aboutsummaryrefslogtreecommitdiffstats
path: root/config/widget-snort
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2013-04-22 18:07:10 -0700
committerChris Buechler <cmb@pfsense.org>2013-04-22 18:07:10 -0700
commite6ddbc6805970912ba7550e782db3de7506fdae2 (patch)
tree40a7998a2dcd8e83e7ecb862b880992115736a72 /config/widget-snort
parentce882b749e28f4322046e84556d5eed196d6220b (diff)
parente94177a3817883d2ddfbb55ded7422e413a06236 (diff)
downloadpfsense-packages-e6ddbc6805970912ba7550e782db3de7506fdae2.tar.gz
pfsense-packages-e6ddbc6805970912ba7550e782db3de7506fdae2.tar.bz2
pfsense-packages-e6ddbc6805970912ba7550e782db3de7506fdae2.zip
Merge pull request #430 from bmeeks8/master
Fix display of Year and prevent Dashboard crash if Snort not installed
Diffstat (limited to 'config/widget-snort')
-rw-r--r--config/widget-snort/snort_alerts.widget.php95
-rw-r--r--config/widget-snort/widget-snort.xml2
2 files changed, 55 insertions, 42 deletions
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
index bb51a387..3c41dd54 100644
--- a/config/widget-snort/snort_alerts.widget.php
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -60,55 +60,62 @@ function sksort(&$array, $subkey="id", $sort_ascending=false) {
/* check if firewall widget variable is set */
if (!isset($nentries)) $nentries = 5;
-/* retrieve snort variables */
-require_once("/usr/local/pkg/snort/snort.inc");
-if (!is_array($config['installedpackages']['snortglobal']['rule']))
- $config['installedpackages']['snortglobal']['rule'] = array();
-$a_instance = &$config['installedpackages']['snortglobal']['rule'];
+/* check if Snort include file exists before we use it */
+if (file_exists("/usr/local/pkg/snort/snort.inc")) {
+ require_once("/usr/local/pkg/snort/snort.inc");
-/* read log file(s) */
-$counter=0;
-foreach ($a_instance as $instanceid => $instance) {
- $snort_uuid = $a_instance[$instanceid]['uuid'];
- $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
+ /* retrieve snort variables */
+ if (!is_array($config['installedpackages']['snortglobal']['rule']))
+ $config['installedpackages']['snortglobal']['rule'] = array();
+ $a_instance = &$config['installedpackages']['snortglobal']['rule'];
+
+ /* read log file(s) */
+ $counter=0;
+ foreach ($a_instance as $instanceid => $instance) {
+ $snort_uuid = $a_instance[$instanceid]['uuid'];
+ $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
- /* make sure alert file exists */
- if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
- exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
- if (file_exists("/tmp/alert_{$snort_uuid}")) {
- $tmpblocked = array_flip(snort_get_blocked_ips());
+ /* make sure alert file exists */
+ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
+ exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}");
+ if (file_exists("/tmp/alert_{$snort_uuid}")) {
+ $tmpblocked = array_flip(snort_get_blocked_ips());
- /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
- /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
- $fd = fopen("/tmp/alert_{$snort_uuid}", "r");
- while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
- if(count($fields) < 11)
- continue;
+ /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */
+ /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
+ $fd = fopen("/tmp/alert_{$snort_uuid}", "r");
+ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) {
+ if(count($fields) < 11)
+ continue;
- $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface'];
- $snort_alerts[$counter]['timestamp'] = $fields[0];
- $snort_alerts[$counter]['timeonly'] = substr($fields[0], 6, -8);
- $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, -17);
- $snort_alerts[$counter]['src'] = $fields[6];
- $snort_alerts[$counter]['srcport'] = $fields[7];
- $snort_alerts[$counter]['dst'] = $fields[8];
- $snort_alerts[$counter]['dstport'] = $fields[9];
- $snort_alerts[$counter]['priority'] = $fields[12];
- $snort_alerts[$counter]['category'] = $fields[11];
- $counter++;
+ $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface'];
+ $snort_alerts[$counter]['timestamp'] = $fields[0];
+ /* Look for the dash separating date and time so we can handle entries with year in them */
+ $snort_alerts[$counter]['timeonly'] = substr($fields[0], strpos($fields[0], '-')+1, -8);
+ $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, strpos($fields[0], '-'));
+ $snort_alerts[$counter]['src'] = $fields[6];
+ $snort_alerts[$counter]['srcport'] = $fields[7];
+ $snort_alerts[$counter]['dst'] = $fields[8];
+ $snort_alerts[$counter]['dstport'] = $fields[9];
+ $snort_alerts[$counter]['priority'] = $fields[12];
+ $snort_alerts[$counter]['category'] = $fields[11];
+ $counter++;
+ };
+ fclose($fd);
+ @unlink("/tmp/alert_{$snort_uuid}");
};
- fclose($fd);
- @unlink("/tmp/alert_{$snort_uuid}");
};
};
-};
-/* sort the array */
-if (isset($config['syslog']['reverse'])) {
- sksort($snort_alerts, 'timestamp', false);
+ /* sort the array */
+ if (isset($config['syslog']['reverse'])) {
+ sksort($snort_alerts, 'timestamp', false);
+ } else {
+ sksort($snort_alerts, 'timestamp', true);
+ };
} else {
- sksort($snort_alerts, 'timestamp', true);
-};
+ $msg = gettext("The Snort package is not installed.");
+}
/* display the result */
?>
@@ -131,7 +138,13 @@ if (is_array($snort_alerts)) {
$counter++;
if($counter >= $nentries) break;
}
-};
+} else {
+ if (!empty($msg)) {
+ echo (" <tr class=\"snort-alert-entry\">
+ <td colspan=\"3\" align=\"center\"><br>{$msg}</br></td>
+ </tr>");
+ }
+}
?>
</tbody>
</table>
diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml
index 785ac5b1..f677eee4 100644
--- a/config/widget-snort/widget-snort.xml
+++ b/config/widget-snort/widget-snort.xml
@@ -46,7 +46,7 @@
<requirements>Dashboard package and Snort</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>widget-snort</name>
- <version>0.5</version>
+ <version>1.0</version>
<title>Widget - Snort</title>
<additional_files_needed>
<prefix>/usr/local/www/widgets/javascript/</prefix>