1 files changed, 107 insertions, 0 deletions
diff --git a/snort-model.lua b/snort-model.lua
new file mode 100644
index 0000000..f377a82
--- /dev/null
+++ b/snort-model.lua
@@ -0,0 +1,107 @@
+-- acf model for displaying logfiles recusivly 
+module (..., package.seeall)
+
+-- no initializer in model - use controller.init for that
+
+require("posix")
+require("fs")
+
+local function get_version()
+	local cmd = "snort -V 2>&1 | grep Version | sed 's/.*ersion\ /snort-/'"
+	local cmd_output = io.popen( cmd )
+	local cmd_output_result = cmd_output:read("*a") or ""
+	cmd_output:close()
+	return cmd_output_result
+end
+
+local is_running = function( process )
+	local statusreport = nil
+	local cmdoutput = {}
+	local cmd, error = io.popen("pidof " .. process ,r)
+	local cmdoutput = string.gsub(cmd:read("*a"), "%s", "")
+	cmd:close()
+	if (cmdoutput ~= "") then
+		statusreport = "Running"
+	else
+		statusreport = "Stopped"
+	end
+	return statusreport
+end
+
+-- ################################################################################
+-- PUBLIC FUNCTIONS
+
+getstatus = function (self)
+	local status = {}
+	local version = get_version()
+	status.version = version
+	local isrunning = is_running("snort")
+	status.status = isrunning
+	return status
+end
+
+service_control = function ( self, srvcmd ) 
+	local srvcmd = string.lower(srvcmd)
+	local retval = ""
+	local line = ""
+	if (srvcmd == "start") or (srvcmd == "stop") or (srvcmd == "restart") then
+		local file = io.popen( "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin /etc/init.d/snort " .. srvcmd .. " 2>&1" )
+		if file ~= nil then
+			line = file:read( "*l" )
+			while line ~= nil do
+				retval = retval .. "\n" .. line
+				line = file:read( "*l" )
+			end
+			file:close()
+		end
+	else
+		retval = "Unknown command!"
+	end
+	return retval
+end
+
+read_alert = function ()
+	local alertfile = "/var/log/snort/alert"
+	local alerts = ""
+	local fileresult = {}
+	local fileresultcnt = ""
+	local presentation = {}
+	local presentationtable = {}
+	local liboutput = fs.read_file_as_array(alertfile)
+	if (liboutput) then
+		for k,v in ipairs(liboutput) do
+			local generator,signature,revision = string.match(v, "^.*%[%*%*%]%s*%[(%d*):(%d*):(%d*).*")
+			if (generator) and (signature) and (revision) then
+			if not (fileresult[generator..":"..signature..":"..revision]) then
+				fileresult[generator..":"..signature..":"..revision]={}
+			end
+				table.insert (fileresult[generator..":"..signature..":"..revision], v)
+				local tablemax = table.maxn(fileresult[generator..":"..signature..":"..revision])
+				fileresult[generator..":"..signature..":"..revision][tablemax]={}
+				fileresult[generator..":"..signature..":"..revision][tablemax]["classification"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: unknown"
+				fileresult[generator..":"..signature..":"..revision][tablemax]["priority"]=string.match(liboutput[k+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: unknown"
+				fileresult[generator..":"..signature..":"..revision][tablemax]["count"]=tablemax
+				for i=0, 6 do
+					if liboutput[k+i] == "" then break end
+					if (liboutput[k+i-1]) then
+						if not (string.match(liboutput[k+i],"^%[Classification.*")) then
+							table.insert(fileresult[generator..":"..signature..":"..revision][tablemax],liboutput[k+i])
+						end
+					end
+				end
+			end
+		end
+		for k,v in pairs(fileresult) do
+			table.insert(presentation,v)
+		end
+		for i = 1, table.maxn(presentation) do
+			local maxn = table.maxn(presentation[i])
+			presentationtable[i] = presentation[i][maxn]
+		end
+		alerts = table.maxn(presentationtable)
+	else
+		alerts = "0"
+	end
+	return alerts,presentationtable
+end
+