summaryrefslogtreecommitdiffstats
path: root/snort-model.lua
diff options
context:
space:
mode:
authorMika Havela <mika.havela@gmail.com>2007-12-25 16:21:12 +0000
committerMika Havela <mika.havela@gmail.com>2007-12-25 16:21:12 +0000
commit895e1cb0ad04a555ed8506c44815b04542cfbf67 (patch)
treee5e6ac58a98610c92bb5aab446bf9490191eb464 /snort-model.lua
parentb9bbde3d9013b7ed4d73421bfffb79f4d963e528 (diff)
downloadacf-snort-895e1cb0ad04a555ed8506c44815b04542cfbf67.tar.bz2
acf-snort-895e1cb0ad04a555ed8506c44815b04542cfbf67.tar.xz
Grouping the alarms in 1)Priority 2)Classification
git-svn-id: svn://svn.alpinelinux.org/acf/snort/trunk@453 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'snort-model.lua')
-rw-r--r--snort-model.lua115
1 files changed, 114 insertions, 1 deletions
diff --git a/snort-model.lua b/snort-model.lua
index f377a82..1746b1c 100644
--- a/snort-model.lua
+++ b/snort-model.lua
@@ -6,6 +6,55 @@ module (..., package.seeall)
require("posix")
require("fs")
+-- START SORT ################################################################################
+--[[
+function __genOrderedIndex( t )
+ local orderedIndex = {}
+ for key in pairs(t) do
+ table.insert( orderedIndex, key )
+ end
+ table.sort( orderedIndex )
+ return orderedIndex
+end
+
+function orderedNext(t, state)
+ -- Equivalent of the next function, but returns the keys in the alphabetic
+ -- order. We use a temporary ordered key table that is stored in the
+ -- table being iterated.
+
+ --print("orderedNext: state = "..tostring(state) )
+ if state == nil then
+ -- the first time, generate the index
+ t.__orderedIndex = __genOrderedIndex( t )
+ key = t.__orderedIndex[1]
+ return key, t[key]
+ end
+ -- fetch the next value
+ key = nil
+ for i = 1,table.getn(t.__orderedIndex) do
+ if t.__orderedIndex[i] == state then
+ key = t.__orderedIndex[i+1]
+ end
+ end
+
+ if key then
+ return key, t[key]
+ end
+
+ -- no more value to return, cleanup
+ t.__orderedIndex = nil
+ return
+end
+
+function orderedPairs(t)
+ -- Equivalent of the pairs() function on tables. Allows to iterate
+ -- in order
+ return orderedNext, t, nil
+end
+--]]
+-- END SORT ################################################################################
+
+
local function get_version()
local cmd = "snort -V 2>&1 | grep Version | sed 's/.*ersion\ /snort-/'"
local cmd_output = io.popen( cmd )
@@ -60,7 +109,7 @@ service_control = function ( self, srvcmd )
return retval
end
-read_alert = function ()
+xxxread_alert = function ()
local alertfile = "/var/log/snort/alert"
local alerts = ""
local fileresult = {}
@@ -105,3 +154,67 @@ read_alert = function ()
return alerts,presentationtable
end
+read_alert = function ()
+ local alertfile = "/var/log/snort/alert"
+ local alertcount = 0
+ local alertpriority = {}
+ local alertprioritytmp = ""
+ local priority = ""
+ local classification = ""
+ local currid = ""
+ local prevrid = ""
+ local count = {}
+ local liboutput = fs.read_file_as_array(alertfile)
+ if (liboutput) then
+ for k,v in ipairs(liboutput) do
+ --DEBUG
+-- if (k == 1) then break end
+ currid = string.match(v, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%].*")
+ if (currid) then
+ local priority = string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown"
+ local classification = string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown"
+ if (alertpriority[priority] == nil) then
+ alertpriority[priority] = {}
+ end
+ if (alertpriority[priority][classification] == nil) then
+ alertpriority[priority][classification] = {}
+ end
+ alertpriority[priority][classification][currid] = {}
+ if (alertpriority[priority][classification][currid]["value"] == nil) then
+ alertpriority[priority][classification][currid]["value"] = {}
+ end
+ -- COUNTER
+ if not (count[priority..classification..currid]) then
+ count[priority..classification..currid] = 0
+ end
+ count[priority..classification..currid] = count[priority..classification..currid] + 1
+ alertpriority[priority][classification][currid]["count"] = count[priority..classification..currid]
+ for i=0, 10 do
+ local rowvalue = liboutput[k+i]
+ if (rowvalue == "") then
+ break
+ end
+ if (rowvalue) then
+ table.insert(alertpriority[priority][classification][currid]["value"],rowvalue)
+ end
+ end
+ alertcount = alertcount + 1
+ end
+ end
+ end
+--[[
+t = {
+ ['a'] = 'xxx',
+ ['b'] = 'xxx',
+ ['c'] = 'xxx',
+ ['d'] = 'xxx',
+ ['e'] = 'xxx',
+}
+
+ for key, val in orderedNext(t) do
+ t=key
+ end
+--]]
+ return alertcount,alertpriority
+end
+