diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-09-27 16:51:08 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-09-27 16:51:08 +0000 |
commit | 5bb0b3067102bcac7ab1082b9258d4b025a7ee08 (patch) | |
tree | d2332c58c7dd83884bed83276798c167f09d65b7 | |
parent | 6755319e6d74c3b404927298c0c788d294345287 (diff) | |
download | pfsense-packages-5bb0b3067102bcac7ab1082b9258d4b025a7ee08.tar.gz pfsense-packages-5bb0b3067102bcac7ab1082b9258d4b025a7ee08.tar.bz2 pfsense-packages-5bb0b3067102bcac7ab1082b9258d4b025a7ee08.zip |
Add Snort alerts log viewer
-rw-r--r-- | packages/snort/snort.xml | 9 | ||||
-rw-r--r-- | packages/snort/snort_alerts.php | 88 | ||||
-rw-r--r-- | packages/snort/snort_blocked.php | 1 | ||||
-rw-r--r-- | packages/snort/snort_download_rules.php | 1 | ||||
-rw-r--r-- | packages/snort/snort_rulesets.php | 1 | ||||
-rw-r--r-- | packages/snort/snort_whitelist.xml | 4 |
6 files changed, 104 insertions, 0 deletions
diff --git a/packages/snort/snort.xml b/packages/snort/snort.xml index dd6b5a2e..0b0a93a2 100644 --- a/packages/snort/snort.xml +++ b/packages/snort/snort.xml @@ -44,6 +44,11 @@ <chmod>077</chmod> <item>http://www.pfsense.com/packages/config/snort/snort_check_for_rule_updates.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <chmod>077</chmod> + <item>http://www.pfsense.com/packages/config/snort/snort_alerts.php</item> + </additional_files_needed> <service> <name>snort</name> <rcfile>snort.sh</rcfile> @@ -72,6 +77,10 @@ <text>Snort Whitelist</text> <url>/pkg.php?xml=snort_whitelist.xml</url> </tab> + <tab> + <text>Snort Alerts</text> + <url>/snort_alerts.php</url> + </tab> </tabs> <fields> <field> diff --git a/packages/snort/snort_alerts.php b/packages/snort/snort_alerts.php new file mode 100644 index 00000000..e0ba80f2 --- /dev/null +++ b/packages/snort/snort_alerts.php @@ -0,0 +1,88 @@ +<?php +/* $Id$ */ +/* + snort_alerts.php + part of pfSense + + Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +require("guiconfig.inc"); + +$snort_logfile = "{$g['varlog_path']}/snort/alerts"; + +$nentries = $config['syslog']['nentries']; +if (!$nentries) + $nentries = 50; + +if ($_POST['clear']) { + exec("killall syslogd"); + exec("/usr/sbin/clog -i -s 262144 {$snort_logfile}"); + system_syslogd_start(); +} + +$pgtitle = "Services: Snort: Snort Alerts"; +include("head.inc"); + +?> + +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> +<p class="pgtitle"><?=$pgtitle?></p> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Snort Settings"), false, "/pkg_edit.php?xml=snort.xml&id=0"); + $tab_array[] = array(gettext("Snort Rules Update"), false, "/snort_download_rules.php"); + $tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php"); + $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); + $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Snort Alerts"), true, "/snort_alerts.php"); + display_top_tabs($tab_array); +?> + </td></tr> + <tr> + <td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <tr> + <td colspan="2" class="listtopic"> + Last <?=$nentries;?> Snort Alert entries</td> + </tr> + <?php dump_clog($snort_logfile, $nentries); ?> + <tr><td><br><form action="diag_logs_slbd.php" method="post"> + <input name="clear" type="submit" class="formbtn" value="Clear log"></td></tr> + </table> + </div> + </form> + </td> + </tr> +</table> +<?php include("fend.inc"); ?> +<meta http-equiv="refresh" content="60;url=<?php print $_SERVER['SCRIPT_NAME']; ?>"> +</body> +</html> diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php index 52cb3202..d08a7f6a 100644 --- a/packages/snort/snort_blocked.php +++ b/packages/snort/snort_blocked.php @@ -62,6 +62,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php"); $tab_array[] = array(gettext("Snort Blocked"), true, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); display_top_tabs($tab_array); ?> </td> diff --git a/packages/snort/snort_download_rules.php b/packages/snort/snort_download_rules.php index c1126400..d0309e18 100644 --- a/packages/snort/snort_download_rules.php +++ b/packages/snort/snort_download_rules.php @@ -74,6 +74,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Rulesets"), false, "/snort_rulesets.php"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); display_top_tabs($tab_array); ?> </td> diff --git a/packages/snort/snort_rulesets.php b/packages/snort/snort_rulesets.php index acb2da00..9950c96b 100644 --- a/packages/snort/snort_rulesets.php +++ b/packages/snort/snort_rulesets.php @@ -80,6 +80,7 @@ include("head.inc"); $tab_array[] = array(gettext("Snort Rulesets"), true, "/snort_rulesets.php"); $tab_array[] = array(gettext("Snort Blocked"), false, "/snort_blocked.php"); $tab_array[] = array(gettext("Snort Whitelist"), false, "/pkg.php?xml=snort_whitelist.xml"); + $tab_array[] = array(gettext("Snort Alerts"), false, "/snort_alerts.php"); display_top_tabs($tab_array); ?> </td> diff --git a/packages/snort/snort_whitelist.xml b/packages/snort/snort_whitelist.xml index e016db72..902bf299 100644 --- a/packages/snort/snort_whitelist.xml +++ b/packages/snort/snort_whitelist.xml @@ -27,6 +27,10 @@ <url>/pkg.php?xml=snort_whitelist.xml</url> <active/> </tab> + <tab> + <text>Snort Alerts</text> + <url>/snort_alerts.php</url> + </tab> </tabs> <adddeleteeditpagefields> <columnitem> |