aboutsummaryrefslogtreecommitdiffstats
path: root/config/suricata/suricata_barnyard.php
diff options
context:
space:
mode:
Diffstat (limited to 'config/suricata/suricata_barnyard.php')
-rw-r--r--config/suricata/suricata_barnyard.php631
1 files changed, 631 insertions, 0 deletions
diff --git a/config/suricata/suricata_barnyard.php b/config/suricata/suricata_barnyard.php
new file mode 100644
index 00000000..e71dc261
--- /dev/null
+++ b/config/suricata/suricata_barnyard.php
@@ -0,0 +1,631 @@
+<?php
+/*
+ * suricata_barnyard.php
+ * part of pfSense
+ *
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/suricata/suricata.inc");
+
+global $g, $rebuild_rules;
+
+$id = $_GET['id'];
+if (isset($_POST['id']))
+ $id = $_POST['id'];
+if (is_null($id)) {
+ header("Location: /suricata/suricata_interfaces.php");
+ exit;
+}
+
+if (!is_array($config['installedpackages']['suricata']['rule']))
+ $config['installedpackages']['suricata']['rule'] = array();
+$a_nat = &$config['installedpackages']['suricata']['rule'];
+
+$pconfig = array();
+
+if (isset($id) && $a_nat[$id]) {
+ $pconfig = $a_nat[$id];
+ if (!empty($a_nat[$id]['barnconfigpassthru']))
+ $pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
+ if (!empty($a_nat[$id]['barnyard_dbpwd']))
+ $pconfig['barnyard_dbpwd'] = base64_decode($a_nat[$id]['barnyard_dbpwd']);
+ if (empty($a_nat[$id]['barnyard_show_year']))
+ $pconfig['barnyard_show_year'] = "on";
+ if (empty($a_nat[$id]['unified2_log_limit']))
+ $pconfig['unified2_log_limit'] = "32";
+ if (empty($a_nat[$id]['barnyard_archive_enable']))
+ $pconfig['barnyard_archive_enable'] = "on";
+ if (empty($a_nat[$id]['barnyard_obfuscate_ip']))
+ $pconfig['barnyard_obfuscate_ip'] = "off";
+ if (empty($a_nat[$id]['barnyard_syslog_dport']))
+ $pconfig['barnyard_syslog_dport'] = "514";
+ if (empty($a_nat[$id]['barnyard_syslog_proto']))
+ $pconfig['barnyard_syslog_proto'] = "udp";
+ if (empty($a_nat[$id]['barnyard_syslog_opmode']))
+ $pconfig['barnyard_syslog_opmode'] = "default";
+ if (empty($a_nat[$id]['barnyard_syslog_facility']))
+ $pconfig['barnyard_syslog_facility'] = "LOG_USER";
+ if (empty($a_nat[$id]['barnyard_syslog_priority']))
+ $pconfig['barnyard_syslog_priority'] = "LOG_INFO";
+ if (empty($a_nat[$id]['barnyard_bro_ids_dport']))
+ $pconfig['barnyard_bro_ids_dport'] = "47760";
+ if (empty($a_nat[$id]['barnyard_sensor_id']))
+ $pconfig['barnyard_sensor_id'] = "0";
+ if (empty($a_nat[$id]['barnyard_sensor_name']))
+ $pconfig['barnyard_sensor_name'] = php_uname("n");
+}
+
+if ($_POST['save']) {
+ // Check that at least one output plugin is enabled
+ if ($_POST['barnyard_mysql_enable'] != 'on' && $_POST['barnyard_syslog_enable'] != 'on' &&
+ $_POST['barnyard_bro_ids_enable'] != 'on' && $_POST['barnyard_enable'] == "on")
+ $input_errors[] = gettext("You must enable at least one output option when using Barnyard2.");
+
+ // Validate unified2 log file limit
+ if ($_POST['barnyard_enable'] == 'on') {
+ if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1)
+ $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be a valid integer greater than zero.");
+ }
+
+ // Validate Sensor ID is a valid integer
+ if ($_POST['barnyard_enable'] == 'on') {
+ if (!is_numericint($_POST['barnyard_sensor_id']) || $_POST['barnyard_sensor_id'] < 0)
+ $input_errors[] = gettext("The value for 'Sensor ID' must be a valid positive integer.");
+ }
+
+ // Validate inputs if MySQL database loggging enabled
+ if ($_POST['barnyard_mysql_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_dbhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the MySQL database host.");
+ if (empty($_POST['barnyard_dbname']))
+ $input_errors[] = gettext("You must provide a DB instance name when logging to a MySQL database.");
+ if (empty($_POST['barnyard_dbuser']))
+ $input_errors[] = gettext("You must provide a DB user login name when logging to a MySQL database.");
+ }
+
+ // Validate inputs if syslog output enabled
+ if ($_POST['barnyard_syslog_enable'] == 'on' && $_POST['barnyard_syslog_local'] <> 'on' &&
+ $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_syslog_dport']) || !is_numeric($_POST['barnyard_syslog_dport']))
