aboutsummaryrefslogtreecommitdiffstats
path: root/packages/snort
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2006-10-07 05:02:15 +0000
committerScott Ullrich <sullrich@pfsense.org>2006-10-07 05:02:15 +0000
commitcee71a8c32c890a3dde43bae9213e58f9c35dc47 (patch)
tree9a5a7ca88dd17bb1fe8e624430c2b9f5a4cc5a2a /packages/snort
parentec2153a2c5148100571fc347cafff53c85aa866b (diff)
downloadpfsense-packages-cee71a8c32c890a3dde43bae9213e58f9c35dc47.tar.gz
pfsense-packages-cee71a8c32c890a3dde43bae9213e58f9c35dc47.tar.bz2
pfsense-packages-cee71a8c32c890a3dde43bae9213e58f9c35dc47.zip
Associate snort blocked events with their alert description if available
Diffstat (limited to 'packages/snort')
-rw-r--r--packages/snort/snort.inc33
-rw-r--r--packages/snort/snort_blocked.php19
2 files changed, 45 insertions, 7 deletions
diff --git a/packages/snort/snort.inc b/packages/snort/snort.inc
index ba0d53fb..039a03a7 100644
--- a/packages/snort/snort.inc
+++ b/packages/snort/snort.inc
@@ -485,4 +485,37 @@ function update_all_status($status) {
}
}
+function get_snort_alert($ip) {
+ $file_split = split("\n", file_get_contents("/var/log/snort/alert"));
+ foreach($file_split as $fileline) {
+ if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
+ $alert_title = $matches[0];
+ if (preg_match("/(\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b)/", $fileline, $matches))
+ $alert_ip = $matches[2];
+ if($alert_ip == $ip)
+ return $alert_title;
+ }
+ return "n/a";
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
?> \ No newline at end of file
diff --git a/packages/snort/snort_blocked.php b/packages/snort/snort_blocked.php
index d08a7f6a..5e21f3bf 100644
--- a/packages/snort/snort_blocked.php
+++ b/packages/snort/snort_blocked.php
@@ -77,6 +77,7 @@ include("head.inc");
<tr id="frheader">
<td width="5%" class="listhdrr">Remove</td>
<td class="listhdrr">IP</td>
+ <td class="listhdrr">Description</td>
</tr>
<?php
@@ -86,19 +87,23 @@ include("head.inc");
foreach($ips_array as $ip) {
if(!$ip)
continue;
+ $ww_ip = str_replace(" ", "", $ip);
$counter++;
- echo "<tr>";
- echo "<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ip)) . "'>";
- echo "<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>";
- echo "<td>&nbsp;{$ip}</td>";
- echo "</tr>";
+ $alert_description = get_snort_alert($ww_ip);
+ echo "\n<tr>";
+ echo "\n<td align=\"center\" valign=\"top\"'><a href='snort_blocked.php?todelete=" . trim(urlencode($ww_ip)) . "'>";
+ echo "\n<img title=\"Delete\" border=\"0\" name='todelete' id='todelete' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a></td>";
+ echo "\n<td>&nbsp;{$ww_ip}</td>";
+ echo "\n<td>&nbsp;{$alert_description}<!-- |{$ww_ip}| get_snort_alert($ww_ip); --></td>";
+ echo "\n</tr>";
}
if($counter < 1)
- echo "<tr><td colspan='2' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>";
+ echo "\n<tr><td colspan='2' align=\"center\" valign=\"top\">There are currently no items being blocked by snort.</td></tr>";
else
- echo "<tr><td colspan='2' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>";
+ echo "\n<tr><td colspan='2' align=\"center\" valign=\"top\">{$counter} items listed.</td></tr>";
?>
+
</table>
</td>
</tr>