1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
-- acf model for displaying logfiles recusivly
module (..., package.seeall)
-- Load libraries
require("modelfunctions")
require("fs")
-- Set variables
local packagename = "snort"
local processname = "snort"
local configfile = "/etc/snort/snort.conf"
local alertfile = "/var/log/snort/alert"
-- ################################################################################
-- LOCAL FUNCTIONS
-- ################################################################################
-- PUBLIC FUNCTIONS
function getstatus()
return modelfunctions.getstatus(processname, packagename, "Snort Status")
end
function startstop_service(action)
return modelfunctions.startstop_service(processname, action)
end
function read_alert()
local alertpriority = {}
local liboutput = fs.read_file_as_array(alertfile)
if (liboutput) then
for i,line in ipairs(liboutput) do
--DEBUG
--if (i == 1) then break end
local currid = string.match(line, "^.*%[%*%*%]%s*%[(%d+:%d+:%d+)%]")
if (currid) then
local priority = string.match(liboutput[i+1],"^.*%[.*lassification:%s*.*%]%s*%[(.*)%]") or "Priority: Unknown"
local classification = string.match(liboutput[i+1],"^.*%[.*lassification:%s*(.*)%]%s*%[") or "Classification: Unknown"
if (alertpriority[priority] == nil) then
alertpriority[priority] = {}
end
if (alertpriority[priority][classification] == nil) then
alertpriority[priority][classification] = {}
end
if (alertpriority[priority][classification][currid] == nil) then
alertpriority[priority][classification][currid] = { value={}, url={}, count=0 }
local rowvalue = line
local j = 0
while rowvalue and rowvalue ~= "" do
if string.match(rowvalue, "%[Xref.*") ~= nil then
for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do
table.insert(alertpriority[priority][classification][currid]["url"],v)
end
elseif string.match(rowvalue, "%[Classification.*") == nil then
table.insert(alertpriority[priority][classification][currid].value,rowvalue)
end
j=j+1
rowvalue = liboutput[i+j]
end
end
alertpriority[priority][classification][currid].count = alertpriority[priority][classification][currid].count + 1
end
end
end
--Start sorting priority-table
local sorted_table = {}
for name,value in pairs(alertpriority) do
table.insert(sorted_table, {name=name, value=value})
end
table.sort(sorted_table, function(a,b) return (a.name < b.name) end)
return cfe({ type="structure", value=sorted_table, label="Snort Alerts" })
end
function get_filedetails()
return modelfunctions.getfiledetails(configfile)
end
function update_filedetails(filedetails)
filedetails.value.filename.value = configfile
return modelfunctions.setfiledetails(filedetails)
end
|