From 2c728cedee0d34e1304ae2ccf99636d63b649815 Mon Sep 17 00:00:00 2001
From: bmeeks8 <bmeeks8@bellsouth.net>
Date: Wed, 10 Sep 2014 16:12:53 -0400
Subject: Add new interface LOGS tab for viewing log file contents.

---
 config/snort/snort.priv.inc            |   1 +
 config/snort/snort.xml                 |   5 +
 config/snort/snort_barnyard.php        |   1 +
 config/snort/snort_define_servers.php  |   1 +
 config/snort/snort_interface_logs.php  | 252 +++++++++++++++++++++++++++++++++
 config/snort/snort_interfaces_edit.php |   1 +
 config/snort/snort_ip_reputation.php   |   1 +
 config/snort/snort_preprocessors.php   |   1 +
 config/snort/snort_rules.php           |   1 +
 config/snort/snort_rulesets.php        |   1 +
 10 files changed, 265 insertions(+)
 create mode 100644 config/snort/snort_interface_logs.php

(limited to 'config')

diff --git a/config/snort/snort.priv.inc b/config/snort/snort.priv.inc
index aa31c527..ddff8521 100644
--- a/config/snort/snort.priv.inc
+++ b/config/snort/snort.priv.inc
@@ -41,6 +41,7 @@ $priv_list['page-services-snort']['match'][] = "snort/snort_sid_mgmt.php*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_ip_reputation.php*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_iprep_list_browser.php*";
 $priv_list['page-services-snort']['match'][] = "snort/snort_generate_conf.php*";
+$priv_list['page-services-snort']['match'][] = "snort/snort_interface_logs.php*";
 $priv_list['page-services-snort']['match'][] = "widgets/javascript/snort_alerts.js*";
 $priv_list['page-services-snort']['match'][] = "widgets/include/widget-snort.inc*";
 $priv_list['page-services-snort']['match'][] = "widgets/widgets/snort_alerts.widget.php*";
diff --git a/config/snort/snort.xml b/config/snort/snort.xml
index dafadd51..09383d0a 100755
--- a/config/snort/snort.xml
+++ b/config/snort/snort.xml
@@ -253,6 +253,11 @@
 		<chmod>077</chmod>
 		<item>https://packages.pfsense.org/packages/config/snort/snort_iprep_list_browser.php</item>
 	</additional_files_needed>
+	<additional_files_needed>
+		<prefix>/usr/local/www/snort/</prefix>
+		<chmod>077</chmod>
+		<item>https://packages.pfsense.org/packages/config/snort/snort_interface_logs.php</item>
+	</additional_files_needed>
 	<additional_files_needed>
 		<prefix>/usr/local/pkg/snort/</prefix>
 		<chmod>077</chmod>
diff --git a/config/snort/snort_barnyard.php b/config/snort/snort_barnyard.php
index ab77fa58..908f385f 100644
--- a/config/snort/snort_barnyard.php
+++ b/config/snort/snort_barnyard.php
@@ -250,6 +250,7 @@ include_once("head.inc");
 		$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("Barnyard2"), true, "/snort/snort_barnyard.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}");
 		display_top_tabs($tab_array, true);
 ?>
 </td></tr>
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index fcadbe98..fd82eb24 100755
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -205,6 +205,7 @@ if ($savemsg)
 		$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}");
 		display_top_tabs($tab_array, true);
 ?>
 </td></tr>
diff --git a/config/snort/snort_interface_logs.php b/config/snort/snort_interface_logs.php
new file mode 100644
index 00000000..a51b0c93
--- /dev/null
+++ b/config/snort/snort_interface_logs.php
@@ -0,0 +1,252 @@
+<?php
+/*
+ * snort_interface_logs.php
+ *
+ * Portions of this code are based on original work done for the
+ * Snort package for pfSense from the following contributors:
+ * 
+ * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
+ * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
+ * Copyright (C) 2006 Scott Ullrich
+ * Copyright (C) 2009 Robert Zelaya Sr. Developer
+ * Copyright (C) 2012 Ermal Luci
+ * Copyright (C) 2014 Bill Meeks
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("guiconfig.inc");
+require_once("/usr/local/pkg/snort/snort.inc");
+
+if (isset($_POST['id']) && is_numericint($_POST['id']))
+	$id = $_POST['id'];
+elseif (isset($_GET['id']) && is_numericint($_GET['id']))
+	$id = htmlspecialchars($_GET['id']);
+if (empty($id))
+	$id = 0;
+
+if (!is_array($config['installedpackages']['snortglobal']['rule']))
+	$config['installedpackages']['snortglobal']['rule'] = array();
+$a_instance = $config['installedpackages']['snortglobal']['rule'];
+$snort_uuid = $a_instance[$id]['uuid'];
+$if_real = get_real_interface($a_instance[$id]['interface']);
+
+// Construct a pointer to the instance's logging subdirectory
+$snortlogdir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}/";
+
