aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_alerts.php
diff options
context:
space:
mode:
authorRenato Botelho <garga@pfSense.org>2014-03-04 09:35:35 -0300
committerRenato Botelho <garga@pfSense.org>2014-03-04 09:35:35 -0300
commit5a0fbf342e705b268df4125e13bb6d4de8c07b24 (patch)
treef9557cf3623ada6c81b95268094917d5cc923f6b /config/suricata/suricata_alerts.php
parent4335125b656b1f00740c8c97b916c76aa62ff8c8 (diff)
parentfde61fa3cafa4c850757d39a5c00eb631c080730 (diff)
downloadpfsense-packages-5a0fbf342e705b268df4125e13bb6d4de8c07b24.tar.gz
pfsense-packages-5a0fbf342e705b268df4125e13bb6d4de8c07b24.tar.bz2
pfsense-packages-5a0fbf342e705b268df4125e13bb6d4de8c07b24.zip
Merge pull request #612 from bmeeks8/master
Update Suricata packge to v0.2-BETA -- bug fixes and several new features
Diffstat (limited to 'config/suricata/suricata_alerts.php')
-rw-r--r--config/suricata/suricata_alerts.php233
1 files changed, 129 insertions, 104 deletions
diff --git a/config/suricata/suricata_alerts.php b/config/suricata/suricata_alerts.php
index c36c0dd7..75f21333 100644
--- a/config/suricata/suricata_alerts.php
+++ b/config/suricata/suricata_alerts.php
@@ -121,10 +121,11 @@ function suricata_add_supplist_entry($suppress) {
return false;
}
-if ($_GET['instance'])
- $instanceid = $_GET['instance'];
if ($_POST['instance'])
$instanceid = $_POST['instance'];
+// This is for the auto-refresh so wecan stay on the same interface
+if (is_numeric($_GET['instance']))
+ $instanceid = $_GET['instance'];
if (empty($instanceid))
$instanceid = 0;
@@ -163,63 +164,63 @@ if ($_POST['save']) {
exit;
}
-//if ($_POST['todelete'] || $_GET['todelete']) {
-// $ip = "";
-// if($_POST['todelete'])
-// $ip = $_POST['todelete'];
-// else if($_GET['todelete'])
-// $ip = $_GET['todelete'];
-// if (is_ipaddr($ip)) {
-// exec("/sbin/pfctl -t snort2c -T delete {$ip}");
-// $savemsg = gettext("Host IP address {$ip} has been removed from the Blocked Table.");
+//if ($_POST['unblock'] && $_POST['ip']) {
+// if (is_ipaddr($_POST['ip'])) {
+// exec("/sbin/pfctl -t snort2c -T delete {$_POST['ip']}");
+// $savemsg = gettext("Host IP address {$_POST['ip']} has been removed from the Blocked Table.");
// }
//}
-if ($_GET['act'] == "addsuppress" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}\n";
-
- /* Add the new entry to the Suppress List */
- if (suricata_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
- else
- $input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
-}
-
-if (($_GET['act'] == "addsuppress_srcip" || $_GET['act'] == "addsuppress_dstip") && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- if ($_GET['act'] == "addsuppress_srcip")
+if (($_POST['addsuppress_srcip'] || $_POST['addsuppress_dstip'] || $_POST['addsuppress']) && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ if ($_POST['addsuppress_srcip'])
$method = "by_src";
- else
+ elseif ($_POST['addsuppress_dstip'])
$method = "by_dst";
-
- /* Check for valid IP addresses, exit if not valid */
- if (is_ipaddr($_GET['ip']) || is_ipaddrv6($_GET['ip'])) {
- if (empty($_GET['descr']))
- $suppress = "suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- else
- $suppress = "#{$_GET['descr']}\nsuppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}\n";
- }
- else {
- header("Location: /suricata/suricata_alerts.php?instance={$instanceid}");
- exit;
+ else
+ $method ="all";
+
+ // See which kind of Suppress Entry to create
+ switch ($method) {
+ case "all":
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}' has been added to the Suppress List.");
+ break;
+ case "by_src":
+ case "by_dst":
