* [PATCH v2] show IDS rule names correctly in WebUI log
@ 2017-11-21 19:27 Peter Müller
0 siblings, 0 replies; only message in thread
From: Peter Müller @ 2017-11-21 19:27 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1045 bytes --]
The WebUI IDS log did not display the rule name for alerts
where a signature with a five digit number was triggered
(some Emerging Threats signatures are using them).
Changing the regular expression so it will match on five
digit SIDs, too.
Fixes #11519.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
---
html/cgi-bin/logs.cgi/ids.dat | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/cgi-bin/logs.cgi/ids.dat b/html/cgi-bin/logs.cgi/ids.dat
index 44b3abdac..98176d690 100644
--- a/html/cgi-bin/logs.cgi/ids.dat
+++ b/html/cgi-bin/logs.cgi/ids.dat
@@ -387,7 +387,7 @@ sub processevent
}
($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a");
@refs = ();
- $_ =~ m/:([0-9]{1,4})\] (.*) \[\*\*\]/;
+ $_ =~ m/:([0-9]{1,5})\] (.*) \[\*\*\]/;
$title = &Header::cleanhtml($2,"y");
}
if ($_ =~ m/Classification: (.*)\] \[Priority: (\d)\]/) {
--
2.13.6
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-11-21 19:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-11-21 19:27 [PATCH v2] show IDS rule names correctly in WebUI log Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox