Check if the sid of a rule belongs to sourcefire and link to the
changed URL for gathering more details. If the sid of the rule belongs
to emergingthreads now link to the emergingthreads documentation.
Fixes#11806.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The WebUI IDS log did not display the rule name for alerts
where a signature with a five digit number was triggered
(some Emerging Threats signatures are using them).
Changing the regular expression so it will match on five
digit SIDs, too.
Fixes#11519.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Add option to change remote syslog protocol to TCP, which
is more reliable than UDP, but might be unsupported on
older syslog servers.
Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Instead of opening the database again for each lookup,
we will read it into memory on first use and every lookup
after that will be coming from cache.
Reviewed-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
I altered 'showrequestfromcountry.dat', 'showrequestfromip.dat' and 'showrequestfromport.dat'
in the same manner as the 'Loggraphs'-Pages in commit
Each 'Details'-page got a unique title.
Furthermore, I added a 'Back'-Button to go back to the previous page. For this, I used
'back.png' from 'wio' (thanks Stephan! ;-) ) since I found no other appropriate image.
'ipinfo.cgi' got a centered 'Back'-Button, too.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixed the 'details'-Button in 'firewalllogcountry.dat' by adding missing
translation string.
Each 'Loggraphs'-Page got a unique title and a new heading for the corresponding
diagram.
Just cosmetics...
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch always enables asynchronous logging which slows
down the system a lot on slow storage and some virtual environments.
It also removes the configuration options in the web
user interface, since this is not configurable any more.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Added 'squid' and 'snort' to section dropdown in LOGS / SYSTEM LOGS,
added translations.
Added translation string for 'web proxy' in '30-network.menu'.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
If bridged ipv6 is used, $iface is taken from PHYSIN
In the log line the order of fields is "... IN=XY OUT=XY PHYSIN=XY ..."
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
3 main changes:
- Fill $iface and $out from PHYSIN and PHYSOUT when looking at bridged packets, othwerwise fill from IN and OUT
- Recognize ipv4 and ipv6 address style for $srcaddr and $dstaddr
- Match color coding of tables to pie charts (see seperate patch sent earlier)
I am using the bridged ipv6 setup as proposed in the wiki. I do not think this breaks anything when not using ipv6. So it would be nice to include this even if ipv6 is not officially supported yet. It is quite useful when using the ipv6 setup.
Signed-off-by: Michael Eitelwein <michael@eitelwein.net>
---
The CGI offers the posibility to get more details for a certain locations
by clicking on a button.
This feature cannot be used for the category "unknown". To prevent users
from beeing confused about non show-able details, I added some code to hide
this button for this category.
Fixes#10726.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It makes sense to see how many fire wall logs entries are dropped
from the interfaces green0, blue0, and orange0, so this is
displayed as a country. The showrequestfromcountry.dat also
supports filtering based on the interface.
Define language key for input field.
Fix links for older and newer links.
Indentation fixes.
The code is a copy from showrequestfromip.dat, ideally
we should have merged all three showrequestfrom*.dat files
into one file, but I do not do that now, because it would
really require a rewrite of most of the logic, and I understand
that one does not want to do such changes in 2.x.
Add some language strings for the new firewalllogport.dat, and
include html fixes done in firewalllogip.dat, which this file
is based on.
Also try to add the menu item to the sub menu, but that is
currently not working.
Add similair functionality as firewalllogip.dat and
firewalllogport.dat, by listing the number of blocks
per country, and provide a details link to show only
the blocked ip addresses from the country.
This is a preliminary prototype.
Put the piechart for firewalllog* in the center of the page horisontally,
this looks visually better. Add language string for count and details
submit button.
Add language strings for country.cgi.
Make html validate for country.cgi.
Add two links for navigating in log pages, one for going to the
first page and one for goint to the last page.
Introduce variable which points to the first log line to
display on the last possible page.
The commit contains hardcoded text for Last and First, and I
am also uncertain how spaces between links should be handled.
So this should be improved based on feedback.
