[Snort-users] perl cgi for last events

Steve Halligan agent33 at ...187...
Tue Mar 13 11:00:07 EST 2001


Rather than grant user nobody rights to the database, you could put a read
only username in the $conn varible.  A bit safer I think.
-Steve

> -----Original Message-----
> From: Alexandre Dulaunoy [mailto:adulau-snort at ...1558...]
> Sent: Tuesday, March 13, 2001 9:26 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] perl cgi for last events
> 
> 
> Hello,
> 
> I'm really happy with snort and postgresql logging. But when 
> I have seen
> the contrib for CGI, they were all in php. My internal server 
> is an old
> HTTP without php3/4. So i have written down a small cgi 
> script to see the
> last events from the postgresql db. Hope this could be useful for
> somebody. I will enhance this script in a near future.  
> 
> alx
> http://www.foo.be/
> 
> Here it is the small cgi script : 
> 
> #!/usr/local/bin/perl
> # A simple cgi-script to generate the X last events 
> # from a snort database on postgresql. I make this script because 
> # I got an old HTTP server where PHP can't run. 
> # 
> # Author : Alexandre Dulaunoy <alex at ...1559...>
> # Date   : 3/3/2001
> # under the terms of the GNU General Public License.
> # Version: 0.0.1
> #
> # PS : Don't forget to setup grant of user nobody on postgres
> 
> use Pg;
> my $dbname='snort';
> my $howmanyevent=200;
> my $x;
> my $date = `date`;
> $conn = Pg::connectdb("dbname=$dbname");
> $result = $conn->exec("select * from event ORDER BY event.timestamp
> DESC LIMIT $howmanyevent");
> print "Content-type: text/html\n\n";
> print "<html>";
> print "<title> Last $howmanyevent events from snort db.</title>";
> print "<h3>Last $howmanyevent events from snort db. generated on $date
> </h3>";
> print "<table COLS=2 WIDTH=\"100%\" BGCOLOR=\"#FFFFCC\" NOSAVE>";
> print "<tr> <td><b>ID<b/></td><td><b>Signature</b></td><td><b>Source
> IP<b></td><td><b>TCPSPORT</b></td><td><b>Destination
> IP</b></td><td><b>TCPDPORT</b></td></tr> \n";	
> 
> while (@row = $result->fetchrow)
> {
> 	$x++;
> 	$result2 = $conn->exec("select
> ip_src0,ip_src1,ip_src2,ip_src3,ip_dst0,ip_dst1,ip_dst2,ip_dst3
> from iphdr where cid=$row[1]");
> 	@ip = $result2->fetchrow;
> 	$src_ip = $ip[0].".".$ip[1].".".$ip[2].".".$ip[3];	
> 	$dst_ip = $ip[4].".".$ip[5].".".$ip[6].".".$ip[7];
> 	$result3 = $conn->exec("select tcp_sport,tcp_dport from tcphdr
> where cid=$row[1]");
> 	@tcp = $result3->fetchrow;
> print "<tr> <td>$row[1]</td>
> <td>$row[2]</td><td>$src_ip</td><td>$tcp[0]</td><td>$dst_ip</t
> d><td>$tcp[1]</td></tr>
> \n";	 #	print "\n";
> #	print $row[1]."***".$row[2]."***
> SIP:".$src_ip."***DIP:".$dst_ip."\n";
> 
> }
> print "</table>";
> print "<small> <i>by <a href=\"http://www.foo.be/\">
> adulau</a></i></small>";
> 
> print "</html>";
> 
>  
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 




More information about the Snort-users mailing list