aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-03-19 17:01:32 -0400
committerbmeeks8 <bmeeks8@bellsouth.net>2014-03-19 17:01:32 -0400
commitd96be7309cbd375db4e7118ea7f86f35baa2ca1a (patch)
treeb9e657091f2a5557e6906ef58f274359ba7829a5 /config/suricata
parentfd710b1c45207f551d7b0a38eb95b5b5e353ac77 (diff)
downloadpfsense-packages-d96be7309cbd375db4e7118ea7f86f35baa2ca1a.tar.gz
pfsense-packages-d96be7309cbd375db4e7118ea7f86f35baa2ca1a.tar.bz2
pfsense-packages-d96be7309cbd375db4e7118ea7f86f35baa2ca1a.zip
Add Log Mgmt tab to rotate and prune large log files.
Diffstat (limited to 'config/suricata')
-rw-r--r--config/suricata/suricata_check_cron_misc.inc194
-rw-r--r--config/suricata/suricata_logs_mgmt.php429
2 files changed, 570 insertions, 53 deletions
diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc
index b2678059..25e8bb8a 100644
--- a/config/suricata/suricata_check_cron_misc.inc
+++ b/config/suricata/suricata_check_cron_misc.inc
@@ -30,74 +30,162 @@
require_once("/usr/local/pkg/suricata/suricata.inc");
-// 'B' => 1,
-// 'KB' => 1024,
-// 'MB' => 1024 * 1024,
-// 'GB' => 1024 * 1024 * 1024,
-// 'TB' => 1024 * 1024 * 1024 * 1024,
-// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
+function suricata_check_dir_size_limit($suricataloglimitsize) {
+ /********************************************************
+ * This function checks the total size of the Suricata *
+ * logging sub-directory structure and prunes the files *
+ * for all Suricata interfaces if the size exceeds the *
+ * passed limit. *
+ * *
+ * On Entry: $surictaaloglimitsize = dir size limit *
+ * in megabytes *
+ ********************************************************/
+
+ // Convert Log Limit Size setting from MB to KB
+ $suricataloglimitsizeKB = round($suricataloglimitsize * 1024);
+ $suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR);
-/* chk if snort log dir is full if so clear it */
-$suricataloglimit = $config['installedpackages']['suricata']['config'][0]['suricataloglimit'];
-$suricataloglimitsize = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
+ if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) {
+ log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated."));
+ conf_mount_rw();
-if ($g['booting']==true)
- return;
+ // Truncate the Rules Update Log file if it exists
+ if (file_exists(RULES_UPD_LOGFILE)) {
+ log_error(gettext("[Suricata] Truncating the Rules Update Log file..."));
+ @file_put_contents(RULES_UPD_LOGFILE, "");
+ }
-if ($suricataloglimit == 'off')
- return;
+ // Initialize an array of the log files we want to prune
+ $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" );
-if (!is_array($config['installedpackages']['suricata']['rule']))
- return;
+ // Clean-up the logs for each configured Suricata instance
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $suricata_uuid = $value['uuid'];
+ $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
+ log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})..."));
+ suricata_post_delete_logs($suricata_uuid);
+
+ foreach ($logs as $file) {
+ // Truncate the log file if it exists
+ if (file_exists("{$suricata_log_dir}/{$file}")) {
+ try {
+ file_put_contents("{$suricata_log_dir}/{$file}", "");
+ } catch (Exception $e) {
+ log_error("[Suricata] Failed to truncate file '{$suricata_log_dir}/{$file}' -- error was {$e->getMessage()}");
+ }
+ }
+ }
-/* Convert Log Limit Size setting from MB to KB */
-$suricataloglimitsizeKB = round($suricataloglimitsize * 1024);
-$suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR);
-if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) {
- log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated."));
- conf_mount_rw();
-
- /* Truncate the Rules Update Log file if it exists */
- if (file_exists(RULES_UPD_LOGFILE)) {
- log_error(gettext("[Suricata] Truncating the Rules Update Log file..."));
- $fd = @fopen(RULES_UPD_LOGFILE, "w+");
- if ($fd)
- fclose($fd);
+ // Check for any captured stored files and clean them up
+ unlink_if_exists("{$suricata_log_dir}/files/*");
+
+ // This is needed if suricata is run as suricata user
+ mwexec('/bin/chmod 660 /var/log/suricata/*', true);
+ }
+ conf_mount_ro();
+ log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed."));
}
+}
- /* Clean-up the logs for each configured Suricata instance */
- foreach ($config['installedpackages']['suricata']['rule'] as $value) {
- $if_real = get_real_interface($value['interface']);
- $suricata_uuid = $value['uuid'];
- $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}";
- log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})..."));
- suricata_post_delete_logs($suricata_uuid);
+function suricata_check_rotate_log($log_file, $log_limit, $retention) {
- // Initialize an array of the log files we want to prune
- $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" );
+ /********************************************************
+ * This function checks the passed log file against *
+ * the passed size limit and rotates the log file if *
+ * necessary. It also checks the age of previously *
+ * rotated logs and removes those older than the *
+ * rentention parameter. *
+ * *
