Project

General

Profile

snort_alerts.php

Dick Nixon, 11/15/2011 08:49 PM

 
1
<?php
2
/* $Id$ */
3
/*
4
 snort_alerts.php
5
 part of pfSense
6

7
 Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>.
8
 Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>.
9
 Copyright (C) 2006 Scott Ullrich
10
 All rights reserved.
11

12
 Modified for the Pfsense snort package v. 1.8+
13
 Copyright (C) 2009 Robert Zelaya Sr. Developer
14

15
 Redistribution and use in source and binary forms, with or without
16
 modification, are permitted provided that the following conditions are met:
17

18
 1. Redistributions of source code must retain the above copyright notice,
19
 this list of conditions and the following disclaimer.
20

21
 2. Redistributions in binary form must reproduce the above copyright
22
 notice, this list of conditions and the following disclaimer in the
23
 documentation and/or other materials provided with the distribution.
24

25
 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
26
 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
27
 AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
28
 AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
29
 OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
30
 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
31
 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
32
 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
33
 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34
 POSSIBILITY OF SUCH DAMAGE.
35
 */
36

    
37
require_once("guiconfig.inc");
38
require_once("/usr/local/pkg/snort/snort_gui.inc");
39
require_once("/usr/local/pkg/snort/snort.inc");
40

    
41
/* load only javascript that is needed */
42
$snort_load_sortabletable = 'yes';
43
$snort_load_mootools = 'yes';
44

    
45
$snortalertlogt = $config['installedpackages']['snortglobal']['snortalertlogtype'];
46
$snort_logfile = '/var/log/snort/alert';
47

    
48
exec('rm -rf /tmp/snort.tmp');
49
$whois="http://private.dnsstuff.com/tools/whois.ch?ip=";
50

    
51
if (is_array($config['installedpackages']['snortglobal']['alertsblocks'])) {
52
        $pconfig['arefresh'] = $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'];
53
        $pconfig['packets'] = $config['installedpackages']['snortglobal']['alertsblocks']['packets'];
54
        $pconfig['alertnumber'] = $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'];
55
        $anentries = $pconfig['alertnumber'];
56
        $packets = $pconfig['packets'];
57
} else {
58
        $anentries = '250';
59
        $pconfig['alertnumber'] = '250';
60
        $pconfig['arefresh'] = 'off';
61
        $pconfig['packets'] = 'off';
62
        $packets = "off";
63
}
64

    
65
if ($_POST['save'])
66
{
67
        //unset($input_errors);
68
        //$pconfig = $_POST;
69

    
70
        /* input validation */
71
        if ($_POST['save'])
72
        {
73

    
74
                //        if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
75
                //                $input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
76
                //        }
77

    
78
        }
79

    
80
        /* no errors */
81
        if (!$input_errors) {
82
                if (!is_array($config['installedpackages']['snortglobal']['alertsblocks']))
83
                        $config['installedpackages']['snortglobal']['alertsblocks'] = array();
84
                $config['installedpackages']['snortglobal']['alertsblocks']['arefresh'] = $_POST['arefresh'] ? 'on' : 'off';
85
                $config['installedpackages']['snortglobal']['alertsblocks']['packets'] = $_POST['packets'] ? 'on' : 'off';
86
                $config['installedpackages']['snortglobal']['alertsblocks']['alertnumber'] = $_POST['alertnumber'];
87

    
88
                write_config();
89

    
90
                header("Location: /snort/snort_alerts.php");
91
                exit;
92
        }
93

    
94
}
95

    
96
if ($_GET['action'] == "clear" || $_POST['clear'])
97
{
98
        if(file_exists('/var/log/snort/alert'))
99
        {
100
                conf_mount_rw();
101
                @file_put_contents("/var/log/snort/alert", "");
102
                post_delete_logs();
103
                /* XXX: This is needed is snort is run as snort user */
104
                //mwexec('/usr/sbin/chown snort:snort /var/log/snort/*', true);
105
                mwexec('/bin/chmod 660 /var/log/snort/*', true);
106
                mwexec('/usr/bin/killall -HUP snort', true);
107
                conf_mount_ro();
108
        }
109
        header("Location: /snort/snort_alerts.php");
110
        exit;
111
}
112

    
113
if ($_POST['download'])
114
{
115

    
116
        $save_date = exec('/bin/date "+%Y-%m-%d-%H-%M-%S"');
117
        $file_name = "snort_logs_{$save_date}.tar.gz";
118
        exec("/usr/bin/tar cfz /tmp/{$file_name} /var/log/snort");
119

