diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2006-10-07 05:02:15 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2006-10-07 05:02:15 +0000 |
commit | cee71a8c32c890a3dde43bae9213e58f9c35dc47 (patch) | |
tree | 9a5a7ca88dd17bb1fe8e624430c2b9f5a4cc5a2a /packages/snort | |
parent | ec2153a2c5148100571fc347cafff53c85aa866b (diff) | |
download | pfsense-packages-cee71a8c32c890a3dde43bae9213e58f9c35dc47.tar.gz pfsense-packages-cee71a8c32c890a3dde43bae9213e58f9c35dc47.tar.bz2 pfsense-packages-cee71a8c32c890a3dde43bae9213e58f9c35dc47.zip |
Associate snort blocked events with their alert description if available
Diffstat (limited to 'packages/snort')
-rw-r--r-- | packages/snort/snort.inc | 33 | ||||
-rw-r--r-- | packages/snort/snort_blocked.php | 19 |
2 files changed, 45 insertions, 7 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc index ba0d53fb..039a03a7 100644 --- a/packages/snort/snort.inc +++ b/packages/snort/snort.inc @@ -485,4 +485,37 @@ function update_all_status($status) { } } +function get_snort_alert($ip) { + $file_split = split("\n", file_get_contents("/var/log/snort/alert")); + foreach($file_split as $fileline) { + if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches)) + $alert_title = $matches[0]; + if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches)) + $alert_ip = $matches[2]; + if($alert_ip == $ip) + return $alert_title; + } + return "n/a"; +} + + + + + + + + + + + + + + + + + + + + + ?>
\ No newline at end of file diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php index d08a7f6a..5e21f3bf 100644 --- a/packages/snort/snort_blocked.php +++ b/packages/snort/snort_blocked.php @@ -77,6 +77,7 @@ include("head.inc"); <tr id="frheader"> <td width="5%" class="listhdrr">Remove</td> <td class="listhdrr">IP</td> + <td class="listhdrr">Description</td> </tr> <?php @@ -86,19 +87,23 @@ include("head.inc"); foreach($ips_array as $ip) { if(!$ip) continue; + $ww_ip = str_replace(" ", "", $ip); $counter++; - echo "<tr>"; - echo "<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ip)) . "'>"; - echo "<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>"; - echo "<td> {$ip}</td>"; - echo "</tr>"; + $alert_description = get_snort_alert($ww_ip); + echo "\n<tr>"; + echo "\n<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ww_ip)) . "'>"; + echo "\n<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>"; + echo "\n<td> {$ww_ip}</td>"; + echo "\n<td> {$alert_description}<!-- |{$ww_ip}| get_snort_alert($ww_ip); --></td>"; + echo "\n</tr>"; } if($counter < 1) - echo "<tr><td colspan='2' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>"; + echo "\n<tr><td colspan='2' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>"; else - echo "<tr><td colspan='2' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>"; + echo "\n<tr><td colspan='2' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>"; ?> + </table> </td> </tr> |