Intrusion detection no longer showing alerts since last update

[kezman83]

Hi
Since the most recent update I am no longer seeing alerts being displayed in the alerts tab.
I can see the service is running and the the log file is being populated(Indicating the intrusion detection is working). 
If this issue due to the update breaking something?

[franco]

I'm not sure why this needs repeating. Please provide version information: last good version, first bad version. "latest update" is loosely related in space and time.


Cheers,
Franco

[kezman83]

Hi Franco
Apologies for being so vague in my post.
Last good version = 19.1.5
First bad version = 19.1.6
Thank you

Regards,
Alex

[franco]

Hi Alex,

Depends a bit, there was a fix that mutes alerts that are not supposed to alert:

https://github.com/opnsense/core/issues/3386

And there's a small cleanup:

https://github.com/opnsense/core/commit/a0b3ddc57247

It is likely the first change which should be normal and the previous alerts were not meant to be shown at all. Does that make sense in your env?


Cheers,
Franco

[kezman83]

Hi Franco
Thanks for getting back to me, this looks like it makes sense.
An example of an alert the system was giving me is below(Could you confirm if this is an alert that should be muted).

Alert   FILE-IDENTIFY MP4 file download request  (This is set to drop).

Regards,
Alex