lanakod/snort-docker
1
0
Fork 0
mirror of https://github.com/Lanakod-Networks/snort-docker.git synced 2025-07-04 13:26:38 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added simple web-ui

Browse Source
This commit is contained in:
Maxim Malakhov 2024-08-21 13:53:46 +03:00
parent 970b65c5c9
commit 2e003fe0ea
No known key found for this signature in database
GPG Key ID: A77DC2E5B79AF357
34 changed files with 63699 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docker-compose.yml
View File

@ -11,6 +11,17 @@ services:
- ./snort-conf:/usr/local/etc/snort
- ./snort.rules:/usr/local/etc/rules/local.rules
- ./logs:/var/log/snort
network_mode: host
web_ui:
restart: always
build:
dockerfile: web-ui/Dockerfile
context: web-ui
ports:
- 3000:3000
volumes:
- ./logs:/var/log/snort
networks:
snort_lan:

1
healthcheck.sh
View File

@ -2,5 +2,4 @@
set -e -o pipefail
log "Checking if $(basename "${0}") is healthy ..."
[[ $(pgrep --count --full /usr/bin/supervisord) -gt 0 ]]

0
logs/alert_csv.txt
View File

0
logs/alert_fast.txt
View File

1
web-ui/.dockerignore Normal file
View File

@ -0,0 +1 @@
yarn.lock

1
web-ui/.env Normal file
View File

@ -0,0 +1 @@
LOGS=./logs/alert_csv.txt

3
web-ui/.eslintrc.json Normal file
View File

@ -0,0 +1,3 @@
{
"extends": "next/core-web-vitals"
}

36
web-ui/.gitignore vendored Normal file
View File

@ -0,0 +1,36 @@
# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
# dependencies
/node_modules
/.pnp
.pnp.js
.yarn/install-state.gz
# testing
/coverage
# next.js
/.next/
/out/
# production
/build
# misc
.DS_Store
*.pem
# debug
npm-debug.log*
yarn-debug.log*
yarn-error.log*
# local env files
.env*.local
# vercel
.vercel
# typescript
*.tsbuildinfo
next-env.d.ts