+ // Check for valid IP addresses, exit if not valid
+ if (is_ipaddr($_POST['ip']) || is_ipaddrv6($_POST['ip'])) {
+ if (empty($_POST['descr']))
+ $suppress = "suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ else
+ $suppress = "#{$_POST['descr']}\nsuppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}\n";
+ $success = gettext("An entry for 'suppress gen_id {$_POST['gen_id']}, sig_id {$_POST['sidid']}, track {$method}, ip {$_POST['ip']}' has been added to the Suppress List.");
+ }
+ else {
+ header("Location: /suricata/suricata_alerts.php");
+ exit;
+ }
+ break;
+ default:
+ header("Location: /suricata/suricata_alerts.php");
+ exit;
}
- /* Add the new entry to the Suppress List */
- if (suricata_add_supplist_entry($suppress))
- $savemsg = gettext("An entry for 'suppress gen_id {$_GET['gen_id']}, sig_id {$_GET['sidid']}, track {$method}, ip {$_GET['ip']}' has been added to the Suppress List.");
+ /* Add the new entry to the Suppress List and signal Suricata to reload config */
+ if (suricata_add_supplist_entry($suppress)) {
+ suricata_reload_config($a_instance[$instanceid]);
+ $savemsg = $success;
+ }
else
- /* We did not find the defined list, so notify the user with an error */
$input_errors[] = gettext("Suppress List '{$a_instance[$instanceid]['suppresslistname']}' is defined for this interface, but it could not be found!");
}
-if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GET['gen_id'])) {
- // Get the GID tag embedded in the clicked rule icon.
- $gid = $_GET['gen_id'];
-
- // Get the SID tag embedded in the clicked rule icon.
- $sid= $_GET['sidid'];
+if ($_POST['togglesid'] && is_numeric($_POST['sidid']) && is_numeric($_POST['gen_id'])) {
+ // Get the GID and SID tags embedded in the clicked rule icon.
+ $gid = $_POST['gen_id'];
+ $sid= $_POST['sidid'];
// See if the target SID is in our list of modified SIDs,
// and toggle it if present.
@@ -272,17 +273,14 @@ if ($_GET['act'] == "togglesid" && is_numeric($_GET['sidid']) && is_numeric($_GE
$savemsg = gettext("The state for rule {$gid}:{$sid} has been modified. Suricata is 'live-reloading' the new rules list. Please wait at least 30 secs for the process to complete before toggling additional rules.");
}
-if ($_GET['action'] == "clear" || $_POST['delete']) {
- conf_mount_rw();
+if ($_POST['delete']) {
suricata_post_delete_logs($suricata_uuid);
$fd = @fopen("{$suricatalogdir}suricata_{$if_real}{$suricata_uuid}/alerts.log", "w+");
if ($fd)
fclose($fd);
- conf_mount_ro();
/* XXX: This is needed if suricata is run as suricata user */
mwexec('/bin/chmod 660 {$suricatalogdir}*', true);
- if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid"))
- mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid -a");
+ sigkillbypid("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid", "HUP");
header("Location: /suricata/suricata_alerts.php?instance={$instanceid}");
exit;
}
@@ -332,16 +330,21 @@ if ($pconfig['arefresh'] == 'on')
echo "<meta http-equiv=\"refresh\" content=\"60;url=/suricata/suricata_alerts.php?instance={$instanceid}\" />\n";
?>
-<?php if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}
- /* Display Alert message */
- if ($input_errors) {
- print_input_errors($input_errors); // TODO: add checks
- }
- if ($savemsg) {
- print_info_box($savemsg);
- }
+<?php
+/* Display Alert message */
+if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+}
+if ($savemsg) {
+ print_info_box($savemsg);
+}
?>
<form action="/suricata/suricata_alerts.php" method="post" id="formalert">
+<input type="hidden" name="sidid" id="sidid" value=""/>
+<input type="hidden" name="gen_id" id="gen_id" value=""/>