    
120
        if (file_exists("/tmp/{$file_name}")) {
121
                $file = "/tmp/snort_logs_{$save_date}.tar.gz";
122
                header("Expires: Mon, 26 Jul 1997 05:00:00 GMT\n");
123
                header("Pragma: private"); // needed for IE
124
                header("Cache-Control: private, must-revalidate"); // needed for IE
125
                header('Content-type: application/force-download');
126
                header('Content-Transfer-Encoding: Binary');
127
                header("Content-length: ".filesize($file));
128
                header("Content-disposition: attachment; filename = {$file_name}");
129
                readfile("$file");
130
                exec("/bin/rm /tmp/{$file_name}");
131
        }
132

    
133
        header("Location: /snort/snort_alerts.php");
134
        exit;
135
}
136

    
137

    
138
/* WARNING: took me forever to figure reg expression, dont lose */
139
// $fileline = '12/09-18:12:02.086733  [**] [122:6:0] (portscan) TCP Filtered Decoy Portscan [**] [Priority: 3] {PROTO:255} 125.135.214.166 -> 70.61.243.50';
140
function get_snort_alert_date($fileline)
141
{
142
        /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
143
        if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))
144
                $alert_date =  "$matches1[0]";
145

    
146
        return $alert_date;
147
}
148

    
149
function get_snort_alert_disc($fileline)
150
{
151
        /* disc */
152
        if (preg_match("/\[\*\*\] (\[.*\]) (.*) (\[\*\*\])/", $fileline, $matches))
153
                $alert_disc =  "$matches[2]";
154

    
155
        return $alert_disc;
156
}
157

    
158
function get_snort_alert_seconds($fileline)
159
{
160
        /* date full date \d+\/\d+-\d+:\d+:\d+\.\d+\s */
161
      /*if (preg_match("/\d+\/\d+-\d+:\d+:\d\d/", $fileline, $matches1))*/
162
        if (preg_match("/\d+\/\d+-\d+:\d+:\d+\.\d+\s/", $fileline, $matches1))
163
                $alert_seconds =  "$matches1[0]";
164

    
165
        return addcslashes($alert_seconds, "/");
166
}
167

    
168
function get_snort_alert_packet($fileline)
169
{
170
        /* packet */
171
        unset($temp);
172
        if(!file_exists('/tmp/snort.tmp'))
173
        {
174
                exec('snort -Xr `ls -1t /var/log/snort/*tcpdump* | head -1` > /tmp/snort.tmp');
175
        }
176
        exec("sed -n '/$fileline/,/=+=+=+=+=+=+=+=+=+=/p' /tmp/snort.tmp",$temp);
177
        return implode('<br>',$temp);
178
}
179

    
180
function get_snort_alert_class($fileline)
181
{
182
        /* class */
183
        if (preg_match('/\[Classification:\s.+[^\d]\]/', $fileline, $matches2))
184
                $alert_class = "$matches2[0]";
185

    
186
        return $alert_class;
187
}
188

    
189
function get_snort_alert_priority($fileline)
190
{
191
        /* Priority */
192
        if (preg_match('/Priority:\s\d/', $fileline, $matches3))
193
                $alert_priority = "$matches3[0]";
194

    
195
        return $alert_priority;
196
}
197

    
198
function get_snort_alert_proto($fileline)
199
{
200
        /* Priority */
201
        if (preg_match('/\{.+\}/', $fileline, $matches3))
202
                $alert_proto = "$matches3[0]";
203

    
204
        return $alert_proto;
205
}
206

    
207
function get_snort_alert_proto_full($fileline)
208
{
209
        /* Protocal full */
210
        if (preg_match('/.+\sTTL/', $fileline, $matches2))
211
                $alert_proto_full = "$matches2[0]";
212

    
213
        return $alert_proto_full;
214
}
215

    
216
function get_snort_alert_ip_src($fileline)
217
{
218
        /* SRC IP */
219
        $re1='.*?';   # Non-greedy match on filler
220
        $re2='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
221

    
222
        if ($c=preg_match_all ("/".$re1.$re2."/is", $fileline, $matches4))
223
                $alert_ip_src = $matches4[1][0];
224

