[Snort-users] perl cgi for last events

Alexandre Dulaunoy adulau-snort at ...1558...
Tue Mar 13 10:25:55 EST 2001


Hello,

I'm really happy with snort and postgresql logging. But when I have seen
the contrib for CGI, they were all in php. My internal server is an old
HTTP without php3/4. So i have written down a small cgi script to see the
last events from the postgresql db. Hope this could be useful for
somebody. I will enhance this script in a near future.  

alx
http://www.foo.be/

Here it is the small cgi script : 

#!/usr/local/bin/perl
# A simple cgi-script to generate the X last events 
# from a snort database on postgresql. I make this script because 
# I got an old HTTP server where PHP can't run. 
# 
# Author : Alexandre Dulaunoy <alex at ...1559...>
# Date   : 3/3/2001
# under the terms of the GNU General Public License.
# Version: 0.0.1
#
# PS : Don't forget to setup grant of user nobody on postgres

use Pg;
my $dbname='snort';
my $howmanyevent=200;
my $x;
my $date = `date`;
$conn = Pg::connectdb("dbname=$dbname");
$result = $conn->exec("select * from event ORDER BY event.timestamp
DESC LIMIT $howmanyevent");
print "Content-type: text/html\n\n";
print "<html>";
print "<title> Last $howmanyevent events from snort db.</title>";
print "<h3>Last $howmanyevent events from snort db. generated on $date
</h3>";
print "<table COLS=2 WIDTH=\"100%\" BGCOLOR=\"#FFFFCC\" NOSAVE>";
print "<tr> <td><b>ID<b/></td><td><b>Signature</b></td><td><b>Source
IP<b></td><td><b>TCPSPORT</b></td><td><b>Destination
IP</b></td><td><b>TCPDPORT</b></td></tr> \n";	

while (@row = $result->fetchrow)
{
	$x++;
	$result2 = $conn->exec("select
ip_src0,ip_src1,ip_src2,ip_src3,ip_dst0,ip_dst1,ip_dst2,ip_dst3
from iphdr where cid=$row[1]");
	@ip = $result2->fetchrow;
	$src_ip = $ip[0].".".$ip[1].".".$ip[2].".".$ip[3];	
	$dst_ip = $ip[4].".".$ip[5].".".$ip[6].".".$ip[7];
	$result3 = $conn->exec("select tcp_sport,tcp_dport from tcphdr
where cid=$row[1]");
	@tcp = $result3->fetchrow;
print "<tr> <td>$row[1]</td>
<td>$row[2]</td><td>$src_ip</td><td>$tcp[0]</td><td>$dst_ip</td><td>$tcp[1]</td></tr>
\n";	 #	print "\n";
#	print $row[1]."***".$row[2]."***
SIP:".$src_ip."***DIP:".$dst_ip."\n";

}
print "</table>";
print "<small> <i>by <a href=\"http://www.foo.be/\">
adulau</a></i></small>";

print "</html>";

 





More information about the Snort-users mailing list