+ $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Syslog Remote Port.");
+ if (empty($_POST['barnyard_syslog_rhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the Syslog Remote Host.");
+ }
+
+ // Validate inputs if Bro-IDS output enabled
+ if ($_POST['barnyard_bro_ids_enable'] == 'on' && $_POST['barnyard_enable'] == "on") {
+ if (empty($_POST['barnyard_bro_ids_dport']) || !is_numeric($_POST['barnyard_bro_ids_dport']))
+ $input_errors[] = gettext("Please provide a valid number between 1 and 65535 for the Bro-IDS Remote Port.");
+ if (empty($_POST['barnyard_bro_ids_rhost']))
+ $input_errors[] = gettext("Please provide a valid hostname or IP address for the Bro-IDS Remote Host.");
+ }
+
+ // if no errors write to conf
+ if (!$input_errors) {
+ $natent = array();
+ /* repost the options already in conf */
+ $natent = $pconfig;
+
+ $natent['barnyard_enable'] = $_POST['barnyard_enable'] ? 'on' : 'off';
+ $natent['barnyard_show_year'] = $_POST['barnyard_show_year'] ? 'on' : 'off';
+ $natent['barnyard_archive_enable'] = $_POST['barnyard_archive_enable'] ? 'on' : 'off';
+ $natent['barnyard_dump_payload'] = $_POST['barnyard_dump_payload'] ? 'on' : 'off';
+ $natent['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip'] ? 'on' : 'off';
+ $natent['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'] ? 'on' : 'off';
+ $natent['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'] ? 'on' : 'off';
+ $natent['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'] ? 'on' : 'off';
+ $natent['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'] ? 'on' : 'off';
+ $natent['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
+ $natent['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
+
+ if ($_POST['barnyard_sensor_id']) $natent['barnyard_sensor_id'] = $_POST['barnyard_sensor_id']; else $natent['barnyard_sensor_id'] = '0';
+ if ($_POST['barnyard_sensor_name']) $natent['barnyard_sensor_name'] = $_POST['barnyard_sensor_name']; else unset($natent['barnyard_sensor_name']);
+ if ($_POST['unified2_log_limit']) $natent['unified2_log_limit'] = $_POST['unified2_log_limit']; else unset($natent['unified2_log_limit']);
+ if ($_POST['barnyard_dbhost']) $natent['barnyard_dbhost'] = $_POST['barnyard_dbhost']; else unset($natent['barnyard_dbhost']);
+ if ($_POST['barnyard_dbname']) $natent['barnyard_dbname'] = $_POST['barnyard_dbname']; else unset($natent['barnyard_dbname']);
+ if ($_POST['barnyard_dbuser']) $natent['barnyard_dbuser'] = $_POST['barnyard_dbuser']; else unset($natent['barnyard_dbuser']);
+ if ($_POST['barnyard_dbpwd']) $natent['barnyard_dbpwd'] = base64_encode($_POST['barnyard_dbpwd']); else unset($natent['barnyard_dbpwd']);
+ if ($_POST['barnyard_syslog_rhost']) $natent['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost']; else unset($natent['barnyard_syslog_rhost']);
+ if ($_POST['barnyard_syslog_dport']) $natent['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport']; else $natent['barnyard_syslog_dport'] = '514';
+ if ($_POST['barnyard_syslog_facility']) $natent['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility']; else $natent['barnyard_syslog_facility'] = 'LOG_USER';
+ if ($_POST['barnyard_syslog_priority']) $natent['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority']; else $natent['barnyard_syslog_priority'] = 'LOG_INFO';
+ if ($_POST['barnyard_bro_ids_rhost']) $natent['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost']; else unset($natent['barnyard_bro_ids_rhost']);
+ if ($_POST['barnyard_bro_ids_dport']) $natent['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport']; else $natent['barnyard_bro_ids_dport'] = '47760';
+ if ($_POST['barnconfigpassthru']) $natent['barnconfigpassthru'] = base64_encode($_POST['barnconfigpassthru']); else unset($natent['barnconfigpassthru']);
+
+ $a_nat[$id] = $natent;
+ write_config();
+
+ // No need to rebuild rules for Barnyard2 changes
+ $rebuild_rules = false;
+ sync_suricata_package_config();
+
+ // If disabling Barnyard2 on the interface, stop any
+ // currently running instance. If an instance is
+ // running, signal it to reload the configuration.