    
225
        return $alert_ip_src;
226
}
227

    
228
function get_snort_alert_src_p($fileline)
229
{
230
        /* source port */
231
        if (preg_match('/:\d+\s-/', $fileline, $matches5))
232
                $alert_src_p = "$matches5[0]";
233

    
234
        return $alert_src_p;
235
}
236

    
237
function get_snort_alert_flow($fileline)
238
{
239
        /* source port */
240
        if (preg_match('/(->|<-)/', $fileline, $matches5))
241
                $alert_flow = "$matches5[0]";
242

    
243
        return $alert_flow;
244
}
245

    
246
function get_snort_alert_ip_dst($fileline)
247
{
248
        /* DST IP */
249
        $re1dp='.*?';   # Non-greedy match on filler
250
        $re2dp='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])';   # Uninteresting: ipaddress
251
        $re3dp='.*?';   # Non-greedy match on filler
252
        $re4dp='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])'; # IPv4 IP Address 1
253

    
254
        if ($c=preg_match_all ("/".$re1dp.$re2dp.$re3dp.$re4dp."/is", $fileline, $matches6))
255
                $alert_ip_dst = $matches6[1][0];
256

    
257
        return $alert_ip_dst;
258
}
259

    
260
function get_snort_alert_dst_p($fileline)
261
{
262
        /* dst port */
263
        if (preg_match('/:\d+$/', $fileline, $matches7))
264
                $alert_dst_p = "$matches7[0]";
265

    
266
        return $alert_dst_p;
267
}
268

    
269
function get_snort_alert_dst_p_full($fileline)
270
{
271
        /* dst port full */
272
        if (preg_match('/:\d+\n[A-Z]+\sTTL/', $fileline, $matches7))
273
                $alert_dst_p = "$matches7[0]";
274

    
275
        return $alert_dst_p;
276
}
277

    
278
function get_snort_alert_sid($fileline)
279
{
280
        /* SID */
281
        if (preg_match('/\[\d+:\d+:\d+\]/', $fileline, $matches8))
282
                $alert_sid = "$matches8[0]";
283

    
284
        return $alert_sid;
285
}
286

    
287

    
288
$pgtitle = "Services: Snort: Snort Alerts";
289
include_once("head.inc");
290

    
291
?>
292

    
293
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
294

    
295
<?php
296

    
297
include_once("fbegin.inc");
298
echo $snort_general_css;
299

    
300
/* refresh every 60 secs */
301
if ($pconfig['arefresh'] == 'on')
302
        echo "<meta http-equiv=\"refresh\" content=\"60;url=/snort/snort_alerts.php\" />\n";
303
?>
304

    
305
<div class="body2"><?if($pfsense_stable == 'yes'){echo '<p class="pgtitle">' . $pgtitle . '</p>';}?>
306

