diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-02-28 20:41:37 -0500 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-02-28 20:41:37 -0500 |
commit | af5566164c9b0b412962c26b831e78c499f53281 (patch) | |
tree | 48c045a10c0150688ddfe8d3d2145c94b83f48eb /config/suricata/suricata_alerts.php | |
parent | 3d4247441ec7b090ee4340c3e78e42a9b31632fd (diff) | |
download | pfsense-packages-af5566164c9b0b412962c26b831e78c499f53281.tar.gz pfsense-packages-af5566164c9b0b412962c26b831e78c499f53281.tar.bz2 pfsense-packages-af5566164c9b0b412962c26b831e78c499f53281.zip |
Bug fixes and enhancements for v0.2-BETA in Suricata pkg.
Diffstat (limited to 'config/suricata/suricata_alerts.php')
-rw-r--r-- | config/suricata/suricata_alerts.php | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php index 3fc39f36..75f21333 100644 --- a/config/suricata/suricata_alerts.php +++ b/config/suricata/suricata_alerts.php @@ -274,12 +274,10 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen } if ($_POST['delete']) { - conf_mount_rw(); suricata_post_delete_logs($suricata_uuid); $fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+"); if ($fd) fclose($fd); - conf_mount_ro(); /* XXX: This is needed if suricata is run as suricata user */ mwexec('/bin/chmod 660 {$suricatalogdir}*', true); sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", "HUP"); @@ -375,7 +373,7 @@ if ($savemsg) { $selected = ""; if ($id == $instanceid) $selected = "selected"; - echo "<option value='{$id}' {$selected}> (" . suricata_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n"; + echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . "){$instance['descr']}</option>\n"; } ?> </select> <?php echo gettext('Choose which instance alerts you want to inspect.'); ?> @@ -386,7 +384,7 @@ if ($savemsg) { <input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' . 'log files will be saved.'); ?> <input name="delete" type="submit" class="formbtns" value="Clear" - onclick="return confirm('Do you really want to remove all instance logs?');"></a> + onclick="return confirm('Do you really want to remove all instance logs?');"> <span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?> </td> </tr> @@ -439,21 +437,30 @@ if ($savemsg) { /* make sure alert file exists */ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) { - exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_{$suricata_uuid}"); - if (file_exists("/tmp/alerts_{$suricata_uuid}")) { + exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_suricata{$suricata_uuid}"); + if (file_exists("/tmp/alerts_suricata{$suricata_uuid}")) { $tmpblocked = array_flip(suricata_get_blocked_ips()); $counter = 0; /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */ - $fd = fopen("/tmp/alerts_{$suricata_uuid}", "r"); + $fd = fopen("/tmp/alerts_suricata{$suricata_uuid}", "r"); while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if(count($fields) < 12) continue; + // Create a DateTime object from the event timestamp that + // we can use to easily manipulate output formats. + $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]); + + // Check the 'CATEGORY' field for the text "(null)" and + // substitute "Not Assigned". + if ($fields[6] == "(null)") + $fields[6] = "Not Assigned"; + /* Time */ - $alert_time = substr($fields[0], strpos($fields[0], '-')+1, -7); + $alert_time = date_format($event_tm, "H:i:s"); /* Date */ - $alert_date = trim(substr($fields[0], 0, strpos($fields[0], '-'))); + $alert_date = date_format($event_tm, "m/d/Y"); /* Description */ $alert_descr = $fields[5]; $alert_descr_url = urlencode($fields[5]); @@ -462,7 +469,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo /* Protocol */ $alert_proto = $fields[8]; /* IP SRC */ - $alert_ip_src = $fields[9]; + $alert_ip_src = inet_ntop(inet_pton($fields[9])); /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_src = str_replace(":", ":​", $alert_ip_src); /* Add Reverse DNS lookup icons */ @@ -491,7 +498,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo /* IP SRC Port */ $alert_src_p = $fields[10]; /* IP Destination */ - $alert_ip_dst = $fields[11]; + $alert_ip_dst = inet_ntop(inet_pton($fields[11])); /* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */ $alert_ip_dst = str_replace(":", ":​", $alert_ip_dst); /* Add Reverse DNS lookup icons */ @@ -538,7 +545,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo } else { $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" "; - $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' "; + $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' "; $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>"; } /* DESCRIPTION */ @@ -560,7 +567,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo $counter++; } fclose($fd); - @unlink("/tmp/alerts_{$suricata_uuid}"); + @unlink("/tmp/alerts_suricata{$suricata_uuid}"); } } ?> |