. * Copyright (C) 2003-2004 Manuel Kasper . * Copyright (C) 2006 Scott Ullrich * Copyright (C) 2009 Robert Zelaya Sr. Developer * Copyright (C) 2012 Ermal Luci * All rights reserved. * * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE * AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ require_once("guiconfig.inc"); require_once("/usr/local/pkg/suricata/suricata.inc"); global $g; $suricatadir = SURICATADIR; $pconfig = array(); // Grab saved settings from configuration $pconfig['enable_log_mgmt'] = $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == 'on' ? 'on' : 'off'; $pconfig['clearlogs'] = $config['installedpackages']['suricata']['config'][0]['clearlogs']; $pconfig['suricataloglimit'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimit']; $pconfig['suricataloglimitsize'] = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']; $pconfig['alert_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size']; $pconfig['alert_log_retention'] = $config['installedpackages']['suricata']['config'][0]['alert_log_retention']; $pconfig['block_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['block_log_limit_size']; $pconfig['block_log_retention'] = $config['installedpackages']['suricata']['config'][0]['block_log_retention']; $pconfig['files_json_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size']; $pconfig['files_json_log_retention'] = $config['installedpackages']['suricata']['config'][0]['files_json_log_retention']; $pconfig['http_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['http_log_limit_size']; $pconfig['http_log_retention'] = $config['installedpackages']['suricata']['config'][0]['http_log_retention']; $pconfig['stats_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size']; $pconfig['stats_log_retention'] = $config['installedpackages']['suricata']['config'][0]['stats_log_retention']; $pconfig['tls_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size']; $pconfig['tls_log_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_log_retention']; $pconfig['unified2_log_limit'] = $config['installedpackages']['suricata']['config'][0]['unified2_log_limit']; $pconfig['u2_archive_log_retention'] = $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention']; $pconfig['file_store_retention'] = $config['installedpackages']['suricata']['config'][0]['file_store_retention']; $pconfig['tls_certs_store_retention'] = $config['installedpackages']['suricata']['config'][0]['tls_certs_store_retention']; $pconfig['dns_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['dns_log_limit_size']; $pconfig['dns_log_retention'] = $config['installedpackages']['suricata']['config'][0]['dns_log_retention']; $pconfig['eve_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['eve_log_limit_size']; $pconfig['eve_log_retention'] = $config['installedpackages']['suricata']['config'][0]['eve_log_retention']; $pconfig['sid_changes_log_limit_size'] = $config['installedpackages']['suricata']['config'][0]['sid_changes_log_limit_size']; $pconfig['sid_changes_log_retention'] = $config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention']; // Load up some arrays with selection values (we use these later). // The keys in the $retentions array are the retention period // converted to hours. The keys in the $log_sizes array are // the file size limits in KB. $retentions = array( '0' => gettext('KEEP ALL'), '24' => gettext('1 DAY'), '168' => gettext('7 DAYS'), '336' => gettext('14 DAYS'), '720' => gettext('30 DAYS'), '1080' => gettext("45 DAYS"), '2160' => gettext('90 DAYS'), '4320' => gettext('180 DAYS'), '8766' => gettext('1 YEAR'), '26298' => gettext("3 YEARS") ); $log_sizes = array( '0' => gettext('NO LIMIT'), '50' => gettext('50 KB'), '150' => gettext('150 KB'), '250' => gettext('250 KB'), '500' => gettext('500 KB'), '750' => gettext('750 KB'), '1000' => gettext('1 MB'), '2000' => gettext('2 MB'), '5000' => gettext("5 MB"), '10000' => gettext("10 MB") ); // Set sensible defaults for any unset parameters if (empty($pconfig['suricataloglimit'])) $pconfig['suricataloglimit'] = 'on'; if (empty($pconfig['suricataloglimitsize'])) { // Set limit to 20% of slice that is unused */ $pconfig['suricataloglimitsize'] = round(exec('df -k /var | grep -v "Filesystem" | awk \'{print $4}\'') * .20 / 1024); } // Set default retention periods for rotated logs if (!isset($pconfig['alert_log_retention'])) $pconfig['alert_log_retention'] = "336"; if (!isset($pconfig['block_log_retention'])) $pconfig['block_log_retention'] = "336"; if (!isset($pconfig['files_json_log_retention'])) $pconfig['files_json_log_retention'] = "168"; if (!isset($pconfig['http_log_retention'])) $pconfig['http_log_retention'] = "168"; if (!isset($pconfig['dns_log_retention'])) $pconfig['dns_log_retention'] = "168"; if (!isset($pconfig['stats_log_retention'])) $pconfig['stats_log_retention'] = "168"; if (!isset($pconfig['tls_log_retention'])) $pconfig['tls_log_retention'] = "336"; if (!isset($pconfig['u2_archive_log_retention'])) $pconfig['u2_archive_log_retention'] = "168"; if (!isset($pconfig['file_store_retention'])) $pconfig['file_store_retention'] = "168"; if (!isset($pconfig['tls_certs_store_retention'])) $pconfig['tls_certs_store_retention'] = "168"; if (!isset($pconfig['eve_log_retention'])) $pconfig['eve_log_retention'] = "168"; if (!isset($pconfig['sid_changes_log_retention'])) $pconfig['sid_changes_log_retention'] = "336"; // Set default log file size limits if (!isset($pconfig['alert_log_limit_size'])) $pconfig['alert_log_limit_size'] = "500"; if (!isset($pconfig['block_log_limit_size'])) $pconfig['block_log_limit_size'] = "500"; if (!isset($pconfig['files_json_log_limit_size'])) $pconfig['files_json_log_limit_size'] = "1000"; if (!isset($pconfig['http_log_limit_size'])) $pconfig['http_log_limit_size'] = "1000"; if (!isset($pconfig['dns_log_limit_size'])) $pconfig['dns_log_limit_size'] = "750"; if (!isset($pconfig['stats_log_limit_size'])) $pconfig['stats_log_limit_size'] = "500"; if (!isset($pconfig['tls_log_limit_size'])) $pconfig['tls_log_limit_size'] = "500"; if (!isset($pconfig['unified2_log_limit'])) $pconfig['unified2_log_limit'] = "32"; if (!isset($pconfig['eve_log_limit_size'])) $pconfig['eve_log_limit_size'] = "5000"; if (!isset($pconfig['sid_changes_log_limit_size'])) $pconfig['sid_changes_log_limit_size'] = "250"; if ($_POST['ResetAll']) { // Reset all settings to their defaults $pconfig['alert_log_retention'] = "336"; $pconfig['block_log_retention'] = "336"; $pconfig['files_json_log_retention'] = "168"; $pconfig['http_log_retention'] = "168"; $pconfig['dns_log_retention'] = "168"; $pconfig['stats_log_retention'] = "168"; $pconfig['tls_log_retention'] = "336"; $pconfig['u2_archive_log_retention'] = "168"; $pconfig['file_store_retention'] = "168"; $pconfig['tls_certs_store_retention'] = "168"; $pconfig['eve_log_retention'] = "168"; $pconfig['sid_changes_log_retention'] = "336"; $pconfig['alert_log_limit_size'] = "500"; $pconfig['block_log_limit_size'] = "500"; $pconfig['files_json_log_limit_size'] = "1000"; $pconfig['http_log_limit_size'] = "1000"; $pconfig['dns_log_limit_size'] = "750"; $pconfig['stats_log_limit_size'] = "500"; $pconfig['tls_log_limit_size'] = "500"; $pconfig['unified2_log_limit'] = "32"; $pconfig['eve_log_limit_size'] = "5000"; $pconfig['sid_changes_log_limit_size'] = "250"; /* Log a message at the top of the page to inform the user */ $savemsg = gettext("All log management settings on this page have been reset to their defaults. Click APPLY if you wish to keep these new settings."); } if ($_POST["save"] || $_POST['apply']) { if ($_POST['enable_log_mgmt'] != 'on') { $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; write_config("Suricata pkg: saved updated configuration for LOGS MGMT."); conf_mount_rw(); sync_suricata_package_config(); conf_mount_ro(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /suricata/suricata_logs_mgmt.php"); exit; } if ($_POST['suricataloglimit'] == 'on') { if (!is_numericint($_POST['suricataloglimitsize']) || $_POST['suricataloglimitsize'] < 1) $input_errors[] = gettext("The 'Log Directory Size Limit' must be an integer value greater than zero."); } // Validate unified2 log file limit if (!is_numericint($_POST['unified2_log_limit']) || $_POST['unified2_log_limit'] < 1) $input_errors[] = gettext("The value for 'Unified2 Log Limit' must be an integer value greater than zero."); if (!