    
307
<table width="100%" border="0" cellpadding="0" cellspacing="0">
308
<tr><td>
309
<?php
310
        $tab_array = array();
311
        $tab_array[0] = array(gettext("Snort Interfaces"), false, "/snort/snort_interfaces.php");
312
        $tab_array[1] = array(gettext("Global Settings"), false, "/snort/snort_interfaces_global.php");
313
        $tab_array[2] = array(gettext("Updates"), false, "/snort/snort_download_updates.php");
314
        $tab_array[3] = array(gettext("Alerts"), true, "/snort/snort_alerts.php");
315
        $tab_array[4] = array(gettext("Blocked"), false, "/snort/snort_blocked.php");
316
        $tab_array[5] = array(gettext("Whitelists"), false, "/snort/snort_interfaces_whitelist.php");
317
        $tab_array[6] = array(gettext("Suppress"), false, "/snort/snort_interfaces_suppress.php");
318
        $tab_array[7] = array(gettext("Help"), false, "/snort/help_and_info.php");
319
        display_top_tabs($tab_array);
320
?>
321
</td></tr>
322
<tr>
323
        <td>
324
                <div id="mainarea2">
325
                <table class="tabcont" width="100%" border="1" cellspacing="0"
326
                        cellpadding="0">
327
                        <tr>
328
                                <td width="22%" colspan="0" class="listtopic">Last <?=$anentries;?>
329
                                Alert Entries.</td>
330
                                <td width="78%" class="listtopic">Latest Alert Entries Are Listed
331
                                First.</td>
332
                        </tr>
333
                        <tr>
334
                                <td width="22%" class="vncell">Save or Remove Logs</td>
335
                                <td width="78%" class="vtable">
336
                                <form action="/snort/snort_alerts.php" method="post"><input
337
                                        name="download" type="submit" class="formbtn" value="Download"> All
338
                                log files will be saved. <a href="/snort/snort_alerts.php?action=clear"><input name="delete" type="button"
339
                                        class="formbtn" value="Clear"
340
                                        onclick="return confirm('Do you really want to remove all your logs ? All snort rule interfces may have to be restarted.')"></a>
341
                                <span class="red"><strong>Warning:</strong></span> all log files
342
                                will be deleted.</form>
343
                                </td>
344
                        </tr>
345
                        <tr>
346
                                <td width="22%" class="vncell">Auto Refresh and Log View</td>
347
                                <td width="78%" class="vtable">
348
                                <form action="/snort/snort_alerts.php" method="post">
349
                                        <input name="save" type="submit" class="formbtn" value="Save"> Refresh 
350
                                        <input name="arefresh" type="checkbox" value="on"
351
                                        <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['arefresh']=="on") echo "checked"; ?>>
352
                                <strong>Default</strong> is <strong>ON</strong>. <input
353
                                        name="alertnumber" type="text" class="formfld" id="alertnumber"
354
                                        size="5" value="<?=htmlspecialchars($anentries);?>"> Enter the
355
                                number of log entries to view. <strong>Default</strong> is <strong>250</strong>.
356
                                        <br> Show Packets<input name="packets" type="checkbox" value="off"
357
                                        <?php if ($config['installedpackages']['snortglobal']['alertsblocks']['packets']=="on") echo "checked"; ?>>
358
                                </form>
359
                                </td>
360
                        </tr>
361
                </table>
362
                </div>
363
                </td>
364
        </tr>
365
</table>
366
<table width="100%" border="0" cellpadding="0" cellspacing="0">
367
        <td width="100%"><br>
368
        <div class="tableFilter">
369
        <form id="tableFilter"
370
                onsubmit="myTable.filter(this.id); return false;">Filter: <select
371
                id="column">
372
                <option value="1">PRIORITY</option>
373
                <option value="2">PROTO</option>
374
                <option value="3">DESCRIPTION</option>
375
                <option value="4">CLASS</option>
376
                <option value="5">SRC</option>
377
                <option value="6">SRC PORT</option>
378
                <option value="7">FLOW</option>
379
                <option value="8">DST</option>
380
                <option value="9">DST PORT</option>
381
                <option value="10">SID</option>
382
                <option value="11">Date</option>
383
                <?php         
384
                if ($config['installedpackages']['snortglobal']['alertsblocks']['packets']=="on") 
385
                        echo "<option value=\"12\">Packet</option>";
386
                ?>
387
        </select> <input type="text" id="keyword" /> <input type="submit"
388
                value="Submit" /> <input type="reset" value="Clear" /></form>
389
        </div>
390
        <table class="allRow" id="myTable" width="100%" border="2"
391
                cellpadding="1" cellspacing="1">
392
                <thead>
393
                        <th axis="number">#</th>
394
                        <th axis="string">PRI</th>
395
                        <th axis="string">PROTO</th>
396
                        <th axis="string">DESCRIPTION</th>
397
                        <th axis="string">CLASS</th>
398
                        <th axis="string">SRC</th>
399
                        <th axis="string">SPORT</th>
400
                        <th axis="string">FLOW</th>
401
                        <th axis="string">DST</th>
402
                        <th axis="string">DPORT</th>
403
                        <th axis="string">SID</th>
404
                        <th axis="date">Date</th>
405
                        <?php         
406
                        if ($config['installedpackages']['snortglobal']['alertsblocks']['packets']=="on") 
407
                                echo "<th id=\"packets\" style=\"visibility:visible\" axis=\"string\">Packet</th>";
408
                        ?>
409
                </thead>
410
                <tbody>
411
                <?php
412
                /* make sure alert file exists */
413
                if(!file_exists('/var/log/snort/alert'))
414
                        exec('/usr/bin/touch /var/log/snort/alert');
415

    
416
                $logent = $anentries;
417

    
418
                /* detect the alert file type */
419
                if ($snortalertlogt == 'full')
420
                        $alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert'))));
421
                else
422
                        $alerts_array = array_reverse(array_filter(split("\n", file_get_contents('/var/log/snort/alert'))));
423

