telegram notifications can't receive rule logs

Gertjan

@phoenixz2 said in telegram notifications can't receive rule logs:

But I can't receive rule logs

How did you set this up ?

phoenixz2

This post is deleted!

phoenixz2

@Gertjan

This is my set up. I'm using Suricata on pfSense, and because I'm a new user, I'm not sure if my setup is correct

Gertjan

@phoenixz2 said in telegram notifications can't receive rule logs:

This is my set up. I'm using Suricata on pfSense, and because I'm a new user, I'm not sure if my setup is correct

Surricata is a pfSense package, not part of the default setup.
It's here Home > pfSense Packages > IDS/IPS

I'm not using Surricata myself, buit this :

doesn't that mean that you could receive a/only notification when "updates" happen, or when "new categories" are found (during updates ?) ?

To be sure, use the 'mail' notification also.

phoenixz2

@Gertjan I can try test smtp (gmail) and it was successful. However, apart from the SMTP test message, it doesn't respond with anything else.

stephenw10

Yes I would only expect to see anyhing when here are updates.

Gertjan

@phoenixz2 said in telegram notifications can't receive rule logs:

it doesn't respond with anything else

It does.
For example, these :

pfsense start/reboot, php errors

and I use a script file (see forum) that send me a mail when there are pfSense or package updates.
Also : DynDNS updates.

Did you saw System > Package Manager > Available Packages - and look for the mailreport package ?

Normally, 'notifications' should be used for rare and important (exceptional) circumstances).

phoenixz2

This post is deleted!

phoenixz2

@Gertjan yes, I have installed the mailreport package before and use script:
import requests

bot token and chat id

BOT_TOKEN = '7804335159:AAFBr8jeg26I8ZMgGgr12lmZvooRFinxxxx'
CHAT_ID = 207775xxxx
LOG_FILE = '/path/to/logfile.log'

read file

with open(LOG_FILE, 'r') as log_file:
logs = log_file.readlines()

check log and send to Telegram

for log in logs:
if "ERROR" in log:
message = f"System Error: {log}"
url = f'https://api.telegram.org/bot{BOT_TOKEN}/sendMessage'
payload = {
'chat_id': CHAT_ID,
'text': message
}
requests.post(url, data=payload)
but except for updates and errors messages, I don't see alert messages

Gertjan

@phoenixz2

You want to write your own script ?

Have a look at this file, the last lines : /etc/inc/notices.inc

So you can use

	notify_via_telegram($msg);

in your own scripts (this is PHP btw) if you have set up Telegram.