+ * On Entry: $log_file -> full pathname/filename of *
+ * log file to check *
+ * $log_limit -> size of file in bytes to *
+ * trigger rotation. Zero *
+ * means no rotation. *
+ * $retention -> retention period in hours *
+ * for rotated logs. Zero *
+ * means never remove. *
+ ********************************************************/
- foreach ($logs as $file) {
- // Truncate the log file if it exists
- if (file_exists("{$suricata_log_dir}/$file")) {
- $fd = @fopen("{$suricata_log_dir}/$file", "w+");
- if ($fd)
- fclose($fd);
- }
+ // Check the current log to see if it needs rotating.
+ // If it does, rotate it and put the current time
+ // on the end of the filename as UNIX timestamp.
+ if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) {
+ $newfile = $log_file . "." . strval(time());
+ try {
+ copy($log_file, $newfile);
+ file_put_contents($log_file, "");
+ } catch (Exception $e) {
+ log_error("[Suricata] Failed to rotate file '{$log_file}' -- error was {$e->getMessage()}");
}
+ }
- // Check for any captured stored files and clean them up
- $filelist = glob("{$suricata_log_dir}/files/*");
- if (!empty($filelist)) {
- foreach ($filelist as $file)
- @unlink($file);
+ // Check previously rotated logs to see if time to
+ // delete any older than the retention period.
+ // Rotated logs have a UNIX timestamp appended to
+ // filename.
+ if ($retention > 0) {
+ $now = time();
+ $rotated_files = glob("{$log_file}.*");
+ foreach ($rotated_files as $file) {
+ if (($now - filemtime($file)) > ($retention * 3600))
+ unlink_if_exists($file);
}
+ unset($rotated_files);
+ }
+}
+
+/*************************
+ * Start of main code *
+ *************************/
+
+// If firewall is booting, do nothing
+if ($g['booting'] == true)
+ return;
+
+// If no interfaces defined, there is nothing to clean up
+if (!is_array($config['installedpackages']['suricata']['rule']))
+ return;
- // This is needed if suricata is run as suricata user
- mwexec('/bin/chmod 660 /var/log/suricata/*', true);
+$logs = array ();
+
+// Build an arry of files to check and limits to check them against from our saved configuration
+$logs['alerts.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'];
+$logs['alerts.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention'];
+$logs['files-json.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'];
+$logs['files-json.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'];
+$logs['http.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'];
+$logs['http.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention'];
+$logs['stats.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'];
+$logs['stats.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention'];
+$logs['tls.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'];
+$logs['tls.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention'];
+
+// Check log limits and retention in the interface logging directories if enabled
+if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on') {
+ foreach ($config['installedpackages']['suricata']['rule'] as $value) {
+ $if_real = get_real_interface($value['interface']);
+ $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}";
+ foreach ($logs as $k => $p)
+ suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']);
}
- conf_mount_ro();
- log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed."));
+
+ // Prune any aged-out Barnyard2 archived logs if any exist
+ if (is_dir("{$suricata_log_dir}/barnyard2/archive") &&
+ $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) {
+ $now = time();
+ $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*");
+ foreach ($files as $f) {
+ if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600))
+ unlink_if_exists($f);
+ }
+ }
+ unset($files);
}
+// Check the overall log directory limit (if enabled) and prune if necessary
+if ($config['installedpackages']['suricata']['config'][0]['suricataloglimit'] == 'on')
+ suricata_check_dir_size_limit($config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']);
+
?>
diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php
new file mode 100644
index 00000000..7418dd80
--- /dev/null
+++ b/config/suricata/suricata_logs_mgmt.php
@@ -0,0 +1,429 @@
+<?php
+/*
+ * suricata_logs_mgmt.php
+ * part of pfSense
+ *
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+global $g;
+
+$suricatadir = SURICATADIR;
+
+$pconfig = array();
+
+// Grab saved settings from configuration
+$pconfig['enable_log_mgmt'] = $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on' ? 'on' : 'off';
+$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs'];
+$pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit'];
+$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'];
+$pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'];
+$pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention'];
+$pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'];
+$pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'];
+$pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'];
+$pconfig['http_log_retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention'];
