From 5d5c48b90d749dad939c3e8c720a5b1673a4a174 Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Fri, 12 Sep 2014 12:14:15 -0400 Subject: Add LOG MGMT settings to Snort package. --- config/snort/snort_log_mgmt.php | 388 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 388 insertions(+) create mode 100644 config/snort/snort_log_mgmt.php diff --git a/config/snort/snort_log_mgmt.php b/config/snort/snort_log_mgmt.php new file mode 100644 index 00000000..aee98a99 --- /dev/null +++ b/config/snort/snort_log_mgmt.php @@ -0,0 +1,388 @@ +. + * Copyright (C) 2003-2004 Manuel Kasper . + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * Copyright (C) 2014 Bill Meeks + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +require_once("guiconfig.inc"); +require_once("/usr/local/pkg/snort/snort.inc"); + +global $g; + +$snortdir = SNORTDIR; + +$pconfig = array(); + +// Grab saved settings from configuration +$pconfig['enable_log_mgmt'] = $config['installedpackages']['snortglobal']['enable_log_mgmt'] == 'on' ? 'on' : 'off'; +$pconfig['clearlogs'] = $config['installedpackages']['snortglobal']['clearlogs']; +$pconfig['snortloglimit'] = $config['installedpackages']['snortglobal']['snortloglimit']; +$pconfig['snortloglimitsize'] = $config['installedpackages']['snortglobal']['snortloglimitsize']; +$pconfig['alert_log_limit_size'] = $config['installedpackages']['snortglobal']['alert_log_limit_size']; +$pconfig['alert_log_retention'] = $config['installedpackages']['snortglobal']['alert_log_retention']; +$pconfig['stats_log_limit_size'] = $config['installedpackages']['snortglobal']['stats_log_limit_size']; +$pconfig['stats_log_retention'] = $config['installedpackages']['snortglobal']['stats_log_retention']; +$pconfig['sid_changes_log_limit_size'] = $config['installedpackages']['snortglobal']['sid_changes_log_limit_size']; +$pconfig['sid_changes_log_retention'] = $config['installedpackages']['snortglobal']['sid_changes_log_retention']; + +// Load up some arrays with selection values (we use these later). +// The keys in the $retentions array are the retention period +// converted to hours. The keys in the $log_sizes array are +// the file size limits in KB. +$retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'), + '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'), + '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") ); +$log_sizes = array( '0' => gettext('NO LIMIT'), '50' => gettext('50 KB'), '150' => gettext('150 KB'), '250' => gettext('250 KB'), + '500' => gettext('500 KB'), '750' => gettext('750 KB'), '1000' => gettext('1 MB'), '2000' => gettext('2 MB'), + '5000' => gettext("5 MB"), '10000' => gettext("10 MB") ); + +// Set sensible defaults for any unset parameters +if (empty($pconfig['snortloglimit'])) + $pconfig['snortloglimit'] = 'on'; +if (empty($pconfig['snortloglimitsize'])) { + // Set limit to 20% of slice that is unused */ + $pconfig['snortloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024); +} + +// Set default retention periods for rotated logs +if (!isset($pconfig['alert_log_retention'])) + $pconfig['alert_log_retention'] = "336"; +if (!isset($pconfig['stats_log_retention'])) + $pconfig['stats_log_retention'] = "168"; +if (!isset($pconfig['u2_archive_log_retention'])) + $pconfig['u2_archive_log_retention'] = "168"; +if (!isset($pconfig['sid_changes_log_retention'])) + $pconfig['sid_changes_log_retention'] = "336"; + +// Set default log file size limits +if (!isset($pconfig['alert_log_limit_size'])) + $pconfig['alert_log_limit_size'] = "500"; +if (!isset($pconfig['stats_log_limit_size'])) + $pconfig['stats_log_limit_size'] = "500"; +if (!isset($pconfig['unified2_log_limit'])) + $pconfig['unified2_log_limit'] = "32"; +if (!isset($pconfig['sid_changes_log_limit_size'])) + $pconfig['sid_changes_log_limit_size'] = "250"; + +if ($_POST['ResetAll']) { + + // Reset all settings to their defaults + $pconfig['alert_log_retention'] = "336"; + $pconfig['stats_log_retention'] = "168"; + $pconfig['sid_changes_log_retention'] = "336"; + + $pconfig['alert_log_limit_size'] = "500"; + $pconfig['stats_log_limit_size'] = "500"; + $pconfig['sid_changes_log_limit_size'] = "250"; + + /* Log a message at the top of the page to inform the user */ + $savemsg = gettext("All log management settings on this page have been reset to their defaults. Click APPLY if you wish to keep these new settings."); +} + +if ($_POST["save"] || $_POST['apply']) { + if ($_POST['enable_log_mgmt'] != 'on') { + $config['installedpackages']['snortglobal']['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; + write_config("Snort pkg: saved updated configuration for LOGS MGMT."); + sync_snort_package_config(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_log_mgmt.php"); + exit; + } + + if ($_POST['snortloglimit'] == 'on') { + if (!is_numericint($_POST['snortloglimitsize']) || $_POST['snortloglimitsize'] < 1) + $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero."); + } + + if (!$input_errors) { + $config['installedpackages']['snortglobal']['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; + $config['installedpackages']['snortglobal']['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; + $config['installedpackages']['snortglobal']['snortloglimit'] = $_POST['snortloglimit']; + $config['installedpackages']['snortglobal']['snortloglimitsize'] = $_POST['snortloglimitsize']; + $config['installedpackages']['snortglobal']['alert_log_limit_size'] = $_POST['alert_log_limit_size']; + $config['installedpackages']['snortglobal']['alert_log_retention'] = $_POST['alert_log_retention']; + $config['installedpackages']['snortglobal']['stats_log_limit_size'] = $_POST['stats_log_limit_size']; + $config['installedpackages']['snortglobal']['stats_log_retention'] = $_POST['stats_log_retention']; + $config['installedpackages']['snortglobal']['sid_changes_log_limit_size'] = $_POST['sid_changes_log_limit_size']; + $config['installedpackages']['snortglobal']['sid_changes_log_retention'] = $_POST['sid_changes_log_retention']; + + write_config("Snort pkg: saved updated configuration for LOGS MGMT."); + sync_snort_package_config(); + + /* forces page to reload new settings */ + header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); + header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); + header( 'Cache-Control: no-store, no-cache, must-revalidate' ); + header( 'Cache-Control: post-check=0, pre-check=0', false ); + header( 'Pragma: no-cache' ); + header("Location: /snort/snort_log_mgmt.php"); + exit; + } +} + +$pgtitle = gettext("Snort: Log Management"); +include_once("head.inc"); + +?> + + + + + +
+ + + + + + + +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
/>  +
onClick="enable_change();"/>  +
+ " . gettext("This must be be enabled in order to set Log Size and Retention Limits below.");?> +







+
+  MB		 + + + + + + + +
onClick="enable_change_dirSize();"/> +   ()
onClick="enable_change_dirSize();"/> +   +
+
+

+
+ + + + +
" . gettext("MB:") . "";?>  + +  " . gettext("20%") . "" . gettext(" of available space.");?>
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
alert + +
sid_changes + +
stats + +
+
+
+     />
+
  +
+

+
+
+ + + + + + + -- cgit v1.2.3