diff options
| author | jim-p <jim@pingle.org> | 2009-11-15 14:25:26 -0500 |
|---|---|---|
| committer | jim-p <jim@pingle.org> | 2009-11-15 14:26:14 -0500 |
| commit | 2e52447a3947bc5bc735ba55d94c550ed2efa5b4 (patch) | |
| tree | 56aee78a0854d7835ab351ed1dbc928b69beec27 /config/widget-snort | |
| parent | c723ce846d1b8042c33f7220892846ce7769f939 (diff) | |
| download | pfsense-packages-2e52447a3947bc5bc735ba55d94c550ed2efa5b4.tar.gz pfsense-packages-2e52447a3947bc5bc735ba55d94c550ed2efa5b4.tar.bz2 pfsense-packages-2e52447a3947bc5bc735ba55d94c550ed2efa5b4.zip | |
Snort widget update from matrix200
Diffstat (limited to 'config/widget-snort')
| -rw-r--r-- | config/widget-snort/snort_alerts.inc.php | 31 | ||||
| -rw-r--r-- | config/widget-snort/snort_alerts.js | 5 | ||||
| -rw-r--r-- | config/widget-snort/snort_alerts.widget.php | 2 |
3 files changed, 26 insertions, 12 deletions
diff --git a/config/widget-snort/snort_alerts.inc.php b/config/widget-snort/snort_alerts.inc.php index 48506f9b..af3b79ea 100644 --- a/config/widget-snort/snort_alerts.inc.php +++ b/config/widget-snort/snort_alerts.inc.php @@ -4,11 +4,11 @@ function get_snort_alerts($snort_alerts, $nentries, $tail = 20) { $logarr = ""; /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */ exec("/usr/bin/tail -r -n {$tail} {$snort_alerts}", $logarr); - + $snortalerts = array(); - + $counter = 0; - + foreach ($logarr as $logent) { if($counter >= $nentries) break; @@ -28,8 +28,8 @@ function parse_snort_alert_line($line) { $log_split = ""; $datesplit = ""; preg_match("/^(.*)\s+\[\*\*\]\s+\[(\d+\:\d+:\d+)\]\s(.*)\s(.*)\s+\[\*\*\].*\s+\[Priority:\s(\d+)\]\s{(.*)}\s+(.*)\s->\s(.*)$/U", $line, $log_split); - - list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'], + + list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'], $alert['priority'], $alert['proto'], $alert['src'], $alert['dst']) = $log_split; $usableline = true; @@ -41,7 +41,16 @@ function parse_snort_alert_line($line) { if($usableline == true) { preg_match("/^(\d+)\/(\d+)-(\d+\:\d+\:\d+).\d+$/U", $alert['time'], $datesplit); - $alert['dateonly'] = $datesplit[2] . "/" . $datesplit[1]; + $now_time = strtotime("now"); + $checkdate = $datesplit[1] . "/" . $datesplit[2] . "/" . date("Y"); + $fulldate = $datesplit[2] . "/" . $datesplit[1] . "/" . date("Y"); + $logdate = $checkdate . " " . $datesplit[3]; + if ($now_time < strtotime($logdate) ) + { + $fulldate = $datesplit[2] . "/" . $datesplit[1] . "/" . ((int)date("Y") - 1); + } + + $alert['dateonly'] = $fulldate; $alert['timeonly'] = $datesplit[3]; $alert['category'] = strtoupper( substr($alert["category"],0 , 1) ) . strtolower( substr($alert["category"],1 ) ); return $alert; @@ -68,9 +77,13 @@ function handle_snort_ajax($snort_alerts_logfile, $nentries = 5, $tail = 50) { $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries); foreach($snort_alerts as $log_row) { $time_regex = ""; - preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex); - $row_time = strtotime($time_regex[1]); - if($row_time > $lastsawtime) { + preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex); + $logdate = $time_regex[1] . "/" . $time_regex[2] . "/" . date("Y") . " " . $time_regex[3]; + //preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $testsplit[1], $time_regex); + // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex); + $row_time = strtotime($logdate); + $now_time = strtotime("now"); + if($row_time > $lastsawtime and $row_time <= $nowtime) { $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||" . time() . "||{$log_row['timeonly']}||{$log_row['dateonly']}" . "||\n"; } } diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js index 2eebb140..0cc76ab1 100644 --- a/config/widget-snort/snort_alerts.js +++ b/config/widget-snort/snort_alerts.js @@ -72,10 +72,11 @@ function snort_alerts_fetch_new_rules_callback(callback_data) { /* loop through rows */ row_split = data_split[x].split("||"); var line = ''; - line = '<td width="30%" class="listr" >' + row_split[6] + '<br>' + row_split[7]+ '</td>'; + line = '<td width="30%" class="listr" >' + row_split[6] + '<br>' + row_split[7]+ '</td>'; line += '<td width="40%" class="listr" >' + row_split[3] + '<br>' + row_split[4] + '</td>'; line += '<td width="40%" class="listr" >' + 'Pri : ' + row_split[1] + '<br>' + 'Cat : ' + row_split[2] + '</td>'; snortlastsawtime = row_split[5]; + //alert(row_split[0]); new_data_to_add[new_data_to_add.length] = line; } snort_alerts_update_div_rows(new_data_to_add); @@ -141,4 +142,4 @@ function snort_alerts_toggle_pause() { } } /* start local AJAX engine */ -snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
\ No newline at end of file +snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay); diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php index aa416274..9b5b2b64 100644 --- a/config/widget-snort/snort_alerts.widget.php +++ b/config/widget-snort/snort_alerts.widget.php @@ -55,7 +55,7 @@ global $config, $g; ?> <tr class="snort-alert-entry" <?php echo $activerow; ?>> - <td width="30%" class="listr"><?= $alert['timeonly'] . ' ' . $alert['dateonly'] ?></td> + <td width="30%" class="listr"><?= $alert['timeonly'] . '<br>' . $alert['dateonly'] ?></td> <td width="40%" class="listr"><?= $alert["src"] . '<br>' . $alert["dst"] ?></td> <td width="40%" class="listr"><?= 'Pri : ' . $alert["priority"] . '<br>' . 'Cat : ' . $alert['category'] ?></td> </tr> |