diff options
author | Ermal <eri@pfsense.org> | 2012-07-13 05:23:36 +0000 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2012-07-13 05:23:36 +0000 |
commit | e429e827397d76777de7e76c2ef9d95d53cf624b (patch) | |
tree | 4e6e8af4246001418c81221488cdca2ae9d5f24c /config/snort | |
parent | 1f27866e955b1ea27a77de07e5dae9edc7896679 (diff) | |
download | pfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.tar.gz pfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.tar.bz2 pfsense-packages-e429e827397d76777de7e76c2ef9d95d53cf624b.zip |
Switch to alert csv. No more regex foo
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort.inc | 17 | ||||
-rw-r--r-- | config/snort/snort_barnyard.php | 3 |
2 files changed, 3 insertions, 17 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 61930111..cc2cd3c6 100644 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -1003,24 +1003,11 @@ function snort_generate_conf($snortcfg) { @copy("{$snortdir}/{$file}", "{$snortcfgdir}/{$file}"); } - /* define basic log filename */ - $snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128"; - - /* define snortalertlogtype */ - $snortalertlogtype_type = "output alert_full: alert"; - if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast") - $snortalertlogtype_type = "output alert_fast: alert"; - /* define alertsystemlog */ $alertsystemlog_type = ""; if ($snortcfg['alertsystemlog'] == "on") $alertsystemlog_type = "output alert_syslog: log_alert"; - /* define tcpdumplog */ - $tcpdumplog_type = ""; - if ($snortcfg['tcpdumplog'] == "on") - $tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump"; - /* define snortunifiedlog */ $snortunifiedlog_type = ""; if ($snortcfg['snortunifiedlog'] == "on") @@ -1362,11 +1349,9 @@ preprocessor stream5_icmp: preprocessor ssl: ports { {$def_ssl_ports_ignore} }, trustservers, noinspect_encrypted # Snort Output Logs # -{$snortunifiedlogbasic_type} {$snortalertlogtype_type} +output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id {$alertsystemlog_type} -{$tcpdumplog_type} -{$snortmysqllog_info_chk} {$snortunifiedlog_type} {$spoink_type} diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php index 914bcead..ab819686 100644 --- a/config/snort/snort_barnyard.php +++ b/config/snort/snort_barnyard.php @@ -50,7 +50,8 @@ $pconfig = array(); if (isset($id) && $a_nat[$id]) { /* old options */ $pconfig = $a_nat[$id]; - $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); + if (!empty($a_nat[$id]['barnconfigpassthru'])) + $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']); } if (isset($_GET['dup'])) |