diff options
-rw-r--r-- | config/suricata/suricata_check_cron_misc.inc | 194 | ||||
-rw-r--r-- | config/suricata/suricata_logs_mgmt.php | 429 |
2 files changed, 570 insertions, 53 deletions
diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc index b2678059..25e8bb8a 100644 --- a/config/suricata/suricata_check_cron_misc.inc +++ b/config/suricata/suricata_check_cron_misc.inc @@ -30,74 +30,162 @@ require_once("/usr/local/pkg/suricata/suricata.inc"); -// 'B' => 1, -// 'KB' => 1024, -// 'MB' => 1024 * 1024, -// 'GB' => 1024 * 1024 * 1024, -// 'TB' => 1024 * 1024 * 1024 * 1024, -// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024, +function suricata_check_dir_size_limit($suricataloglimitsize) { + /******************************************************** + * This function checks the total size of the Suricata * + * logging sub-directory structure and prunes the files * + * for all Suricata interfaces if the size exceeds the * + * passed limit. * + * * + * On Entry: $surictaaloglimitsize = dir size limit * + * in megabytes * + ********************************************************/ + + // Convert Log Limit Size setting from MB to KB + $suricataloglimitsizeKB = round($suricataloglimitsize * 1024); + $suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR); -/* chk if snort log dir is full if so clear it */ -$suricataloglimit = $config['installedpackages']['suricata']['config'][0]['suricataloglimit']; -$suricataloglimitsize = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']; + if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) { + log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated.")); + conf_mount_rw(); -if ($g['booting']==true) - return; + // Truncate the Rules Update Log file if it exists + if (file_exists(RULES_UPD_LOGFILE)) { + log_error(gettext("[Suricata] Truncating the Rules Update Log file...")); + @file_put_contents(RULES_UPD_LOGFILE, ""); + } -if ($suricataloglimit == 'off') - return; + // Initialize an array of the log files we want to prune + $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" ); -if (!is_array($config['installedpackages']['suricata']['rule'])) - return; + // Clean-up the logs for each configured Suricata instance + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + $suricata_uuid = $value['uuid']; + $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; + log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})...")); + suricata_post_delete_logs($suricata_uuid); + + foreach ($logs as $file) { + // Truncate the log file if it exists + if (file_exists("{$suricata_log_dir}/{$file}")) { + try { + file_put_contents("{$suricata_log_dir}/{$file}", ""); + } catch (Exception $e) { + log_error("[Suricata] Failed to truncate file '{$suricata_log_dir}/{$file}' -- error was {$e->getMessage()}"); + } + } + } -/* Convert Log Limit Size setting from MB to KB */ -$suricataloglimitsizeKB = round($suricataloglimitsize * 1024); -$suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR); -if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) { - log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated.")); - conf_mount_rw(); - - /* Truncate the Rules Update Log file if it exists */ - if (file_exists(RULES_UPD_LOGFILE)) { - log_error(gettext("[Suricata] Truncating the Rules Update Log file...")); - $fd = @fopen(RULES_UPD_LOGFILE, "w+"); - if ($fd) - fclose($fd); + // Check for any captured stored files and clean them up + unlink_if_exists("{$suricata_log_dir}/files/*"); + + // This is needed if suricata is run as suricata user + mwexec('/bin/chmod 660 /var/log/suricata/*', true); + } + conf_mount_ro(); + log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed.")); } +} - /* Clean-up the logs for each configured Suricata instance */ - foreach ($config['installedpackages']['suricata']['rule'] as $value) { - $if_real = get_real_interface($value['interface']); - $suricata_uuid = $value['uuid']; - $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; - log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})...")); - suricata_post_delete_logs($suricata_uuid); +function suricata_check_rotate_log($log_file, $log_limit, $retention) { - // Initialize an array of the log files we want to prune - $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" ); + /******************************************************** + * This function checks the passed log file against * + * the passed size limit and rotates the log file if * + * necessary. It also checks the age of previously * + * rotated logs and removes those older than the * + * rentention parameter. * + * * + * On Entry: $log_file -> full pathname/filename of * + * log file to check * + * $log_limit -> size of file in bytes to * + * trigger rotation. Zero * + * means no rotation. * + * $retention -> retention period in hours * + * for rotated logs. Zero * + * means never remove. * + ********************************************************/ - foreach ($logs as $file) { - // Truncate