102
web-ui/.idea/workspace.xml generated Normal file
View File

@ -0,0 +1,102 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="AutoImportSettings">
<option name="autoReloadType" value="SELECTIVE" />
</component>
<component name="ChangeListManager">
<list default="true" id="776a1baa-f7a3-45e0-9859-d2a084e88d1a" name="Changes" comment="">
<change afterPath="$PROJECT_DIR$/.dockerignore" afterDir="false" />
<change afterPath="$PROJECT_DIR$/.env" afterDir="false" />
<change afterPath="$PROJECT_DIR$/.eslintrc.json" afterDir="false" />
<change afterPath="$PROJECT_DIR$/.gitignore" afterDir="false" />
<change afterPath="$PROJECT_DIR$/Dockerfile" afterDir="false" />
<change afterPath="$PROJECT_DIR$/README.md" afterDir="false" />
<change afterPath="$PROJECT_DIR$/build.sh" afterDir="false" />
<change afterPath="$PROJECT_DIR$/logs/alert_csv.txt" afterDir="false" />
<change afterPath="$PROJECT_DIR$/logs/alert_fast.txt" afterDir="false" />
<change afterPath="$PROJECT_DIR$/logs/alert_full.txt" afterDir="false" />
<change afterPath="$PROJECT_DIR$/logs/appid_stats.log" afterDir="false" />
<change afterPath="$PROJECT_DIR$/logs/supervisor.log" afterDir="false" />
<change afterPath="$PROJECT_DIR$/next.config.mjs" afterDir="false" />
<change afterPath="$PROJECT_DIR$/package.json" afterDir="false" />
<change afterPath="$PROJECT_DIR$/postcss.config.mjs" afterDir="false" />
<change afterPath="$PROJECT_DIR$/public/favicon.ico" afterDir="false" />
<change afterPath="$PROJECT_DIR$/public/next.svg" afterDir="false" />
<change afterPath="$PROJECT_DIR$/public/vercel.svg" afterDir="false" />
<change afterPath="$PROJECT_DIR$/src/components/AdminApp.tsx" afterDir="false" />
<change afterPath="$PROJECT_DIR$/src/components/AdminDataProvider.ts" afterDir="false" />
<change afterPath="$PROJECT_DIR$/src/pages/_app.tsx" afterDir="false" />
<change afterPath="$PROJECT_DIR$/src/pages/_document.tsx" afterDir="false" />
<change afterPath="$PROJECT_DIR$/src/pages/api/admin/[[...slug]].ts" afterDir="false" />
<change afterPath="$PROJECT_DIR$/src/pages/api/hello.ts" afterDir="false" />
<change afterPath="$PROJECT_DIR$/src/pages/index.tsx" afterDir="false" />
<change afterPath="$PROJECT_DIR$/src/styles/globals.css" afterDir="false" />
<change afterPath="$PROJECT_DIR$/tailwind.config.ts" afterDir="false" />
<change afterPath="$PROJECT_DIR$/tsconfig.json" afterDir="false" />
<change afterPath="$PROJECT_DIR$/yarn.lock" afterDir="false" />
<change beforePath="$PROJECT_DIR$/../docker-compose.yml" beforeDir="false" afterPath="$PROJECT_DIR$/../docker-compose.yml" afterDir="false" />
<change beforePath="$PROJECT_DIR$/../healthcheck.sh" beforeDir="false" afterPath="$PROJECT_DIR$/../healthcheck.sh" afterDir="false" />
<change beforePath="$PROJECT_DIR$/../logs/alert_csv.txt" beforeDir="false" />
<change beforePath="$PROJECT_DIR$/../logs/alert_fast.txt" beforeDir="false" />
<change beforePath="$PROJECT_DIR$/../logs/supervisor.log" beforeDir="false" />
</list>
<option name="SHOW_DIALOG" value="false" />
<option name="HIGHLIGHT_CONFLICTS" value="true" />
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
<option name="LAST_RESOLUTION" value="IGNORE" />
</component>
<component name="Git.Settings">
<option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$/.." />
</component>
<component name="ProjectColorInfo">{
&quot;associatedIndex&quot;: 6
}</component>
<component name="ProjectId" id="2kxhdb6YDJSda2306qlS8cdEpcI" />
<component name="ProjectLevelVcsManager">
<ConfirmationsSetting value="2" id="Add" />
</component>
<component name="ProjectViewState">
<option name="hideEmptyMiddlePackages" value="true" />
<option name="showLibraryContents" value="true" />
</component>
<component name="PropertiesComponent">{
&quot;keyToString&quot;: {
&quot;ASKED_ADD_EXTERNAL_FILES&quot;: &quot;true&quot;,
&quot;ASKED_SHARE_PROJECT_CONFIGURATION_FILES&quot;: &quot;true&quot;,
&quot;RunOnceActivity.ShowReadmeOnStart&quot;: &quot;true&quot;,
&quot;git-widget-placeholder&quot;: &quot;master&quot;,
&quot;node.js.detected.package.eslint&quot;: &quot;true&quot;,
&quot;node.js.detected.package.tslint&quot;: &quot;true&quot;,
&quot;node.js.selected.package.eslint&quot;: &quot;(autodetect)&quot;,
&quot;node.js.selected.package.tslint&quot;: &quot;(autodetect)&quot;,
&quot;nodejs_package_manager_path&quot;: &quot;npm&quot;,
&quot;ts.external.directory.path&quot;: &quot;C:\\Users\\Lanakod\\Desktop\\snort-docker\\web-ui\\node_modules\\typescript\\lib&quot;,
&quot;vue.rearranger.settings.migration&quot;: &quot;true&quot;
}
}</component>
<component name="SharedIndexes">
<attachedChunks>
<set>
<option value="bundled-js-predefined-1d06a55b98c1-0b3e54e931b4-JavaScript-WS-241.18034.50" />
</set>
</attachedChunks>
</component>
<component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
<component name="TaskManager">
<task active="true" id="Default" summary="Default task">
<changelist id="776a1baa-f7a3-45e0-9859-d2a084e88d1a" name="Changes" comment="" />
<created>1724231224796</created>
<option name="number" value="Default" />
<option name="presentableId" value="Default" />
<updated>1724231224796</updated>
<workItem from="1724231227585" duration="6291000" />
</task>
<servers />
</component>
<component name="TypeScriptGeneratedFilesManager">
<option name="version" value="3" />
</component>
<component name="VcsManagerConfiguration">
<option name="ADD_EXTERNAL_FILES_SILENTLY" value="true" />
</component>
</project>

44
web-ui/Dockerfile Normal file
View File

@ -0,0 +1,44 @@
FROM imbios/bun-node:20-slim AS deps
ARG DEBIAN_FRONTEND=noninteractive
# I use Asia/Jakarta as my timezone, you can change it to your timezone
RUN apt-get -y update && \
apt-get install -yq openssl git ca-certificates tzdata && \
ln -fs /usr/share/zoneinfo/Asia/Jakarta /etc/localtime && \
dpkg-reconfigure -f noninteractive tzdata
WORKDIR /app
# Install dependencies based on the preferred package manager
COPY package.json bun.lockb ./
RUN bun install --frozen-lockfile
# Build the app
FROM deps AS builder
WORKDIR /app
COPY . .
RUN bun run build
# Production image, copy all the files and run next
FROM node:20-slim AS runner
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
ARG CONFIG_FILE
COPY $CONFIG_FILE /app/.env
ENV NODE_ENV production
ENV NEXT_SHARP_PATH /app/node_modules/sharp
# Uncomment the following line in case you want to disable telemetry during runtime.
ENV NEXT_TELEMETRY_DISABLED 1
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static
EXPOSE 3000
ENV PORT 3000
CMD ["node", "server.js"]

