Snort_AIPreproc/htdocs/alerts.cgi

87 lines
2 KiB
Text
Raw Permalink Normal View History

2011-02-03 01:01:36 +01:00
#!/usr/bin/env perl
use Env qw(DOCUMENT_ROOT QUERY_STRING);
use strict;
use warnings;
my $method = 'xml';
if ( $QUERY_STRING )
{
if ( $QUERY_STRING =~ /method=([a-z]+)/ )
{
if ( $1 eq 'json' or $1 eq 'xml' )
{
$method = $1;
}
}
}
my %mon2num = qw( jan 1 feb 2 mar 3 apr 4 may 5 jun 6 jul 7 aug 8 sep 9 oct 10 nov 11 dec 12 );
my $json_file = (( $DOCUMENT_ROOT ) ? $DOCUMENT_ROOT : '.' ).'/correlation_graph.json';
my $json_string = '';
open IN, $json_file or die "Alert JSON file not found";
$json_string .= $_ while ( <IN> );
close IN;
if ( $method eq 'json' )
{
print "Content-Type: application/json\n\n";
print $json_string;
} elsif ( $method eq 'xml' ) {
use JSON;
use Time::Local;
my @json = @{JSON->new->utf8->decode ( $json_string )};
print "Content-Type: application/xml\n\n".
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\n".
"<alerts>\n";
for ( @json )
{
print "\t<alert";
my %element = %$_;
for my $key ( keys %element )
{
if ( $key !~ /[^a-zA-Z0-9_]/ and !UNIVERSAL::isa ( $element{$key}, "ARRAY" ) and !UNIVERSAL::isa ( $element{$key}, "HASH" ))
{
my $k = $key;
if ( $key eq 'snortSID' or $key eq 'snortGID' or $key eq 'snortREV' )
{
$k =~ s/^snort//;
$k = lc $k;
} elsif ( $key eq 'to' or $key eq 'from' ) {
if ( $element{$key} =~ /:([1-9][0-9]*)$/ )
{
my $port = $1;
$element{$key} =~ s/^(.*):[1-9][0-9]*$/$1/;
print " ${key}_port=\"$port\"";
}
} elsif ( $key eq 'date' ) {
if ( $element{$key} =~ /^\s*[a-z]+\s+([a-z]+)\s+([0-9]+)\s+([0-9]+):([0-9]+):([0-9]+)\s+([0-9]+)\s*$/i )
{
my $mon = $mon2num{ lc substr ( $1, 0, 3 )} - 1;
my $day = $2;
my $hour = $3;
my $min = $4;
my $sec = $5;
my $year = $6;
$element{$key} = timelocal ( $sec, $min, $hour, $day, $mon, $year );
}
}
$element{$key} =~ s/(^|[^\\])"/$1\\"/g;
print " $k=\"".$element{$key}."\"";
}
}
print "></alert>\n";
}
print "</alerts>\n";
}