From 2e52447a3947bc5bc735ba55d94c550ed2efa5b4 Mon Sep 17 00:00:00 2001
From: jim-p <jim@pingle.org>
Date: Sun, 15 Nov 2009 14:25:26 -0500
Subject: Snort widget update from matrix200

---
 config/widget-snort/snort_alerts.inc.php    | 31 ++++++++++++++++++++---------
 config/widget-snort/snort_alerts.js         |  5 +++--
 config/widget-snort/snort_alerts.widget.php |  2 +-
 3 files changed, 26 insertions(+), 12 deletions(-)

(limited to 'config/widget-snort')

diff --git a/config/widget-snort/snort_alerts.inc.php b/config/widget-snort/snort_alerts.inc.php
index 48506f9b..af3b79ea 100644
--- a/config/widget-snort/snort_alerts.inc.php
+++ b/config/widget-snort/snort_alerts.inc.php
@@ -4,11 +4,11 @@ function get_snort_alerts($snort_alerts, $nentries, $tail = 20) {
 	$logarr = "";
 	/* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */
 	exec("/usr/bin/tail -r -n {$tail} {$snort_alerts}", $logarr);
-	
+
 	$snortalerts = array();
-	
+
 	$counter = 0;
-	
+
 	foreach ($logarr as $logent) {
 		if($counter >= $nentries)
 			break;
@@ -28,8 +28,8 @@ function parse_snort_alert_line($line) {
 	$log_split = "";
 	$datesplit = "";
 	preg_match("/^(.*)\s+\[\*\*\]\s+\[(\d+\:\d+:\d+)\]\s(.*)\s(.*)\s+\[\*\*\].*\s+\[Priority:\s(\d+)\]\s{(.*)}\s+(.*)\s->\s(.*)$/U", $line, $log_split);
-	
-	list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'], 
+
+	list($all, $alert['time'], $alert['rule'], $alert['category'], $alert['descr'],
 	  $alert['priority'], $alert['proto'], $alert['src'], $alert['dst']) = $log_split;
 
 	$usableline = true;
@@ -41,7 +41,16 @@ function parse_snort_alert_line($line) {
 
 	if($usableline == true) {
 	  preg_match("/^(\d+)\/(\d+)-(\d+\:\d+\:\d+).\d+$/U", $alert['time'], $datesplit);
-    $alert['dateonly'] = $datesplit[2] . "/"  . $datesplit[1];
+	  $now_time = strtotime("now");
+	  $checkdate = $datesplit[1] . "/"  . $datesplit[2] . "/" . date("Y");
+	  $fulldate = $datesplit[2] . "/"  . $datesplit[1] . "/" . date("Y");
+	  $logdate = $checkdate . " " . $datesplit[3];
+	  if ($now_time < strtotime($logdate) )
+	  {
+	     $fulldate = $datesplit[2] . "/"  . $datesplit[1] . "/" . ((int)date("Y") - 1);
+    }
+
+    $alert['dateonly'] = $fulldate;
     $alert['timeonly'] = $datesplit[3];
     $alert['category'] = strtoupper( substr($alert["category"],0 , 1) ) . strtolower( substr($alert["category"],1 ) );
 		return $alert;
@@ -68,9 +77,13 @@ function handle_snort_ajax($snort_alerts_logfile, $nentries = 5, $tail = 50) {
 		$snort_alerts = get_snort_alerts($snort_alerts_logfile, $nentries);
 		foreach($snort_alerts as $log_row) {
 			$time_regex = "";
-			preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex);
-			$row_time = strtotime($time_regex[1]);
-			if($row_time > $lastsawtime) {
+			preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex);
+			$logdate = $time_regex[1] . "/" . $time_regex[2] . "/" . date("Y") . " " . $time_regex[3];
+	//preg_match("/.*([0-9][0-9])\/([0-9][0-9])-([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $testsplit[1], $time_regex);
+	//		preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['time'], $time_regex);
+			$row_time = strtotime($logdate);
+			$now_time = strtotime("now");
+			if($row_time > $lastsawtime and $row_time <= $nowtime) {
 				$new_rules .= "{$log_row['time']}||{$log_row['priority']}||{$log_row['category']}||{$log_row['src']}||{$log_row['dst']}||" . time() . "||{$log_row['timeonly']}||{$log_row['dateonly']}" . "||\n";
 			}
 		}
diff --git a/config/widget-snort/snort_alerts.js b/config/widget-snort/snort_alerts.js
index 2eebb140..0cc76ab1 100644
--- a/config/widget-snort/snort_alerts.js
+++ b/config/widget-snort/snort_alerts.js
@@ -72,10 +72,11 @@ function snort_alerts_fetch_new_rules_callback(callback_data) {
 		/* loop through rows */
 		row_split = data_split[x].split("||");
 		var line = '';
-		line = '<td width="30%"  class="listr" >' + row_split[6] + '<br>' + row_split[7]+ '</td>';		
+		line = '<td width="30%"  class="listr" >' + row_split[6]  + '<br>' + row_split[7]+ '</td>';		
 		line += '<td width="40%"  class="listr" >' + row_split[3] + '<br>' + row_split[4] + '</td>';
 		line += '<td width="40%" class="listr" >' + 'Pri : ' +  row_split[1] + '<br>' + 'Cat : ' + row_split[2] + '</td>';
 		snortlastsawtime = row_split[5];
+		//alert(row_split[0]);
 		new_data_to_add[new_data_to_add.length] = line;
 	}
 	snort_alerts_update_div_rows(new_data_to_add);
@@ -141,4 +142,4 @@ function snort_alerts_toggle_pause() {
 	}
 }
 /* start local AJAX engine */
-snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
\ No newline at end of file
+snorttimer = setInterval('snort_alerts_fetch_new_rules()', snortupdateDelay);
diff --git a/config/widget-snort/snort_alerts.widget.php b/config/widget-snort/snort_alerts.widget.php
index aa416274..9b5b2b64 100644
--- a/config/widget-snort/snort_alerts.widget.php
+++ b/config/widget-snort/snort_alerts.widget.php
@@ -55,7 +55,7 @@ global $config, $g;
 	?>
 
 		<tr class="snort-alert-entry" <?php echo $activerow; ?>>
-		  <td width="30%" class="listr"><?= $alert['timeonly'] . ' ' . $alert['dateonly'] ?></td>		
+		  <td width="30%" class="listr"><?= $alert['timeonly'] . '<br>' . $alert['dateonly'] ?></td>		
 			<td width="40%" class="listr"><?= $alert["src"] . '<br>' . $alert["dst"] ?></td>
 			<td width="40%" class="listr"><?= 'Pri : ' . $alert["priority"] . '<br>' . 'Cat : ' . $alert['category'] ?></td>
 		</tr>
-- 
cgit v1.2.3