summaryrefslogtreecommitdiffstats
path: root/snort-model.lua
blob: 6c633a39729673a1bc1889f3e359b91803f3de5a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
-- acf model for displaying logfiles recusivly 
local mymodule = {}

-- Load libraries
modelfunctions = require("modelfunctions")
fs = require("acf.fs")

-- Set variables
local packagename = "snort"
local processname = "snort"
local configfile = "/etc/snort/snort.conf"
local alertfile = "/var/log/snort/alert"

-- ################################################################################
-- LOCAL FUNCTIONS

-- ################################################################################
-- PUBLIC FUNCTIONS

function mymodule.getstatus()
	return modelfunctions.getstatus(processname, packagename, "Snort Status")
end

function mymodule.get_startstop(self, clientdata)       
        return modelfunctions.get_startstop(processname)
end

function mymodule.startstop_service(self, startstop, action)        
        return modelfunctions.startstop_service(startstop, action)
end

function mymodule.read_alert()
	local alertpriority = {}
	local liboutput = fs.read_file_as_array(alertfile)
	if (liboutput) then
		for i,line in ipairs(liboutput) do
			--DEBUG
			--if (i == 1) then break end
			local currid = string.match(line, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%]")
			if (currid) then
				local priority = string.match(liboutput[i+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown"
				local classification = string.match(liboutput[i+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown"
				if (alertpriority[priority] == nil) then
					alertpriority[priority] = {}
				end
				if (alertpriority[priority][classification] == nil) then
					alertpriority[priority][classification] = {}
				end
				if (alertpriority[priority][classification][currid] == nil) then
					alertpriority[priority][classification][currid] = { value={}, url={}, count=0 }

					local rowvalue = line
					local j = 0
					while rowvalue and rowvalue ~= "" do
						if string.match(rowvalue, "%[Xref.*") ~= nil then
							for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do
								table.insert(alertpriority[priority][classification][currid]["url"],v)
							end
						elseif string.match(rowvalue, "%[Classification.*") == nil then
							table.insert(alertpriority[priority][classification][currid].value,rowvalue)
						end
						j=j+1
						rowvalue = liboutput[i+j]
					end
				end
				alertpriority[priority][classification][currid].count = alertpriority[priority][classification][currid].count + 1
			end
		end
	end
	--Start sorting priority-table
	local sorted_table = {}
	for name,value in pairs(alertpriority) do 
		table.insert(sorted_table, {name=name, value=value})
	end
	table.sort(sorted_table, function(a,b) return (a.name < b.name) end)

	return cfe({ type="structure", value=sorted_table, label="Snort Alerts" })
end

function mymodule.get_filedetails()
	return modelfunctions.getfiledetails(configfile)
end

function mymodule.update_filedetails(self, filedetails)
	return modelfunctions.setfiledetails(self, filedetails, {configfile})
end

return mymodule