Snort Widget v0.3.1 quick fix for Snort 2.9.2.3 pkg v. 2.2
-
A really quick "fix" for the Snort Widget.
1. Find the interface you want to show in the Widget like this:
Services -> Snort -> edit the interface you want in the Widget
You will see the interface number on top:Snort: Interface Edit: 1 xxxxx em1
Where xxxxx is the interface number
2. Edit the file:
/usr/local/www/widgets/widgets/snort_alerts.widget.php
Change line 107 to:$alerts_array = array_reverse(array_filter(explode("\n\n", file_get_contents('/var/log/snort/alert_xxxxx'))));Where xxxxx is the interface number you found before and don't forget the underscore between alert and xxxxx.
Done.
-
What editor are you using? The GUI editor doesn't show 107 lines, only about 30.
-
I had installed nano pkg_add -r http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/editors/nano-2.2.6.tbz for i386 and i only see 68
lines -
He's talking of widget v0.3.1, but the actual version is v0.3.2 that may be the reason the files don't match.
-
Didn't even see the update… Looks like v0.3.2 needs "Send alerts to main System logs", will test it.