diff options
-rw-r--r-- | config/snort-dev/snort.inc | 8 | ||||
-rw-r--r-- | config/snort-dev/snort_alerts.php | 23 |
2 files changed, 19 insertions, 12 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc index 629c250a..b72c806e 100644 --- a/config/snort-dev/snort.inc +++ b/config/snort-dev/snort.inc @@ -274,6 +274,7 @@ function Running_Stop($snort_uuid, $if_real, $id) { /* * TODO: Add a GUI option that lets the user keep full logs */ + /* if ($start_up != '') { @exec("/bin/kill {$start_up}"); @exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*"); @@ -287,6 +288,7 @@ function Running_Stop($snort_uuid, $if_real, $id) { @exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u1*"); @exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u2*"); } + */ /* Log Iface stop */ exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'"); @@ -1330,7 +1332,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid) */ $snortalertcvs_type = ""; if ($snortcfg['snortalertcvs'] == "on") - $snortalertcvs_type = "output alert_csv: /var/log/alert.csv default 128"; + $snortalertcvs_type = "output alert_csv: /var/log/snort/{$snort_uuid}_{$if_real}/alert.csv default 128"; /* define snortalertlogtype */ if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast") @@ -1642,7 +1644,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid) $enabled_rulesets = $snortcfg['rulesets']; $selected_rules_sections = ""; if (!empty($enabled_rulesets)) { - $enabled_rulesets_array = split("\|\|", $enabled_rulesets); + $enabled_rulesets_array = explode("\|\|", $enabled_rulesets); foreach($enabled_rulesets_array as $enabled_item) $selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n"; } @@ -2246,7 +2248,7 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules # TODO: gui needed for pfsense # GTP Control Channle Preprocessor, README.GTP -preprocessor gtp: ports { 2123 3386 2152 } +# preprocessor gtp: ports { 2123 3386 2152 } #################################################### # Inline packet normalization, README.normalize diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php index 354c89f4..538d49c7 100644 --- a/config/snort-dev/snort_alerts.php +++ b/config/snort-dev/snort_alerts.php @@ -48,8 +48,13 @@ if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array();
$a_instance = &$config['installedpackages']['snortglobal']['rule'];
$snort_uuid = $a_instance[0]['uuid'];
-if ($_POST['instance'])
- $snort_uuid = $a_instance[$_POST['instance']]['uuid'];
+$if_real = snort_get_real_interface($a_instance[0]['interface']);
+
+if ($_POST['instance']) {
+ $snort_uuid = $a_instance[$_POST]['instance']['uuid'];
+ $if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']);
+}
+
if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
@@ -93,10 +98,10 @@ if ($_POST['save']) if ($_GET['action'] == "clear" || $_POST['clear'])
{
- if (file_exists("/var/log/snort/alert_{$snort_uuid}"))
+ if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))
{
conf_mount_rw();
- @file_put_contents("/var/log/snort/alert_{$snort_uuid}", "");
+ @file_put_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert", "");
post_delete_logs();
/* XXX: This is needed is snort is run as snort user */
//mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
@@ -113,7 +118,7 @@ if ($_POST['download']) $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}.tar.gz";
- exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort");
+ exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/{$snort_uuid}_{$if_real}");
if (file_exists("/tmp/{$file_name}")) {
$file = "/tmp/snort_logs_{$save_date}.tar.gz";
@@ -381,16 +386,16 @@ if ($pconfig['arefresh'] == 'on') <?php
/* make sure alert file exists */
- if (!file_exists("/var/log/snort/alert_{$snort_uuid}"))
- exec("/usr/bin/touch /var/log/snort/alert_{$snort_uuid}");
+ if (!file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))
+ exec("/usr/bin/touch /var/log/snort/{$snort_uuid}_{$if_real}/alert");
$logent = $anentries;
/* detect the alert file type */
if ($snortalertlogt == 'full')
- $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+ $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))));
else
- $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+ $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))));
|