+ // If Barnyard2 is enabled but not running, start it.
+ if ($a_nat[$id]['barnyard_enable'] == "off") {
+ suricata_barnyard_stop($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
+ }
+ elseif ($a_nat[$id]['barnyard_enable'] == "on") {
+ if (suricata_is_running($a_nat[$id]['uuid'], get_real_interface($a_nat[$id]['interface']), "barnyard2"))
+ suricata_barnyard_reload_config($a_nat[$id], "HUP");
+ else
+ suricata_barnyard_start($a_nat[$id], get_real_interface($a_nat[$id]['interface']));
+ }
+
+ // after click go to this page
+ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-store, no-cache, must-revalidate' );
+ header( 'Cache-Control: post-check=0, pre-check=0', false );
+ header( 'Pragma: no-cache' );
+ header("Location: suricata_barnyard.php?id=$id");
+ exit;
+ }
+ else {
+ // We had errors, so save incoming field data to prevent retyping
+ $pconfig['barnyard_enable'] = $_POST['barnyard_enable'];
+ $pconfig['barnyard_show_year'] = $_POST['barnyard_show_year'];
+ $pconfig['barnyard_archive_enable'] = $_POST['barnyard_archive_enable'];
+ $pconfig['barnyard_dump_payload'] = $_POST['barnyard_dump_payload'];
+ $pconfig['barnyard_obfuscate_ip'] = $_POST['barnyard_obfuscate_ip'];
+ $pconfig['barnyard_mysql_enable'] = $_POST['barnyard_mysql_enable'];
+ $pconfig['barnyard_syslog_enable'] = $_POST['barnyard_syslog_enable'];
+ $pconfig['barnyard_syslog_local'] = $_POST['barnyard_syslog_local'];
+ $pconfig['barnyard_syslog_opmode'] = $_POST['barnyard_syslog_opmode'];
+ $pconfig['barnyard_syslog_proto'] = $_POST['barnyard_syslog_proto'];
+ $pconfig['barnyard_bro_ids_enable'] = $_POST['barnyard_bro_ids_enable'];
+
+ $pconfig['barnyard_sensor_name'] = $_POST['barnyard_sensor_name'];
+ $pconfig['barnyard_dbhost'] = $_POST['barnyard_dbhost'];
+ $pconfig['barnyard_dbname'] = $_POST['barnyard_dbname'];
+ $pconfig['barnyard_dbuser'] = $_POST['barnyard_dbuser'];
+ $pconfig['barnyard_dbpwd'] = $_POST['barnyard_dbpwd'];
+ $pconfig['barnyard_syslog_rhost'] = $_POST['barnyard_syslog_rhost'];
+ $pconfig['barnyard_syslog_dport'] = $_POST['barnyard_syslog_dport'];
+ $pconfig['barnyard_syslog_facility'] = $_POST['barnyard_syslog_facility'];
+ $pconfig['barnyard_syslog_priority'] = $_POST['barnyard_syslog_priority'];
+ $pconfig['barnyard_bro_ids_rhost'] = $_POST['barnyard_bro_ids_rhost'];
+ $pconfig['barnyard_bro_ids_dport'] = $_POST['barnyard_bro_ids_dport'];
+ $pconfig['barnconfigpassthru'] = $_POST['barnconfigpassthru'];
+ }
+}
+
+$if_friendly = convert_friendly_interface_to_friendly_descr($pconfig['interface']);
+$pgtitle = gettext("Suricata: Interface {$if_friendly} - Barnyard2 Settings");
+include_once("head.inc");
+
+?>
+<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
+
+<?php include("fbegin.inc");
+
+ /* Display Alert message */
+ if ($input_errors) {
+ print_input_errors($input_errors); // TODO: add checks
+ }
+
+ if ($savemsg) {
+ print_info_box($savemsg);
+ }
+
+?>
+
+<form action="suricata_barnyard.php" method="post" name="iform" id="iform">
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+<tr><td>
+<?php
+ $tab_array = array();
+ $tab_array[] = array(gettext("Suricata Interfaces"), true, "/suricata/suricata_interfaces.php");
+ $tab_array[] = array(gettext("Global Settings"), false, "/suricata/suricata_global.php");
+ $tab_array[] = array(gettext("Update Rules"), false, "/suricata/suricata_download_updates.php");
+ $tab_array[] = array(gettext("Alerts"), false, "/suricata/suricata_alerts.php?instance={$id}");
+ $tab_array[] = array(gettext("Suppress"), false, "/suricata/suricata_suppress.php");
+ $tab_array[] = array(gettext("Logs Browser"), false, "/suricata/suricata_logs_browser.php?instance={$id}");
+ display_top_tabs($tab_array);
+ echo '</td></tr>';
+ echo '<tr><td class="tabnavtbl">';
+ $tab_array = array();
+ $menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