+$pconfig['stats_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'];
+$pconfig['stats_log_retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention'];
+$pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'];
+$pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention'];
+$pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'];
+$pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'];
+
+// Load up some arrays with selection values (we use these later).
+// The keys in the $retentions array are the retention period
+// converted to hours. The keys in the $log_sizes array are
+// the file size limits in KB.
+$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'),
+ '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'),
+ '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") );
+$log_sizes = array( '0' => gettext('NO LIMIT'), '50' => gettext('50 KB'), '150' => gettext('150 KB'), '250' => gettext('250 KB'),
+ '500' => gettext('500 KB'), '750' => gettext('750 KB'), '1000' => gettext('1 MB'), '2000' => gettext('2 MB'),
+ '5000' => gettext("5 MB"), '10000' => gettext("10 MB") );
+
+// Set sensible defaults for any unset parameters
+if (empty($pconfig['suricataloglimit']))
+ $pconfig['suricataloglimit'] = 'on';
+if (empty($pconfig['suricataloglimitsize'])) {
+ // Set limit to 20% of slice that is unused */
+ $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024);
+}
+
+// Set default retention periods for rotated logs
+if (empty($pconfig['alert_log_retention']))
+ $pconfig['alert_log_retention'] = "336";
+if (empty($pconfig['files_json_log_retention']))
+ $pconfig['files_json_log_retention'] = "168";
+if (empty($pconfig['http_log_retention']))
+ $pconfig['http_log_retention'] = "168";
+if (empty($pconfig['stats_log_retention']))
+ $pconfig['stats_log_retention'] = "168";
+if (empty($pconfig['tls_log_retention']))
+ $pconfig['tls_log_retention'] = "336";
+if (empty($pconfig['u2_archive_log_retention']))
+ $pconfig['u2_archive_log_retention'] = "168";
+
+// Set default log file size limits
+if (empty($pconfig['alert_log_limit_size']))
+ $pconfig['alert_log_limit_size'] = "500";
+if (empty($pconfig['files_json_log_limit_size']))
+ $pconfig['files_json_log_limit_size'] = "1000";
+if (empty($pconfig['http_log_limit_size']))
+ $pconfig['http_log_limit_size'] = "1000";
+if (empty($pconfig['stats_log_limit_size']))
+ $pconfig['stats_log_limit_size'] = "500";
+if (empty($pconfig['tls_log_limit_size']))
+ $pconfig['tls_log_limit_size'] = "500";
+if (empty($pconfig['unified2_log_limit']))
+ $pconfig['unified2_log_limit'] = "32";
+
+if ($_POST["save"]) {
+ if ($_POST['suricataloglimit'] == 'on') {
+ if (!is_numericint($_POST['suricataloglimitsize']) || $_POST['suricataloglimitsize'] < 1)
+ $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero.");
+ }
+
+ // Validate unified2 log file limit
+ if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1)
+ $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be an integer value greater than zero.");
+
+ if (!$input_errors) {
+ $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off';
+ $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off';
+ $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit'];
+ $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize'];
+ $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['http_log_retention'] = $_POST['http_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'] = $_POST['stats_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['stats_log_retention'] = $_POST['stats_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'] = $_POST['tls_log_limit_size'];
+ $config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention'];
+ $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit'];
+ $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention'];
+
+ write_config();
+ sync_suricata_package_config();
+
+ /* forces page to reload new settings */
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: /suricata/suricata_logs_mgmt.php");
+ exit;
+ }
+}
+
+$pgtitle = gettext("Suricata: Logs Management");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+
+/* Display Alert message, under form tag or no refresh */
+if ($input_errors)
+ print_input_errors($input_errors);
+
+?>
+
+<form action="suricata_logs_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php");
+ $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+<tr>
+ <td>
+ <div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files During Package Uninstall"); ?></td>
+ <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo " checked"; ?>/>&nbsp;
+ <?php echo gettext("Suricata log files will be removed when the Suricata package is uninstalled."); ?></td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Log Management"); ?></td>
+ <td width="78%" class="vtable"><input name="enable_log_mgmt" id="enable_log_mgmt" type="checkbox" value="on"
+ <?php if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt']=="on") echo " checked"; ?> onClick="enable_change();"/>&nbsp;
+ <?php echo gettext("Enable automatic unattended management of Suricata logs using parameters specified below."); ?><br/>
