diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-10-08 18:42:53 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-10-08 18:42:53 +0000 |
commit | 848dbb6a68d98eb26836d27e1d867e1ce6c830cc (patch) | |
tree | 4409e54475f9c1799d318fbf4b28ec502559f7d9 /packages/snort/snort.inc | |
parent | 0aaeb1889d139344b17cbdf6c11d325adc7fd3fd (diff) | |
download | pfsense-packages-848dbb6a68d98eb26836d27e1d867e1ce6c830cc.tar.gz pfsense-packages-848dbb6a68d98eb26836d27e1d867e1ce6c830cc.tar.bz2 pfsense-packages-848dbb6a68d98eb26836d27e1d867e1ce6c830cc.zip |
* Add snort cache that will cache the ip -> alert mappings
* Add knob to turn off clickable urls in the snort alert tabs (handy for someone with thousands of alerts)
Diffstat (limited to 'packages/snort/snort.inc')
-rw-r--r-- | packages/snort/snort.inc | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index fd27ad49..0f00687a 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -489,7 +489,11 @@ $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert")) /* obtain alert description for an ip address */ function get_snort_alert($ip) { - global $snort_alert_file_split; + global $snort_alert_file_split, $snort_config; + if(!$snort_config) + $snort_config = read_snort_config_cache(); + if($snort_config[$ip]) + return $snort_config[$ip]; if(!$snort_alert_file_split) $snort_alert_file_split = split("\n", file_get_contents("/var/log/snort/alert")); foreach($snort_alert_file_split as $fileline) { @@ -497,13 +501,20 @@ function get_snort_alert($ip) { $alert_title = $matches[2]; if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches)) $alert_ip = $matches[0]; - if($alert_ip == $ip) + if($alert_ip == $ip) { + if(!$snort_config[$ip]) + $snort_config[$ip] = $alert_title; return $alert_title; + } } return "n/a"; } function make_clickable($buffer) { + /* if clickable urls is disabled, simply return buffer back to caller */ + $clickablalerteurls = $config['installedpackages']['snort']['config'][0]['oinkmastercode']; + if(!$clickablalerteurls) + return $buffer; $buffer = eregi_replace("(^|[ \n\r\t])((http(s?)://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); $buffer = eregi_replace("(^|[ \n\r\t])((ftp://)(www\.)?([a-z0-9_-]+(\.[a-z0-9_-]+)+)(/[^/ \n\r]*)*)","\\1<a href=\"\\2\" target=\"_blank\">\\2</a>", $buffer); $buffer = eregi_replace("([a-z_-][a-z0-9\._-]*@[a-z0-9_-]+(\.[a-z0-9_-]+)+)","<a href=\"mailto:\\1\">\\1</a>", $buffer); @@ -513,4 +524,30 @@ function make_clickable($buffer) { return $buffer; } +function read_snort_config_cache() { + global $g, $config, $snort_config; + if($snort_config) + return $snort_config; + if(file_exists($g['tmp_path'] . '/snort_config.cache')) { + $snort_config = unserialize(file_get_contents($g['tmp_path'] . '/snort_config.cache')); + return $snort_config; + } + return; +} + +function write_snort_config_cache($snort_config) { + global $g, $config; + conf_mount_rw(); + $configcache = fopen($g['tmp_path'] . '/snort_config.cache', "w"); + if(!$configcache) { + log_error("Could not open {$g['tmp_path']}/snort_config.cache for writing."); + return false; + } + fwrite($configcache, serialize($snort_config)); + fclose($configcache); + conf_mount_ro(); + return true; +} + + ?>
\ No newline at end of file |