+// Limit all file access to just the currently selected interface's logging subdirectory
+$logfile = htmlspecialchars($snortlogdir . basename($_POST['file']));
+
+if ($_POST['action'] == 'load') {
+	if(!is_file($logfile)) {
+		echo "|3|" . gettext("Log file does not exist or that logging feature is not enabled") . ".|";
+	}
+	else {
+		$data = file_get_contents($logfile);
+		if($data === false) {
+			echo "|1|" . gettext("Failed to read log file") . ".|";
+		} else {
+			$data = base64_encode($data);
+			echo "|0|{$logfile}|{$data}|";	
+		}
+	}
+	exit;
+}
+
+$if_friendly = convert_friendly_interface_to_friendly_descr($a_instance[$id]['interface']);
+$pgtitle = gettext("Snort: {$if_friendly} Logs");
+include_once("head.inc");
+
+?>
+
+<body link="#000000" vlink="#000000" alink="#000000">
+
+<?php
+include_once("fbegin.inc");
+if ($input_errors) {
+	print_input_errors($input_errors);
+}
+
+?>
+<script type="text/javascript" src="/javascript/base64.js"></script>
+<script type="text/javascript">	
+	function loadFile() {
+		jQuery("#fileStatus").html("<?=gettext("Loading file"); ?> ...");
+		jQuery("#fileStatusBox").show(250);
+		jQuery("#filePathBox").show(250);
+		jQuery("#fbTarget").html("");
+
+		jQuery.ajax(
+			"<?=$_SERVER['SCRIPT_NAME'];?>", {
+				type: 'POST',
+				data: "id=" + jQuery("#id").val() + "&action=load&file=" + jQuery("#logFile").val(),
+				complete: loadComplete
+			}
+		);
+	}
+
+	function loadComplete(req) {
+		jQuery("#fileContent").show(250);
+		var values = req.responseText.split("|");
+		values.shift(); values.pop();
+
+		if(values.shift() == "0") {
+			var file = values.shift();
+			var fileContent = Base64.decode(values.join("|"));
+			jQuery("#fileStatus").html("<?=gettext("File successfully loaded"); ?>.");
+			jQuery("#fbTarget").html(file);
+			jQuery("#fileRefreshBtn").show();
+			jQuery("#fileContent").prop("disabled", false);
+			jQuery("#fileContent").val(fileContent);
+		}
+		else {
+			jQuery("#fileStatus").html(values[0]);
+			jQuery("#fbTarget").html("");
+			jQuery("#fileRefreshBtn").hide();
+			jQuery("#fileContent").val("");
+			jQuery("#fileContent").prop("disabled", true);
+		}
+	}
+
+</script>
+
+<form action="/snort/snort_interface_logs.php" method="post" id="formbrowse">
+<input type="hidden" id="id" value="<?=$id;?>"/>
+<?php if ($savemsg) print_info_box($savemsg); ?>
+<table width="100%" border="0" cellpadding="0" cellspacing="0">
+	<tbody>
+	<tr><td>
+	<?php
+		$tab_array = array();
+		$tab_array[0] = array(gettext("Snort Interfaces"), true, "/snort/snort_interfaces.php");
+		$tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
+		$tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
+		$tab_array[3] = array(gettext("Alerts"), false, "/snort/snort_alerts.php?instance={$id}");
+		$tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
+		$tab_array[5] = array(gettext("Pass Lists"), false, "/snort/snort_passlist.php");
+		$tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
+		$tab_array[7] = array(gettext("IP Lists"), false, "/snort/snort_ip_list_mgmt.php");
+		$tab_array[8] = array(gettext("SID Mgmt"), false, "/snort/snort_sid_mgmt.php");
+		$tab_array[9] = array(gettext("Sync"), false, "/pkg_edit.php?xml=snort/snort_sync.xml");
+		display_top_tabs($tab_array, true);
+		echo '</td></tr>';
+		echo '<tr><td>';
+		$menu_iface=($if_friendly?substr($if_friendly,0,5)." ":"Iface ");
+	        $tab_array = array();
+		$tab_array[] = array($menu_iface . gettext("Settings"), false, "/snort/snort_interfaces_edit.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Categories"), false, "/snort/snort_rulesets.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Rules"), false, "/snort/snort_rules.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Variables"), false, "/snort/snort_define_servers.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Logs"), true, "/snort/snort_interface_logs.php?id={$id}");
+		display_top_tabs($tab_array, true);
+	?>
+	</td>
+	</tr>
+	<tr>
+	<td><div id="mainarea">
+		<table id="maintable" class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6">
+			<tbody>
+			<tr>
+				<td colspan="2" class="listtopic"><?php echo gettext("Log File Selections"); ?></td>
+			</tr>
+			<tr>
+				<td width="22%" class="vncell"><?php echo gettext('Log File to View'); ?></td>
+				<td width="78%" class="vtable">
+					<select name="logFile" id="logFile" class="formselect" onChange="loadFile();">
+			<?php
+				$logs = array( "alert", "sid_changes.log" );
+				foreach ($logs as $log) {
+					$selected = "";
