Snort Widget v0.3.1 quick fix for Snort 2.9.2.3 pkg v. 2.2

digdug3

A really quick "fix" for the Snort Widget.

1. Find the interface you want to show in the Widget like this:

Services -> Snort -> edit the interface you want in the Widget
You will see the interface number on top:

Snort: Interface Edit: 1 xxxxx em1

Where xxxxx is the interface number

2. Edit the file:
/usr/local/www/widgets/widgets/snort_alerts.widget.php
Change line 107 to:

$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert_xxxxx'))));

Where xxxxx is the interface number you found before and don't forget the underscore between alert and xxxxx.

Done.

caustic386

What editor are you using?  The GUI editor doesn't show 107 lines, only about 30.

tritron

I had installed nano pkg_add -r http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/editors/nano-2.2.6.tbz for i386 and i only see 68
lines

feadin

He's talking of widget v0.3.1, but the actual version is v0.3.2 that may be the reason the files don't match.

digdug3

Didn't even see the update… Looks like v0.3.2 needs "Send alerts to main System logs", will test it.