diff options
Diffstat (limited to 'config/snort')
-rw-r--r-- | config/snort/snort_generate_conf.php | 13 | ||||
-rwxr-xr-x | config/snort/snort_interfaces_edit.php | 54 |
2 files changed, 64 insertions, 3 deletions
diff --git a/config/snort/snort_generate_conf.php b/config/snort/snort_generate_conf.php index c67ab3d6..e65f4836 100644 --- a/config/snort/snort_generate_conf.php +++ b/config/snort/snort_generate_conf.php @@ -89,8 +89,17 @@ foreach ($snort_files as $file) { /* define alertsystemlog */ $alertsystemlog_type = ""; -if ($snortcfg['alertsystemlog'] == "on") - $alertsystemlog_type = "output alert_syslog: log_alert"; +if ($snortcfg['alertsystemlog'] == "on") { + $alertsystemlog_type = "output alert_syslog: "; + if (!empty($snortcfg['alertsystemlog_facility'])) + $alertsystemlog_type .= strtoupper($snortcfg['alertsystemlog_facility']) . " "; + else + $alertsystemlog_type .= "LOG_AUTH "; + if (!empty($snortcfg['alertsystemlog_priority'])) + $alertsystemlog_type .= strtoupper($snortcfg['alertsystemlog_priority']) . " "; + else + $alertsystemlog_type .= "LOG_ALERT "; +} /* define snortunifiedlog */ $snortunifiedlog_type = ""; diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php index c9436801..65bf4ead 100755 --- a/config/snort/snort_interfaces_edit.php +++ b/config/snort/snort_interfaces_edit.php @@ -113,6 +113,10 @@ if (empty($pconfig['blockoffendersip'])) $pconfig['blockoffendersip'] = "both"; if (empty($pconfig['performance'])) $pconfig['performance'] = "ac-bnfa"; +if (empty($pconfig['alertsystemlog_facility'])) + $pconfig['alertsystemlog_facility'] = "log_auth"; +if (empty($pconfig['alertsystemlog_priority'])) + $pconfig['alertsystemlog_priority'] = "log_alert"; // See if creating a new interface by duplicating an existing one if (strcasecmp($action, 'dup') == 0) { @@ -206,6 +210,8 @@ if ($_POST["save"] && !$input_errors) { if ($_POST['externallistname']) $natent['externallistname'] = $_POST['externallistname']; else unset($natent['externallistname']); if ($_POST['suppresslistname']) $natent['suppresslistname'] = $_POST['suppresslistname']; else unset($natent['suppresslistname']); if ($_POST['alertsystemlog'] == "on") { $natent['alertsystemlog'] = 'on'; }else{ $natent['alertsystemlog'] = 'off'; } + if ($_POST['alertsystemlog_facility']) $natent['alertsystemlog_facility'] = $_POST['alertsystemlog_facility']; + if ($_POST['alertsystemlog_priority']) $natent['alertsystemlog_priority'] = $_POST['alertsystemlog_priority']; if ($_POST['configpassthru']) $natent['configpassthru'] = base64_encode(str_replace("\r\n", "\n", $_POST['configpassthru'])); else unset($natent['configpassthru']); if ($_POST['cksumcheck']) $natent['cksumcheck'] = 'on'; else $natent['cksumcheck'] = 'off'; if ($_POST['fpm_split_any_any'] == "on") { $natent['fpm_split_any_any'] = 'on'; }else{ $natent['fpm_split_any_any'] = 'off'; } @@ -355,6 +361,8 @@ if ($_POST["save"] && !$input_errors) { if (!is_array($natent['stream5_tcp_engine']['item'])) $natent['stream5_tcp_engine']['item'] = array(); $natent['stream5_tcp_engine']['item'][] = $stream5_eng; + $natent['alertsystemlog_facility'] = "log_auth"; + $natent['alertsystemlog_priority'] = "log_alert"; $a_rule[] = $natent; } @@ -488,9 +496,44 @@ include_once("head.inc"); </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Send Alerts to System Logs"); ?></td> - <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" <?php if ($pconfig['alertsystemlog'] == "on") echo "checked"; ?>/> + <td width="78%" class="vtable"><input name="alertsystemlog" type="checkbox" value="on" onclick="toggle_system_log();" <?php if ($pconfig['alertsystemlog'] == "on") echo " checked"; ?>/> <?php echo gettext("Snort will send Alerts to the firewall's system logs."); ?></td> </tr> + <tbody id="alertsystemlog_rows"> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("System Log Facility"); ?></td> + <td width="78%" class="vtable"> + <select name="alertsystemlog_facility" id="alertsystemlog_facility" class="formselect"> + <?php + $log_facility = array( "log_auth", "log_authpriv", "log_daemon", "log_user", "log_local0", "log_local1", + "log_local2", "log_local3", "log_local4", "log_local5", "log_local6", "log_local7" ); + foreach ($log_facility as $facility) { + $selected = ""; + if ($facility == $pconfig['alertsystemlog_facility']) + $selected = " selected"; + echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log Facility to use for reporting. Default is ") . "<strong>" . gettext("log_auth") . "</strong>."; ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?php echo gettext("System Log Priority"); ?></td> + <td width="78%" class="vtable"> + <select name="alertsystemlog_priority" id="alertsystemlog_priority" class="formselect"> + <?php + $log_priority = array( "log_emerg", "log_crit", "log_alert", "log_err", "log_warning", "log_notice", "log_info", "log_debug" ); + foreach ($log_priority as $priority) { + $selected = ""; + if ($priority == $pconfig['alertsystemlog_priority']) + $selected = " selected"; + echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n"; + } + ?></select> + <?php echo gettext("Select system log Priority (Level) to use for reporting. Default is ") . "<strong>" . gettext("log_alert") . "</strong>."; ?> + </td> + </tr> + </tbody> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Block Offenders"); ?></td> <td width="78%" class="vtable"> @@ -750,6 +793,14 @@ function enable_blockoffenders() { document.iform.btnWhitelist.disabled=endis; } +function toggle_system_log() { + var endis = !(document.iform.alertsystemlog.checked); + if (endis) + document.getElementById("alertsystemlog_rows").style.display="none"; + else + document.getElementById("alertsystemlog_rows").style.display=""; +} + function enable_change(enable_change) { endis = !(document.iform.enable.checked || enable_change); // make sure a default answer is called if this is invoked. @@ -804,6 +855,7 @@ function viewList(id, elemID, elemType) { enable_change(false); enable_blockoffenders(); +toggle_system_log(); //--> </script> |