ejdamm / bristle Goto Github PK

Hey there,

Not sure if there's already a way in which this can be achieved, without having to dive into the back end.

But what are the chances of being able to specify a custom date range on the web front end?

If I'm wanting to build a monthly summary for a retrospective report, is there an easy way I can select for example: 1st of May, 2018 through to and including 31st of May, 2018?

Great job, by the way!

Cheers!

I ran across an issue where I try to view the details of an event when it's filtered. When I click the details of an event I lose my filter.

For instance, if I go to: https://sergiomitm.com/bristle/events.php and filter for SSH scans, I get a urls like this:
https://sergiomitm.com/bristle/events.php?ip_src=&ip_dst=&sig_name=ssh+scan&submit=Filter&filter=-

If I click the first event to view details, the resulting url is:
https://sergiomitm.com/bristle/events.php?filter=-&sid=1&cid=1208628
which just shows my most recent events, not the details of the item I was hoping for.

If I combine the parameters of the last two options, I get what I was hoping for
https://sergiomitm.com/bristle/events.php?ip_src=&ip_dst=&sig_name=ssh+scan&submit=Filter&filter=-&sid=1&cid=1208628

Let me know if this needs any clarification, hopefully it's an easy thing to deal with.

Hi,
Finally a good web ui for snort, working with PHP7 👍 Great Dashboard and nice graphics !
I have quickly modified source code for getting ports with dest and src IP. So, if you're interested.

events.php :
".$event['ip_src'].':'.$event['tcp_sport'].$event['udp_sport']."
".$event['ip_dst'].':'.$event['tcp_dport'].$event['udp_dport']."

db.php :
$sql = "SELECT event.sid, event.cid, sig_name, DATE_FORMAT(timestamp, '%d-%m-%Y') AS date, DATE_FORMAT(timestamp, '%H:%i') AS time, sig_priority, inet_ntoa(ip_src) as ip_src, inet_ntoa(ip_dst) as ip_dst, tcp_sport, tcp_dport, udp_sport, udp_dport
FROM event
INNER JOIN signature on event.signature = signature.sig_id
INNER JOIN iphdr on event.sid = iphdr.sid AND event.cid = iphdr.cid
LEFT JOIN tcphdr on event.sid = tcphdr.sid AND event.cid = tcphdr.cid
LEFT JOIN udphdr on event.sid = udphdr.sid AND event.cid = udphdr.cid

Need to adjust the CSS for better rendering...

Good working :-)

Hello,
There's a problem when php tries to connect to mysql database.
In my apache log I got :
[:error] [pid 24983] [client xxxxxxxxx] PHP Warning: array_merge(): Argument #2 is not an array in xxx/bristle/lib/Database/CDatabaseBasic.php on line 60
[:error] [pid 24983] [client xxxxxxxxx] PHP Fatal error: Uncaught Exception: You can not connect, missing dsn. in xxx/bristle/lib/Database/CDatabaseBasic.php:112\nStack trace:\n#0 xxx/bristle/src/db.php(13): Mos\Database\CDatabaseBasic->connect()\n#1 xxx/bristle/index.php(5): DB_QUERY->__construct()\n#2 {main}\n thrown in xxx/bristle/lib/Database/CDatabaseBasic.php on line 112

Older version of bristle still access to the database, and conf.php is correctly setup.
I use Apache/2.4.18 / mysql 5.7.21 / PHP 7.0.22