+ $tab_array[] = array($menu_iface . gettext("Settings"), false, "/suricata/suricata_interfaces_edit.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Categories"), false, "/suricata/suricata_rulesets.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Rules"), false, "/suricata/suricata_rules.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Flow/Stream"), false, "/suricata/suricata_flow_stream.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("App Parsers"), false, "/suricata/suricata_app_parsers.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Variables"), false, "/suricata/suricata_define_vars.php?id={$id}");
+ $tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/suricata/suricata_barnyard.php?id={$id}");
+ display_top_tabs($tab_array);
+?>
+</td></tr>
+ <tr>
+ <td><div id="mainarea">
+ <table id="maintable" class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0">
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("General Barnyard2 " .
+ "Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?php echo gettext("Enable"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_enable'] == "on") echo "checked"; ?> onClick="enable_change(false)"/>
+ <strong><?php echo gettext("Enable Barnyard2"); ?></strong><br/>
+ <?php echo gettext("This will enable barnyard2 for this interface. You will also to enable at least one logging destination below."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Show Year"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_show_year" type="checkbox" value="on" <?php if ($pconfig['barnyard_show_year'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable the year being shown in timestamps. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Unified2 Log Limit"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="unified2_log_limit" type="text" class="formfld unknown"
+ id="unified2_log_limit" size="25" value="<?=htmlspecialchars($pconfig['unified2_log_limit']);?>"/>
+ &nbsp;<?php echo gettext("Log file size limit in megabytes (MB). Default is "); ?><strong><?=gettext("32 MB.");?></strong><br/>
+ <?php echo gettext("This sets the maximum size for a unified2 log file before it is rotated and a new one created."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Archive Unified2 Logs"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_archive_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_archive_enable'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable the archiving of processed unified2 log files. Default value is ") . "<strong>" . gettext("Checked") . "</strong>"; ?><br/>
+ <?php echo gettext("Unified2 log files will be moved to an archive folder for subsequent cleanup when processed."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Dump Payload"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dump_payload" type="checkbox" value="on" <?php if ($pconfig['barnyard_dump_payload'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable dumping of application data from unified2 files. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?><br/>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Obfuscate IP Addresses"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_obfuscate_ip" type="checkbox" value="on" <?php if ($pconfig['barnyard_obfuscate_ip'] == "on") echo "checked"; ?>/>
+ <?php echo gettext("Enable obfuscation of logged IP addresses. Default value is ") . "<strong>" . gettext("Not Checked") . "</strong>"; ?>
+ </td>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor ID"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_sensor_id" type="text" class="formfld unknown"
+ id="barnyard_sensor_id" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_id']);?>"/>
+ &nbsp;<?php echo gettext("Sensor ID to use for this sensor. Default is ") . "<strong>" . gettext("0.") . "</strong>"; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Sensor Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_sensor_name" type="text" class="formfld unknown"
+ id="barnyard_sensor_name" size="25" value="<?=htmlspecialchars($pconfig['barnyard_sensor_name']);?>"/>
