From 196610ae4ce93843d877993c6f1a400c7670df1e Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 14 Oct 2009 17:10:40 -0400 Subject: Add separate packages for snort and havp dashboard widgets. --- config/widget-havp/havp_alerts.inc | 15 +++ config/widget-havp/havp_alerts.inc.php | 90 ++++++++++++++++++ config/widget-havp/havp_alerts.js | 149 ++++++++++++++++++++++++++++++ config/widget-havp/havp_alerts.widget.php | 63 +++++++++++++ config/widget-havp/havp_alerts_helper.php | 13 +++ config/widget-havp/widget-havp.inc | 11 +++ config/widget-havp/widget-havp.xml | 85 +++++++++++++++++ 7 files changed, 426 insertions(+) create mode 100644 config/widget-havp/havp_alerts.inc create mode 100644 config/widget-havp/havp_alerts.inc.php create mode 100644 config/widget-havp/havp_alerts.js create mode 100644 config/widget-havp/havp_alerts.widget.php create mode 100644 config/widget-havp/havp_alerts_helper.php create mode 100644 config/widget-havp/widget-havp.inc create mode 100644 config/widget-havp/widget-havp.xml (limited to 'config/widget-havp') diff --git a/config/widget-havp/havp_alerts.inc b/config/widget-havp/havp_alerts.inc new file mode 100644 index 00000000..ecbfe897 --- /dev/null +++ b/config/widget-havp/havp_alerts.inc @@ -0,0 +1,15 @@ + \ No newline at end of file diff --git a/config/widget-havp/havp_alerts.inc.php b/config/widget-havp/havp_alerts.inc.php new file mode 100644 index 00000000..c0810b83 --- /dev/null +++ b/config/widget-havp/havp_alerts.inc.php @@ -0,0 +1,90 @@ += $nentries) + break; + + $alert = parse_havp_alert_line($logent); + if ($alert != "") { + $counter++; + $havpalerts[] = $alert; + } + + } + /* Since the rules are in reverse order, flip them around if needed based on the user's preference */ + return isset($config['syslog']['reverse']) ? $havpalerts : array_reverse($havpalerts); +} + + + + +function parse_havp_alert_line($line) { + $log_split = ""; + + preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split); + + list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'], + $alert['virusname']) = $log_split; + + $usableline = true; + + if(trim($alert['url']) == "") + $usableline = false; + if(trim($alert['virusname']) == "") + $usableline = false; + + if($usableline == true) { + return $alert; + } else { + if($g['debug']) { + log_error("There was a error parsing line: $line. Please report to mailing list or forum."); + } + return ""; + } +} + +/* AJAX specific handlers */ +function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) { + if($_GET['lastsawtime'] or $_POST['lastsawtime']) { + if($_GET['lastsawtime']) + $lastsawtime = $_GET['lastsawtime']; + if($_POST['lastsawtime']) + $lastsawtime = $_POST['lastsawtime']; + /* compare lastsawrule's time stamp to alert logs. + * afterwards return the newer records so that client + * can update AJAX interface screen. + */ + $new_rules = ""; + $time_regex = ""; + + $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); + foreach($havp_alerts as $log_row) { + preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U",$log_row['date'] , $time_regex); +# $time_regex = "";"/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])\s+([0-9][0-9]:[0-9][0-9]:[0-9][0-9])$/U" + // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['date'] . " " . $log_row['time'], $time_regex); + $row_time = strtotime($time_regex[2] . "/" . $time_regex[1] . "/" . $time_regex[3] . " " . $log_row['time']); + // $myfile = "/testfile.txt"; + // $fh = fopen($myfile,'a') or die("can't open file"); + // $stringdata = $lastsawtime . "-" . $row_time . "\n"; + // fwrite($fh, $stringdata); + // fclose($fh); + + if($row_time > $lastsawtime and $lastsawtime > 0) { + + $new_rules .= "{$log_row['url']}||{$log_row['virusname']}||" . time() . "||{$log_row['date']}||{$log_row['time']}||" . "\n"; + } + } + echo $new_rules; + exit; + } +} +?> \ No newline at end of file diff --git a/config/widget-havp/havp_alerts.js b/config/widget-havp/havp_alerts.js new file mode 100644 index 00000000..110e3998 --- /dev/null +++ b/config/widget-havp/havp_alerts.js @@ -0,0 +1,149 @@ + +havplastsawtime = ''; +var havplines = Array(); +var havptimer; +var havpupdateDelay = 25500; +var havpisBusy = false; +var havpisPaused = false; + + + +if (typeof getURL == 'undefined') { + getURL = function(url, callback) { + if (!url) + throw 'No URL for getURL'; + try { + if (typeof callback.operationComplete == 'function') + callback = callback.operationComplete; + } catch (e) {} + if (typeof callback != 'function') + throw 'No callback function for getURL'; + var http_request = null; + if (typeof