[Snort-users] perl cgi for last events

Alexandre Dulaunoy adulau-snort at ...1558...
Tue Mar 13 10:25:55 EST 2001


I'm really happy with snort and postgresql logging. But when I have seen
the contrib for CGI, they were all in php. My internal server is an old
HTTP without php3/4. So i have written down a small cgi script to see the
last events from the postgresql db. Hope this could be useful for
somebody. I will enhance this script in a near future.  


Here it is the small cgi script : 

# A simple cgi-script to generate the X last events 
# from a snort database on postgresql. I make this script because 
# I got an old HTTP server where PHP can't run. 
# Author : Alexandre Dulaunoy <alex at ...1559...>
# Date   : 3/3/2001
# under the terms of the GNU General Public License.
# Version: 0.0.1
# PS : Don't forget to setup grant of user nobody on postgres

use Pg;
my $dbname='snort';
my $howmanyevent=200;
my $x;
my $date = `date`;
$conn = Pg::connectdb("dbname=$dbname");
$result = $conn->exec("select * from event ORDER BY event.timestamp
DESC LIMIT $howmanyevent");
print "Content-type: text/html\n\n";
print "<html>";
print "<title> Last $howmanyevent events from snort db.</title>";
print "<h3>Last $howmanyevent events from snort db. generated on $date
print "<table COLS=2 WIDTH=\"100%\" BGCOLOR=\"#FFFFCC\" NOSAVE>";
print "<tr> <td><b>ID<b/></td><td><b>Signature</b></td><td><b>Source
IP</b></td><td><b>TCPDPORT</b></td></tr> \n";	

while (@row = $result->fetchrow)
	$result2 = $conn->exec("select
from iphdr where cid=$row[1]");
	@ip = $result2->fetchrow;
	$src_ip = $ip[0].".".$ip[1].".".$ip[2].".".$ip[3];	
	$dst_ip = $ip[4].".".$ip[5].".".$ip[6].".".$ip[7];
	$result3 = $conn->exec("select tcp_sport,tcp_dport from tcphdr
where cid=$row[1]");
	@tcp = $result3->fetchrow;
print "<tr> <td>$row[1]</td>
\n";	 #	print "\n";
#	print $row[1]."***".$row[2]."***

print "</table>";
print "<small> <i>by <a href=\"http://www.foo.be/\">

print "</html>";


More information about the Snort-users mailing list