Skip to content

O
OpnSense
Commit b1acd50e authored by Ad Schellevis's avatar Ad Schellevis
Browse files
Options

(ids) add logfile number selection to query script

parent f4253772
Show whitespace changes
Inline Side-by-side
Showing with 45 additions and 39 deletions
src/opnsense/scripts/suricata/queryAlertLog.py
View file @ b1acd50e
......@@ -30,6 +30,7 @@
--------------------------------------------------------------------------------------
query suricata alert log
"""
import os.path
import re
import sre_constants
import shlex
......@@ -37,12 +38,16 @@ import ujson
from lib.log import reverse_log_reader
from lib.params import updateParams
suricata_log = '/var/log/suricata/eve.json'
# handle parameters
parameters = {'limit':'0','offset':'0', 'filter':''}
parameters = {'limit':'0','offset':'0', 'filter':'','fileid':''}
updateParams(parameters)
# choose logfile by number
if parameters['fileid'].isdigit():
suricata_log = '/var/log/suricata/eve.json.%d'%int(parameters['fileid'])
else:
suricata_log = '/var/log/suricata/eve.json'
if parameters['limit'].isdigit():
limit = int(parameters['limit'])
else:
......@@ -78,7 +83,8 @@ else:
# query suricata eve log
result = {'filters':data_filters,'rows':[],'total_rows':0}
for line in reverse_log_reader(filename=suricata_log, start_pos=log_start_pos):
if os.path.exists(suricata_log):
for line in reverse_log_reader(filename=suricata_log, start_pos=log_start_pos):
try:
record = ujson.loads(line['line'])
except ValueError:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023