echo gettext("GID:SID"); ?> </th> <th class="listhdrr" axis="string"><?php echo gettext("Description"); ?> </th> </tr> </thead> <tbody> <?php /* make sure alert file exists */ if (file_exists("/var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log")) { exec("tail -{$anentries} -r /var/log/suricata/suricata_{$if_real}{$suricata_uuid}/alerts.log > /tmp/alerts_suricata{$suricata_uuid}"); if (file_exists("/tmp/alerts_suricata{$suricata_uuid}")) { $tmpblocked = array_flip(suricata_get_blocked_ips()); $counter = 0; /*************** FORMAT without CSV patch -- ALERT -- ***********************************************************************************/ /* Line format: timestamp action[**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] {proto} src:srcport -> dst:dstport */ /* 0 1 2 3 4 5 6 7 8 9 10 11 12 */ /****************************************************************************************************************************************/ /**************** FORMAT without CSV patch -- DECODER EVENT -- **************************************************************************/ /* Line format: timestamp action[**] [gid:sid:rev] msg [**] [Classification: class] [Priority: pri] [**] [Raw pkt: ...] */ /* 0 1 2 3 4 5 6 7 */ /************** *************************************************************************************************************************/ $fd = fopen("/tmp/alerts_suricata{$suricata_uuid}", "r"); $buf = ""; while (($buf = fgets($fd)) !== FALSE) { $fields = array(); $tmp = array(); $decoder_event = FALSE;
?> </th> <th class="listhdrr" axis="string"><?php echo gettext("Alert Description"); ?> </th> <th class="listhdrr sorttable_nosort"><?php echo gettext("Remove"); ?> </th> </tr> </thead> <tbody> <?php /* set the arrays */ $blocked_ips_array = suricata_get_blocked_ips(); if (!empty($blocked_ips_array)) { foreach ($blocked_ips_array as &$ip) { $ip = inet_pton($ip); } $tmpblocked = array_flip($blocked_ips_array); $src_ip_list = array(); foreach (glob("{$suricatalogdir}*/block.log*") as $alertfile) { $fd = fopen($alertfile, "r"); if ($fd) { /* 0 1 2 3 4 5 6 7 8 9 10 */ /* File format timestamp,action,sig_generator,sig_id,sig_rev,msg,classification,priority,proto,ip,port */ while (($fields = fgetcsv($fd, 1000, ',', '"')) !== FALSE) { if (count($fields) != 11) { log_error("[suricata] ERROR: block.log entry failed to parse correctly with too many or not enough CSV entities, skipping this entry..."); log_error("[suricata] Failed block.log entry fields are: " . print_r($fields, true));