IPS logging: There is no distinguation between suricata & snort required
authorMichael Tremer <michael.tremer@ipfire.org>
Fri, 12 Apr 2019 16:33:39 +0000 (17:33 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Fri, 12 Apr 2019 16:33:39 +0000 (17:33 +0100)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
html/cgi-bin/logs.cgi/ids.dat

index 5e46137..b2bd9f1 100644 (file)
@@ -383,7 +383,6 @@ sub processevent
        our ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid, @refs);
 
        my $filestr='';
-       my $readmode='';
        if ($datediff==0) {
                # If there is no datediff, directly assign the suricata fast.log.
                $filestr="/var/log/suricata/fast.log";
@@ -399,9 +398,6 @@ sub processevent
                        # Assign snort alert file, the datediff and extension for compressed file.
                        $filestr = "/var/log/snort/alert.$datediff";
                        $filestr = "$filestr.gz";
-
-                       # Assign "snort" as readmode.
-                       $readmode="snort";
                }
        }
        if (!(open (LOG,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) {
@@ -411,7 +407,7 @@ sub processevent
 
                while(<LOG>) {
                        $line++;
-                       if (($_ =~ m/\[\*\*\]/) && ($readmode eq "snort")) {
+                       if ($_ =~ m/\[\*\*\]/) {
                                unless ($line == 1 || $date ne "$monthstr/$daystr") {
                                        &append;
                                        $line = 1;
@@ -420,17 +416,6 @@ sub processevent
                                @refs = ();
                                $_ =~ m/:([0-9]{1,5})\] (.*) \[\*\*\]/;
                                $title = &Header::cleanhtml($2,"y");
-                       } else {
-                               &append;
-                               $line = 1;
-
-                               # Assign default values.
-                               ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport,$sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a");
-                               @refs = ();
-
-                               # Gather title details from line.
-                               $_ =~ m/:([0-9]{1,5})\] (.*) \[\*\*\]/;
-                               $title = &Header::cleanhtml($2,"y");
                        }
                        if ($_ =~ m/Classification: (.*)\] \[Priority: (\d)\]/) {
                                $classification = &Header::cleanhtml($1,"y");