aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/snort-dev/snort.inc8
-rw-r--r--config/snort-dev/snort_alerts.php23
2 files changed, 19 insertions, 12 deletions
diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 629c250a..b72c806e 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -274,6 +274,7 @@ function Running_Stop($snort_uuid, $if_real, $id) {
/*
* TODO: Add a GUI option that lets the user keep full logs
*/
+ /*
if ($start_up != '') {
@exec("/bin/kill {$start_up}");
@exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
@@ -287,6 +288,7 @@ function Running_Stop($snort_uuid, $if_real, $id) {
@exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u1*");
@exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u2*");
}
+ */
/* Log Iface stop */
exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
@@ -1330,7 +1332,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
*/
$snortalertcvs_type = "";
if ($snortcfg['snortalertcvs'] == "on")
- $snortalertcvs_type = "output alert_csv: /var/log/alert.csv default 128";
+ $snortalertcvs_type = "output alert_csv: /var/log/snort/{$snort_uuid}_{$if_real}/alert.csv default 128";
/* define snortalertlogtype */
if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast")
@@ -1642,7 +1644,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
$enabled_rulesets = $snortcfg['rulesets'];
$selected_rules_sections = "";
if (!empty($enabled_rulesets)) {
- $enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+ $enabled_rulesets_array = explode("\|\|", $enabled_rulesets);
foreach($enabled_rulesets_array as $enabled_item)
$selected_rules_sections .= "include \$RULE_PATH/{$enabled_item}\n";
}
@@ -2246,7 +2248,7 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules
# TODO: gui needed for pfsense
# GTP Control Channle Preprocessor, README.GTP
-preprocessor gtp: ports { 2123 3386 2152 }
+# preprocessor gtp: ports { 2123 3386 2152 }
####################################################
# Inline packet normalization, README.normalize
diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php
index 354c89f4..538d49c7 100644
--- a/config/snort-dev/snort_alerts.php
+++ b/config/snort-dev/snort_alerts.php
@@ -48,8 +48,13 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
$config['installedpackages']['snortglobal']['rule'] = array();
$a_instance = &$config['installedpackages']['snortglobal']['rule'];
$snort_uuid = $a_instance[0]['uuid'];
-if ($_POST['instance'])
- $snort_uuid = $a_instance[$_POST['instance']]['uuid'];
+$if_real = snort_get_real_interface($a_instance[0]['interface']);
+
+if ($_POST['instance']) {
+ $snort_uuid = $a_instance[$_POST]['instance']['uuid'];
+ $if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']);
+}
+
if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
@@ -93,10 +98,10 @@ if ($_POST['save'])
if ($_GET['action'] == "clear" || $_POST['clear'])
{
- if (file_exists("/var/log/snort/alert_{$snort_uuid}"))
+ if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))
{
conf_mount_rw();
- @file_put_contents("/var/log/snort/alert_{$snort_uuid}", "");
+ @file_put_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert", "");
post_delete_logs();
/* XXX: This is needed is snort is run as snort user */
//mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
@@ -113,7 +118,7 @@ if ($_POST['download'])
$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
$file_name = "snort_logs_{$save_date}.tar.gz";
- exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort");
+ exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/{$snort_uuid}_{$if_real}");
if (file_exists("/tmp/{$file_name}")) {
$file = "/tmp/snort_logs_{$save_date}.tar.gz";
@@ -381,16 +386,16 @@ if ($pconfig['arefresh'] == 'on')
<?php
/* make sure alert file exists */
- if (!file_exists("/var/log/snort/alert_{$snort_uuid}"))
- exec("/usr/bin/touch /var/log/snort/alert_{$snort_uuid}");
+ if (!file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))
+ exec("/usr/bin/touch /var/log/snort/{$snort_uuid}_{$if_real}/alert");
$logent = $anentries;
/* detect the alert file type */
if ($snortalertlogt == 'full')
- $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+ $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))));
else
- $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+ $alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))));