aboutsummaryrefslogtreecommitdiffstats
path: root/config/widget-snort
diff options
context:
space:
mode:
Diffstat (limited to 'config/widget-snort')
-rw-r--r--config/widget-snort/snort_alerts.inc20
-rw-r--r--config/widget-snort/snort_alerts.inc.php92
-rw-r--r--config/widget-snort/snort_alerts.js57
-rw-r--r--config/widget-snort/snort_alerts.widget.php29
-rw-r--r--config/widget-snort/snort_alerts_helper.php20
-rw-r--r--config/widget-snort/widget-snort.inc13
-rw-r--r--config/widget-snort/widget-snort.xml26
7 files changed, 23 insertions, 234 deletions
diff --git a/config/widget-snort/snort_alerts.inc b/config/widget-snort/snort_alerts.inc
deleted file mode 100644
index 159452dd..00000000
--- a/config/widget-snort/snort_alerts.inc
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-
-require_once("globals.inc");
-require_once("includes/snort_alerts.inc.php");
-
-$snort_alerts_title = "Snort Alerts";
-$snort_alerts_title_link = "snort/snort_alerts.php";
-
-foreach (glob("{$g['varlog_path']}/snort/*/alert") as $alert) {
- $snort_alerts_logfile = $alert;
- $nentries = 10;
- $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries);
-
- /* AJAX related routines */
- handle_snort_ajax($snort_alerts_logfile, $nentries);
-}
-if($_GET['lastsawtime'] or $_POST['lastsawtime'])
- exit;
-
-?>
diff --git a/config/widget-snort/snort_alerts.inc.php b/config/widget-snort/snort_alerts.inc.php
deleted file mode 100644
index 46d2b9a7..00000000
--- a/config/widget-snort/snort_alerts.inc.php
+++ /dev/null
@@ -1,92 +0,0 @@
-<?
-function get_snort_alerts($snort_alerts, $nentries, $tail = 20) {
- global $config, $g;
- $logarr = "";
- /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */
- exec("/usr/bin/tail -r -n {$tail} {$snort_alerts}", $logarr);
-
- $snortalerts = array();
-
- $counter = 0;
-
- foreach ($logarr as $logent) {
- if($counter >= $nentries)
- break;
-
- $alert = parse_snort_alert_line($logent);
- if ($alert != "") {
- $counter++;
- $snortalerts[] = $alert;
- }
-
- }
- /* Since the rules are in reverse order, flip them around if needed based on the user's preference */
- return isset($config['syslog']['reverse']) ? $snortalerts : array_reverse($snortalerts);
-}
-
-function parse_snort_alert_line($line) {
- $log_split = "";
- $datesplit = "";
- preg_match("/^(.*)\s+\[\*\*\]\s+\[(\d+\:\d+:\d+)\]\s(.*)\s(.*)\s+\[\*\*\].*\s+\[Priority:\s(\d+)\]\s{(.*)}\s+(.*)\s->\s(.*)$/U", $line, $log_split);
-
- list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'],
- $alert['priority'], $alert['proto'], $alert['src'], $alert['dst']) = $log_split;
-
- $usableline = true;
-
- if(trim($alert['src']) == "")
- $usableline = false;
- if(trim($alert['dst']) == "")
- $usableline = false;
-
- if($usableline == true) {
- preg_match("/^(\d+)\/(\d+)-(\d+\:\d+\:\d+).\d+$/U", $alert['time'], $datesplit);
- $now_time = strtotime("now");
- $checkdate = $datesplit[1] . "/" . $datesplit[2] . "/" . date("Y");
- $fulldate = $datesplit[2] . "/" . $datesplit[1] . "/" . date("Y");
- $logdate = $checkdate . " " . $datesplit[3];
- if ($now_time < strtotime($logdate)) {
- $fulldate = $datesplit[2] . "/" . $datesplit[1] . "/" . ((int)date("Y") - 1);
- }
-
- $alert['dateonly'] = $fulldate;
- $alert['timeonly'] = $datesplit[3];
- $alert['category'] = strtoupper( substr($alert["category"],0 , 1) ) . strtolower( substr($alert["category"],1 ) );
- return $alert;
- } else {
- if($g['debug']) {
- log_error("There was a error parsing line: $line. Please report to mailing list or forum.");
- }
- return "";
- }
-}
-
-/* AJAX specific handlers */
-function handle_snort_ajax($snort_alerts_logfile, $nentries = 5, $tail = 50) {
- if($_GET['lastsawtime'] or $_POST['lastsawtime']) {
- if($_GET['lastsawtime'])
- $lastsawtime = $_GET['lastsawtime'];
- if($_POST['lastsawtime'])
- $lastsawtime = $_POST['lastsawtime'];
- /* compare lastsawrule's time stamp to alert logs.
- * afterwards return the newer records so that client
- * can update AJAX interface screen.
