diff options
author | NOYB <Al_Stu@Frontier.com> | 2015-12-11 21:24:40 -0800 |
---|---|---|
committer | Stephen Beaver <sbeaver@netgate.com> | 2015-12-14 12:56:38 -0500 |
commit | 38fa3d95d83203842bb5e610ea00e21b7f076331 (patch) | |
tree | 13baffa379533a62a29e4e5d66db2949a6a344bf | |
parent | 2f25eccfeddb91a1840d95435a71fe91d937be50 (diff) | |
download | pfsense-38fa3d95d83203842bb5e610ea00e21b7f076331.zip pfsense-38fa3d95d83203842bb5e610ea00e21b7f076331.tar.gz |
Status - System Logs - Firewall - Manage Log
Use the same methods of obtaining log file etc. and mimic much of the code that is common with status_logs.php.
(future: factor out common code into shared functions to remove duplication.)
-rw-r--r-- | src/usr/local/www/status_logs_filter.php | 600 |
1 files changed, 501 insertions, 99 deletions
diff --git a/src/usr/local/www/status_logs_filter.php b/src/usr/local/www/status_logs_filter.php index 6ccd914..c987d2b 100644 --- a/src/usr/local/www/status_logs_filter.php +++ b/src/usr/local/www/status_logs_filter.php @@ -2,7 +2,6 @@ /* status_logs_filter.php */ - /* ==================================================================== * Copyright (c) 2004-2015 Electric Sheep Fencing, LLC. All rights reserved. * @@ -72,6 +71,7 @@ require("guiconfig.inc"); require_once("ipsec.inc"); require_once("filter_log.inc"); + # --- AJAX RESOLVE --- if (isset($_POST['resolve'])) { $ip = strtolower($_POST['resolve']); @@ -87,6 +87,30 @@ if (isset($_POST['resolve'])) { exit; } + +/* +Build a list of allowed log files so we can reject others to prevent the page +from acting on unauthorized files. +*/ +$allowed_logs = array( + "filter" => array("name" => "Firewall", + "shortcut" => "filter"), +); + +// The logs to display are specified in a GET argument. Default to 'system' logs +if (!$_GET['logfile']) { + $logfile = 'filter'; +} else { + $logfile = $_GET['logfile']; + if (!array_key_exists($logfile, $allowed_logs)) { + /* Do not let someone attempt to load an unauthorized log. */ + $logfile = 'filter'; + } +} + +$filter_logfile = "{$g['varlog_path']}/" . basename($logfile) . ".log"; + + function getGETPOSTsettingvalue($settingname, $default) { $settingvalue = $default; if ($_GET[$settingname]) { @@ -98,7 +122,9 @@ function getGETPOSTsettingvalue($settingname, $default) { return $settingvalue; } + $rulenum = getGETPOSTsettingvalue('getrulenum', null); + if ($rulenum) { list($rulenum, $tracker, $type) = explode(',', $rulenum); $rule = find_rule_by_number($rulenum, $tracker, $type); @@ -109,6 +135,7 @@ if ($rulenum) { $filtersubmit = getGETPOSTsettingvalue('filtersubmit', null); if ($filtersubmit) { + $filter_active = true; $interfacefilter = getGETPOSTsettingvalue('interface', null); $filtertext = getGETPOSTsettingvalue('filtertext', ""); $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); @@ -117,6 +144,7 @@ if ($filtersubmit) { $filterlogentries_submit = getGETPOSTsettingvalue('filterlogentries_submit', null); if ($filterlogentries_submit) { + $filter_active = true; $filterfieldsarray = array(); $actpass = getGETPOSTsettingvalue('actpass', null); @@ -134,9 +162,156 @@ if ($filterlogentries_submit) { $filterlogentries_qty = getGETPOSTsettingvalue('filterlogentries_qty', null); } -$filter_logfile = "{$g['varlog_path']}/filter.log"; -$nentries = $config['syslog']['nentries']; +# Manage Log - Code + +$specific_log = basename($logfile) . '_settings'; + +# All +$pconfig['cronorder'] = $config['syslog'][$specific_log]['cronorder']; +$pconfig['nentries'] = $config['syslog'][$specific_log]['nentries']; +$pconfig['logfilesize'] = $config['syslog'][$specific_log]['logfilesize']; +$pconfig['format'] = $config['syslog'][$specific_log]['format']; + +# System General (main) Specific +$pconfig['loglighttpd'] = !isset($config['syslog']['nologlighttpd']); + +# Firewall Specific +$pconfig['logdefaultblock'] = !isset($config['syslog']['nologdefaultblock']); +$pconfig['logdefaultpass'] = isset($config['syslog']['nologdefaultpass']); +$pconfig['logbogons'] = !isset($config['syslog']['nologbogons']); +$pconfig['logprivatenets'] = !isset($config['syslog']['nologprivatenets']); +$pconfig['filterdescriptions'] = $config['syslog']['filterdescriptions']; + +$save_settings = getGETPOSTsettingvalue('save_settings', null); + +if ($save_settings) { + + # All + $cronorder = getGETPOSTsettingvalue('cronorder', null); + $nentries = getGETPOSTsettingvalue('nentries', null); + $logfilesize = getGETPOSTsettingvalue('logfilesize', null); + $format = getGETPOSTsettingvalue('format', null); + + # System General (main) Specific + $loglighttpd = getGETPOSTsettingvalue('loglighttpd', null); + + # Firewall Specific + $logdefaultblock = getGETPOSTsettingvalue('logdefaultblock', null); + $logdefaultpass = getGETPOSTsettingvalue('logdefaultpass', null); + $logbogons = getGETPOSTsettingvalue('logbogons', null); + $logprivatenets = getGETPOSTsettingvalue('logprivatenets', null); + $filterdescriptions = getGETPOSTsettingvalue('filterdescriptions', null); + + unset($input_errors); + $pconfig = $_POST; + + /* input validation */ + if (isset($nentries) && (strlen($nentries) > 0)) { + if (!is_numeric($nentries) || ($nentries < 5) || ($nentries > 2000)) { + $input_errors[] = gettext("Number of log entries to show must be between 5 and 2000."); + } + } + + if (isset($logfilesize) && (strlen($logfilesize) > 0)) { + if (!is_numeric($logfilesize) || ($logfilesize < 100000)) { + $input_errors[] = gettext("Log file size must be numeric and greater than or equal to 100000."); + } + } + + if (!$input_errors) { + + # Clear out the specific log settings and leave only the applied settings to override the general logging options (global) settings. + unset($config['syslog'][$specific_log]); + + # All + if ($cronorder != '') { # if not using the general logging options setting (global) + $config['syslog'][$specific_log]['cronorder'] = $cronorder; + } + + if (isset($nentries) && (strlen($nentries) > 0)) { + $config['syslog'][$specific_log]['nentries'] = (int)$nentries; + } + + if (isset($logfilesize) && (strlen($logfilesize) > 0)) { + $config['syslog'][$specific_log]['logfilesize'] = (int)$logfilesize; + } + + if ($format != '') { # if not using the general logging options setting (global) + $config['syslog'][$specific_log]['format'] = $format; + } + + # System General (main) Specific + if ($logfile == 'system') { + $oldnologlighttpd = isset($config['syslog']['nologlighttpd']); + $config['syslog']['nologlighttpd'] = $loglighttpd ? false : true; + } + + # Firewall Specific + if ($logfile == 'filter') { + $oldnologdefaultblock = isset($config['syslog']['nologdefaultblock']); + $oldnologdefaultpass = isset($config['syslog']['nologdefaultpass']); + $oldnologbogons = isset($config['syslog']['nologbogons']); + $oldnologprivatenets = isset($config['syslog']['nologprivatenets']); + + $config['syslog']['nologdefaultblock'] = $logdefaultblock ? false : true; + $config['syslog']['nologdefaultpass'] = $logdefaultpass ? true : false; + $config['syslog']['nologbogons'] = $logbogons ? false : true; + $config['syslog']['nologprivatenets'] = $logprivatenets ? false : true; + + if (is_numeric($filterdescriptions) && $filterdescriptions > 0) { + $config['syslog']['filterdescriptions'] = $filterdescriptions; + } else { + unset($config['syslog']['filterdescriptions']); + } + } + + + write_config($desc = "Log Display Settings Saved: " . gettext($allowed_logs[$logfile]["name"])); + + $retval = 0; + $savemsg = get_std_save_message($retval); + + # System General (main) Specific + if ($logfile == 'system') { + if ($oldnologlighttpd !== isset($config['syslog']['nologlighttpd'])) { + ob_flush(); + flush(); + log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); + send_event("service restart webgui"); + $savemsg .= "<br />" . gettext("WebGUI process is restarting."); + } + } + + # Firewall Specific + if ($logfile == 'filter') { + if (($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) || + ($oldnologdefaultpass !== isset($config['syslog']['nologdefaultpass'])) || + ($oldnologbogons !== isset($config['syslog']['nologbogons'])) || + ($oldnologprivatenets !