aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorErmal <eri@pfsense.org>2012-07-13 05:23:36 +0000
committerErmal <eri@pfsense.org>2012-07-13 05:23:36 +0000
commite429e827397d76777de7e76c2ef9d95d53cf624b (patch)
tree4e6e8af4246001418c81221488cdca2ae9d5f24c /config/snort
parent1f27866e955b1ea27a77de07e5dae9edc7896679 (diff)
downloadpfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.tar.gz
pfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.tar.bz2
pfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.zip
Switch to alert csv. No more regex foo
Diffstat (limited to 'config/snort')
-rw-r--r--config/snort/snort.inc17
-rw-r--r--config/snort/snort_barnyard.php3
2 files changed, 3 insertions, 17 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 61930111..cc2cd3c6 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1003,24 +1003,11 @@ function snort_generate_conf($snortcfg) {
@copy("{$snortdir}/{$file}", "{$snortcfgdir}/{$file}");
}
- /* define basic log filename */
- $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
-
- /* define snortalertlogtype */
- $snortalertlogtype_type = "output alert_full: alert";
- if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast")
- $snortalertlogtype_type = "output alert_fast: alert";
-
/* define alertsystemlog */
$alertsystemlog_type = "";
if ($snortcfg['alertsystemlog'] == "on")
$alertsystemlog_type = "output alert_syslog: log_alert";
- /* define tcpdumplog */
- $tcpdumplog_type = "";
- if ($snortcfg['tcpdumplog'] == "on")
- $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
-
/* define snortunifiedlog */
$snortunifiedlog_type = "";
if ($snortcfg['snortunifiedlog'] == "on")
@@ -1362,11 +1349,9 @@ preprocessor stream5_icmp:
preprocessor ssl: ports { {$def_ssl_ports_ignore} }, trustservers, noinspect_encrypted
# Snort Output Logs #
-{$snortunifiedlogbasic_type}
{$snortalertlogtype_type}
+output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id
{$alertsystemlog_type}
-{$tcpdumplog_type}
-{$snortmysqllog_info_chk}
{$snortunifiedlog_type}
{$spoink_type}
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 914bcead..ab819686 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -50,7 +50,8 @@ $pconfig = array();
if (isset($id) && $a_nat[$id]) {
/* old options */
$pconfig = $a_nat[$id];
- $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
+ if (!empty($a_nat[$id]['barnconfigpassthru']))
+ $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
}
if (isset($_GET['dup']))