From e429e827397d76777de7e76c2ef9d95d53cf624b Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 13 Jul 2012 05:23:36 +0000
Subject: Switch to alert csv. No more regex foo

---
 config/snort/snort.inc          | 17 +----------------
 config/snort/snort_barnyard.php |  3 ++-
 2 files changed, 3 insertions(+), 17 deletions(-)

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 61930111..cc2cd3c6 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1003,24 +1003,11 @@ function snort_generate_conf($snortcfg) {
 			@copy("{$snortdir}/{$file}", "{$snortcfgdir}/{$file}");
 	}
 
-	/* define basic log filename */
-	$snortunifiedlogbasic_type = "output unified: filename snort_{$snort_uuid}_{$if_real}.log, limit 128";
-
-	/* define snortalertlogtype */
-	$snortalertlogtype_type = "output alert_full: alert";
-	if ($config['installedpackages']['snortglobal']['snortalertlogtype'] == "fast")
-		$snortalertlogtype_type = "output alert_fast: alert";
-
 	/* define alertsystemlog */
 	$alertsystemlog_type = "";
 	if ($snortcfg['alertsystemlog'] == "on")
 		$alertsystemlog_type = "output alert_syslog: log_alert";
 
-	/* define tcpdumplog */
-	$tcpdumplog_type = "";
-	if ($snortcfg['tcpdumplog'] == "on")
-		$tcpdumplog_type = "output log_tcpdump: snort_{$snort_uuid}_{$if_real}.tcpdump";
-
 	/* define snortunifiedlog */
 	$snortunifiedlog_type = "";
 	if ($snortcfg['snortunifiedlog'] == "on")
@@ -1362,11 +1349,9 @@ preprocessor stream5_icmp:
 preprocessor ssl: ports { {$def_ssl_ports_ignore} }, trustservers, noinspect_encrypted
 
 # Snort Output Logs #
-{$snortunifiedlogbasic_type}
 {$snortalertlogtype_type}
+output alert_csv: alert timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id
 {$alertsystemlog_type}
-{$tcpdumplog_type}
-{$snortmysqllog_info_chk}
 {$snortunifiedlog_type}
 {$spoink_type}
 						
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index 914bcead..ab819686 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -50,7 +50,8 @@ $pconfig = array();
 if (isset($id) && $a_nat[$id]) {
 	/* old options */
 	$pconfig = $a_nat[$id];
-	$pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
+	if (!empty($a_nat[$id]['barnconfigpassthru']))
+		$pconfig['barnconfigpassthru'] = base64_decode($a_nat[$id]['barnconfigpassthru']);
 }
 
 if (isset($_GET['dup']))
-- 
cgit v1.2.3