+ <span class="red"><strong><?=gettext("Note: ") . "</strong></span>" . gettext("This must be be enabled in order to set Log Size and Retention Limits below.");?>
+ </td>
+</tr>
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Logs Directory Size Limit"); ?></td>
+</tr>
+<tr>
+<?php $suricatalogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " .
+ "Limit"); ?><br/><br/><br/><br/><br/><br/><br/>
+ <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/>
+ <?php echo gettext("Available space is"); ?> <strong><?php echo $suricatalogCurrentDSKsize; ?>&nbsp;MB</strong></td>
+ <td width="78%" class="vtable">
+ <table cellpadding="0" cellspacing="0">
+ <tr>
+ <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_on" value="on"
+ <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?> onClick="enable_change_dirSize();"/>
+ &nbsp;<strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</td>
+ </tr>
+ <tr>
+ <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_off" value="off"
+ <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?> onClick="enable_change_dirSize();"/>
+ &nbsp;<strong><?php echo gettext("Disable"); ?></strong>
+ <?php echo gettext("directory size limit"); ?><br/>
+ <br/><span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("this setting imposes a hard-limit on the combined log directory size of all Suricata interfaces. ") .
+ gettext("When the size limit set is reached, rotated logs for all interfaces will be removed, and any active logs pruned to zero-length.");?>
+ <br/><br/>
+ <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("NanoBSD " .
+ "should use no more than 10MB of space."); ?></td>
+ </tr>
+ </table>
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <tr>
+ <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?>&nbsp;
+ <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>"/>
+ &nbsp;<?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td>
+ </tr>
+ </table>
+ </td>
+</tr>
+<tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Log Size and Retention Limits"); ?></td>
+</tr>
+<tr>
+ <td class="vncell" valign="top" width="22%"><?php echo gettext("Text Log Settings");?></td>
+ <td class="vtable" width="78%">
+ <table width="100%" border="0" cellpadding="2" cellspacing="0">
+ <colgroup>
+ <col style="width: 15%;">
+ <col style="width: 18%;">
+ <col style="width: 20%;">
+ <col>
+ </colgroup>
+ <thead>
+ <tr>
+ <th class="listhdrr"><?=gettext("Log Name");?></th>
+ <th class="listhdrr"><?=gettext("Max Size");?></th>
+ <th class="listhdrr"><?=gettext("Retention");?></th>
+ <th class="listhdrr"><?=gettext("Log Description");?></th>
+ </tr>
+ </thead>
+ <tbody>
+ <tr>
+ <td class="listbg">alerts</td>
+ <td class="listr" align="center"><select name="alert_log_limit_size" class="formselect" id="alert_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['alert_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="alert_log_retention" class="formselect" id="alert_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['alert_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Suricata alerts and event details");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">files-json</td>
+ <td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['files_json_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="files_json_log_retention" class="formselect" id="files_json_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['files_json_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Captured files info in JSON format");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">http</td>
+ <td class="listr" align="center"><select name="http_log_limit_size" class="formselect" id="http_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['http_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="http_log_retention" class="formselect" id="http_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['http_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Captured HTTP events and session info");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">stats</td>
+ <td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['stats_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="stats_log_retention" class="formselect" id="stats_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['stats_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("Suricata performance statistics");?></td>
+ </tr>
+ <tr>
+ <td class="listbg">tls</td>
+ <td class="listr" align="center"><select name="tls_log_limit_size" class="formselect" id="tls_log_limit_size">
+ <?php foreach ($log_sizes as $k => $l): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['tls_log_limit_size']) echo "selected"; ?>>
+ <?=htmlspecialchars($l);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listr" align="center"><select name="tls_log_retention" class="formselect" id="tls_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['tls_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>
+ </td>
+ <td class="listbg"><?=gettext("SMTP TLS handshake details");?></td>
+ </tr>
+ </tbody>
+ </table>
+ <br/><?=gettext("Settings will be ignored for any log in the list above not enabled on the Interface Settings tab. ") .
