From f904c9d7c4fd59ede1e69acd7295d4f522845eda Mon Sep 17 00:00:00 2001
From: Ermal <eri@pfsense.org>
Date: Fri, 20 Jul 2012 07:39:32 +0000
Subject: Commit code from
 http://forum.pfsense.org/index.php/topic,51569.0.html with some fixes

---
 config/widget-snort/snort_alerts.widget.php | 90 +++++++++++++++++++----------
 1 file changed, 60 insertions(+), 30 deletions(-)

(limited to 'config/widget-snort/snort_alerts.widget.php')
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
index c2622dc7..ad7827b7 100644
--- a/config/widget-snort/snort_alerts.widget.php
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -2,6 +2,7 @@
 /*
     snort_alerts.widget.php
     Copyright (C) 2009 Jim Pingle
+    mod 19-07-2012
 
     Redistribution and use in source and binary forms, with or without
     modification, are permitted provided that the following conditions are met:
@@ -26,43 +27,72 @@
 */
 global $config, $g;
 
+/* retrieve snort variables */
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+	$config['installedpackages']['snortglobal']['rule'] = array();
+$a_instance = &$config['installedpackages']['snortglobal']['rule'];
+
+/* read log file(s) */
+$snort_alerts = array();
+$tmpblocked = array_flip(snort_get_blocked_ips());
+foreach ($a_instance as $instanceid => $instance) {
+	$snort_uuid = $a_instance[$instanceid]['uuid'];
+	$if_real = snort_get_real_interface($a_instance[$instanceid]['interface']);
+	$tmpfile = "{$g['tmp_path']}/.widget_alert_{$snort_uuid}";
+
+	/* make sure alert file exists */
+	if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) {
+		if (isset($config['syslog']['reverse']))
+			exec("tail -10 /var/log/snort/snort_{$if_real}{$snort_uuid}/alert | sort -r > {$tmpfile}");
+		else
+			exec("tail -10 /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > {$tmpfile}");
+		if (file_exists($tmpfile)) {
+			/*                 0         1           2      3      4    5    6    7      8     9    10    11             12    */
+			/* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */
+			$fd = fopen($tmpfile, "r");
+			while (($fileline = @fgets($fd))) {
+				if (empty($fileline))
+					continue;
+				$fields = explode(",", $fileline);
+
+				$snort_alert = array();
+				$snort_alert[]['instanceid'] = snort_get_friendly_interface($a_instance[$instanceid]['interface']);
+				$snort_alert[]['timestamp'] = $fields[0];
+				$snort_alert[]['timeonly'] = substr($fields[0], 6, -8);
+				$snort_alert[]['dateonly'] = substr($fields[0], 0, -17);
+				$snort_alert[]['src'] = $fields[6];
+				$snort_alert[]['srcport'] = $fields[7];
+				$snort_alert[]['dst'] = $fields[8];
+				$snort_alert[]['dstport'] = $fields[9];
+				$snort_alert[]['priority'] = $fields[12];
+				$snort_alert[]['category'] = $fields[11];
+				$snort_alerts[] = $snort_alert;
+			};
+			fclose($fd);
+			@unlink($tmpfile);
+		};
+	};
+};
+
+/* display the result */
 ?>
 <table width="100%" border="0" cellspacing="0" cellpadding="0">
 	<tbody>
 		<tr class="snort-alert-header">
-		  <td width="30%" class="widgetsubheader" >Date</td>
+		  <td width="30%" class="widgetsubheader" >IF/Date</td>
 			<td width="40%" class="widgetsubheader">Src/Dst</td>
 			<td width="40%" class="widgetsubheader">Details</td>
 		</tr>
 <?php
-$counter=0;
-if (is_array($snort_alerts)) {
-	foreach ($snort_alerts as $alert) { ?>
-
-	<?php
-		if(isset($config['syslog']['reverse'])) {
-			/* honour reverse logging setting */
-			if($counter == 0)
-				$activerow = " id=\"snort-firstrow\"";
-			else
-				$activerow = "";
-
-		} else {
-			/* non-reverse logging */
-			if($counter == count($snort_alerts) - 1)
-				$activerow = " id=\"snort-firstrow\"";
-			else
-				$activerow = "";
-		}
-	?>
-
-		<tr class="snort-alert-entry" <?php echo $activerow; ?>>
-		  <td width="30%" class="listr"><?= $alert['timeonly'] . '<br>' . $alert['dateonly'] ?></td>		
-			<td width="40%" class="listr"><?= $alert["src"] . '<br>' . $alert["dst"] ?></td>
-			<td width="40%" class="listr"><?= 'Pri : ' . $alert["priority"] . '<br>' . 'Cat : ' . $alert['category'] ?></td>
-		</tr>
-<?php 		$counter++;
-	}
-} ?>
+foreach ($snort_alerts as $counter => $alert) {
+	echo("	<tr class='snort-alert-entry'" . $activerow . ">
+			<td width='30%' class='listr'>{$alert['instanceid']}<br/>{$alert['timeonly']} {$alert['dateonly']}</td>		
+			<td width='40%' class='listr'>{$alert['src']}:{$alert['srcport']}<br/>{$alert['dst']}:{$alert['dstport']}</td>
+			<td width='40%' class='listr'>Pri : {$alert['priority']}<br/>Cat : {$alert['category']}</td>
+		</tr>");
+}
+?>
 	</tbody>
 </table>
-- 
cgit v1.2.3


Date	IF/Date	Src/Dst	Details
' . $alert['dateonly'] ?>	' . $alert["dst"] ?>	' . 'Cat : ' . $alert['category'] ?>
{$alert['instanceid']} {$alert['timeonly']} {$alert['dateonly']}	{$alert['src']}:{$alert['srcport']} {$alert['dst']}:{$alert['dstport']}	Pri : {$alert['priority']} Cat : {$alert['category']}