    
424

    
425

    
426
                if (is_array($alerts_array)) {
427

    
428
                        $counter = 0;
429
                        foreach($alerts_array as $fileline)
430
                        {
431

    
432
                                if($logent <= $counter)
433
                                continue;
434

    
435
                                $counter++;
436

    
437
                                /* Date */
438
                                $alert_date_str = get_snort_alert_date($fileline);
439

    
440
                                if($alert_date_str != '')
441
                                {
442
                                        $alert_date = $alert_date_str;
443
                                }else{
444
                                        $alert_date = 'empty';
445
                                }
446

    
447
                                /* Discription */
448
                                $alert_disc_str = get_snort_alert_disc($fileline);
449

    
450
                                if($alert_disc_str != '')
451
                                {
452
                                        $alert_disc = $alert_disc_str;
453
                                }else{
454
                                        $alert_disc = 'empty';
455
                                }
456

    
457
                                /* Classification */
458
                                $alert_class_str = get_snort_alert_class($fileline);
459

    
460
                                if($alert_class_str != '')
461
                                {
462

    
463
                                        $alert_class_match = array('[Classification:',']');
464
                                        $alert_class = str_replace($alert_class_match, '', "$alert_class_str");
465
                                }else{
466
                                        $alert_class = 'Prep';
467
                                }
468
                                        
469
                                /* Priority */
470
                                $alert_priority_str = get_snort_alert_priority($fileline);
471

    
472
                                if($alert_priority_str != '')
473
                                {
474
                                        $alert_priority_match = array('Priority: ',']');
475
                                        $alert_priority = str_replace($alert_priority_match, '', "$alert_priority_str");
476
                                }else{
477
                                        $alert_priority = 'empty';
478
                                }
479

    
480
                                /* Protocol */
481
                                /* Detect alert file type */
482
                                if ($snortalertlogt == 'full')
483
                                {
484
                                        $alert_proto_str = get_snort_alert_proto_full($fileline);
485
                                }else{
486
                                        $alert_proto_str = get_snort_alert_proto($fileline);
487
                                }
488

    
489
                                if($alert_proto_str != '')
490
                                {
491
                                        $alert_proto_match = array(" TTL",'{','}');
492
                                        $alert_proto = str_replace($alert_proto_match, '', "$alert_proto_str");
493
                                }else{
494
                                        $alert_proto = 'empty';
495
                                }
496
                                        
497
                                /* IP SRC */
498
                                $alert_ip_src_str = get_snort_alert_ip_src($fileline);
499

    
500
                                if($alert_ip_src_str != '')
501
                                {
502
                                        $alert_ip_src = $alert_ip_src_str;
503
                                }else{
504
                                        $alert_ip_src = 'empty';
505
                                }
506
                                        
507
                                /* IP SRC Port */
508
                                $alert_src_p_str = get_snort_alert_src_p($fileline);
509
                                        
510
                                if($alert_src_p_str != '')
511
                                {
512
                                        $alert_src_p_match = array(' -',':');
513
                                        $alert_src_p = str_replace($alert_src_p_match, '', "$alert_src_p_str");
514
                                }else{
515
                                        $alert_src_p = 'empty';
516
                                }
517

    
518
                                /* snort packet capture */
519
                                if($packets=="on")
520
                                {
521
                                        unset($alert_seconds);
522
                                        $alert_seconds = get_snort_alert_seconds($fileline);
523
                                        $alert_packet_str = get_snort_alert_packet($alert_seconds);
524
                                        if($alert_packet_str != '')
525
                                        {
526
                                                $alert_packet = $alert_packet_str;
527
                                        }else{
528
                                                $alert_packet = 'empty';
529
                                        }
530
                                }else{
531
                                        $alert_packet = 'empty';
532
                                }
533

    
534
                                /* Flow */
535
                                $alert_flow_str = get_snort_alert_flow($fileline);
536

    
537
                                if($alert_flow_str != '')
538
                                {
539
                                        $alert_flow = $alert_flow_str;
540
                                }else{
541
                                        $alert_flow = 'empty';
542
                                }
543

    
544
                                /* IP Destination */
545
                                $alert_ip_dst_str = get_snort_alert_ip_dst($fileline);
546

    
547
                                if($alert_ip_dst_str != '')
548
                                {
549
                                        $alert_ip_dst = $alert_ip_dst_str;
550
                                }else{
551
                                        $alert_ip_dst = 'empty';
552
                                }
553

