Telegram notification setup

jacob.bisror · Jul 4, 2023, 1:41 PM

**Greetings,
I have successfully set up the Telegram API for general notifications.
The test message works but no notification was sent by the FW since the setting was set.
Am I missing something?
How can I be alerted that a node down? Audit success? Admin login? Reboot? VPN event and so on...

Do I need to install additional packages like watchdogs or UPS or other SMTP alert packages?

Thanks for the help :)**

stephenw10 · Jul 3, 2023, 4:39 PM

Generate a test notification to make sure it sends that.
In Diag > Command Prompt execute the following in the PHP Commands box:

require_once('notices.inc');
file_notice(1,"Test");

You should then see the 'Test' notification in the gui and where ever else you have configured notificaions, including Telegram.

Steve

Gertjan · Jul 4, 2023, 6:35 AM

@jacob-bisror said in Telegram notification setup:

How can I be alerted that a node down? Audit success? Admin login? Reboot? VPN event and so on...

Do I need to install additional packages like watchdogs or UPS or other SMTP alert packages?

NUT can use the notification system when a power events arrives.

This one : Installed Packages Notification will notify you when a pfSense package or pfSense FreeBSD packages is available for upgrading.

In the OpenVPN forum you will find a scripts that notifies you when a remote OpenVPN client connects to your OpenVPN server.

A pfSense shutdown, reboot or "upgrade in progress" notification already exists.

With info like this :

@stephenw10 said in Telegram notification setup:

require_once('notices.inc');
file_notice(1,"Test");

the only limit left is your own imagination ;)

JonathanLee · Jul 4, 2023, 6:37 AM

I use mine for errors and reboots but mine is the Google mail version.

jacob.bisror · Jul 4, 2023, 9:44 AM

@stephenw10 As I already mention, I was able to send multiple test messages via Telegram using the test button.
What I want to know is how can I set other alerts such as I described in my original post.

Thanks.

stephenw10 · Jul 4, 2023, 1:33 PM

The default notifications are, currently, fixed in pfSense. You can add custom scripts to generate more notifications as described if you need to.

jacob.bisror · Jul 13, 2023, 2:21 PM

@stephenw10 How can I add the root access alert to Telegram notifications?

stephenw10 · Jul 13, 2023, 2:36 PM

Some development work would be required. There is no system alert/notification for that currently.

jacob.bisror · Jul 13, 2023, 2:50 PM

@stephenw10 I am not a developer, that's why I am here :)
Currently, there is a system alert from lfd by Email so maybe there is a way to redirect it to Telegram?

Thanks.

Gertjan · Jul 13, 2023, 3:31 PM

@jacob-bisror

I'll show you what has to be done in this case.

You probably already noticed that as soon as the admin user logs in, you see this line in the system log :

<37>1 2023-07-13T16:25:44.610897+02:00 pfSense.bhf.net php-fpm 10909 - - /index.php: Successful login for user 'admin' from: 2a01:cb00:710:a6dc::c7

When you've found this line, 75 % of the work is done

Knowing that the pfSense GUI is "100 % open source" is means : you can find where that info came from.
True : you must know that most of the helper scripts are living here : /etc/in/ (so, now you now too).

Use the "look it up for me" (a bit like Google it) :

grep -R 'Successful login for user' /etc/inc/

will show you :

/etc/inc/auth.inc:                      log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource()));

Open /etc/inc/auth.inc in your favorite text edit, like ee - goto line 2175.

You'll see :

			....
			phpsession_end(true);
			log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource()));
			if (isset($_POST['postafterlogin'])) {
 			.....

add :

			.....
			phpsession_end(true);
			log_auth(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource()));
			// edit start
			notify_all_remote(sprintf(gettext("Successful login for user '%1\$s' from: %2\$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource()));
			// edit end
			if (isset($_POST['postafterlogin'])) {
			.......

Save. Done. Enjoy.

I logged out, logged in again, and I received a mail, as I'm using 'email' as a notifier.

Btw : Take note : this is a 'how I would do it - how I just did it' example. I did not 'check' for nasty side effects.
You're editing the /etc/auth.inc file, a rather important file that handles 'security'.

Btw : actually, rather useless for me, as I'm the only one that knows the pfSense password

stephenw10 · Jul 13, 2023, 3:30 PM

Yes that email you're getting currently is not from pfSense. I assume you have some external log log analysis setup that's sending it.

jacob.bisror · Jul 16, 2023, 1:37 PM

@Gertjan said in Telegram notification setup:

// edit start
notify_all_remote(sprintf(gettext("Successful login for user '%1$s' from: %2$s"), $_POST['usernamefld'], get_user_remote_address() . get_user_remote_authsource()));
// edit end

Genius!