the log file if it exists - if (file_exists("{$suricata_log_dir}/$file")) { - $fd = @fopen("{$suricata_log_dir}/$file", "w+"); - if ($fd) - fclose($fd); - } + // Check the current log to see if it needs rotating. + // If it does, rotate it and put the current time + // on the end of the filename as UNIX timestamp. + if (($log_limit > 0) && (filesize($log_file) >= $log_limit)) { + $newfile = $log_file . "." . strval(time()); + try { + copy($log_file, $newfile); + file_put_contents($log_file, ""); + } catch (Exception $e) { + log_error("[Suricata] Failed to rotate file '{$log_file}' -- error was {$e->getMessage()}"); } + } - // Check for any captured stored files and clean them up - $filelist = glob("{$suricata_log_dir}/files/*"); - if (!empty($filelist)) { - foreach ($filelist as $file) - @unlink($file); + // Check previously rotated logs to see if time to + // delete any older than the retention period. + // Rotated logs have a UNIX timestamp appended to + // filename. + if ($retention > 0) { + $now = time(); + $rotated_files = glob("{$log_file}.*"); + foreach ($rotated_files as $file) { + if (($now - filemtime($file)) > ($retention * 3600)) + unlink_if_exists($file); } + unset($rotated_files); + } +} + +/************************* + * Start of main code * + *************************/ + +// If firewall is booting, do nothing +if ($g['booting'] == true) + return; + +// If no interfaces defined, there is nothing to clean up +if (!is_array($config['installedpackages']['suricata']['rule'])) + return; - // This is needed if suricata is run as suricata user - mwexec('/bin/chmod 660 /var/log/suricata/*', true); +$logs = array (); + +// Build an arry of files to check and limits to check them against from our saved configuration +$logs['alerts.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size']; +$logs['alerts.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention']; +$logs['files-json.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size']; +$logs['files-json.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention']; +$logs['http.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size']; +$logs['http.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention']; +$logs['stats.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size']; +$logs['stats.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention']; +$logs['tls.log']['limit'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size']; +$logs['tls.log']['retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention']; + +// Check log limits and retention in the interface logging directories if enabled +if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on') { + foreach ($config['installedpackages']['suricata']['rule'] as $value) { + $if_real = get_real_interface($value['interface']); + $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}"; + foreach ($logs as $k => $p) + suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']); } - conf_mount_ro(); - log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed.")); + + // Prune any aged-out Barnyard2 archived logs if any exist + if (is_dir("{$suricata_log_dir}/barnyard2/archive") && + $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) + unlink_if_exists($f); + } + } + unset($files); } +// Check the overall log directory limit (if enabled) and prune if necessary +if ($config['installedpackages']['suricata']['config'][0]['suricataloglimit'] == 'on') + suricata_check_dir_size_limit($config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']); + ?> diff --git a/config/suricata/suricata_logs_mgmt.php b/config/suricata/suricata_logs_mgmt.php new file mode 100644 index 00000000..7418dd80 --- /dev/null +++ b/config/suricata/suricata_logs_mgmt.php @@ -0,0 +1,429 @@ +<?php +/* + * suricata_logs_mgmt.php + * part of pfSense + * + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/suricata/suricata.inc"); + +global $g; + +$suricatadir = SURICATADIR; + +$pconfig = array(); + +// Grab saved settings from configuration +$pconfig['enable_log_mgmt'] = $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on' ? 'on' : 'off'; +$pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs']; +$pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit']; +$pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']; +$pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size']; +$pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention']; +$pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size']; +$pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention']; +$pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size']; +$pconfig['http_log_retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention']; +$pconfig['stats_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size']; +$pconfig['stats_log_retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention']; +$pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size']; +$pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention']; +$pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit']; +$pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention']; + +// Load