summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--snort-model.lua109
-rw-r--r--snort-read-html.lsp4
2 files changed, 1 insertions, 112 deletions
diff --git a/snort-model.lua b/snort-model.lua
index 1746b1c..da6d803 100644
--- a/snort-model.lua
+++ b/snort-model.lua
@@ -6,55 +6,6 @@ module (..., package.seeall)
require("posix")
require("fs")
--- START SORT ################################################################################
---[[
-function __genOrderedIndex( t )
- local orderedIndex = {}
- for key in pairs(t) do
- table.insert( orderedIndex, key )
- end
- table.sort( orderedIndex )
- return orderedIndex
-end
-
-function orderedNext(t, state)
- -- Equivalent of the next function, but returns the keys in the alphabetic
- -- order. We use a temporary ordered key table that is stored in the
- -- table being iterated.
-
- --print("orderedNext: state = "..tostring(state) )
- if state == nil then
- -- the first time, generate the index
- t.__orderedIndex = __genOrderedIndex( t )
- key = t.__orderedIndex[1]
- return key, t[key]
- end
- -- fetch the next value
- key = nil
- for i = 1,table.getn(t.__orderedIndex) do
- if t.__orderedIndex[i] == state then
- key = t.__orderedIndex[i+1]
- end
- end
-
- if key then
- return key, t[key]
- end
-
- -- no more value to return, cleanup
- t.__orderedIndex = nil
- return
-end
-
-function orderedPairs(t)
- -- Equivalent of the pairs() function on tables. Allows to iterate
- -- in order
- return orderedNext, t, nil
-end
---]]
--- END SORT ################################################################################
-
-
local function get_version()
local cmd = "snort -V 2>&1 | grep Version | sed 's/.*ersion\ /snort-/'"
local cmd_output = io.popen( cmd )
@@ -109,51 +60,6 @@ service_control = function ( self, srvcmd )
return retval
end
-xxxread_alert = function ()
- local alertfile = "/var/log/snort/alert"
- local alerts = ""
- local fileresult = {}
- local fileresultcnt = ""
- local presentation = {}
- local presentationtable = {}
- local liboutput = fs.read_file_as_array(alertfile)
- if (liboutput) then
- for k,v in ipairs(liboutput) do
- local generator,signature,revision = string.match(v, "^.*%[%*%*%]%s*%[(%d*):(%d*):(%d*).*")
- if (generator) and (signature) and (revision) then
- if not (fileresult[generator..":"..signature..":"..revision]) then
- fileresult[generator..":"..signature..":"..revision]={}
- end
- table.insert (fileresult[generator..":"..signature..":"..revision], v)
- local tablemax = table.maxn(fileresult[generator..":"..signature..":"..revision])
- fileresult[generator..":"..signature..":"..revision][tablemax]={}
- fileresult[generator..":"..signature..":"..revision][tablemax]["classification"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: unknown"
- fileresult[generator..":"..signature..":"..revision][tablemax]["priority"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: unknown"
- fileresult[generator..":"..signature..":"..revision][tablemax]["count"]=tablemax
- for i=0, 6 do
- if liboutput[k+i] == "" then break end
- if (liboutput[k+i-1]) then
- if not (string.match(liboutput[k+i],"^%[Classification.*")) then
- table.insert(fileresult[generator..":"..signature..":"..revision][tablemax],liboutput[k+i])
- end
- end
- end
- end
- end
- for k,v in pairs(fileresult) do
- table.insert(presentation,v)
- end
- for i = 1, table.maxn(presentation) do
- local maxn = table.maxn(presentation[i])
- presentationtable[i] = presentation[i][maxn]
- end
- alerts = table.maxn(presentationtable)
- else
- alerts = "0"
- end
- return alerts,presentationtable
-end
-
read_alert = function ()
local alertfile = "/var/log/snort/alert"
local alertcount = 0
@@ -168,7 +74,7 @@ read_alert = function ()
if (liboutput) then
for k,v in ipairs(liboutput) do
--DEBUG
--- if (k == 1) then break end
+ --if (k == 1) then break end
currid = string.match(v, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%].*")
if (currid) then
local priority = string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown"
@@ -202,19 +108,6 @@ read_alert = function ()
end
end
end
---[[
-t = {
- ['a'] = 'xxx',
- ['b'] = 'xxx',
- ['c'] = 'xxx',
- ['d'] = 'xxx',
- ['e'] = 'xxx',
-}
-
- for key, val in orderedNext(t) do
- t=key
- end
---]]
return alertcount,alertpriority
end
diff --git a/snort-read-html.lsp b/snort-read-html.lsp
index 8b53971..afda1fa 100644
--- a/snort-read-html.lsp
+++ b/snort-read-html.lsp
@@ -19,7 +19,6 @@
<dt>Status</dt>
<dd><?= view.alerts ?> alert(s)</dd>
-<? ---[[ ?>
<? for i in pairs(view.alertresult) do ?>
<h2><?= i ?></h2>
<? for j in pairs(view.alertresult[i]) do ?>
@@ -34,9 +33,6 @@
<? end ?>
<? end ?>
-<? --]] ?>
-
-
<?
--[[ DEBUG INFORMATION