+ &nbsp;<?php echo gettext("Unique name to use for this sensor. (Optional)"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("MySQL Database Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable MySQL Database"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_mysql_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_mysql_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_mySQL()"/><?php echo gettext("Enable logging of alerts to a MySQL database instance"); ?><br/>
+ <?php echo gettext("You will also have to provide the database credentials in the fields below."); ?></td>
+ </tr>
+ <tbody id="mysql_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbhost" type="text" class="formfld host"
+ id="barnyard_dbhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of the MySQL database server"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbname" type="text" class="formfld unknown"
+ id="barnyard_dbname" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbname']);?>"/>
+ &nbsp;<?php echo gettext("Instance or DB name of the MySQL database"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Name"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbuser" type="text" class="formfld user"
+ id="barnyard_dbuser" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbuser']);?>"/>
+ &nbsp;<?php echo gettext("Username for the MySQL database"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Database User Password"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_dbpwd" type="password" class="formfld pwd"
+ id="barnyard_dbpwd" size="25" value="<?=htmlspecialchars($pconfig['barnyard_dbpwd']);?>"/>
+ &nbsp;<?php echo gettext("Password for the MySQL database user"); ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Syslog Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Syslog"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_syslog()"/>
+ <?php echo gettext("Enable logging of alerts to a syslog receiver"); ?><br/>
+ <?php echo gettext("This will send alert data to either a local or remote syslog receiver."); ?></td>
+ </tr>
+ <tbody id="syslog_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Operation Mode"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_default"
+ value="default" <?php if ($pconfig['barnyard_syslog_opmode'] == 'default') echo "checked";?>/>
+ <?php echo gettext("DEFAULT"); ?>&nbsp;<input name="barnyard_syslog_opmode" type="radio" id="barnyard_syslog_opmode_complete"
+ value="complete" <?php if ($pconfig['barnyard_syslog_opmode'] == 'complete') echo "checked";?>/>
+ <?php echo gettext("COMPLETE"); ?>&nbsp;&nbsp;
+ <?php echo gettext("Select the level of detail to include when reporting"); ?><br/><br/>
+ <?php echo gettext("DEFAULT mode is compatible with the standard Snort syslog format. COMPLETE mode includes additional information such as the raw packet data (displayed in hex format)."); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Only"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_local" type="checkbox" value="on" <?php if ($pconfig['barnyard_syslog_local'] == "on") echo "checked"; ?>
+ onClick="toggle_local_syslog()"/>
+ <?php echo gettext("Enable logging of alerts to the local system only"); ?><br/>
+ <?php echo gettext("This will send alert data to the local system only and overrides the host, port, protocol, facility and priority values below."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_rhost" type="text" class="formfld host"
+ id="barnyard_syslog_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_rhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of remote syslog host"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_dport" type="text" class="formfld unknown"
+ id="barnyard_syslog_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_syslog_dport']);?>"/>