+ gettext("When a log reaches the Max Size limit, it will be rotated and tagged with a timestamp. The Retention period determines ") .
+ gettext("how long rotated logs are kept before they are automatically deleted.");?>
+ </td>
+</tr>
+<tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="unified2_log_limit" type="text" class="formfld unknown"
+ id="unified2_log_limit" size="10" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/>
+ &nbsp;<?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/>
+ <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?>
+ </td>
+</tr>
+<tr>
+ <td class="vncell" width="22%" valign="top"><?=gettext("Unified2 Archived Log Retention Period");?></td>
+ <td width="78%" class="vtable"><select name="u2_archive_log_retention" class="formselect" id="u2_archive_log_retention">
+ <?php foreach ($retentions as $k => $p): ?>
+ <option value="<?=$k;?>"
+ <?php if ($k == $pconfig['u2_archive_log_retention']) echo "selected"; ?>>
+ <?=htmlspecialchars($p);?></option>
+ <?php endforeach; ?>
+ </select>&nbsp;<?=gettext("Choose retention period for archived Barnyard2 binary log files. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/>
+ <?=gettext("When Barnyard2 output is enabled, Suricata writes event data to a binary format file that Barnyard2 reads and processes. ") .
+ gettext("When finished processing a file, Barnyard2 moves it to an archive folder. This setting determines how long files ") .
+ gettext("remain in the archive folder before they are automatically deleted.");?>
+ </td>
+</tr>
+<tr>
+ <td width="22%"></td>
+ <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/>
+ <br/><span class="red"><strong><?php echo gettext("Note:");?></strong>&nbsp;
+ </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td>
+</tr>
+ </table>
+</div><br/>
+</td></tr>
+</table>
+</form>
+
+<script language="JavaScript">
+function enable_change() {
+ var endis = !(document.iform.enable_log_mgmt.checked);
+ document.iform.alert_log_limit_size.disabled = endis;
+ document.iform.alert_log_retention.disabled = endis;
+ document.iform.files_json_log_limit_size.disabled = endis;
+ document.iform.files_json_log_retention.disabled = endis;
+ document.iform.http_log_limit_size.disabled = endis;
+ document.iform.http_log_retention.disabled = endis;
+ document.iform.stats_log_limit_size.disabled = endis;
+ document.iform.stats_log_retention.disabled = endis;
+ document.iform.tls_log_limit_size.disabled = endis;
+ document.iform.tls_log_retention.disabled = endis;
+ document.iform.unified2_log_limit.disabled = endis;
+ document.iform.u2_archive_log_retention.disabled = endis;
+}
+
+function enable_change_dirSize() {
+ var endis = !(document.getElementById('suricataloglimit_on').checked);
+ document.getElementById('suricataloglimitsize').disabled = endis;
+}
+
+enable_change();
+enable_change_dirSize();
+</script>
+
+<?php include("fend.inc"); ?>
+
+</body>
+</html>