From patchwork Wed Nov 22 06:27:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 1563 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id B84866129C for ; Tue, 21 Nov 2017 20:27:58 +0100 (CET) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id EC8E634F7; Tue, 21 Nov 2017 20:27:57 +0100 (CET) Received: from mx.link38.eu (mx.link38.eu [188.68.43.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.link38.eu", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 3585E34F7 for ; Tue, 21 Nov 2017 20:27:53 +0100 (CET) X-Virus-Scanned: ClamAV at mx.link38.eu Received: from mx-fra.brokers.link38.eu (mx-fra.brokers.link38.eu [10.141.75.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.link38.eu (Postfix) with ESMTPS id 5328F40123 for ; Tue, 21 Nov 2017 20:27:47 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx-fra.brokers.link38.eu (Postfix) with ESMTPSA id C240B9F73D for ; Tue, 21 Nov 2017 20:27:46 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=link38.eu; s=201711; t=1511292466; x=1574364466; bh=HlF0nIfhXi0CeSM59pptz0hcLRR48eaQXDDyjsX5x20=; h=Date:From:To:Subject:Message-ID:Content-Type:From:To:Subject:Date: Cc; b=NGiBRTrdo9BoXvcGtTgKQHE/lC1I6y1oKsGJ/gzWe6D6QLNnMsLoXWclX9v8ft2j+ nkcqCYW2gjx1XCTkogxMmuzefsmVxk3bznOPgd7HI/9JT8isydLKez1U3Btb4h9woi 0iY3akoSoI7UBKys5Ql+yY1PdAM1rZ7+ahtpn3uW/CAYhXy2mKNsXAGtXqguWNOSDz UEyS3m9UjabvWoIOXVkBuvdpjwvVxFjPjkCEYrkJ6l9KawfucFHUz+repaDYe9DsGk 1r55QYe3G8Jawp4+qZ6we51jn7eptlgXm/ItLp7wbZATsuhq19iIOrH6fu/5wMbGoM MIso7XqilOV2w== Date: Tue, 21 Nov 2017 20:27:45 +0100 From: Peter =?utf-8?q?M=C3=BCller?= To: "development@lists.ipfire.org" Subject: [PATCH v2] show IDS rule names correctly in WebUI log Message-ID: <20171121202745.644b012d.peter.mueller@link38.eu> Organization: Link38 MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" The WebUI IDS log did not display the rule name for alerts where a signature with a five digit number was triggered (some Emerging Threats signatures are using them). Changing the regular expression so it will match on five digit SIDs, too. Fixes #11519. Signed-off-by: Peter Müller --- html/cgi-bin/logs.cgi/ids.dat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html/cgi-bin/logs.cgi/ids.dat b/html/cgi-bin/logs.cgi/ids.dat index 44b3abdac..98176d690 100644 --- a/html/cgi-bin/logs.cgi/ids.dat +++ b/html/cgi-bin/logs.cgi/ids.dat @@ -387,7 +387,7 @@ sub processevent } ($title,$classification,$priority,$date,$time,$srcip,$srcport,$destip,$destport, $sid) = ("n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a","n/a", "n/a"); @refs = (); - $_ =~ m/:([0-9]{1,4})\] (.*) \[\*\*\]/; + $_ =~ m/:([0-9]{1,5})\] (.*) \[\*\*\]/; $title = &Header::cleanhtml($2,"y"); } if ($_ =~ m/Classification: (.*)\] \[Priority: (\d)\]/) {