</tr> <?php /* set the arrays */ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); foreach (glob("/var/log/snort/alert_*") as $alert) { $alerts_array = array_reverse(explode("\n\n", file_get_contents("{$alert}"))); $logent = $bnentries; if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') { /* build the list and compare blocks to alerts */ $counter = 0; foreach ($alerts_array as $fileline) { $counter++; $alert_ip_src = get_snort_alert_ip_src($fileline); $alert_ip_disc = get_snort_alert_disc($fileline); $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); if (in_array("{$alert_ip_src}", $blocked_ips_array)) { $input[] = "[{$alert_ip_src}] " . "[{$alert_ip_disc}]\n"; } } foreach ($blocked_ips_array as $alert_block_ip) { if (!in_array($alert_block_ip, $alert_ip_src_array)) { $input[] = "[{$alert_block_ip}] " . "[N\\A]\n"; } } /* reduce double occurrences */ $result = array_unique($input); /* buil final list, preg_match, buld html */ $counter2 = 0; foreach ($result as $fileline2) { if ($logent <= $counter2) {
} /* Protocol */ /* Detect alert file type */ if ($snortalertlogt == 'full') { $alert_proto_str = get_snort_alert_proto_full($fileline); } else { $alert_proto_str = get_snort_alert_proto($fileline); } if ($alert_proto_str != '') { $alert_proto_match = array(" TTL", '{', '}'); $alert_proto = str_replace($alert_proto_match, '', "{$alert_proto_str}"); } else { $alert_proto = 'empty'; } /* IP SRC */ $alert_ip_src_str = get_snort_alert_ip_src($fileline); if ($alert_ip_src_str != '') { $alert_ip_src = $alert_ip_src_str; } else { $alert_ip_src = 'empty'; } /* IP SRC Port */ $alert_src_p_str = get_snort_alert_src_p($fileline); if ($alert_src_p_str != '') { $alert_src_p_match = array(' -', ':'); $alert_src_p = str_replace($alert_src_p_match, '', "{$alert_src_p_str}"); } else { $alert_src_p = 'empty'; } /* Flow */ $alert_flow_str = get_snort_alert_flow($fileline);