From 6a89c8968b32973920126f67185a6a50a0315733 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Tue, 15 Apr 2025 10:49:32 +0200 Subject: [PATCH] Services: Intrusion Detection: Administration - our fix in the reverse log reader (https://github.com/opnsense/core/commit/7446f8cbbffc1958abe11331d9aa8ffdff9c1489) caused a regression in the alert view. closes https://github.com/opnsense/core/issues/8550 It looks like this worked by accident, since we started with the wrong offset, we accidentally hit the right record. --- src/opnsense/scripts/suricata/queryAlertLog.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/opnsense/scripts/suricata/queryAlertLog.py b/src/opnsense/scripts/suricata/queryAlertLog.py index 2bdf61749..46e5b782d 100755 --- a/src/opnsense/scripts/suricata/queryAlertLog.py +++ b/src/opnsense/scripts/suricata/queryAlertLog.py @@ -79,7 +79,7 @@ if __name__ == '__main__': # filter one specific log line if 'filepos' in data_filters and data_filters['filepos'].isdigit(): - log_start_pos = int(data_filters['filepos']) + log_start_pos = int(data_filters['filepos']) + 5000 else: log_start_pos = None @@ -122,9 +122,9 @@ if __name__ == '__main__': # do not fetch data until end of file... break - # only try to fetch one line when filepos is given - if log_start_pos is not None: - break + # only try to fetch one line when filepos is given + if log_start_pos is not None: + break # output results print(ujson.dumps(result))