aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_alerts.php
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-02-28 20:41:37 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2014-02-28 20:41:37 -0500
commitaf5566164c9b0b412962c26b831e78c499f53281 (patch)
tree48c045a10c0150688ddfe8d3d2145c94b83f48eb /config/suricata/suricata_alerts.php
parent3d4247441ec7b090ee4340c3e78e42a9b31632fd (diff)
downloadpfsense-packages-af5566164c9b0b412962c26b831e78c499f53281.tar.gz
pfsense-packages-af5566164c9b0b412962c26b831e78c499f53281.tar.bz2
pfsense-packages-af5566164c9b0b412962c26b831e78c499f53281.zip
Bug fixes and enhancements for v0.2-BETA in Suricata pkg.
Diffstat (limited to 'config/suricata/suricata_alerts.php')
-rw-r--r--config/suricata/suricata_alerts.php33
1 files changed, 20 insertions, 13 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index 3fc39f36..75f21333 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -274,12 +274,10 @@ if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen
}
if ($_POST['delete']) {
- conf_mount_rw();
suricata_post_delete_logs($suricata_uuid);
$fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+");
if ($fd)
fclose($fd);
- conf_mount_ro();
/* XXX: This is needed if suricata is run as suricata user */
mwexec('/bin/chmod 660 {$suricatalogdir}*', true);
sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", "HUP");
@@ -375,7 +373,7 @@ if ($savemsg) {
$selected = "";
if ($id == $instanceid)
$selected = "selected";
- echo "<option value='{$id}' {$selected}> (" . suricata_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . "){$instance['descr']}</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance alerts you want to inspect.'); ?>
@@ -386,7 +384,7 @@ if ($savemsg) {
<input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' .
'log files will be saved.'); ?>&nbsp;&nbsp;
<input name="delete" type="submit" class="formbtns" value="Clear"
- onclick="return confirm('Do you really want to remove all instance logs?');"></a>
+ onclick="return confirm('Do you really want to remove all instance logs?');">
<span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
</td>
</tr>
@@ -439,21 +437,30 @@ if ($savemsg) {
/* make sure alert file exists */
if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) {
- exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_{$suricata_uuid}");
- if (file_exists("/tmp/alerts_{$suricata_uuid}")) {
+ exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_suricata{$suricata_uuid}");
+ if (file_exists("/tmp/alerts_suricata{$suricata_uuid}")) {
$tmpblocked = array_flip(suricata_get_blocked_ips());
$counter = 0;
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
/* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */
- $fd = fopen("/tmp/alerts_{$suricata_uuid}", "r");
+ $fd = fopen("/tmp/alerts_suricata{$suricata_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
if(count($fields) < 12)
continue;
+ // Create a DateTime object from the event timestamp that
+ // we can use to easily manipulate output formats.
+ $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]);
+
+ // Check the 'CATEGORY' field for the text "(null)" and
+ // substitute "Not Assigned".
+ if ($fields[6] == "(null)")
+ $fields[6] = "Not Assigned";
+
/* Time */
- $alert_time = substr($fields[0], strpos($fields[0], '-')+1, -7);
+ $alert_time = date_format($event_tm, "H:i:s");
/* Date */
- $alert_date = trim(substr($fields[0], 0, strpos($fields[0], '-')));
+ $alert_date = date_format($event_tm, "m/d/Y");
/* Description */
$alert_descr = $fields[5];
$alert_descr_url = urlencode($fields[5]);
@@ -462,7 +469,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
/* Protocol */
$alert_proto = $fields[8];
/* IP SRC */
- $alert_ip_src = $fields[9];
+ $alert_ip_src = inet_ntop(inet_pton($fields[9]));
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_src = str_replace(":", ":&#8203;", $alert_ip_src);
/* Add Reverse DNS lookup icons */
@@ -491,7 +498,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
/* IP SRC Port */
$alert_src_p = $fields[10];
/* IP Destination */
- $alert_ip_dst = $fields[11];
+ $alert_ip_dst = inet_ntop(inet_pton($fields[11]));
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_dst = str_replace(":", ":&#8203;", $alert_ip_dst);
/* Add Reverse DNS lookup icons */
@@ -538,7 +545,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
}
else {
$sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" ";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
$sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>";
}
/* DESCRIPTION */
@@ -560,7 +567,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
$counter++;
}
fclose($fd);
- @unlink("/tmp/alerts_{$suricata_uuid}");
+ @unlink("/tmp/alerts_suricata{$suricata_uuid}");
}
}
?>