<td class="listhdrr">Alert Description</td> </tr> <?php /* set the arrays */ exec('/sbin/pfctl -t snort2c -T show > /tmp/snort_block.cache'); $blocked_ips_array = str_replace(' ', '', array_filter(explode("\n", file_get_contents('/tmp/snort_block.cache')))); foreach (glob("/var/log/snort/alert_*") as $alert) { $alerts_array = array_reverse(explode("\n\n", file_get_contents("{$alert}"))); $logent = $bnentries; if ($blocked_ips_array[0] != '' && $alerts_array[0] != '') { /* build the list and compare blocks to alerts */ $counter = 0; foreach ($alerts_array as $fileline) { $counter++; $alert_ip_src = get_snort_alert_ip_src($fileline); $alert_ip_disc = get_snort_alert_disc($fileline); $alert_ip_src_array[] = get_snort_alert_ip_src($fileline); if (in_array("{$alert_ip_src}", $blocked_ips_array)) { $input[] = "[{$alert_ip_src}] " . "[{$alert_ip_disc}]\n"; } } foreach ($blocked_ips_array as $alert_block_ip) { if (!in_array($alert_block_ip, $alert_ip_src_array)) { $input[] = "[{$alert_block_ip}] " . "[N\\A]\n"; } } /* reduce double occurrences */ $result = array_unique($input); /* buil final list, preg_match, buld html */ $counter2 = 0; foreach ($result as $fileline2) {
if (is_array($alerts_array)) { $counter = 0; foreach ($alerts_array as $fileline) { if ($logent <= $counter) { continue; } $counter++; /* Date */ $alert_date_str = get_snort_alert_date($fileline); if ($alert_date_str != '') { $alert_date = $alert_date_str; } else { $alert_date = 'empty'; } /* Discription */ $alert_disc_str = get_snort_alert_disc($fileline); if ($alert_disc_str != '') { $alert_disc = $alert_disc_str; } else { $alert_disc = 'empty'; } /* Classification */ $alert_class_str = get_snort_alert_class($fileline); if ($alert_class_str != '') { $alert_class_match = array('[Classification:', ']'); $alert_class = str_replace($alert_class_match, '', "{$alert_class_str}"); } else { $alert_class = 'Prep'; } /* Priority */ $alert_priority_str = get_snort_alert_priority($fileline);