up some arrays with selection values (we use these later). +// The keys in the $retentions array are the retention period +// converted to hours. The keys in the $log_sizes array are +// the file size limits in KB. +$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'), + '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'), + '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") ); +$log_sizes = array( '0' => gettext('NO LIMIT'), '50' => gettext('50 KB'), '150' => gettext('150 KB'), '250' => gettext('250 KB'), + '500' => gettext('500 KB'), '750' => gettext('750 KB'), '1000' => gettext('1 MB'), '2000' => gettext('2 MB'), + '5000' => gettext("5 MB"), '10000' => gettext("10 MB") ); + +// Set sensible defaults for any unset parameters +if (empty($pconfig['suricataloglimit'])) + $pconfig['suricataloglimit'] = 'on'; +if (empty($pconfig['suricataloglimitsize'])) { + // Set limit to 20% of slice that is unused */ + $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024); +} + +// Set default retention periods for rotated logs +if (empty($pconfig['alert_log_retention'])) + $pconfig['alert_log_retention'] = "336"; +if (empty($pconfig['files_json_log_retention'])) + $pconfig['files_json_log_retention'] = "168"; +if (empty($pconfig['http_log_retention'])) + $pconfig['http_log_retention'] = "168"; +if (empty($pconfig['stats_log_retention'])) + $pconfig['stats_log_retention'] = "168"; +if (empty($pconfig['tls_log_retention'])) + $pconfig['tls_log_retention'] = "336"; +if (empty($pconfig['u2_archive_log_retention'])) + $pconfig['u2_archive_log_retention'] = "168"; + +// Set default log file size limits +if (empty($pconfig['alert_log_limit_size'])) + $pconfig['alert_log_limit_size'] = "500"; +if (empty($pconfig['files_json_log_limit_size'])) + $pconfig['files_json_log_limit_size'] = "1000"; +if (empty($pconfig['http_log_limit_size'])) + $pconfig['http_log_limit_size'] = "1000"; +if (empty($pconfig['stats_log_limit_size'])) + $pconfig['stats_log_limit_size'] = "500"; +if (empty($pconfig['tls_log_limit_size'])) + $pconfig['tls_log_limit_size'] = "500"; +if (empty($pconfig['unified2_log_limit'])) + $pconfig['unified2_log_limit'] = "32"; + +if ($_POST["save"]) { + if ($_POST['suricataloglimit'] == 'on') { + if (!is_numericint($_POST['suricataloglimitsize']) || $_POST['suricataloglimitsize'] < 1) + $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero."); + } + + // Validate unified2 log file limit + if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1) + $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be an integer value greater than zero."); + + if (!$input_errors) { + $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; + $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; + $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit']; + $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize']; + $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention']; + $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention']; + $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['http_log_retention'] = $_POST['http_log_retention']; + $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'] = $_POST['stats_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['stats_log_retention'] = $_POST['stats_log_retention']; + $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'] = $_POST['tls_log_limit_size']; + $config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention']; + $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit']; + $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention']; + + write_config(); + sync_suricata_package_config(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /suricata/suricata_logs_mgmt.php"); + exit; + } +} + +$pgtitle = gettext("Suricata: Logs Management"); +include_once("head.inc"); + +?> + +<body link="#000000" vlink="#000000" alink="#000000"> + +<?php +include_once("fbegin.inc"); + +/* Display Alert message, under form tag or no refresh */ +if ($input_errors) + print_input_errors($input_errors); + +?> + +<form action="suricata_logs_mgmt.php" method="post" enctype="multipart/form-data" name="iform" id="iform"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> +<?php + $tab_array = array(); + $tab_array[] = array(gettext("Suricata Interfaces"), false, "/suricata/suricata_interfaces.php"); + $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php"); + $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php"); + $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php"); + $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php"); + $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php"); + $tab_array[] = array(gettext("Logs Mgmt"), true, "/suricata/suricata_logs_mgmt.php"); + display_top_tabs($tab_array); +?