40
web-ui/README.md Normal file
View File

@ -0,0 +1,40 @@
This is a [Next.js](https://nextjs.org/) project bootstrapped with [`create-next-app`](https://github.com/vercel/next.js/tree/canary/packages/create-next-app).
## Getting Started
First, run the development server:
```bash
npm run dev
# or
yarn dev
# or
pnpm dev
# or
bun dev
```
Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.
You can start editing the page by modifying `pages/index.tsx`. The page auto-updates as you edit the file.
[API routes](https://nextjs.org/docs/api-routes/introduction) can be accessed on [http://localhost:3000/api/hello](http://localhost:3000/api/hello). This endpoint can be edited in `pages/api/hello.ts`.
The `pages/api` directory is mapped to `/api/*`. Files in this directory are treated as [API routes](https://nextjs.org/docs/api-routes/introduction) instead of React pages.
This project uses [`next/font`](https://nextjs.org/docs/basic-features/font-optimization) to automatically optimize and load Inter, a custom Google Font.
## Learn More
To learn more about Next.js, take a look at the following resources:
- [Next.js Documentation](https://nextjs.org/docs) - learn about Next.js features and API.
- [Learn Next.js](https://nextjs.org/learn) - an interactive Next.js tutorial.
You can check out [the Next.js GitHub repository](https://github.com/vercel/next.js/) - your feedback and contributions are welcome!
## Deploy on Vercel
The easiest way to deploy your Next.js app is to use the [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) from the creators of Next.js.
Check out our [Next.js deployment documentation](https://nextjs.org/docs/deployment) for more details.

11
web-ui/build.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
set -e
# Run Next.js build with passed arguments
next build "$@"
# Copy files only if not in a CI environment
if [ -z "$CI" ]; then
cp -r ./public ./.next/standalone/public
cp -r ./.next/static ./.next/standalone/.next/static
fi