$input_errors) { $config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] = $_POST['enable_log_mgmt'] ? 'on' :'off'; $config['installedpackages']['suricata']['config'][0]['clearlogs'] = $_POST['clearlogs'] ? 'on' : 'off'; $config['installedpackages']['suricata']['config'][0]['suricataloglimit'] = $_POST['suricataloglimit']; $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize'] = $_POST['suricataloglimitsize']; $config['installedpackages']['suricata']['config'][0]['alert_log_limit_size'] = $_POST['alert_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['alert_log_retention'] = $_POST['alert_log_retention']; $config['installedpackages']['suricata']['config'][0]['block_log_limit_size'] = $_POST['block_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['block_log_retention'] = $_POST['block_log_retention']; $config['installedpackages']['suricata']['config'][0]['files_json_log_limit_size'] = $_POST['files_json_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['files_json_log_retention'] = $_POST['files_json_log_retention']; $config['installedpackages']['suricata']['config'][0]['http_log_limit_size'] = $_POST['http_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['http_log_retention'] = $_POST['http_log_retention']; $config['installedpackages']['suricata']['config'][0]['stats_log_limit_size'] = $_POST['stats_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['stats_log_retention'] = $_POST['stats_log_retention']; $config['installedpackages']['suricata']['config'][0]['tls_log_limit_size'] = $_POST['tls_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['tls_log_retention'] = $_POST['tls_log_retention']; $config['installedpackages']['suricata']['config'][0]['unified2_log_limit'] = $_POST['unified2_log_limit']; $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] = $_POST['u2_archive_log_retention']; $config['installedpackages']['suricata']['config'][0]['file_store_retention'] = $_POST['file_store_retention']; $config['installedpackages']['suricata']['config'][0]['tls_certs_store_retention'] = $_POST['tls_certs_store_retention']; $config['installedpackages']['suricata']['config'][0]['dns_log_limit_size'] = $_POST['dns_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['dns_log_retention'] = $_POST['dns_log_retention']; $config['installedpackages']['suricata']['config'][0]['eve_log_limit_size'] = $_POST['eve_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['eve_log_retention'] = $_POST['eve_log_retention']; $config['installedpackages']['suricata']['config'][0]['sid_changes_log_limit_size'] = $_POST['sid_changes_log_limit_size']; $config['installedpackages']['suricata']['config'][0]['sid_changes_log_retention'] = $_POST['sid_changes_log_retention']; write_config("Suricata pkg: saved updated configuration for LOGS MGMT."); conf_mount_rw(); sync_suricata_package_config(); conf_mount_ro(); /* forces page to reload new settings */ header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' ); header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); header("Location: /suricata/suricata_logs_mgmt.php"); exit; } } $pgtitle = gettext("Suricata: Logs Management"); include_once("head.inc"); ?>
/> 
onClick="enable_change();"/> 
" . gettext("This must be be enabled in order to set Log Size and Retention Limits below.");?>








 MB
onClick="enable_change_dirSize();"/>   ()
onClick="enable_change_dirSize();"/>  



" . gettext("MB:") . "";?>   " . gettext("20%") . "" . gettext(" of available space.");?>
alerts
block
dns
eve-json
files-json
http
sid_changes
stats
tls

 
 " . gettext("7 days."). "";?>

 " . gettext("7 days."). "";?>

 " . gettext("7 days."). "";?>

    />