- */
- $new_rules = "";
- $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries);
- foreach($snort_alerts as $log_row) {
- $time_regex = "";
- preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex);
- $logdate = $time_regex[1] . "/" . $time_regex[2] . "/" . date("Y") . " " . $time_regex[3];
- //preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $testsplit[1], $time_regex);
- // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex);
- $row_time = strtotime($logdate);
- $now_time = strtotime("now");
- if($row_time > $lastsawtime and $row_time <= $nowtime) {
- $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||" . time() . "||{$log_row['timeonly']}||{$log_row['dateonly']}" . "||\n";
- }
- }
- echo $new_rules;
- }
-}
-?>
diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js
index 0cc76ab1..0c2d9ca6 100644
--- a/config/widget-snort/snort_alerts.js
+++ b/config/widget-snort/snort_alerts.js
@@ -1,63 +1,10 @@
-snortlastsawtime = '<?php echo time(); ?>';
var snortlines = Array();
var snorttimer;
var snortupdateDelay = 25500;
var snortisBusy = false;
var snortisPaused = false;
-<?php
- if(isset($config['syslog']['reverse']))
- echo "var isReverse = true;\n";
- else
- echo "var isReverse = false;\n";
-?>
-
-if (typeof getURL == 'undefined') {
- getURL = function(url, callback) {
- if (!url)
- throw 'No URL for getURL';
- try {
- if (typeof callback.operationComplete == 'function')
- callback = callback.operationComplete;
- } catch (e) {}
- if (typeof callback != 'function')
- throw 'No callback function for getURL';
- var http_request = null;
- if (typeof XMLHttpRequest != 'undefined') {
- http_request = new XMLHttpRequest();
- }
- else if (typeof ActiveXObject != 'undefined') {
- try {
- http_request = new ActiveXObject('Msxml2.XMLHTTP');
- } catch (e) {
- try {
- http_request = new ActiveXObject('Microsoft.XMLHTTP');
- } catch (e) {}
- }
- }
- if (!http_request)
- throw 'Both getURL and XMLHttpRequest are undefined';
- http_request.onreadystatechange = function() {
- if (http_request.readyState == 4) {
- callback( { success : true,
- content : http_request.responseText,
- contentType : http_request.getResponseHeader("Content-Type") } );
- }
- }
- http_request.open('GET', url, true);
- http_request.send(null);
- }
-}
-
-function snort_alerts_fetch_new_rules() {
- if(snortisPaused)
- return;
- if(snortisBusy)
- return;
- snortisBusy = true;
- getURL('widgets/helpers/snort_alerts_helper.php?lastsawtime=' + snortlastsawtime, snort_alerts_fetch_new_rules_callback);
-}
function snort_alerts_fetch_new_rules_callback(callback_data) {
if(snortisPaused)
return;
@@ -75,8 +22,6 @@ function snort_alerts_fetch_new_rules_callback(callback_data) {
line = '<td width="30%" class="listr" >' + row_split[6] + '<br>' + row_split[7]+ '</td>';
line += '<td width="40%" class="listr" >' + row_split[3] + '<br>' + row_split[4] + '</td>';
line += '<td width="40%" class="listr" >' + 'Pri : ' + row_split[1] + '<br>' + 'Cat : ' + row_split[2] + '</td>';
- snortlastsawtime = row_split[5];
- //alert(row_split[0]);
new_data_to_add[new_data_to_add.length] = line;
}
snort_alerts_update_div_rows(new_data_to_add);
@@ -131,7 +76,7 @@ function snort_alerts_update_div_rows(data) {
}
}
/* rechedule AJAX interval */
- //snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
+ snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
}
function snort_alerts_toggle_pause() {
if(snortisPaused) {
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
index ad7827b7..c579a35e 100644
--- a/config/widget-snort/snort_alerts.widget.php
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -26,6 +26,8 @@
POSSIBILITY OF SUCH DAMAGE.