2080
web-ui/logs/alert_csv.txt Normal file
View File

File diff suppressed because it is too large Load Diff

2080
web-ui/logs/alert_fast.txt Normal file
View File

File diff suppressed because it is too large Load Diff

26884
web-ui/logs/alert_full.txt Normal file
View File

File diff suppressed because it is too large Load Diff

27905
web-ui/logs/appid_stats.log Normal file
View File

File diff suppressed because it is too large Load Diff

531
logs/supervisor.log → web-ui/logs/supervisor.log
View File

@ -14,6 +14,7 @@ Finished snort_defaults.lua:
gtp_inspect
packets
dce_http_proxy
alert_full
alert_fast
alert_csv
ips
@ -81,23 +82,23 @@ Finished ips.rules:
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 4239 0 4239 /usr/local/etc/snort/snort.lua
0 4238 0 4238 /usr/local/etc/snort/snort.lua
--------------------------------------------------
rule counts
total rules loaded: 4239
text rules: 4239
option chains: 4239
chain headers: 325
total rules loaded: 4238
text rules: 4238
option chains: 4238
chain headers: 318
flowbits: 48
flowbits not checked: 23
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 472 58 148 22
any 472 58 147 22
src 170 15 0 0
dst 775 150 0 0
both 6 11 0 0
total 1423 234 148 22
total 1423 234 147 22
--------------------------------------------------
service rule counts to-srv to-cli
dcerpc: 72 20
@ -150,8 +151,7 @@ search engine (ac_bnfa)
match list memory: 1.33591
transition memory: 1.72839
fast pattern only: 7096
appid: MaxRss diff: 226524
appid: p--------------------------------------------------
appid: MaxRss diff: 227--------------------------------------------------
o")~ Snort++ 3.3.2.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
@ -167,6 +167,7 @@ Finished snort_defaults.lua:
gtp_inspect
packets
dce_http_proxy
alert_full
alert_fast
alert_csv
ips
@ -234,23 +235,23 @@ Finished ips.rules:
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 4239 0 4239 /usr/local/etc/snort/snort.lua
0 4238 0 4238 /usr/local/etc/snort/snort.lua
--------------------------------------------------
rule counts
total rules loaded: 4239
text rules: 4239
option chains: 4239
chain headers: 325
total rules loaded: 4238
text rules: 4238
option chains: 4238
chain headers: 318
flowbits: 48
flowbits not checked: 23
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 472 58 148 22
any 472 58 147 22
src 170 15 0 0
dst 775 150 0 0
both 6 11 0 0
total 1423 234 148 22
total 1423 234 147 22
--------------------------------------------------
service rule counts to-srv to-cli
dcerpc: 72 20
@ -303,8 +304,7 @@ search engine (ac_bnfa)
match list memory: 1.33591
transition memory: 1.72839
fast pattern only: 7096
appid: MaxRss diff: 225688
appid: p--------------------------------------------------
appid: MaxRss diff: 227--------------------------------------------------
o")~ Snort++ 3.3.2.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
@ -320,6 +320,7 @@ Finished snort_defaults.lua:
gtp_inspect
packets
dce_http_proxy
alert_full
alert_fast
alert_csv
ips
@ -387,23 +388,23 @@ Finished ips.rules:
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 4239 0 4239 /usr/local/etc/snort/snort.lua
0 4238 0 4238 /usr/local/etc/snort/snort.lua
--------------------------------------------------
rule counts
total rules loaded: 4239
text rules: 4239
option chains: 4239
chain headers: 325
total rules loaded: 4238
text rules: 4238
option chains: 4238
chain headers: 318
flowbits: 48
flowbits not checked: 23
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 472 58 148 22
any 472 58 147 22
src 170 15 0 0
dst 775 150 0 0
both 6 11 0 0
total 1423 234 148 22
total 1423 234 147 22
--------------------------------------------------
service rule counts to-srv to-cli
dcerpc: 72 20
@ -456,8 +457,7 @@ search engine (ac_bnfa)
match list memory: 1.33591
transition memory: 1.72839
fast pattern only: 7096
appid: MaxRss diff: 228004
appid: p--------------------------------------------------
appid: MaxRss diff: 226--------------------------------------------------
o")~ Snort++ 3.3.2.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
@ -473,6 +473,7 @@ Finished snort_defaults.lua:
gtp_inspect
packets
dce_http_proxy
alert_full
alert_fast
alert_csv
ips
@ -540,23 +541,23 @@ Finished ips.rules:
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 4239 0 4239 /usr/local/etc/snort/snort.lua
0 4238 0 4238 /usr/local/etc/snort/snort.lua
--------------------------------------------------
rule counts
total rules loaded: 4239
text rules: 4239
option chains: 4239
chain headers: 325
total rules loaded: 4238
text rules: 4238
option chains: 4238
chain headers: 318
flowbits: 48
flowbits not checked: 23
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 472 58 148 22
any 472 58 147 22
src 170 15 0 0
dst 775 150 0 0
both 6 11 0 0
total 1423 234 148 22
total 1423 234 147 22
--------------------------------------------------
service rule counts to-srv to-cli
dcerpc: 72 20
@ -609,5 +610,463 @@ search engine (ac_bnfa)
match list memory: 1.33591
transition memory: 1.72839
fast pattern only: 7096
appid: MaxRss diff: 226732
appid: p
appid: MaxRss diff: 226--------------------------------------------------
o")~ Snort++ 3.3.2.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
ssh
host_cache
pop
so_proxy
stream_tcp
mms
smtp
gtp_inspect
packets
dce_http_proxy
alert_full
alert_fast
alert_csv
ips
stream_icmp
hosts
normalizer
binder
wizard
appid
js_norm
file_id
http2_inspect
http_inspect
stream_udp
ftp_data
ftp_server
search_engine
port_scan
dce_http_server
dce_tcp
dce_smb
iec104
cip
telnet
ssl
sip
rpc_decode
netflow
modbus
host_tracker
stream_user
stream_ip
trace
back_orifice
classifications
dnp3
active
process
ftp_client
daq
decode
alerts
stream
references
arp_spoof
output
network
dns
dce_udp
imap
file_policy
s7commplus
stream_file
Finished /usr/local/etc/snort/snort.lua:
Loading file_id.rules_file:
Loading file_magic.rules:
Finished file_magic.rules:
Finished file_id.rules_file:
Loading ips.rules:
Loading ../rules/snort3-community-rules/snort3-community.rules:
Finished ../rules/snort3-community-rules/snort3-community.rules:
Loading ../rules/local.rules:
Finished ../rules/local.rules:
Finished ips.rules:
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 4238 0 4238 /usr/local/etc/snort/snort.lua