> +</td></tr> +<tr> + <td> + <div id="mainarea"> + <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Settings"); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Remove Suricata Log Files During Package Uninstall"); ?></td> + <td width="78%" class="vtable"><input name="clearlogs" id="clearlogs" type="checkbox" value="yes" + <?php if ($config['installedpackages']['suricata']['config'][0]['clearlogs']=="on") echo " checked"; ?>/> + <?php echo gettext("Suricata log files will be removed when the Suricata package is uninstalled."); ?></td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Auto Log Management"); ?></td> + <td width="78%" class="vtable"><input name="enable_log_mgmt" id="enable_log_mgmt" type="checkbox" value="on" + <?php if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt']=="on") echo " checked"; ?> onClick="enable_change();"/> + <?php echo gettext("Enable automatic unattended management of Suricata logs using parameters specified below."); ?><br/> + <span class="red"><strong><?=gettext("Note: ") . "</strong></span>" . gettext("This must be be enabled in order to set Log Size and Retention Limits below.");?> + </td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Logs Directory Size Limit"); ?></td> +</tr> +<tr> +<?php $suricatalogCurrentDSKsize = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') / 1024); ?> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Directory Size " . + "Limit"); ?><br/><br/><br/><br/><br/><br/><br/> + <span class="red"><strong><?php echo gettext("Note:"); ?></strong></span><br/> + <?php echo gettext("Available space is"); ?> <strong><?php echo $suricatalogCurrentDSKsize; ?> MB</strong></td> + <td width="78%" class="vtable"> + <table cellpadding="0" cellspacing="0"> + <tr> + <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_on" value="on" + <?php if($pconfig['suricataloglimit']=='on') echo 'checked'; ?> onClick="enable_change_dirSize();"/> + <strong><?php echo gettext("Enable"); ?></strong> <?php echo gettext("directory size limit"); ?> (<strong><?php echo gettext("Default"); ?></strong>)</td> + </tr> + <tr> + <td colspan="2" class="vexpl"><input name="suricataloglimit" type="radio" id="suricataloglimit_off" value="off" + <?php if($pconfig['suricataloglimit']=='off') echo 'checked'; ?> onClick="enable_change_dirSize();"/> + <strong><?php echo gettext("Disable"); ?></strong> + <?php echo gettext("directory size limit"); ?><br/> + <br/><span class="red"><strong><?=gettext("Note: ");?></strong></span><?=gettext("this setting imposes a hard-limit on the combined log directory size of all Suricata interfaces. ") . + gettext("When the size limit set is reached, rotated logs for all interfaces will be removed, and any active logs pruned to zero-length.");?> + <br/><br/> + <span class="red"><strong><?php echo gettext("Warning:"); ?></strong></span> <?php echo gettext("NanoBSD " . + "should use no more than 10MB of space."); ?></td> + </tr> + </table> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <tr> + <td class="vexpl"><?php echo gettext("Size in ") . "<strong>" . gettext("MB:") . "</strong>";?> + <input name="suricataloglimitsize" type="text" class="formfld unknown" id="suricataloglimitsize" size="10" value="<?=htmlspecialchars($pconfig['suricataloglimitsize']);?>"/> + <?php echo gettext("Default is ") . "<strong>" . gettext("20%") . "</strong>" . gettext(" of available space.");?></td> + </tr> + </table> + </td> +</tr> +<tr> + <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Log Size and Retention Limits"); ?></td> +</tr> +<tr> + <td class="vncell" valign="top" width="22%"><?php echo gettext("Text Log Settings");?></td> + <td class="vtable" width="78%"> + <table width="100%" border="0" cellpadding="2" cellspacing="0"> + <colgroup> + <col style="width: 15%;"> + <col style="width: 18%;"> + <col style="width: 20%;"> + <col> + </colgroup> + <thead> + <tr> + <th class="listhdrr"><?=gettext("Log Name");?></th> + <th class="listhdrr"><?=gettext("Max Size");?></th> + <th class="listhdrr"><?=gettext("Retention");?></th> + <th class="listhdrr"><?=gettext("Log Description");?></th> + </tr> + </thead> + <tbody> + <tr> + <td class="listbg">alerts</td> + <td class="listr" align="center"><select name="alert_log_limit_size" class="formselect" id="alert_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['alert_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="alert_log_retention" class="formselect" id="alert_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['alert_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Suricata alerts and event details");?></td> + </tr> + <tr> + <td class="listbg">files-json</td> + <td class="listr" align="center"><select name="files_json_log_limit_size" class="formselect" id="files_json_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['files_json_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="files_json_log_retention" class="formselect" id="files_json_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['files_json_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Captured files info in JSON format");?