diff options
author | Ermal <eri@pfsense.org> | 2012-07-13 05:23:36 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-07-13 05:23:36 +0000 |
commit | e429e827397d76777de7e76c2ef9d95d53cf624b (patch) | |
tree | 4e6e8af4246001418c81221488cdca2ae9d5f24c /config/snort/snort.inc | |
parent | 1f27866e955b1ea27a77de07e5dae9edc7896679 (diff) | |
download | pfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.tar.gz pfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.tar.bz2 pfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.zip |
Switch to alert csv. No more regex foo
Diffstat (limited to 'config/snort/snort.inc')
-rw-r--r-- | config/snort/snort.inc | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 61930111..cc2cd3c6 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1003,24 +1003,11 @@ function snort_generate_conf($snortcfg) { @copy("{$snortdir}/{$file}", "{$snortcfgdir}/{$file}"); } - /* define basic log filename */ - $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128"; - - /* define snortalertlogtype */ - $snortalertlogtype_type = "output alert_full: alert"; - if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast") - $snortalertlogtype_type = "output alert_fast: alert"; - /* define alertsystemlog */ $alertsystemlog_type = ""; if ($snortcfg['alertsystemlog'] == "on") $alertsystemlog_type = "output alert_syslog: log_alert"; - /* define tcpdumplog */ - $tcpdumplog_type = ""; - if ($snortcfg['tcpdumplog'] == "on") - $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump"; - /* define snortunifiedlog */ $snortunifiedlog_type = ""; if ($snortcfg['snortunifiedlog'] == "on") @@ -1362,11 +1349,9 @@ preprocessor stream5_icmp: preprocessor ssl: ports { {$def_ssl_ports_ignore} }, trustservers, noinspect_encrypted # Snort Output Logs # -{$snortunifiedlogbasic_type} {$snortalertlogtype_type} +output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id {$alertsystemlog_type} -{$tcpdumplog_type} -{$snortmysqllog_info_chk} {$snortunifiedlog_type} {$spoink_type} |