+ &nbsp;<?php echo gettext("Port number for syslog on remote host. Default is ") . "<strong>" . gettext("514") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Protocol"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_udp"
+ value="udp" <?php if ($pconfig['barnyard_syslog_proto'] == 'udp') echo "checked";?>/>
+ <?php echo gettext("UDP"); ?>&nbsp;<input name="barnyard_syslog_proto" type="radio" id="barnyard_syslog_proto_tcp"
+ value="tcp" <?php if ($pconfig['barnyard_syslog_proto'] == 'tcp') echo "checked";?>/>
+ <?php echo gettext("TCP"); ?>&nbsp;&nbsp;
+ <?php echo gettext("Select IP protocol to use for remote reporting. Default is ") . "<strong>" . gettext("UDP") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Facility"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="barnyard_syslog_facility" id="barnyard_syslog_facility" class="formselect">
+ <?php
+ $log_facility = array( "LOG_AUTH", "LOG_AUTHPRIV", "LOG_DAEMON", "LOG_KERN", "LOG_SYSLOG", "LOG_USER", "LOG_LOCAL1",
+ "LOG_LOCAL2", "LOG_LOCAL3", "LOG_LOCAL4", "LOG_LOCAL5", "LOG_LOCAL6", "LOG_LOCAL7" );
+ foreach ($log_facility as $facility) {
+ $selected = "";
+ if ($facility == $pconfig['barnyard_syslog_facility'])
+ $selected = " selected";
+ echo "<option value='{$facility}'{$selected}>" . $facility . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select Syslog Facility to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_USER") . "</strong>."; ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Log Priority"); ?></td>
+ <td width="78%" class="vtable">
+ <select name="barnyard_syslog_priority" id="barnyard_syslog_priority" class="formselect">
+ <?php
+ $log_priority = array( "LOG_EMERG", "LOG_ALERT", "LOG_CRIT", "LOG_ERR", "LOG_WARNING", "LOG_NOTICE", "LOG_INFO" );
+ foreach ($log_priority as $priority) {
+ $selected = "";
+ if ($priority == $pconfig['barnyard_syslog_priority'])
+ $selected = " selected";
+ echo "<option value='{$priority}'{$selected}>" . $priority . "</option>\n";
+ }
+ ?></select>&nbsp;&nbsp;
+ <?php echo gettext("Select Syslog Priority (Level) to use for remote reporting. Default is ") . "<strong>" . gettext("LOG_INFO") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Bro-IDS Output Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Enable Bro-IDS"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_enable" type="checkbox" value="on" <?php if ($pconfig['barnyard_bro_ids_enable'] == "on") echo "checked"; ?>
+ onClick="toggle_bro_ids()"/>
+ <?php echo gettext("Enable logging of alerts to a Bro-IDS receiver"); ?><br/>
+ <?php echo gettext("This will send alert data to either a local or remote Bro-IDS receiver."); ?></td>
+ </tr>
+ <tbody id="bro_ids_config_rows">
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Host"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_rhost" type="text" class="formfld host"
+ id="barnyard_bro_ids_rhost" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_rhost']);?>"/>
+ &nbsp;<?php echo gettext("Hostname or IP address of remote Bro-IDS host"); ?>
+ </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Remote Port"); ?></td>
+ <td width="78%" class="vtable">
+ <input name="barnyard_bro_ids_dport" type="text" class="formfld unknown"
+ id="barnyard_bro_ids_dport" size="25" value="<?=htmlspecialchars($pconfig['barnyard_bro_ids_dport']);?>"/>
+ &nbsp;<?php echo gettext("Port number for Bro-IDS instance on remote host. Default is ") . "<strong>" . gettext("47760") . "</strong>."; ?>
+ </td>
+ </tr>
+ </tbody>
+ <tr>
+ <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Advanced Settings"); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top" class="vncell"><?php echo gettext("Advanced configuration " .
+ "pass through"); ?></td>
+ <td width="78%" class="vtable"><textarea name="barnconfigpassthru" style="width:95%;"
+ cols="65" rows="7" id="barnconfigpassthru" ><?=htmlspecialchars($pconfig['barnconfigpassthru']);?></textarea>
+ <br/>
+ <?php echo gettext("Arguments entered here will be automatically inserted into the running " .