+<input type="hidden" name="ip" id="ip" value=""/>
+<input type="hidden" name="descr" id="descr" value=""/>
+
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td>
<?php
@@ -349,7 +352,7 @@ if ($pconfig['arefresh'] == 'on')
$tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
$tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
$tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
- $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php?instance={$instanceid}");
+ $tab_array[] = array(gettext("Alerts"), true, "/suricata/suricata_alerts.php");
$tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
$tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
display_top_tabs($tab_array);
@@ -364,13 +367,13 @@ if ($pconfig['arefresh'] == 'on')
<tr>
<td width="22%" class="vncell"><?php echo gettext('Instance to Inspect'); ?></td>
<td width="78%" class="vtable">
- <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='get';document.getElementById('formalert').submit()">
+ <select name="instance" id="instance" class="formselect" onChange="document.getElementById('formalert').method='post';document.getElementById('formalert').submit()">
<?php
foreach ($a_instance as $id => $instance) {
$selected = "";
if ($id == $instanceid)
$selected = "selected";
- echo "<option value='{$id}' {$selected}> (" . suricata_get_friendly_interface($instance['interface']) . "){$instance['descr']}</option>\n";
+ echo "<option value='{$id}' {$selected}> (" . convert_friendly_interface_to_friendly_descr($instance['interface']) . "){$instance['descr']}</option>\n";
}
?>
</select>&nbsp;&nbsp;<?php echo gettext('Choose which instance alerts you want to inspect.'); ?>
@@ -379,9 +382,9 @@ if ($pconfig['arefresh'] == 'on')
<td width="22%" class="vncell"><?php echo gettext('Save or Remove Logs'); ?></td>
<td width="78%" class="vtable">
<input name="download" type="submit" class="formbtns" value="Download"> <?php echo gettext('All ' .
- 'log files will be saved.'); ?>&nbsp;&nbsp;<a href="/suricata/suricata_alerts.php?action=clear&instance=<?=$instanceid;?>">
+ 'log files will be saved.'); ?>&nbsp;&nbsp;
<input name="delete" type="submit" class="formbtns" value="Clear"
- onclick="return confirm('Do you really want to remove all instance logs?')"></a>
+ onclick="return confirm('Do you really want to remove all instance logs?');">
<span class="red"><strong><?php echo gettext('Warning:'); ?></strong></span> <?php echo ' ' . gettext('all log files will be deleted.'); ?>
</td>
</tr>
@@ -434,21 +437,30 @@ if ($pconfig['arefresh'] == 'on')
/* make sure alert file exists */
if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) {
- exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_{$suricata_uuid}");
- if (file_exists("/tmp/alerts_{$suricata_uuid}")) {
+ exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_suricata{$suricata_uuid}");
+ if (file_exists("/tmp/alerts_suricata{$suricata_uuid}")) {
$tmpblocked = array_flip(suricata_get_blocked_ips());
$counter = 0;
/* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
/* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,src,srcport,dst,dstport */
- $fd = fopen("/tmp/alerts_{$suricata_uuid}", "r");
+ $fd = fopen("/tmp/alerts_suricata{$suricata_uuid}", "r");
while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
if(count($fields) < 12)
continue;
+ // Create a DateTime object from the event timestamp that
+ // we can use to easily manipulate output formats.
+ $event_tm = date_create_from_format("m/d/Y-H:i:s.u", $fields[0]);
+
+ // Check the 'CATEGORY' field for the text "(null)" and
+ // substitute "Not Assigned".
