Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ports number for IP src and IP dst #1

Closed
Hmarionx opened this issue Nov 17, 2017 · 3 comments
Closed

Add ports number for IP src and IP dst #1

Hmarionx opened this issue Nov 17, 2017 · 3 comments
Labels
enhancement

Comments

@Hmarionx
Copy link

Hi,
Finally a good web ui for snort, working with PHP7 👍 Great Dashboard and nice graphics !
I have quickly modified source code for getting ports with dest and src IP. So, if you're interested.

events.php :
".$event['ip_src'].':'.$event['tcp_sport'].$event['udp_sport']."
".$event['ip_dst'].':'.$event['tcp_dport'].$event['udp_dport']."

db.php :
$sql = "SELECT event.sid, event.cid, sig_name, DATE_FORMAT(timestamp, '%d-%m-%Y') AS date, DATE_FORMAT(timestamp, '%H:%i') AS time, sig_priority, inet_ntoa(ip_src) as ip_src, inet_ntoa(ip_dst) as ip_dst, tcp_sport, tcp_dport, udp_sport, udp_dport
FROM event
INNER JOIN signature on event.signature = signature.sig_id
INNER JOIN iphdr on event.sid = iphdr.sid AND event.cid = iphdr.cid
LEFT JOIN tcphdr on event.sid = tcphdr.sid AND event.cid = tcphdr.cid
LEFT JOIN udphdr on event.sid = udphdr.sid AND event.cid = udphdr.cid

Need to adjust the CSS for better rendering...

Good working :-)
@Ejdamm
Copy link
Owner

Ejdamm commented Nov 18, 2017

Hi!
I'm glad you like it :)
I have actually thought of that but putting it in the extended info that appears when you click on an event. There will also be other info about the TCP/IP packets. What do you think about that? I'm away this weekend but will try to implement it next week. It will be easier to find motivation now when I know someone likes it.

@Hmarionx
Copy link
Author

Yes, I think it will be great to have ports and other informations in the extended view for each events.
You can find here my (big) wishlist :-)

  • Extend events with all information from the mysql snort DB for each events
  • Link the src IP to open AbuseIPDB or other security website
  • Link the SIG id to the snort db knowledge
  • Filter events by date / ip src / ip dest / ports / severity
  • Refresh number of alerts in the dashboard when selecting different view (24h / week / month / year)
  • A login page for authenticiate user (the snort user in the mysql DB for example)
    I'm not a good PHP developper, but have lot of ideas :-)

Pick up from my wishlist, as you want and as you can !

Ejdamm added a commit that referenced this issue Nov 21, 2017
@Ejdamm
Fix issue #1
f74d236
@Ejdamm
Copy link
Owner

Ejdamm commented Nov 21, 2017

I close this issue now since displaying ports are implemented but your wishlist is noted and will be processed.

@Ejdamm Ejdamm closed this as completed Nov 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hmarionx @Ejdamm