(ids) add logfile number selection to query script

src/opnsense/scripts/suricata/queryAlertLog.py

@@ -30,6 +30,7 @@
     --------------------------------------------------------------------------------------
     query suricata alert log
 """
+import os.path
 import re
 import sre_constants
 import shlex
@@ -37,12 +38,16 @@ import ujson
 from lib.log import reverse_log_reader
 from lib.params import updateParams
 
-suricata_log = '/var/log/suricata/eve.json'
-
 # handle parameters
-parameters = {'limit':'0','offset':'0', 'filter':''}
+parameters = {'limit':'0','offset':'0', 'filter':'','fileid':''}
 updateParams(parameters)
 
+# choose logfile by number
+if parameters['fileid'].isdigit():
+    suricata_log = '/var/log/suricata/eve.json.%d'%int(parameters['fileid'])
+else:
+    suricata_log = '/var/log/suricata/eve.json'
+
 if parameters['limit'].isdigit():
     limit = int(parameters['limit'])
 else:
@@ -78,7 +83,8 @@ else:
 
 # query suricata eve log
 result = {'filters':data_filters,'rows':[],'total_rows':0}
-for line in reverse_log_reader(filename=suricata_log, start_pos=log_start_pos):
+if os.path.exists(suricata_log):
+    for line in reverse_log_reader(filename=suricata_log, start_pos=log_start_pos):
         try:
             record = ujson.loads(line['line'])
         except ValueError: