Dashboard Widget: Snort Alerts package update to 0.3.7



  • The Snort Alerts Dashboard Widget package has been updated to version 0.3.7 to fix an issue with sorting events in the display frame.  The widget now correctly displays the most recent events first.  Previously the sort incorrectly keyed off the native Snort timestamp format of MM/DD/YY without taking into account the year.  This allowed months such as December to come before January even when the January year was more recent.  The sort now alters the timestamp internally to YY/MM/DD for sorting, but the display is still in native form of MM/DD/YY.

    Note the sort behavior is tied to the System Log sort settings.  So if the system log is configured to display the most recent events first, then so will the Snort Alerts widget.

    How to install the update:

    • Go to System…Packages from the menu.

    • Click the Installed Packages tab.

    • Click the XML icon to the right of the Dashboard Widget: Snort package.

    NOTE:  when you update the Snort Alerts widget package, it will be removed from the active Dashboard display.  You will have to add it back to the Dashboard and save the change.

    Bill


  • Banned

    Mine is showing MM/DD/YY Bill…



  • @Supermule:

    Mine is showing MM/DD/YY Bill…

    The displayed value did not change because that is the internal default of the Snort binary package for log entries.  The fix was to an internal temporary array used to sort the entries from all the interfaces so it can select the most recent according to the value chosen for number of alerts to display.

    I modified my original post to highlight that little point.  I guess it would be possible to provide a configuration value for how to display the timestamp.  I will put that on my TODO list.

    Bill



  • Works great again bmeeks!  ;D

    I was the one who added the sorting, fixed the number of snort displaying lines to the number of lines in de firewall widget, ascending/descendig depending on the setting in the main settings log and showing of the interface names in the Snort Dashboard Widget back in 2012…
    So it was my mistake on how to sort the date.  :-[, don't know why it worked from 2012 to 2013 but I see the bug.

    Thanks for the quick and easy fix!

    Since you are busy with the logs, maybe you could add an "All" interfaces to the Snort alert tab?



  • @digdug3:

    Works great again bmeeks!  ;D

    I was the one who added the sorting, fixed the number of snort displaying lines to the number of lines in de firewall widget, ascending/descendig depending on the setting in the main settings log and showing of the interface names in the Snort Dashboard Widget back in 2012…
    So it was my mistake on how to sort the date.  :-[, don't know why it worked from 2012 to 2013 but I see the bug.

    Thanks for the quick and easy fix!

    Since you are busy with the logs, maybe you could add an "All" interfaces to the Snort alert tab?
    [/quote]

    Thanks digdug3 for the update.  I was not aware you had made some mods to the widget.  Maybe you can help out with Supermule's other problem of no automatic refresh of the display.  I can confirm the auto-refresh does not work on 2.1 either.  You have to manually refresh the whole Dashboard page to see new alerts.  I was under the impression from skimming the code that some Ajax-type JavaScript calls should be happening to auto-refresh the display every 22 seconds.

    As for the Snort ALERTS tab having an "All" option, that might take a bit of work.  Right now a lot of that PHP code keys off the "rule index ID" which is really the index into the array of configured interfaces.  This "ID" is passed to the page as you select interfaces in the combo box.

    Bill



  • I believe the refresh is the same as the Firewall widget. But then again, it was back in 2012 I last changed the code…
    If you haved fixed it, I will try see if I have some time this weekend.


Log in to reply