    
554
                                /* IP DST Port */
555
                                if ($snortalertlogt == 'full')
556
                                {
557
                                        $alert_dst_p_str = get_snort_alert_dst_p_full($fileline);
558
                                }else{
559
                                        $alert_dst_p_str = get_snort_alert_dst_p($fileline);
560
                                }
561

    
562
                                if($alert_dst_p_str != '')
563
                                {
564
                                        $alert_dst_p_match = array(':',"\n"," TTL");
565
                                        $alert_dst_p_str2 = str_replace($alert_dst_p_match, '', "$alert_dst_p_str");
566
                                        $alert_dst_p_match2 = array('/[A-Z]/');
567
                                        $alert_dst_p = preg_replace($alert_dst_p_match2, '', "$alert_dst_p_str2");
568
                                }else{
569
                                        $alert_dst_p = 'empty';
570
                                }
571

    
572
                                /* SID */
573
                                $alert_sid_str = get_snort_alert_sid($fileline);
574

    
575
                                if($alert_sid_str != '')
576
                                {
577
                                        $alert_sid_match = array('[',']');
578
                                        $alert_sid = str_replace($alert_sid_match, '', "$alert_sid_str");
579
                                }else{
580
                                        $alert_sid_str = 'empty';
581
                                }
582

    
583
                                /* NOTE: using one echo improves performance by 2x */
584
                                if ($alert_disc != 'empty')
585
                                {
586
                                if ($packets != 'off') 
587
                                        {
588
                                        echo "<tr id=\"{$counter}\">
589
                                        <td class=\"centerAlign\">{$counter}</td>
590
                                        <td class=\"centerAlign\">{$alert_priority}</td>
591
                                        <td class=\"centerAlign\">{$alert_proto}</td>
592
                                        <td>{$alert_disc}</td>
593
                                        <td class=\"centerAlign\">{$alert_class}</td>
594
                                        <td><a href=\"{$whois}{$alert_ip_src}\" target=\"_blank\">{$alert_ip_src}</a></td>
595
                                        <td class=\"centerAlign\">{$alert_src_p}</td>
596
                                        <td class=\"centerAlign\">{$alert_flow}</td>
597
                                        <td><a href=\"{$whois}{$alert_ip_dst}\" target=\"_blank\">{$alert_ip_dst}</a></td>
598
                                        <td class=\"centerAlign\">{$alert_dst_p}</td>
599
                                        <td class=\"centerAlign\">{$alert_sid}</td>
600
                                        <td>{$alert_date}</td>
601
                                        <td id=\"packet\"><pre>{$alert_packet}</pre></td>
602
                                        </tr>\n";
603
                                }else{
604
                                        echo "<tr id=\"{$counter}\">
605
                                        <td class=\"centerAlign\">{$counter}</td>
606
                                        <td class=\"centerAlign\">{$alert_priority}</td>
607
                                        <td class=\"centerAlign\">{$alert_proto}</td>
608
                                        <td>{$alert_disc}</td>
609
                                        <td class=\"centerAlign\">{$alert_class}</td>
610
                                        <td><a href=\"{$whois}{$alert_ip_src}\" target=\"_blank\">{$alert_ip_src}</a></td>
611
                                        <td class=\"centerAlign\">{$alert_src_p}</td>
612
                                        <td class=\"centerAlign\">{$alert_flow}</td>
613
                                        <td><a href=\"{$whois}{$alert_ip_dst}\" target=\"_blank\">{$alert_ip_dst}</a></td>
614
                                        <td class=\"centerAlign\">{$alert_dst_p}</td>
615
                                        <td class=\"centerAlign\">{$alert_sid}</td>
616
                                        <td>{$alert_date}</td>
617
                                        </tr>\n";
618
                                        }
619
                                }
620

    
621
                                //                <script type="text/javascript">
622
                                //                        var myTable = {};
623
                                //                        window.addEvent('domready', function(){
624
                                //                                myTable = new sortableTable('myTable', {overCls: 'over', onClick: function(){alert(this.id)}});
625
                                //                        });
626
                                //                </script>
627
                        }
628
                }
629

    
630
                ?>
631
                </tbody>
632
        </table>
633
        </td>
634
</table>
635

    
636
</div>
637

    
638
<?php
639
include("fend.inc");
640

    
641
echo $snort_custom_rnd_box;
642

    
643
?>
644
</body>
645
</html>