From 5b30f0e1acec35a572e99ee47e152e7db24b50b7 Mon Sep 17 00:00:00 2001
From: robiscool <robrob2626@yahoo.com>
Date: Sun, 17 Jun 2012 23:07:26 -0700
Subject: snort-dev, fix snort-dev/snort_alerts.php, disable new preproc GTP
 until GUI is built.

---
 config/snort-dev/snort.inc        |  8 +++++---
 config/snort-dev/snort_alerts.php | 23 ++++++++++++++---------
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/config/snort-dev/snort.inc b/config/snort-dev/snort.inc
index 629c250a..b72c806e 100644
--- a/config/snort-dev/snort.inc
+++ b/config/snort-dev/snort.inc
@@ -274,6 +274,7 @@ function Running_Stop($snort_uuid, $if_real, $id) {
 	/*
 	 * TODO: Add a GUI option that lets the user keep full logs
 	 */
+	/*
 	if ($start_up != '') {
 		@exec("/bin/kill {$start_up}");
 		@exec("/bin/rm /var/log/snort/run/snort_{$if_real}{$snort_uuid}*");
@@ -287,6 +288,7 @@ function Running_Stop($snort_uuid, $if_real, $id) {
 		@exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u1*");
 		@exec("/bin/rm /var/log/snort/barnyard2/{$snort_uuid}_{$if_real}/snort.u2*");
 	}
+	*/
 
 	/* Log Iface stop */
 	exec("/usr/bin/logger -p daemon.info -i -t SnortStartup 'Interface Rule STOP for {$snort_uuid}_{$if_real}...'");
@@ -1330,7 +1332,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
 	 */
 	$snortalertcvs_type = "";
 	if ($snortcfg['snortalertcvs'] == "on")	
-		$snortalertcvs_type = "output alert_csv: /var/log/alert.csv default 128";
+		$snortalertcvs_type = "output alert_csv: /var/log/snort/{$snort_uuid}_{$if_real}/alert.csv default 128";
 
 	/* define snortalertlogtype */
 	if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast")
@@ -1642,7 +1644,7 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
 	$enabled_rulesets = $snortcfg['rulesets'];
 	$selected_rules_sections = "";
 	if (!empty($enabled_rulesets)) {
-		$enabled_rulesets_array = split("\|\|", $enabled_rulesets);
+		$enabled_rulesets_array = explode("\|\|", $enabled_rulesets);
 		foreach($enabled_rulesets_array as $enabled_item)
 			$selected_rules_sections  .= "include \$RULE_PATH/{$enabled_item}\n";
 	}
@@ -2246,7 +2248,7 @@ dynamicdetection directory /usr/local/lib/snort/dynamicrules
 
 # TODO: gui needed for pfsense
 # GTP Control Channle Preprocessor, README.GTP
-preprocessor gtp: ports { 2123 3386 2152 }
+# preprocessor gtp: ports { 2123 3386 2152 }
 
 ####################################################
 # Inline packet normalization, README.normalize
diff --git a/config/snort-dev/snort_alerts.php b/config/snort-dev/snort_alerts.php
index 354c89f4..538d49c7 100644
--- a/config/snort-dev/snort_alerts.php
+++ b/config/snort-dev/snort_alerts.php
@@ -48,8 +48,13 @@ if (!is_array($config['installedpackages']['snortglobal']['rule']))
         $config['installedpackages']['snortglobal']['rule'] = array();
 $a_instance = &$config['installedpackages']['snortglobal']['rule'];
 $snort_uuid = $a_instance[0]['uuid'];
-if ($_POST['instance'])
-	$snort_uuid = $a_instance[$_POST['instance']]['uuid'];
+$if_real = snort_get_real_interface($a_instance[0]['interface']);
+
+if ($_POST['instance']) {
+	$snort_uuid = $a_instance[$_POST]['instance']['uuid'];
+	$if_real = snort_get_real_interface($a_instance[$_POST]['instance']['interface']);
+}
+
 
 if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
 	$pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
@@ -93,10 +98,10 @@ if ($_POST['save'])
 
 if ($_GET['action'] == "clear" || $_POST['clear'])
 {
-	if (file_exists("/var/log/snort/alert_{$snort_uuid}"))
+	if (file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))
 	{
 		conf_mount_rw();
-		@file_put_contents("/var/log/snort/alert_{$snort_uuid}", "");
+		@file_put_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert", "");
 		post_delete_logs();
 		/* XXX: This is needed is snort is run as snort user */
 		//mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
@@ -113,7 +118,7 @@ if ($_POST['download'])
 
 	$save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
 	$file_name = "snort_logs_{$save_date}.tar.gz";
-	exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort");
+	exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort/{$snort_uuid}_{$if_real}");
 
 	if (file_exists("/tmp/{$file_name}")) {
 		$file = "/tmp/snort_logs_{$save_date}.tar.gz";
@@ -381,16 +386,16 @@ if ($pconfig['arefresh'] == 'on')
 		<?php
 
 		/* make sure alert file exists */
-		if (!file_exists("/var/log/snort/alert_{$snort_uuid}"))
-			exec("/usr/bin/touch /var/log/snort/alert_{$snort_uuid}");
+		if (!file_exists("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))
+			exec("/usr/bin/touch /var/log/snort/{$snort_uuid}_{$if_real}/alert");
 
 		$logent = $anentries;
 
 		/* detect the alert file type */
 		if ($snortalertlogt == 'full')
-			$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+			$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))));
 		else
-			$alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/alert_{$snort_uuid}"))));
+			$alerts_array = array_reverse(array_filter(split("\n", file_get_contents("/var/log/snort/{$snort_uuid}_{$if_real}/alert"))));
 
 
 
-- 
cgit v1.2.3