></td> + </tr> + <tr> + <td class="listbg">http</td> + <td class="listr" align="center"><select name="http_log_limit_size" class="formselect" id="http_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['http_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="http_log_retention" class="formselect" id="http_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['http_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Captured HTTP events and session info");?></td> + </tr> + <tr> + <td class="listbg">stats</td> + <td class="listr" align="center"><select name="stats_log_limit_size" class="formselect" id="stats_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['stats_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="stats_log_retention" class="formselect" id="stats_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['stats_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("Suricata performance statistics");?></td> + </tr> + <tr> + <td class="listbg">tls</td> + <td class="listr" align="center"><select name="tls_log_limit_size" class="formselect" id="tls_log_limit_size"> + <?php foreach ($log_sizes as $k => $l): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['tls_log_limit_size']) echo "selected"; ?>> + <?=htmlspecialchars($l);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listr" align="center"><select name="tls_log_retention" class="formselect" id="tls_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['tls_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> + </td> + <td class="listbg"><?=gettext("SMTP TLS handshake details");?></td> + </tr> + </tbody> + </table> + <br/><?=gettext("Settings will be ignored for any log in the list above not enabled on the Interface Settings tab. ") . + gettext("When a log reaches the Max Size limit, it will be rotated and tagged with a timestamp. The Retention period determines ") . + gettext("how long rotated logs are kept before they are automatically deleted.");?> + </td> +</tr> +<tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td> + <td width="78%" class="vtable"> + <input name="unified2_log_limit" type="text" class="formfld unknown" + id="unified2_log_limit" size="10" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/> + <?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/> + <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?> + </td> +</tr> +<tr> + <td class="vncell" width="22%" valign="top"><?=gettext("Unified2 Archived Log Retention Period");?></td> + <td width="78%" class="vtable"><select name="u2_archive_log_retention" class="formselect" id="u2_archive_log_retention"> + <?php foreach ($retentions as $k => $p): ?> + <option value="<?=$k;?>" + <?php if ($k == $pconfig['u2_archive_log_retention']) echo "selected"; ?>> + <?=htmlspecialchars($p);?></option> + <?php endforeach; ?> + </select> <?=gettext("Choose retention period for archived Barnyard2 binary log files. Default is ") . "<strong>" . gettext("7 days."). "</strong>";?><br/><br/> + <?=gettext("When Barnyard2 output is enabled, Suricata writes event data to a binary format file that Barnyard2 reads and processes. ") . + gettext("When finished processing a file, Barnyard2 moves it to an archive folder. This setting determines how long files ") . + gettext("remain in the archive folder before they are automatically deleted.");?> + </td> +</tr> +<tr> + <td width="22%"></td> + <td width="78%" class="vexpl"><input name="save" type="submit" class="formbtn" value="Save"/><br/> + <br/><span class="red"><strong><?php echo gettext("Note:");?></strong> + </span><?php echo gettext("Changing any settings on this page will affect all Suricata-configured interfaces.");?></td> +</tr> + </table> +</div><br/> +</td></tr> +</table> +</form> + +<script language="JavaScript"> +function enable_change() { + var endis = !(document.iform.enable_log_mgmt.checked); + document.iform.alert_log_limit_size.disabled = endis; + document.iform.alert_log_retention.disabled = endis; + document.iform.files_json_log_limit_size.disabled = endis; + document.iform.files_json_log_retention.disabled = endis; + document.iform.http_log_limit_size.disabled = endis; + document.iform.http_log_retention.disabled = endis; + document.iform.stats_log_limit_size.disabled = endis; + document.iform.stats_log_retention.disabled = endis; + document.iform.tls_log_limit_size.disabled = endis; + document.iform.tls_log_retention.disabled = endis; + document.iform.unified2_log_limit.disabled = endis; + document.iform.u2_archive_log_retention.disabled = endis; +} + +function enable_change_dirSize() { + var endis = !(document.getElementById('suricataloglimit_on').checked); + document.getElementById('suricataloglimitsize').disabled = endis; +} + +enable_change(); +enable_change_dirSize(); +</script> + +<?php include("fend.inc"); ?> + +</body> +</html> |