+ "barnyard2 configuration."); ?></td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%">
+ <input name="save" type="submit" class="formbtn" value="Save">
+ <input name="id" type="hidden" value="<?=$id;?>"> </td>
+ </tr>
+ <tr>
+ <td width="22%" valign="top">&nbsp;</td>
+ <td width="78%"><span class="vexpl"><span class="red"><strong><?php echo gettext("Note:"); ?></strong></span></span>
+ <br/>
+ <?php echo gettext("Please save your settings before you click start."); ?> </td>
+ </tr>
+ </table>
+ </div>
+ </td>
+ </tr>
+</table>
+</form>
+
+<script language="JavaScript">
+
+function toggle_mySQL() {
+ var endis = !document.iform.barnyard_mysql_enable.checked;
+
+ document.iform.barnyard_dbhost.disabled = endis;
+ document.iform.barnyard_dbname.disabled = endis;
+ document.iform.barnyard_dbuser.disabled = endis;
+ document.iform.barnyard_dbpwd.disabled = endis;
+
+ if (endis)
+ document.getElementById("mysql_config_rows").style.display = "none";
+ else
+ document.getElementById("mysql_config_rows").style.display = "";
+}
+
+function toggle_syslog() {
+ var endis = !document.iform.barnyard_syslog_enable.checked;
+
+ document.iform.barnyard_syslog_opmode_default.disabled = endis;
+ document.iform.barnyard_syslog_opmode_complete.disabled = endis;
+ document.iform.barnyard_syslog_local.disabled = endis;
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+
+ if (endis)
+ document.getElementById("syslog_config_rows").style.display = "none";
+ else
+ document.getElementById("syslog_config_rows").style.display = "";
+}
+
+function toggle_local_syslog() {
+ var endis = document.iform.barnyard_syslog_local.checked;
+
+ if (document.iform.barnyard_syslog_enable.checked) {
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+ }
+}
+
+function toggle_bro_ids() {
+ var endis = !document.iform.barnyard_bro_ids_enable.checked;
+
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
+
+ if (endis)
+ document.getElementById("bro_ids_config_rows").style.display = "none";
+ else
+ document.getElementById("bro_ids_config_rows").style.display = "";
+}
+
+function enable_change(enable_change) {
+ endis = !(document.iform.barnyard_enable.checked || enable_change);
+ // make sure a default answer is called if this is invoked.
+ endis2 = (document.iform.barnyard_enable);
+ document.iform.unified2_log_limit.disabled = endis;
+ document.iform.barnyard_archive_enable.disabled = endis;
+ document.iform.barnyard_show_year.disabled = endis;
+ document.iform.barnyard_dump_payload.disabled = endis;
+ document.iform.barnyard_obfuscate_ip.disabled = endis;
+ document.iform.barnyard_sensor_id.disabled = endis;
+ document.iform.barnyard_sensor_name.disabled = endis;
+ document.iform.barnyard_mysql_enable.disabled = endis;
+ document.iform.barnyard_dbhost.disabled = endis;
+ document.iform.barnyard_dbname.disabled = endis;
+ document.iform.barnyard_dbuser.disabled = endis;
+ document.iform.barnyard_dbpwd.disabled = endis;
+ document.iform.barnyard_syslog_enable.disabled = endis;
+ document.iform.barnyard_syslog_local.disabled = endis;
+ document.iform.barnyard_syslog_opmode_default.disabled = endis;
+ document.iform.barnyard_syslog_opmode_complete.disabled = endis;
+ document.iform.barnyard_syslog_rhost.disabled = endis;
+ document.iform.barnyard_syslog_dport.disabled = endis;
+ document.iform.barnyard_syslog_proto_udp.disabled = endis;
+ document.iform.barnyard_syslog_proto_tcp.disabled = endis;
+ document.iform.barnyard_syslog_facility.disabled = endis;
+ document.iform.barnyard_syslog_priority.disabled = endis;
+ document.iform.barnyard_bro_ids_enable.disabled = endis;
+ document.iform.barnyard_bro_ids_rhost.disabled = endis;
+ document.iform.barnyard_bro_ids_dport.disabled = endis;
+ document.iform.barnconfigpassthru.disabled = endis;
+}
+
+enable_change(false);
+toggle_mySQL();
+toggle_syslog();
+toggle_local_syslog();
+toggle_bro_ids();
+
+</script>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 03:40:18 +0000