+ if ($fields[6] == "(null)")
+ $fields[6] = "Not Assigned";
+
/* Time */
- $alert_time = substr($fields[0], strpos($fields[0], '-')+1, -7);
+ $alert_time = date_format($event_tm, "H:i:s");
/* Date */
- $alert_date = trim(substr($fields[0], 0, strpos($fields[0], '-')));
+ $alert_date = date_format($event_tm, "m/d/Y");
/* Description */
$alert_descr = $fields[5];
$alert_descr_url = urlencode($fields[5]);
@@ -457,7 +469,7 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
/* Protocol */
$alert_proto = $fields[8];
/* IP SRC */
- $alert_ip_src = $fields[9];
+ $alert_ip_src = inet_ntop(inet_pton($fields[9]));
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_src = str_replace(":", ":&#8203;", $alert_ip_src);
/* Add Reverse DNS lookup icons */
@@ -470,24 +482,23 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
/* Add icons for auto-adding to Suppress List if appropriate */
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) &&
!isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) {
- $alert_ip_src .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_srcip&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[9])) . "'>";
- $alert_ip_src .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'></a>";
+ $alert_ip_src .= "&nbsp;&nbsp;<input type='image' name='addsuppress_srcip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[9]}','{$alert_descr}');\" ";
+ $alert_ip_src .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_src .= "title='" . gettext("Add this alert to the Suppress List and track by_src IP") . "'/>";
}
elseif (isset($supplist[$fields[2]][$fields[3]]['by_src'][$fields[9]])) {
$alert_ip_src .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
$alert_ip_src .= "title='" . gettext("This alert track by_src IP is already in the Suppress List") . "'/>";
}
/* Add icon for auto-removing from Blocked Table if required */
- if (isset($tmpblocked[$fields[9]])) {
- $alert_ip_src .= "&nbsp;";
- $alert_ip_src .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[9])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
- }
+// if (isset($tmpblocked[$fields[9]])) {
+// $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[9]}';\" ";
+// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
+// }
/* IP SRC Port */
$alert_src_p = $fields[10];
/* IP Destination */
- $alert_ip_dst = $fields[11];
+ $alert_ip_dst = inet_ntop(inet_pton($fields[11]));
/* Add zero-width space as soft-break opportunity after each colon if we have an IPv6 address */
$alert_ip_dst = str_replace(":", ":&#8203;", $alert_ip_dst);
/* Add Reverse DNS lookup icons */
@@ -499,29 +510,28 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
$alert_ip_dst .= "title='" . gettext("Resolve host via reverse DNS lookup") . "'></a>";
/* Add icons for auto-adding to Suppress List if appropriate */
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3]) &&
- !isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[1]])) {
- $alert_ip_dst .= "&nbsp;&nbsp;<a href='?instance={$instanceid}&act=addsuppress_dstip&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}&ip=" . trim(urlencode($fields[11])) . "'>";
- $alert_ip_dst .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'></a>";
+ !isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) {
+ $alert_ip_dst .= "&nbsp;&nbsp;<input type='image' name='addsuppress_dstip[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','{$fields[11]}','{$alert_descr}');\" ";
+ $alert_ip_dst .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $alert_ip_dst .= "title='" . gettext("Add this alert to the Suppress List and track by_dst IP") . "'/>";
}
elseif (isset($supplist[$fields[2]][$fields[3]]['by_dst'][$fields[11]])) {
$alert_ip_dst .= "&nbsp;&nbsp;<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
$alert_ip_dst .= "title='" . gettext("This alert track by_dst IP is already in the Suppress List") . "'/>";
}
/* Add icon for auto-removing from Blocked Table if required */
- if (isset($tmpblocked[$fields[11]])) {
- $alert_ip_dst .= "&nbsp;";
- $alert_ip_dst .= "<a href='?instance={$instanceid}&todelete=" . trim(urlencode($fields[11])) . "'>