XMLHttpRequest != 'undefined') { + http_request = new XMLHttpRequest(); + } + else if (typeof ActiveXObject != 'undefined') { + try { + http_request = new ActiveXObject('Msxml2.XMLHTTP'); + } catch (e) { + try { + http_request = new ActiveXObject('Microsoft.XMLHTTP'); + } catch (e) {} + } + } + if (!http_request) + throw 'Both getURL and XMLHttpRequest are undefined'; + http_request.onreadystatechange = function() { + if (http_request.readyState == 4) { + callback( { success : true, + content : http_request.responseText, + contentType : http_request.getResponseHeader("Content-Type") } ); + } + } + http_request.open('GET', url, true); + http_request.send(null); + } +} + +function havp_alerts_fetch_new_rules() { + if(havpisPaused) + return; + if(havpisBusy) + return; + havpisBusy = true; + getURL('widgets/helpers/havp_alerts_helper.php?lastsawtime=' + havplastsawtime, havp_alerts_fetch_new_rules_callback); +} +function havp_alerts_fetch_new_rules_callback(callback_data) { + if(havpisPaused) + return; + + var data_split; + var new_data_to_add = Array(); + var data = callback_data.content; + data_split = data.split("\n"); + for(var x=0; x ' + row_split[3] + ''; + line += '' + row_split[0] + '
' + row_split[1] + ''; + havplastsawtime = row_split[2]; + new_data_to_add[new_data_to_add.length] = line; + } + havp_alerts_update_div_rows(new_data_to_add); + havpisBusy = false; +} + + +function havp_alerts_update_div_rows(data) { + if(havpisPaused) + return; + + var isIE = navigator.appName.indexOf('Microsoft') != -1; + var isSafari = navigator.userAgent.indexOf('Safari') != -1; + var isOpera = navigator.userAgent.indexOf('Opera') != -1; + var rulestable = document.getElementById('havp_alerts'); + var rows = rulestable.getElementsByTagName('tr'); + var showanim = 1; + if (isIE) { + showanim = 0; + } + //alert(data.length); + for(var x=0; x 0; i--) { + nextrecord = i + 1; + if(nextrecord < numrows) + rows[nextrecord].innerHTML = rows[i].innerHTML; + } + } + var item = document.getElementById('havp-firstrow'); + if(x == data.length-1) + { + /* nothing */ + showanim = false; + } + else + { + showanim = false; + } + if (showanim) + { + // item.style.display = 'none'; + item.innerHTML = data[x]; + // new Effect.Appear(item); + } + else + { + item.innerHTML = data[x]; + } + } + /* rechedule AJAX interval */ + //havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay); +} +function havp_alerts_toggle_pause() { + if(havpisPaused) { + havpisPaused = false; + havp_alerts_fetch_new_rules(); + } else { + havpisPaused = true; + } +} +/* start local AJAX engine */ +havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay); diff --git a/config/widget-havp/havp_alerts.widget.php b/config/widget-havp/havp_alerts.widget.php new file mode 100644 index 00000000..57614fa1 --- /dev/null +++ b/config/widget-havp/havp_alerts.widget.php @@ -0,0 +1,63 @@ + + + + + + + + + + + + > + + + + + +
DateDetails
" . $alert["date"]?>" . $alert["virusname"] ?>
diff --git a/config/widget-havp/havp_alerts_helper.php b/config/widget-havp/havp_alerts_helper.php new file mode 100644 index 00000000..332394b2 --- /dev/null +++ b/config/widget-havp/havp_alerts_helper.php @@ -0,0 +1,13 @@ + + + + diff --git a/config/widget-havp/widget-havp.inc b/config/widget-havp/widget-havp.inc new file mode 100644 index 00000000..61713f24 --- /dev/null +++ b/config/widget-havp/widget-havp.inc @@ -0,0 +1,11 @@ + \ No newline at end of file diff --git a/config/widget-havp/widget-havp.xml b/config/widget-havp/widget-havp.xml new file mode 100644 index 00000000..7042fe55 --- /dev/null +++ b/config/widget-havp/widget-havp.xml @@ -0,0 +1,85 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + HAVP widget add-on for Dashboard package + Dashboard package and HAVP + Currently there are no FAQ items provided. + widget-havp + 0.1 + Widget - HAVP + /usr/local/pkg/widget-havp.inc + + /usr/local/pkg/ + 077 + http://www.pfsense.com/packages/config/widget-havp/widget-havp.inc + + + /usr/local/www/includes/ + 0644 + http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc.php + + + /usr/local/www/widgets/helpers/ + 0644 + http://www.pfsense.com/packages/config/widget-havp/havp_alerts_helper.php + + + /usr/local/www/widgets/include/ + 0644 + http://www.pfsense.com/packages/config/widget-havp/havp_alerts.inc + + + /usr/local/www/widgets/javascript/ + 0644 + http://www.pfsense.com/packages/config/widget-havp/havp_alerts.js + + + /usr/local/www/widgets/widgets/ + 0644 + http://www.pfsense.com/packages/config/widget-havp/havp_alerts.widget.php + + + widget_havp_uninstall(); + + -- cgit v1.2.3