--------------------------------------------------
rule counts
total rules loaded: 4238
text rules: 4238
option chains: 4238
chain headers: 318
flowbits: 48
flowbits not checked: 23
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 472 58 147 22
src 170 15 0 0
dst 775 150 0 0
both 6 11 0 0
total 1423 234 147 22
--------------------------------------------------
service rule counts to-srv to-cli
dcerpc: 72 20
dhcp: 2 2
dns: 28 7
file_id: 219 219
ftp: 90 4
ftp-data: 1 96
http: 2084 255
http2: 2084 255
http3: 2084 255
imap: 35 117
irc: 5 2
kerberos: 3 0
ldap: 0 1
mysql: 3 0
netbios-dgm: 1 1
netbios-ns: 4 3
netbios-ssn: 69 17
nntp: 2 0
pop3: 23 117
rdp: 5 0
sip: 5 5
smtp: 129 2
snmp: 18 7
ssdp: 3 0
ssl: 20 42
sunrpc: 68 4
telnet: 12 6
tftp: 1 0
wins: 1 0
total: 7071 1437
--------------------------------------------------
fast pattern groups
src: 114
dst: 312
any: 8
to_server: 69
to_client: 49
--------------------------------------------------
search engine (ac_bnfa)
instances: 335
patterns: 10790
pattern chars: 175259
num states: 123288
num match states: 10510
memory scale: MB
total memory: 3.68362
pattern memory: 0.578426
match list memory: 1.33591
transition memory: 1.72839
fast pattern only: 7096
appid: MaxRss diff: 227--------------------------------------------------
o")~ Snort++ 3.3.2.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
ssh
host_cache
pop
so_proxy
stream_tcp
mms
smtp
gtp_inspect
packets
dce_http_proxy
alert_full
alert_fast
alert_csv
ips
stream_icmp
hosts
normalizer
binder
wizard
appid
js_norm
file_id
http2_inspect
http_inspect
stream_udp
ftp_data
ftp_server
search_engine
port_scan
dce_http_server
dce_tcp
dce_smb
iec104
cip
telnet
ssl
sip
rpc_decode
netflow
modbus
host_tracker
stream_user
stream_ip
trace
back_orifice
classifications
dnp3
active
process
ftp_client
daq
decode
alerts
stream
references
arp_spoof
output
network
dns
dce_udp
imap
file_policy
s7commplus
stream_file
Finished /usr/local/etc/snort/snort.lua:
Loading file_id.rules_file:
Loading file_magic.rules:
Finished file_magic.rules:
Finished file_id.rules_file:
Loading ips.rules:
Loading ../rules/snort3-community-rules/snort3-community.rules:
Finished ../rules/snort3-community-rules/snort3-community.rules:
Loading ../rules/local.rules:
Finished ../rules/local.rules:
Finished ips.rules:
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 4238 0 4238 /usr/local/etc/snort/snort.lua
--------------------------------------------------
rule counts
total rules loaded: 4238
text rules: 4238
option chains: 4238
chain headers: 318
flowbits: 48
flowbits not checked: 23
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 472 58 147 22
src 170 15 0 0
dst 775 150 0 0
both 6 11 0 0
total 1423 234 147 22
--------------------------------------------------
service rule counts to-srv to-cli
dcerpc: 72 20
dhcp: 2 2
dns: 28 7
file_id: 219 219
ftp: 90 4
ftp-data: 1 96
http: 2084 255
http2: 2084 255
http3: 2084 255
imap: 35 117
irc: 5 2
kerberos: 3 0
ldap: 0 1
mysql: 3 0
netbios-dgm: 1 1
netbios-ns: 4 3
netbios-ssn: 69 17
nntp: 2 0
pop3: 23 117
rdp: 5 0
sip: 5 5
smtp: 129 2
snmp: 18 7
ssdp: 3 0
ssl: 20 42
sunrpc: 68 4
telnet: 12 6
tftp: 1 0
wins: 1 0
total: 7071 1437
--------------------------------------------------
fast pattern groups
src: 114
dst: 312
any: 8
to_server: 69
to_client: 49
--------------------------------------------------
search engine (ac_bnfa)
instances: 335
patterns: 10790
pattern chars: 175259
num states: 123288
num match states: 10510
memory scale: MB
total memory: 3.68362
pattern memory: 0.578426
match list memory: 1.33591
transition memory: 1.72839
fast pattern only: 7096
appid: MaxRss diff: 227--------------------------------------------------
o")~ Snort++ 3.3.2.0
--------------------------------------------------
Loading /usr/local/etc/snort/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
ssh
host_cache
pop
so_proxy
stream_tcp
mms
smtp
gtp_inspect
packets
dce_http_proxy
alert_full
alert_fast
alert_csv
ips
stream_icmp
hosts
normalizer
binder
wizard
appid
js_norm
file_id
http2_inspect
http_inspect
stream_udp
ftp_data
ftp_server
search_engine
port_scan
dce_http_server
dce_tcp
dce_smb
iec104
cip
telnet
ssl
sip
rpc_decode
netflow
modbus
host_tracker
stream_user
stream_ip
trace
back_orifice
classifications
dnp3
active
process
ftp_client
daq
decode
alerts
stream
references
arp_spoof
output
network
dns
dce_udp
imap
file_policy
s7commplus
stream_file
Finished /usr/local/etc/snort/snort.lua:
Loading file_id.rules_file:
Loading file_magic.rules:
Finished file_magic.rules:
Finished file_id.rules_file:
Loading ips.rules:
Loading ../rules/snort3-community-rules/snort3-community.rules:
Finished ../rules/snort3-community-rules/snort3-community.rules:
Loading ../rules/local.rules:
Finished ../rules/local.rules:
Finished ips.rules:
--------------------------------------------------
ips policies rule stats
id loaded shared enabled file
0 4238 0 4238 /usr/local/etc/snort/snort.lua
--------------------------------------------------
rule counts
total rules loaded: 4238
text rules: 4238
option chains: 4238
chain headers: 318
flowbits: 48
flowbits not checked: 23
--------------------------------------------------
port rule counts
tcp udp icmp ip
any 472 58 147 22
src 170 15 0 0
dst 775 150 0 0
both 6 11 0 0
total 1423 234 147 22
--------------------------------------------------
service rule counts to-srv to-cli
dcerpc: 72 20
dhcp: 2 2
dns: 28 7
file_id: 219 219
ftp: 90 4
ftp-data: 1 96
http: 2084 255
http2: 2084 255
http3: 2084 255
imap: 35 117
irc: 5 2
kerberos: 3 0
ldap: 0 1
mysql: 3 0
netbios-dgm: 1 1
netbios-ns: 4 3
netbios-ssn: 69 17
nntp: 2 0
pop3: 23 117
rdp: 5 0
sip: 5 5
smtp: 129 2
snmp: 18 7
ssdp: 3 0
ssl: 20 42
sunrpc: 68 4
telnet: 12 6
tftp: 1 0
wins: 1 0
total: 7071 1437
--------------------------------------------------
fast pattern groups
src: 114
dst: 312
any: 8
to_server: 69
to_client: 49
--------------------------------------------------
search engine (ac_bnfa)
instances: 335
patterns: 10790
pattern chars: 175259
num states: 123288
num match states: 10510
memory scale: MB
total memory: 3.68362
pattern memory: 0.578426
match list memory: 1.33591
transition memory: 1.72839
fast pattern only: 7096
appid: MaxRss diff: 229

