aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc20
-rw-r--r--config/snort/snort_check_cron_misc.inc21
-rwxr-xr-xconfig/snort/snort_interfaces.php2
3 files changed, 28 insertions, 15 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 79fef4fa..7a151f7a 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -440,8 +440,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false) {
$gw = get_interface_gateway($snortcfg['interface']);
if (is_ipaddr($gw) && !in_array($gw, $home_net))
$home_net[] = $gw;
- if (function_exists("get_interface_gatewayv6")) {
- $gw = get_interface_gatewayv6($snortcfg['interface']);
+ if (function_exists("get_interface_gateway_v6")) {
+ $gw = get_interface_gateway_v6($snortcfg['interface']);
if (is_ipaddrv6($gw) && !in_array($gw, $home_net))
$home_net[] = $gw;
}
@@ -636,14 +636,14 @@ function snort_get_real_interface($interface) {
}
/*
- this code block is for deleteing logs while keeping the newest file,
+ this code block is for deleting logs while keeping the newest file,
snort is linked to these files while running, do not take the easy way out
by touch and rm, snort will lose sync and not log.
*/
function snort_post_delete_logs($snort_uuid = 0) {
global $config, $g;
- /* do not start config build if rules is empty */
+ /* do nothing if no Snort interfaces active */
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
@@ -651,14 +651,22 @@ function snort_post_delete_logs($snort_uuid = 0) {
if ($value['uuid'] != $snort_uuid)
continue;
$if_real = snort_get_real_interface($value['interface']);
- $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}";
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
if ($if_real != '') {
+ /* Clean-up Barnyard2 files if any exist */
$filelist = glob("{$snort_log_dir}/*{$snort_uuid}_{$if_real}.u2.*");
unset($filelist[count($filelist) - 1]);
foreach ($filelist as $file)
@unlink($file);
+ /* Clean-up packet capture files if any exist */
+ $filelist = glob("{$snort_log_dir}/snort.log.*");
+ unset($filelist[count($filelist) - 1]);
+ foreach ($filelist as $file)
+ @unlink($file);
+
+ /* Clean-up stats files if they are enabled */
if ($value['perform_stat'] == 'on') {
$fd = fopen("{$snort_log_dir}/{$if_real}.stats", "w");
if ($fd) {
@@ -674,7 +682,7 @@ function snort_Getdirsize($node) {
if(!is_readable($node))
return false;
- $blah = exec( "/usr/bin/du -kd $node" );
+ $blah = exec( "/usr/bin/du -kdc $node" );
return substr( $blah, 0, strpos($blah, 9) );
}
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index e988b949..c1835dd0 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -52,27 +52,32 @@ if ($snortloglimit == 'off')
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
-$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\'');
-
foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
$if_real = snort_get_real_interface($value['interface']);
$snort_uuid = $value['uuid'];
- $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}";
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
if (file_exists("{$snort_log_dir}/alert")) {
$snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert");
- $snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70);
$snortloglimitsizeKB = round($snortloglimitsize * 1024);
- /* do I need HUP kill ? */
if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) {
conf_mount_rw();
- if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB)
- @file_put_contents("{$snort_log_dir}/alert", "");
+ log_error(gettext("[Snort] Snort Log directory size exceeds limit set in Global Settings."));
+ log_error(gettext("[Snort] Logs for {$value['descr']} ({$if_real}) will be truncated."));
snort_post_delete_logs($snort_uuid);
+ $fd = @fopen("{$snort_log_dir}/alert", "w+");
+ if ($fd)
+ fclose($fd);
+ /* XXX: This is needed if snort is run as snort user */
+ mwexec('/bin/chmod 660 /var/log/snort/*', true);
+ /* XXX: Soft-restart Snort process to resync logging */
+ if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})"));
+ mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
+ }
conf_mount_ro();
}
-
}
}
diff --git a/config/snort/snort_interfaces.php b/config/snort/snort_interfaces.php
index 84273167..15d9addc 100755
--- a/config/snort/snort_interfaces.php
+++ b/config/snort/snort_interfaces.php
@@ -220,7 +220,7 @@ if ($pfsense_stable == 'yes')
<table id="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr id="frheader">
<td width="3%" class="list">&nbsp;</td>
- <td width="10%" class="listhdrr"><?php echo gettext("If"); ?></td>
+ <td width="10%" class="listhdrr"><?php echo gettext("Interface"); ?></td>
<td width="13%" class="listhdrr"><?php echo gettext("Snort"); ?></td>
<td width="10%" class="listhdrr"><?php echo gettext("Performance"); ?></td>
<td width="10%" class="listhdrr"><?php echo gettext("Block"); ?></td>