$instance) { $snort_uuid = $a_instance[$instanceid]['uuid']; $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); $tmpfile = "{$g['tmp_path']}/.widget_alert_{$snort_uuid}"; /* make sure alert file exists */ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { if (isset($config['syslog']['reverse'])) exec("tail -10 /var/log/snort/snort_{$if_real}{$snort_uuid}/alert | sort -r > {$tmpfile}"); else exec("tail -10 /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > {$tmpfile}"); if (file_exists($tmpfile)) { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ $fd = fopen($tmpfile, "r"); while (($fileline = @fgets($fd))) { if (empty($fileline)) continue; $fields = explode(",", $fileline); $snort_alert = array(); $snort_alert[]['instanceid'] = snort_get_friendly_interface($a_instance[$instanceid]['interface']); $snort_alert[]['timestamp'] = $fields[0]; $snort_alert[]['timeonly'] = substr($fields[0], 6, -8); $snort_alert[]['dateonly'] = substr($fields[0], 0, -17); $snort_alert[]['src'] = $fields[6]; $snort_alert[]['srcport'] = $fields[7]; $snort_alert[]['dst'] = $fields[8]; $snort_alert[]['dstport'] = $fields[9]; $snort_alert[]['priority'] = $fields[12]; $snort_alert[]['category'] = $fields[11]; $snort_alerts[] = $snort_alert; }; fclose($fd); @unlink($tmpfile); }; }; }; /* display the result */ ?> $alert) { echo(" "); } ?>

IF/Date	Src/Dst	Details
{$alert['instanceid']} {$alert['timeonly']} {$alert['dateonly']}	{$alert['src']}:{$alert['srcport']} {$alert['dst']}:{$alert['dstport']}	Pri : {$alert['priority']} Cat : {$alert['category']}