*/
global $config, $g;
+$snort_alerts_title = "Snort Alerts";
+$snort_alerts_title_link = "snort/snort_alerts.php";
/* retrieve snort variables */
require_once("/usr/local/pkg/snort/snort.inc");
@@ -38,12 +40,14 @@ $a_instance = &$config['installedpackages']['snortglobal']['rule'];
$snort_alerts = array();
$tmpblocked = array_flip(snort_get_blocked_ips());
foreach ($a_instance as $instanceid => $instance) {
- $snort_uuid = $a_instance[$instanceid]['uuid'];
- $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
- $tmpfile = "{$g['tmp_path']}/.widget_alert_{$snort_uuid}";
+ if ($instance['enable'] != 'on')
+ continue;
/* make sure alert file exists */
if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
+ $snort_uuid = $instance['uuid'];
+ $if_real = snort_get_real_interface($instance['interface']);
+ $tmpfile = "{$g['tmp_path']}/.widget_alert_{$snort_uuid}";
if (isset($config['syslog']['reverse']))
exec("tail -10 /var/log/snort/snort_{$if_real}{$snort_uuid}/alert | sort -r > {$tmpfile}");
else
@@ -58,7 +62,7 @@ foreach ($a_instance as $instanceid => $instance) {
$fields = explode(",", $fileline);
$snort_alert = array();
- $snort_alert[]['instanceid'] = snort_get_friendly_interface($a_instance[$instanceid]['interface']);
+ $snort_alert[]['instanceid'] = snort_get_friendly_interface($instance['interface']);
$snort_alert[]['timestamp'] = $fields[0];
$snort_alert[]['timeonly'] = substr($fields[0], 6, -8);
$snort_alert[]['dateonly'] = substr($fields[0], 0, -17);
@@ -69,13 +73,21 @@ foreach ($a_instance as $instanceid => $instance) {
$snort_alert[]['priority'] = $fields[12];
$snort_alert[]['category'] = $fields[11];
$snort_alerts[] = $snort_alert;
- };
+ }
fclose($fd);
@unlink($tmpfile);
- };
- };
-};
+ }
+ }
+}
+
+if ($_GET['evalScripts']) {
+ /* AJAX specific handlers */
+ $new_rules = "";
+ foreach($snort_alerts as $log_row)
+ $new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||{$log_row['timestamp']}||{$log_row['timeonly']}||{$log_row['dateonly']}\n";
+ echo $new_rules;
+} else {
/* display the result */
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
@@ -96,3 +108,4 @@ foreach ($snort_alerts as $counter => $alert) {
?>
</tbody>
</table>
+<?php } ?>
diff --git a/config/widget-snort/snort_alerts_helper.php b/config/widget-snort/snort_alerts_helper.php
deleted file mode 100644
index 5df0da04..00000000
--- a/config/widget-snort/snort_alerts_helper.php
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-require_once("globals.inc");
-require_once("guiconfig.inc");
-require_once("includes/snort_alerts.inc.php");
-
-foreach (glob("{$g['varlog_path']}/snort/*/alert") as $alert) {
- $snort_alerts_logfile = $alert;
- $nentries = 5;
- $snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries);
-
- /* AJAX related routines */
- handle_snort_ajax($snort_alerts_logfile, $nentries);
-}
-if($_GET['lastsawtime'] or $_POST['lastsawtime'])
- exit;
-
-?>
-<script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script>
-<script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script>
-<script src="/widgets/javascript/snort_alerts.js" type="text/javascript"></script>
diff --git a/config/widget-snort/widget-snort.inc b/config/widget-snort/widget-snort.inc
deleted file mode 100644
index 584e5f2d..00000000
--- a/config/widget-snort/widget-snort.inc
+++ /dev/null
@@ -1,13 +0,0 @@
-<?php
-
-function widget_snort_uninstall() {
-
- unlink("/usr/local/www/includes/snort_alerts.inc.php");
- unlink("/usr/local/www/widgets/helpers/snort_alerts_helper.php");
- unlink("/usr/local/www/widgets/include/snort_alerts.inc");
- unlink("/usr/local/www/widgets/javascript/snort_alerts.js");
- unlink("/usr/local/www/widgets/widgets/snort_alerts.widget.php");
-
-}
-
-?> \ No newline at end of file
diff --git a/config/widget-snort/widget-snort.xml b/config/widget-snort/widget-snort.xml
index 1644181c..785ac5b1 100644
--- a/config/widget-snort/widget-snort.xml
+++ b/config/widget-snort/widget-snort.xml
@@ -46,29 +46,8 @@
<requirements>Dashboard package and Snort</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>widget-snort</name>
- <version>0.2</version>
+ <version>0.5</version>
<title>Widget - Snort</title>
- <include_file>/usr/local/pkg/widget-snort.inc</include_file>
- <additional_files_needed>
- <prefix>/usr/local/pkg/</prefix>
- <chmod>077</chmod>
- <item>http://www.pfsense.com/packages/config/widget-snort/widget-snort.inc</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/includes/</prefix>
- <chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/widgets/helpers/</prefix>
- <chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts_helper.php</item>
- </additional_files_needed>
- <additional_files_needed>
- <prefix>/usr/local/www/widgets/include/</prefix>
- <chmod>0644</chmod>
- <item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.inc</item>
- </additional_files_needed>
<additional_files_needed>
<prefix>/usr/local/www/widgets/javascript/</prefix>
<chmod>0644</chmod>
@@ -79,7 +58,4 @@
<chmod>0644</chmod>
<item>http://www.pfsense.com/packages/config/widget-snort/snort_alerts.widget.php</item>
</additional_files_needed>
- <custom_php_deinstall_command>
- widget_snort_uninstall();
- </custom_php_deinstall_command>
</packagegui>