This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via d51d3c5b93886a66b75388d029e35eb07d9b06eb (commit)
via 2eb0c326da2196c56f6f955bf5371e5d8c7ca9db (commit)
via 19c066b602a12fcce601cfa2350b0d83b231717c (commit)
from a32c219fa4642127a97050bf5af60a03e4e5c2f8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d51d3c5b93886a66b75388d029e35eb07d9b06eb
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 12 17:36:54 2019 +0100
IPS logging: Fix date comparison for last entry
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2eb0c326da2196c56f6f955bf5371e5d8c7ca9db
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 12 17:33:39 2019 +0100
IPS logging: There is no distinguation between suricata & snort required
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 19c066b602a12fcce601cfa2350b0d83b231717c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Apr 12 17:32:02 2019 +0100
IPS logging: Fix reading date
The CGI script only compares mm/dd and does not care about the year.
Suricata, however, logs the year as well which has to be ignored here.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
html/cgi-bin/logs.cgi/ids.dat | 26 ++++----------------------
1 file changed, 4 insertions(+), 22 deletions(-)
Difference in files:
diff --git a/html/cgi-bin/logs.cgi/ids.dat b/html/cgi-bin/logs.cgi/ids.dat
index 1447a06f0..8918bc6da 100644
--- a/html/cgi-bin/logs.cgi/ids.dat
+++ b/html/cgi-bin/logs.cgi/ids.dat
@@ -383,7 +383,6 @@ sub processevent
our ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs);
my $filestr='';
- my $readmode='';
if ($datediff==0) {
# If there is no datediff, directly assign the suricata fast.log.
$filestr="/var/log/suricata/fast.log";
@@ -399,9 +398,6 @@ sub processevent
# Assign snort alert file, the datediff and extension for compressed file.
$filestr = "/var/log/snort/alert.$datediff";
$filestr = "$filestr.gz";
-
- # Assign "snort" as readmode.
- $readmode="snort";
}
}
if (!(open (LOG,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
@@ -411,7 +407,7 @@ sub processevent
while(<LOG>) {
$line++;
- if (($_ =~ m/\[\*\*\]/) && ($readmode eq "snort")) {
+ if ($_ =~ m/\[\*\*\]/) {
unless ($line == 1 || $date ne "$monthstr/$daystr") {
&append;
$line = 1;
@@ -420,17 +416,6 @@ sub processevent
@refs = ();
$_ =~ m/:([0-9]{1,5})\] (.*) \[\*\*\]/;
$title = &Header::cleanhtml($2,"y");
- } else {
- &append;
- $line = 1;
-
- # Assign default values.
- ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport,$sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a");
- @refs = ();
-
- # Gather title details from line.
- $_ =~ m/:([0-9]{1,5})\] (.*) \[\*\*\]/;
- $title = &Header::cleanhtml($2,"y");
}
if ($_ =~ m/Classification: (.*)\] \[Priority: (\d)\]/) {
$classification = &Header::cleanhtml($1,"y");
@@ -447,8 +432,8 @@ sub processevent
$destport = $10;
}
- if ($_ =~ m/^([0-9\/]{3,10})\-([0-9\:]{5,8})\.([0-9]{1,14})/) {
- ($date,$time) = ($1,$2);
+ if ($_ =~ m/^([0-9\/]{3,5})(\/\d+)?\-([0-9\:]{5,8})\.([0-9]{1,14})/) {
+ ($date,$time) = ($1,$3);
}
if ($_ =~ m/\[Xref \=\>.*\]/) {
$_ =~ s/\]\[Xref \=\> /, /g;
@@ -461,12 +446,9 @@ sub processevent
}
$line++;
- # Split the date into single chunks.
- my ($month, $day, $year) = split('/', $date);
-
# Check if all data is collected and the date of the event fits the desired date to
# get displayed.
- if ($line gt 1 || "$month/$day" eq "$monthstr/$daystr") { &append; }
+ if ($line gt 1 && $date eq "$monthstr/$daystr") { &append; }
close(LOG);
}
hooks/post-receive
--
IPFire 2.x development tree