7
web-ui/next.config.mjs Normal file
View File

@ -0,0 +1,7 @@
/** @type {import('next').NextConfig} */
const nextConfig = {
reactStrictMode: true,
output: "standalone",
};
export default nextConfig;

30
web-ui/package.json Normal file
View File

@ -0,0 +1,30 @@
{
"name": "web-ui",
"version": "0.1.0",
"private": true,
"scripts": {
"dev": "next dev",
"build": "next build",
"start": "next start",
"lint": "next lint"
},
"dependencies": {
"csvtojson": "^2.0.10",
"next": "14.2.5",
"ra-data-json-server": "^5.1.2",
"react": "^18",
"react-admin": "^5.1.2",
"react-dom": "^18",
"sharp": "^0.33.5"
},
"devDependencies": {
"@types/node": "^20",
"@types/react": "^18",
"@types/react-dom": "^18",
"eslint": "^8",
"eslint-config-next": "14.2.5",
"postcss": "^8",
"tailwindcss": "^3.4.1",
"typescript": "^5"
}
}

8
web-ui/postcss.config.mjs Normal file
View File

@ -0,0 +1,8 @@
/** @type {import('postcss-load-config').Config} */
const config = {
plugins: {
tailwindcss: {},
},
};
export default config;

BIN
web-ui/public/favicon.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

1
web-ui/public/next.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 394 80"><path fill="#000" d="M262 0h68.5v12.7h-27.2v66.6h-13.6V12.7H262V0ZM149 0v12.7H94v20.4h44.3v12.6H94v21h55v12.6H80.5V0h68.7zm34.3 0h-17.8l63.8 79.4h17.9l-32-39.7 32-39.6h-17.9l-23 28.6-23-28.6zm18.3 56.7-9-11-27.1 33.7h17.8l18.3-22.7z"/><path fill="#000" d="M81 79.3 17 0H0v79.3h13.6V17l50.2 62.3H81Zm252.6-.4c-1 0-1.8-.4-2.5-1s-1.1-1.6-1.1-2.6.3-1.8 1-2.5 1.6-1 2.6-1 1.8.3 2.5 1a3.4 3.4 0 0 1 .6 4.3 3.7 3.7 0 0 1-3 1.8zm23.2-33.5h6v23.3c0 2.1-.4 4-1.3 5.5a9.1 9.1 0 0 1-3.8 3.5c-1.6.8-3.5 1.3-5.7 1.3-2 0-3.7-.4-5.3-1s-2.8-1.8-3.7-3.2c-.9-1.3-1.4-3-1.4-5h6c.1.8.3 1.6.7 2.2s1 1.2 1.6 1.5c.7.4 1.5.5 2.4.5 1 0 1.8-.2 2.4-.6a4 4 0 0 0 1.6-1.8c.3-.8.5-1.8.5-3V45.5zm30.9 9.1a4.4 4.4 0 0 0-2-3.3 7.5 7.5 0 0 0-4.3-1.1c-1.3 0-2.4.2-3.3.5-.9.4-1.6 1-2 1.6a3.5 3.5 0 0 0-.3 4c.3.5.7.9 1.3 1.2l1.8 1 2 .5 3.2.8c1.3.3 2.5.7 3.7 1.2a13 13 0 0 1 3.2 1.8 8.1 8.1 0 0 1 3 6.5c0 2-.5 3.7-1.5 5.1a10 10 0 0 1-4.4 3.5c-1.8.8-4.1 1.2-6.8 1.2-2.6 0-4.9-.4-6.8-1.2-2-.8-3.4-2-4.5-3.5a10 10 0 0 1-1.7-5.6h6a5 5 0 0 0 3.5 4.6c1 .4 2.2.6 3.4.6 1.3 0 2.5-.2 3.5-.6 1-.4 1.8-1 2.4-1.7a4 4 0 0 0 .8-2.4c0-.9-.2-1.6-.7-2.2a11 11 0 0 0-2.1-1.4l-3.2-1-3.8-1c-2.8-.7-5-1.7-6.6-3.2a7.2 7.2 0 0 1-2.4-5.7 8 8 0 0 1 1.7-5 10 10 0 0 1 4.3-3.5c2-.8 4-1.2 6.4-1.2 2.3 0 4.4.4 6.2 1.2 1.8.8 3.2 2 4.3 3.4 1 1.4 1.5 3 1.5 5h-5.8z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

1
web-ui/public/vercel.svg Normal file
View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 283 64"><path fill="black" d="M141 16c-11 0-19 7-19 18s9 18 20 18c7 0 13-3 16-7l-7-5c-2 3-6 4-9 4-5 0-9-3-10-7h28v-3c0-11-8-18-19-18zm-9 15c1-4 4-7 9-7s8 3 9 7h-18zm117-15c-11 0-19 7-19 18s9 18 20 18c6 0 12-3 16-7l-8-5c-2 3-5 4-8 4-5 0-9-3-11-7h28l1-3c0-11-8-18-19-18zm-10 15c2-4 5-7 10-7s8 3 9 7h-19zm-39 3c0 6 4 10 10 10 4 0 7-2 9-5l8 5c-3 5-9 8-17 8-11 0-19-7-19-18s8-18 19-18c8 0 14 3 17 8l-8 5c-2-3-5-5-9-5-6 0-10 4-10 10zm83-29v46h-9V5h9zM37 0l37 64H0L37 0zm92 5-27 48L74 5h10l18 30 17-30h10zm59 12v10l-3-1c-6 0-10 4-10 10v15h-9V17h9v9c0-5 6-9 13-9z"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 629 B

31
web-ui/src/components/AdminApp.tsx Normal file
View File

@ -0,0 +1,31 @@
import {Admin, Resource, ListGuesser, EditGuesser, List, Datagrid, TextField} from "react-admin";
import {adminDataProvider} from "@/components/AdminDataProvider";
const AdminApp = () => (
<Admin dataProvider={adminDataProvider}>
<Resource name='logs' list={LogsList} />
</Admin>
);
const LogsList = () => {
// timestamp,2,protocol,4,5,6,from,to,9,action
return <List>
<Datagrid>
{/*<TextField source='id' />*/}
<TextField source='timestamp'/>
<TextField source='2'/>
<TextField source='protocol'/>
<TextField source='4'/>
<TextField source='5'/>
<TextField source='6'/>
<TextField source='from'/>
<TextField source='to'/>
<TextField source='9'/>
<TextField source='action'/>
</Datagrid>
</List>
}
export default AdminApp;

80
web-ui/src/components/AdminDataProvider.ts Normal file
View File

@ -0,0 +1,80 @@
import {
CreateParams, DeleteManyParams,
DeleteParams,
fetchUtils,
GetListParams,
GetManyParams,
GetManyReferenceParams,
GetOneParams, UpdateManyParams,
UpdateParams,
} from "react-admin";
import { stringify } from "query-string";
const apiUrl = "http://localhost:3000/api/admin";
const httpClient = fetchUtils.fetchJson;
export const adminDataProvider = {
getList: async (resource: string, params: GetListParams) => {
const {headers, json} = await httpClient(apiUrl, {
method: "POST",
body: JSON.stringify(params),
});
return {
data: json.logs,
total: json.length,
};
},
delete: async (resource: string, params: DeleteParams) => {
const {headers, json} = await httpClient(apiUrl);
return {
data: json.events,
total: json.events.length,
};
},
getOne: async (resource: string, params: GetOneParams) => {
const {headers, json} = await httpClient(apiUrl);
return {
data: json.events,
total: json.events.length,
};
},
update: async (resource: string, params: UpdateParams) => {
const {headers, json} = await httpClient(apiUrl);
return {
data: json.events,
total: json.events.length,
};},
getMany: async (resource: string, params: GetManyParams) => {
const {headers, json} = await httpClient(apiUrl);
return {
data: json.events,
total: json.events.length,
};},
getManyReference: async (resource: string, params: GetManyReferenceParams) => {
let result0 = await httpClient(apiUrl);
const {headers, json} = result0;
return {
data: json.events,
total: json.events.length,
};
},
create: async (resource: string, params: CreateParams) => {
const {headers, json} = await httpClient(apiUrl);
return {
data: json.events,
total: json.events.length,
};},
updateMany: async (resource: string, params: UpdateManyParams) => {
const {headers, json} = await httpClient(apiUrl);
return {
data: json.events,
total: json.events.length,
};},
deleteMany: async (resource: string, params: DeleteManyParams) => {
const {headers, json} = await httpClient(apiUrl);
return {
data: json.events,
total: json.events.length,
};
}
};

6
web-ui/src/pages/_app.tsx Normal file
View File

@ -0,0 +1,6 @@
import "@/styles/globals.css";
import type { AppProps } from "next/app";
export default function App({ Component, pageProps }: AppProps) {
return <Component {...pageProps} />;
}

13
web-ui/src/pages/_document.tsx Normal file
View File

@ -0,0 +1,13 @@
import { Html, Head, Main, NextScript } from "next/document";
export default function Document() {
return (
<Html lang="en">
<Head />
<body>
<Main />
<NextScript />
</body>
</Html>
);
}

