" notification already exists.
With info like this :
@stephenw10 said in Telegram notification setup:
require_once('notices.inc');
file_notice(1,"Test");the only limit left is your own imagination ;)
-
I use mine for errors and reboots but mine is the Google mail version.
-
@stephenw10 As I already mention, I was able to send multiple test messages via Telegram using the test button.
What I want to know is how can I set other alerts such as I described in my original post.Thanks.
-
The default notifications are, currently, fixed in pfSense. You can add custom scripts to generate more notifications as described if you need to.
-
@stephenw10 How can I add the root access alert to Telegram notifications?
-
Some development work would be required. There is no system alert/notification for that currently.
-
@stephenw10 I am not a developer, that's why I am here :)
Currently, there is a system alert from lfd by Email so maybe there is a way to redirect it to Telegram?Thanks.
-
I'll show you what has to be done in this case.
You probably already noticed that as soon as the admin user logs in, you see this line in the system log :
<37>1 2023-07-13T16:25:44.610897+02:00 pfSense.bhf.net php-fpm 10909 - - /index.php: Successful login for user 'admin' from: 2a01:cb00:710:a6dc::c7
When you've found this line, 75 % of the work is done
Knowing that the pfSense GUI is "100 % open source" is means : you can find where that info came from.
True : you must know that most of the helper scripts are living here : /etc/in/ (so, now you now too).Use the "look it up for me" (a bit like Google it) :
grep -R 'Successful login for user' /etc/inc/
will show you :
/etc/inc/auth.inc: log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource()));
Open /etc/inc/auth.inc in your favorite text edit, like ee - goto line 2175.
You'll see :
.... phpsession_end(true); log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource())); if (isset($_POST['postafterlogin'])) { .....
add :
..... phpsession_end(true); log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource())); // edit start notify_all_remote(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource())); // edit end if (isset($_POST['postafterlogin'])) { .......
Save. Done. Enjoy.
I logged out, logged in again, and I received a mail, as I'm using 'email' as a notifier.
Btw : Take note : this is a 'how I would do it - how I just did it' example. I did not 'check' for nasty side effects.
You're editing the /etc/auth.inc file, a rather important file that handles 'security'.Btw : actually, rather useless for me, as I'm the only one that knows the pfSense password
-
Yes that email you're getting currently is not from pfSense. I assume you have some external log log analysis setup that's sending it.
-
@Gertjan said in Telegram notification setup:
// edit start
notify_all_remote(sprintf(gettext("Successful login for user '%1$s' from: %2$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource()));
// edit endGenius!
-