diff options
author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-03-18 12:42:08 -0400 |
---|---|---|
committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-03-18 12:42:08 -0400 |
commit | a6f4ab08784d3bcaef35b74f7e22358378acdc53 (patch) | |
tree | c43477a2f843668826ca5aa600028c50c6fb7cf7 /config | |
parent | 279bed909a58259a0f04c5de575955ce9e956ec0 (diff) | |
download | pfsense-packages-a6f4ab08784d3bcaef35b74f7e22358378acdc53.tar.gz pfsense-packages-a6f4ab08784d3bcaef35b74f7e22358378acdc53.tar.bz2 pfsense-packages-a6f4ab08784d3bcaef35b74f7e22358378acdc53.zip |
Add log_limit and sensor_id params to Barnyard2 configuration page.
Diffstat (limited to 'config')
-rw-r--r-- | config/suricata/suricata_barnyard.php | 39 | ||||
-rw-r--r-- | config/suricata/suricata_generate_yaml.php | 10 | ||||
-rw-r--r-- | config/suricata/suricata_yaml_template.inc | 5 |
3 files changed, 50 insertions, 4 deletions
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php index e1ae892e..e71dc261 100644 --- a/config/suricata/suricata_barnyard.php +++ b/config/suricata/suricata_barnyard.php @@ -55,6 +55,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['barnyard_dbpwd'] = base64_decode($a_nat[$id]['barnyard_dbpwd']); if (empty($a_nat[$id]['barnyard_show_year'])) $pconfig['barnyard_show_year'] = "on"; + if (empty($a_nat[$id]['unified2_log_limit'])) + $pconfig['unified2_log_limit'] = "32"; if (empty($a_nat[$id]['barnyard_archive_enable'])) $pconfig['barnyard_archive_enable'] = "on"; if (empty($a_nat[$id]['barnyard_obfuscate_ip'])) @@ -71,6 +73,8 @@ if (isset($id) && $a_nat[$id]) { $pconfig['barnyard_syslog_priority'] = "LOG_INFO"; if (empty($a_nat[$id]['barnyard_bro_ids_dport'])) $pconfig['barnyard_bro_ids_dport'] = "47760"; + if (empty($a_nat[$id]['barnyard_sensor_id'])) + $pconfig['barnyard_sensor_id'] = "0"; if (empty($a_nat[$id]['barnyard_sensor_name'])) $pconfig['barnyard_sensor_name'] = php_uname("n"); } @@ -81,6 +85,18 @@ if ($_POST['save']) { $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on") $input_errors[] = gettext("You must enable at least one output option when using Barnyard2."); + // Validate unified2 log file limit + if ($_POST['barnyard_enable'] == 'on') { + if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1) + $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be a valid integer greater than zero."); + } + + // Validate Sensor ID is a valid integer + if ($_POST['barnyard_enable'] == 'on') { + if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0) + $input_errors[] = gettext("The value for 'Sensor ID' must be a valid positive integer."); + } + // Validate inputs if MySQL database loggging enabled if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") { if (empty($_POST['barnyard_dbhost'])) @@ -126,7 +142,9 @@ if ($_POST['save']) { $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode']; $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto']; + if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0'; if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']); + if ($_POST['unified2_log_limit']) $natent['unified2_log_limit'] = $_POST['unified2_log_limit']; else unset($natent['unified2_log_limit']); if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']); if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']); if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']); @@ -266,6 +284,15 @@ include_once("head.inc"); </td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td> + <td width="78%" class="vtable"> + <input name="unified2_log_limit" type="text" class="formfld unknown" + id="unified2_log_limit" size="25" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/> + <?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/> + <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Archive Unified2 Logs"); ?></td> <td width="78%" class="vtable"> <input name="barnyard_archive_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_archive_enable'] == "on") echo "checked"; ?>/> @@ -287,11 +314,19 @@ include_once("head.inc"); <?php echo gettext("Enable obfuscation of logged IP addresses. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?> </td> <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor ID"); ?></td> + <td width="78%" class="vtable"> + <input name="barnyard_sensor_id" type="text" class="formfld unknown" + id="barnyard_sensor_id" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_id']);?>"/> + <?php echo gettext("Sensor ID to use for this sensor. Default is ") . "<strong>" . gettext("0.") . "</strong>"; ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor Name"); ?></td> <td width="78%" class="vtable"> <input name="barnyard_sensor_name" type="text" class="formfld unknown" id="barnyard_sensor_name" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_name']);?>"/> - <?php echo gettext("Unique name to use for this sensor."); ?> + <?php echo gettext("Unique name to use for this sensor. (Optional)"); ?> </td> </tr> <tr> @@ -555,10 +590,12 @@ function enable_change(enable_change) { endis = !(document.iform.barnyard_enable.checked || enable_change); // make sure a default answer is called if this is invoked. endis2 = (document.iform.barnyard_enable); + document.iform.unified2_log_limit.disabled = endis; document.iform.barnyard_archive_enable.disabled = endis; document.iform.barnyard_show_year.disabled = endis; document.iform.barnyard_dump_payload.disabled = endis; document.iform.barnyard_obfuscate_ip.disabled = endis; + document.iform.barnyard_sensor_id.disabled = endis; document.iform.barnyard_sensor_name.disabled = endis; document.iform.barnyard_mysql_enable.disabled = endis; document.iform.barnyard_dbhost.disabled = endis; diff --git a/config/suricata/suricata_generate_yaml.php b/config/suricata/suricata_generate_yaml.php index 0614adf8..115f0045 100644 --- a/config/suricata/suricata_generate_yaml.php +++ b/config/suricata/suricata_generate_yaml.php @@ -226,6 +226,16 @@ if ($suricatacfg['barnyard_enable'] == 'on') else $barnyard2_enabled = "no"; +if (isset($suricatacfg['unified2_log_limit'])) + $unified2_log_limit = "{$suricatacfg['unified2_log_limit']}mb"; +else + $unified2_log_limit = "32mb"; + +if (isset($suricatacfg['barnyard_sensor_id'])) + $unified2_sensor_id = $suricatacfg['barnyard_sensor_id']; +else + $unified2_sensor_id = "0"; + // Add interface-specific IP defrag settings if (!empty($suricatacfg['frag_memcap'])) $frag_memcap = $suricatacfg['frag_memcap']; diff --git a/config/suricata/suricata_yaml_template.inc b/config/suricata/suricata_yaml_template.inc index e62c48eb..07ada36e 100644 --- a/config/suricata/suricata_yaml_template.inc +++ b/config/suricata/suricata_yaml_template.inc @@ -40,9 +40,8 @@ outputs: - unified2-alert: enabled: {$barnyard2_enabled} filename: unified2.alert - limit: 32mb - # Sensor ID field of unified2 alerts. - sensor-id: 0 + limit: {$unified2_log_limit} + sensor-id: {$unified2_sensor_id} - http-log: enabled: {$http_log_enabled} |