+					if ($log == basename($logfile))
+						$selected = "selected";
+					echo "<option value='{$snortlogdir}{$log}' {$selected}>" . $log . "</option>\n";
+				}
+			?>
+					</select>&nbsp;&nbsp;<?php echo gettext('Choose which log you want to view.'); ?>
+				</td>
+			</tr>
+			<tr>
+				<td colspan="2" class="listtopic"><?php echo gettext("Log File Contents"); ?></td>
+			</tr>
+			<tr>
+				<td colspan="2">
+					<table width="100%">
+						<tbody>
+						<tr>
+							<td width="75%">
+								<div style="display:none; " id="fileStatusBox">
+									<div class="list" style="padding-left:15px;">
+									<strong id="fileStatus"></strong>
+									</div>
+								</div>
+								<div style="padding-left:15px; display:none;" id="filePathBox">
+									<strong><?=gettext("Log File Path"); ?>:</strong>
+									<div class="list" style="display:inline;" id="fbTarget"></div>
+								</div>
+							</td>
+							<td align="right">
+								<div style="padding-right:15px; display:none;" id="fileRefreshBtn">
+									<input type="button" name="refresh" id="refresh" value="Refresh" class="formbtn" onclick="loadFile();" title="<?=gettext("Refresh current display");?>" />
+								</div>
+							</td>
+						</tr>
+						</tbody>
+					</table>
+				</td>
+			</tr>
+			<tr>
+				<td colspan="2">
+					<table width="100%">
+						<tbody>
+						<tr>
+							<td valign="top" class="label">
+							<div style="background:#eeeeee;" id="fileOutput">
+							<textarea id="fileContent" name="fileContent" style="width:100%;" rows="30" wrap="off" disabled></textarea>
+							</div>
+							</td>
+						</tr>
+						</tbody>
+					</table>
+				</td>
+			</tr>
+			</tbody>
+		</table>
+	</div>
+	</td>
+	</tr>
+	</tbody>
+</table>
+</form>
+
+<?php if(empty($_POST['file'])): ?>
+<script type="text/javascript">
+	document.getElementById("logFile").selectedIndex=-1;
+</script>
+<?php endif; ?>
+
+<?php include("fend.inc"); ?>
+</body>
+</html>
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index 13465f32..c9436801 100755
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -441,6 +441,7 @@ include_once("head.inc");
 	$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
 	$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
 	$tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+	$tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}");
 	display_top_tabs($tab_array, true);
 ?>
 </td></tr>
diff --git a/config/snort/snort_ip_reputation.php b/config/snort/snort_ip_reputation.php
index de241716..7af3d956 100644
--- a/config/snort/snort_ip_reputation.php
+++ b/config/snort/snort_ip_reputation.php
@@ -230,6 +230,7 @@ if ($savemsg)
 		$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("IP Rep"), true, "/snort/snort_ip_reputation.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}");
 		display_top_tabs($tab_array, true);
 		?>
 		</td>
diff --git a/config/snort/snort_preprocessors.php b/config/snort/snort_preprocessors.php
index 2d852d7f..86fd465a 100755
--- a/config/snort/snort_preprocessors.php
+++ b/config/snort/snort_preprocessors.php
@@ -664,6 +664,7 @@ if ($savemsg) {
 		$tab_array[] = array($menu_iface . gettext("Preprocs"), true, "/snort/snort_preprocessors.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}");
 		display_top_tabs($tab_array, true);
 ?>
 </td></tr>
diff --git a/config/snort/snort_rules.php b/config/snort/snort_rules.php
index a459b293..c1c104d2 100755
--- a/config/snort/snort_rules.php
+++ b/config/snort/snort_rules.php
@@ -502,6 +502,7 @@ if ($savemsg) {
 		$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
 		$tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+		$tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}");
 		display_top_tabs($tab_array, true);
 	?>
 	</td></tr>
diff --git a/config/snort/snort_rulesets.php b/config/snort/snort_rulesets.php
index 23f9665b..ab77d17f 100755
--- a/config/snort/snort_rulesets.php
+++ b/config/snort/snort_rulesets.php
@@ -282,6 +282,7 @@ if ($savemsg) {
 	$tab_array[] = array($menu_iface . gettext("Preprocs"), false, "/snort/snort_preprocessors.php?id={$id}");
 	$tab_array[] = array($menu_iface . gettext("Barnyard2"), false, "/snort/snort_barnyard.php?id={$id}");
 	$tab_array[] = array($menu_iface . gettext("IP Rep"), false, "/snort/snort_ip_reputation.php?id={$id}");
+	$tab_array[] = array($menu_iface . gettext("Logs"), false, "/snort/snort_interface_logs.php?id={$id}");
 	display_top_tabs($tab_array, true);
 ?>
 </td></tr>
-- 
cgit v1.2.3