configure: Bump version to 0.5

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Serialize writes to the database

sqlite3 can obviously have only one writer at a time. Some operations
like cleaning up the database can take a couple of seconds during which
other write operations might time out and will be dropped. Therefore we
are introducing a lock so that only one operation at a time is trying to
write to the database. This shouldn't cause any problems during normal
operation, but will block any writers when the database is being cleaned
up or optimised.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

configure: Bump version to 0.4

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Fix cleanup job

Since SQLite3 does not automatically parse any timestamps, usually all
events were dropped because of an inconsistent comparison.

This patch will now convert the timestamp into float, so it can be
better compared to the timestamp which is stored as a REAL.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Open the database in read-only mode

The generator does not need to write to the database at all. Therefore
we can tell the driver to open it in read-only mode to be able to
generate reports from any user that is allowed to read from the
database, but not write to it (i.e. the web UI).

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Refuse to write the PDF to a terminal

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Implement writing the output to stdout

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Fix another typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

configure: Bump version to 0.3

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Add a summary of high severity alerts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

po: Update the German translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Make the host clearer on the title page

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Show a note when there have been no alerts

It seems to make more sense to explicitely show this instead of
generating reports that only have a title page.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

configure: Bump version to 0.2

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

po: Remove Makefile.in

This should not be under version control.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Only optimize the database once

This helps with contention issues and avoids running this multiple times
which is pointless.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Remove all data older than 5 years from the database

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Fix typo in email

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

po: Update POFILES.in

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

README: Add note about Bugzilla

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Implement filtering email alerts by severity

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Add the alert severity to the email headers

That way, we can create filter rules that perform certain actions
depending on the value.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Makefile: Add a little helper to upload a release tarball

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

cron: Send reports in the system's default language

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

.gitignore: Ignore any release tarballs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

po: Provide a German translation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

po: Ensure all strings are being translated

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Use gettext to translate strings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Allow to overwrite the locale

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Use threads instead of worker processes

Python seems to have a lot of issues when it comes to multiprocessing.
Since we won't have too much CPU-bound stuff to do here, we could also
switch to a thread-based model which would eliminate any queue
synchronisation issues between the parent and the worker processes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Log the entire exception if something unhandled happened

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Open and close the database in the worker process

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

reporter: Translate severity to strings in emails

This is much easier to understand than just a random number.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Express the rule severity by colors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Use Prompt as default font

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

generator: Implement better line wrapping in the table

Sometimes the signature names are very long and we need to be able to
wrap the next which is only possible by using Paragraph() inside the
individual table cells.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Fix shebangs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Makefile.am: Fix indentation

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Dynamically replace /var/run

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Update paths in reporter.conf, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Dynamically replace the configuration directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Dynamically replace the logging directory

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Use the Python interpreter that the configure script has detected

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Introduce autotools

This will check for the required Python modules and install all the
scripts to the right places.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Fix syntax difference to fast.log

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-report-generator: Implement sending reports via email

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-report-generator: Don't print rows

This is a left-over debug statement.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata: Automatically email reports once per month/week/day

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Add ability to reload the configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-report-generator: Add all alerts in full detail

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-report-generator: Render a PDF document and give it a title page

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-report-generator: Allow span selection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-report-generator: Create some scaffolding

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Create a example configuration file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Add source/destination ports to the emails, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Don't let workers terminate if something goes wrong

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Log any alerts to a database

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Make ownership of the socket configurable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Make the socket path configurable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Make the number of workers configurable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Create capability to send alerts to syslog

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Read the email configuration from file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Read a configuration file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Parse alerts and generate emails

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata: Enable EVE logging to the reporter

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Replace logic on termination signals

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Close the queue on termination

This will allow us to not have an extra signal to check across
processes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Create a listening socket

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Handle signals to gracefully terminate

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Create a queue we can push events into the workers with

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Create a couple of worker processes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

suricata-reporter: Create some scaffolding

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>