The header will be dynamically generated, according the items which will
be displayed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Previously some sessions were selected which did not qualify
for the search.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Expand the regex for the section dmi ("Mail") for /var/log/mail to include the log contents of postfix, in case the addon is installed.
Signed-off-by: Alex Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The prefix for dmi in /var/log/mail seems to have changed from "dma[<PID>]: " to "dma: ". This results in a bug where no lines are being shown at all in the WUI.
Signed-off-by: Alex Koch <ipfire@starkstromkonsument.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Fixes: #12084
Since the Suricata regex did not match the messages output, Suricata was not displayed in the "System Logs" section in the WUI.
Signed-off-by: Erik Kapfer <ummeegge@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
The CGI script only compares mm/dd and does not care about the year.
Suricata, however, logs the year as well which has to be ignored here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
As default show the events generated by suricata and if
for a certain selected date no suricata log is available
try to fall-back to read the events from the old snort
alert files (if available).
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Check if the sid of a rule belongs to sourcefire and link to the
changed URL for gathering more details. If the sid of the rule belongs
to emergingthreads now link to the emergingthreads documentation.
Fixes#11806.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The WebUI IDS log did not display the rule name for alerts
where a signature with a five digit number was triggered
(some Emerging Threats signatures are using them).
Changing the regular expression so it will match on five
digit SIDs, too.
Fixes#11519.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Add option to change remote syslog protocol to TCP, which
is more reliable than UDP, but might be unsupported on
older syslog servers.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Instead of opening the database again for each lookup,
we will read it into memory on first use and every lookup
after that will be coming from cache.
Reviewed-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
I altered 'showrequestfromcountry.dat', 'showrequestfromip.dat' and 'showrequestfromport.dat'
in the same manner as the 'Loggraphs'-Pages in commit
Each 'Details'-page got a unique title.
Furthermore, I added a 'Back'-Button to go back to the previous page. For this, I used
'back.png' from 'wio' (thanks Stephan! ;-) ) since I found no other appropriate image.
'ipinfo.cgi' got a centered 'Back'-Button, too.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixed the 'details'-Button in 'firewalllogcountry.dat' by adding missing
translation string.
Each 'Loggraphs'-Page got a unique title and a new heading for the corresponding
diagram.
Just cosmetics...
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch always enables asynchronous logging which slows
down the system a lot on slow storage and some virtual environments.
It also removes the configuration options in the web
user interface, since this is not configurable any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