64
web-ui/src/pages/api/admin/[[...slug]].ts Normal file
View File

@ -0,0 +1,64 @@
import {NextApiRequest, NextApiResponse} from "next";
import * as fs from "node:fs";
import csvtojson from 'csvtojson';
// // get the incoming request URL, e.g. 'posts?limit=10&offset=0&order=id.asc'
// const requestUrl = req.url?.substring("/api/admin/".length);
// // build the CRUD request based on the incoming request
// const url = `${process.env.SUPABASE_URL}/rest/v1/${requestUrl}`;
// const options: RequestInit = {
// method: req.method,
// headers: {
// prefer: req.headers["prefer"] as string ?? "",
// accept: req.headers["accept"] ?? "application/json",
// ["content-type"]: req.headers["content-type"] ?? "application/json",
// },
// };
// if (req.body) {
// options.body = JSON.stringify(req.body);
// }
// // call the CRUD API
// const response = await fetch(url, options);
// // send the response back to the client
// const contentRange = response.headers.get("content-range");
// if (contentRange) {
// res.setHeader("Content-Range", contentRange);
// }
// res.end(await response.text());
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const logs = fs.readFileSync('/var/log/snort/alert_csv.txt', 'utf-8')
const csvHeaders = 'timestamp,2,protocol,4,5,6,from,to,9,action\n'
const pagination = req.body.pagination as {page: number, perPage: number}
try {
csvtojson()
.fromString(csvHeaders + logs)
.then(data => {
const idData = data.map((e,i) => {
return {
id: i + 1,
...e,
}
})
if(pagination.page === 1) {
idData.splice(pagination.perPage, idData.length - pagination.perPage)
} else {
idData.splice(0, pagination.perPage * (pagination.page - 1))
idData.splice(pagination.perPage, idData.length - pagination.perPage)
}
return {logs: idData, length: data.length}
})
.then((jsonArrayObj: any) => {
res.end(JSON.stringify({
logs: jsonArrayObj.logs,
length: jsonArrayObj.length,
}));
})
} catch (error) {
console.log(error)
res.end(JSON.stringify({
logs: [],
length: 0
}));
}
}

13
web-ui/src/pages/api/hello.ts Normal file
View File

@ -0,0 +1,13 @@
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type { NextApiRequest, NextApiResponse } from "next";
type Data = {
name: string;
};
export default function handler(
req: NextApiRequest,
res: NextApiResponse<Data>,
) {
res.status(200).json({ name: "John Doe" });
}

7
web-ui/src/pages/index.tsx Normal file
View File

@ -0,0 +1,7 @@
import { NextPage } from "next";
import dynamic from "next/dynamic";
const AdminApp = dynamic(() => import("@/components/AdminApp"), { ssr: false });
const Home: NextPage = () => <AdminApp />;
export default Home;

33
web-ui/src/styles/globals.css Normal file
View File

@ -0,0 +1,33 @@
@tailwind base;
@tailwind components;
@tailwind utilities;
:root {
--foreground-rgb: 0, 0, 0;
--background-start-rgb: 214, 219, 220;
--background-end-rgb: 255, 255, 255;
}
@media (prefers-color-scheme: dark) {
:root {
--foreground-rgb: 255, 255, 255;
--background-start-rgb: 0, 0, 0;
--background-end-rgb: 0, 0, 0;
}
}
body {
color: rgb(var(--foreground-rgb));
background: linear-gradient(
to bottom,
transparent,
rgb(var(--background-end-rgb))
)
rgb(var(--background-start-rgb));
}
@layer utilities {
.text-balance {
text-wrap: balance;
}
}

20
web-ui/tailwind.config.ts Normal file
View File

@ -0,0 +1,20 @@
import type { Config } from "tailwindcss";
const config: Config = {
content: [
"./src/pages/**/*.{js,ts,jsx,tsx,mdx}",
"./src/components/**/*.{js,ts,jsx,tsx,mdx}",
"./src/app/**/*.{js,ts,jsx,tsx,mdx}",
],
theme: {
extend: {
backgroundImage: {
"gradient-radial": "radial-gradient(var(--tw-gradient-stops))",
"gradient-conic":
"conic-gradient(from 180deg at 50% 50%, var(--tw-gradient-stops))",
},
},
},
plugins: [],
};
export default config;

21
web-ui/tsconfig.json Normal file
View File

@ -0,0 +1,21 @@
{
"compilerOptions": {
"lib": ["dom", "dom.iterable", "esnext"],
"allowJs": true,
"skipLibCheck": true,
"strict": true,
"noEmit": true,
"esModuleInterop": true,
"module": "esnext",
"moduleResolution": "bundler",
"resolveJsonModule": true,
"isolatedModules": true,
"jsx": "preserve",
"incremental": true,
"paths": {
"@/*": ["./src/*"]
}
},
"include": ["next-env.d.ts", "**/*.ts", "**/*.tsx"],
"exclude": ["node_modules"]
}

3670
web-ui/yarn.lock Normal file
View File

File diff suppressed because it is too large Load Diff