$val){ $offset = 0; $found = false; foreach ($temp_array as $tmp_key => $tmp_val) { if (!$found and strtolower($val[$subkey]) > strtolower($tmp_val[$subkey])) { $temp_array = array_merge((array)array_slice($temp_array,0,$offset), array($key => $val), array_slice($temp_array,$offset)); $found = true; }; $offset++; }; if (!$found) $temp_array = array_merge($temp_array, array($key => $val)); }; if ($sort_ascending) { $array = array_reverse($temp_array); } else $array = $temp_array; /* below is the complement for empty array test */ return true; }; /* check if firewall widget variable is set */ if (!isset($nentries)) $nentries = 5; /* retrieve snort variables */ require_once("/usr/local/pkg/snort/snort.inc"); if (!is_array($config['installedpackages']['snortglobal']['rule'])) $config['installedpackages']['snortglobal']['rule'] = array(); $a_instance = &$config['installedpackages']['snortglobal']['rule']; /* read log file(s) */ $counter=0; foreach ($a_instance as $instanceid => $instance) { $snort_uuid = $a_instance[$instanceid]['uuid']; $if_real = snort_get_real_interface($a_instance[$instanceid]['interface']); /* make sure alert file exists */ if (file_exists("/var/log/snort/snort_{$if_real}{$snort_uuid}/alert")) { exec("tail -n{$nentries} /var/log/snort/snort_{$if_real}{$snort_uuid}/alert > /tmp/alert_{$snort_uuid}"); if (file_exists("/tmp/alert_{$snort_uuid}")) { $tmpblocked = array_flip(snort_get_blocked_ips()); /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /* File format timestamp,sig_generator,sig_id,sig_rev,msg,proto,src,srcport,dst,dstport,id,classification,priority */ $fd = fopen("/tmp/alert_{$snort_uuid}", "r"); while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if(count($fields) < 11) continue; $snort_alerts[$counter]['instanceid'] = $a_instance[$instanceid]['interface']; $snort_alerts[$counter]['timestamp'] = $fields[0]; $snort_alerts[$counter]['timeonly'] = substr($fields[0], 6, -8); $snort_alerts[$counter]['dateonly'] = substr($fields[0], 0, -17); $snort_alerts[$counter]['src'] = $fields[6]; $snort_alerts[$counter]['srcport'] = $fields[7]; $snort_alerts[$counter]['dst'] = $fields[8]; $snort_alerts[$counter]['dstport'] = $fields[9]; $snort_alerts[$counter]['priority'] = $fields[12]; $snort_alerts[$counter]['category'] = $fields[11]; $counter++; }; fclose($fd); @unlink("/tmp/alert_{$snort_uuid}"); }; }; }; /* sort the array */ if (isset($config['syslog']['reverse'])) { sksort($snort_alerts, 'timestamp', false); } else { sksort($snort_alerts, 'timestamp', true); }; /* display the result */ ?>
IF/Date | Src/Dst | Details | " . $alert['instanceid'] . " " . $alert['timeonly'] . " " . $alert['dateonly'] . " |
" . $alert['src'] . ":" . $alert['srcport'] . " " . $alert['dst'] . ":" . $alert['dstport'] . " |
Pri : " . $alert['priority'] . " Cat : " . $alert['category'] . " |
");
$counter++;
if($counter >= $nentries) break;
}
};
?>