- <img title=\"" . gettext("Remove host from Blocked Table") . "\" border=\"0\" width='12' height='12' name='todelete' id='todelete' alt=\"Remove from Blocked Hosts\" src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"></a>";
- }
+// if (isset($tmpblocked[$fields[11]])) {
+// $alert_ip_src .= "&nbsp;<input type='image' name='unblock[]' onClick=\"document.getElementById('ip').value='{$fields[11]}';\" ";
+// $alert_ip_src .= "title='" . gettext("Remove host from Blocked Table") . "' border='0' width='12' height='12' src=\"../themes/{$g['theme']}/images/icons/icon_x.gif\"/>";
+// }
/* IP DST Port */
$alert_dst_p = $fields[12];
/* SID */
$alert_sid_str = "{$fields[2]}:{$fields[3]}";
if (!suricata_is_alert_globally_suppressed($supplist, $fields[2], $fields[3])) {
- $sidsupplink = "<a href='?instance={$instanceid}&act=addsuppress&sidid={$fields[3]}&gen_id={$fields[2]}&descr={$alert_descr_url}'>";
- $sidsupplink .= "<img src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
- $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'></a>";
+ $sidsupplink = "<input type='image' name='addsuppress[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','{$alert_descr}');\" ";
+ $sidsupplink .= "src='../themes/{$g['theme']}/images/icons/icon_plus.gif' width='12' height='12' border='0' ";
+ $sidsupplink .= "title='" . gettext("Add this alert to the Suppress List") . "'/>";
}
else {
$sidsupplink = "<img src='../themes/{$g['theme']}/images/icons/icon_plus_d.gif' width='12' height='12' border='0' ";
@@ -529,14 +539,14 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
}
/* Add icon for toggling rule state */
if (isset($disablesid[$fields[2]][$fields[3]])) {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[3]}&gen_id={$fields[2]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_reject.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Rule is forced to a disabled state. Click to remove the force-disable action from this rule.") . "'/>";
}
else {
- $sid_dsbl_link = "<a href='?instance={$instanceid}&act=togglesid&sidid={$fields[3]}&gen_id={$fields[2]}'>";
- $sid_dsbl_link .= "<img src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
- $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'></a>";
+ $sid_dsbl_link = "<input type='image' name='togglesid[]' onClick=\"encRuleSig('{$fields[2]}','{$fields[3]}','','');\" ";
+ $sid_dsbl_link .= "src='../themes/{$g['theme']}/images/icons/icon_block.gif' width='11' height='11' border='0' ";
+ $sid_dsbl_link .= "title='" . gettext("Force-disable this rule and remove it from current rules set.") . "'/>";
}
/* DESCRIPTION */
$alert_class = $fields[6];
@@ -546,18 +556,18 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
<td class='listr' align='center'>{$alert_priority}</td>
<td class='listr' align='center'>{$alert_proto}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_class}</td>
- <td class='listr' align='center'>{$alert_ip_src}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[9]}'>{$alert_ip_src}</td>
<td class='listr' align='center'>{$alert_src_p}</td>
- <td class='listr' align='center'>{$alert_ip_dst}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[11]}'>{$alert_ip_dst}</td>
<td class='listr' align='center'>{$alert_dst_p}</td>
- <td class='listr' align='center'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
+ <td class='listr' align='center' sorttable_customkey='{$fields[3]}'>{$alert_sid_str}<br/>{$sidsupplink}&nbsp;&nbsp;{$sid_dsbl_link}</td>
<td class='listr' style=\"word-wrap:break-word;\">{$alert_descr}</td>
</tr>\n";
$counter++;
}
fclose($fd);
- @unlink("/tmp/alerts_{$suricata_uuid}");
+ @unlink("/tmp/alerts_suricata{$suricata_uuid}");
}
}
?>
@@ -573,6 +583,21 @@ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.lo
<?php
include("fend.inc");
?>
-
+<script type="text/javascript">
+function encRuleSig(rulegid,rulesid,srcip,ruledescr) {
+
+ // This function stuffs the passed GID, SID
+ // and other values into hidden Form Fields
+ // for postback.
+ if (typeof srcipip == "undefined")
+ var srcipip = "";
+ if (typeof ruledescr == "undefined")
+ var ruledescr = "";
+ document.getElementById("sidid").value = rulesid;
+ document.getElementById("gen_id").value = rulegid;
+ document.getElementById("ip").value = srcip;
+ document.getElementById("descr").value = ruledescr;
+}
+</script>
</body>
</html>