== isset($config['syslog']['nologprivatenets']))) { + + $retval |= filter_configure(); + require_once("filter.inc"); + filter_pflog_start(true); + } + } + } +} + + +# Formatted/Raw Display +if ($config['syslog'][$specific_log]['format'] == 'formatted') { + $rawfilter = false; +} +else if ($config['syslog'][$specific_log]['format'] == 'raw') { + $rawfilter = true; +} +else { # Use the general logging options setting (global). + $rawfilter = isset($config['syslog']['rawfilter']); +} + + +isset($config['syslog'][$specific_log]['nentries']) ? $nentries = $config['syslog'][$specific_log]['nentries'] : $nentries = $config['syslog']['nentries']; # Override Display Quantity if ($filterlogentries_qty) { @@ -151,10 +326,21 @@ if ($_POST['clear']) { clear_log_file($filter_logfile); } -$pgtitle = array(gettext("Status"), gettext("System logs"), gettext("Firewall"), gettext("Normal View")); -$shortcut_section = "firewall"; +/* Setup shortcuts if they exist */ + +if (!empty($allowed_logs[$logfile]["shortcut"])) { + $shortcut_section = $allowed_logs[$logfile]["shortcut"]; +} + +$pgtitle = array(gettext("Status"), gettext("System logs"), gettext($allowed_logs[$logfile]["name"])); include("head.inc"); +if (!$input_errors && $savemsg) { + print_info_box($savemsg); + $manage_log_active = false; +} + + function build_if_list() { $iflist = get_configured_interface_with_descr(false, true); //$iflist = get_interface_list(); @@ -180,17 +366,22 @@ function build_if_list() { return($interfaces); } +$Include_Act = explode(",", str_replace(" ", ",", $filterfieldsarray['act'])); +if ($filterfieldsarray['interface'] == "All") + $interface = ""; + + $tab_array = array(); -$tab_array[] = array(gettext("System"), false, "status_logs.php"); -$tab_array[] = array(gettext("Firewall"), true, "status_logs_filter.php"); -$tab_array[] = array(gettext("DHCP"), false, "status_logs.php?logfile=dhcpd"); -$tab_array[] = array(gettext("Portal Auth"), false, "status_logs.php?logfile=portalauth"); -$tab_array[] = array(gettext("IPsec"), false, "status_logs.php?logfile=ipsec"); -$tab_array[] = array(gettext("PPP"), false, "status_logs.php?logfile=ppp"); +$tab_array[] = array(gettext("System"), ($logfile == 'system'), "status_logs.php"); +$tab_array[] = array(gettext("Firewall"), ($logfile == 'filter'), "status_logs_filter.php"); +$tab_array[] = array(gettext("DHCP"), ($logfile == 'dhcpd'), "status_logs.php?logfile=dhcpd"); +$tab_array[] = array(gettext("Portal Auth"), ($logfile == 'portalauth'), "status_logs.php?logfile=portalauth"); +$tab_array[] = array(gettext("IPsec"), ($logfile == 'ipsec'), "status_logs.php?logfile=ipsec"); +$tab_array[] = array(gettext("PPP"), ($logfile == 'ppp'), "status_logs.php?logfile=ppp"); $tab_array[] = array(gettext("VPN"), false, "status_logs_vpn.php"); -$tab_array[] = array(gettext("Load Balancer"), false, "status_logs.php?logfile=relayd"); -$tab_array[] = array(gettext("OpenVPN"), false, "status_logs.php?logfile=openvpn"); -$tab_array[] = array(gettext("NTP"), false, "status_logs.php?logfile=ntpd"); +$tab_array[] = array(gettext("Load Balancer"), ($logfile == 'relayd'), "status_logs.php?logfile=relayd"); +$tab_array[] = array(gettext("OpenVPN"), ($logfile == 'openvpn'), "status_logs.php?logfile=openvpn"); +$tab_array[] = array(gettext("NTP"), ($logfile == 'ntpd'), "status_logs.php?logfile=ntpd"); $tab_array[] = array(gettext("Settings"), false, "status_logs_settings.php"); display_top_tabs($tab_array); @@ -200,14 +391,18 @@ $tab_array[] = array(gettext("Dynamic View"), false, "/status_logs_filter_dynami $tab_array[] = array(gettext("Summary View"), false, "/status_logs_filter_summary.php"); display_top_tabs($tab_array, false, 'nav nav-tabs'); -$Include_Act = explode(",", str_replace(" ", ",", $filterfieldsarray['act'])); -if ($filterfieldsarray['interface'] == "All") - $interface = ""; +define(SEC_OPEN, 0x00); +define(SEC_CLOSED, 0x04); -if (!isset($config['syslog']['rawfilter'])) { // Advanced log filter form +if ($filter_active) + $filter_state = SEC_OPEN; +else + $filter_state = SEC_CLOSED; + +if (!$rawfilter) { // Advanced log filter form $form = new Form(false); - $section = new Form_Section('Advanced Log Filter', 'adv-filter-panel', COLLAPSIBLE|SEC_CLOSED); + $section = new Form_Section('Advanced Log Filter', 'adv-filter-panel', COLLAPSIBLE|$filter_state); $group = new Form_Group(''); @@ -234,28 +429,28 @@ if (!isset($config['syslog']['rawfilter'])) { // Advanced log filter form 'Pass', in_arrayi('Pass', $Include_Act), 'Pass' - )); + ))->setWidth(1); $group->add(new Form_Input( 'filterlogentries_time', null, 'text', $filterfieldsarray['time'] - ))->setHelp('Time'); + ))->setWidth(3)->setHelp('Time'); $group->add(new Form_Input( 'filterlogentries_sourceport', null, 'text', $filterfieldsarray['srcport'] - ))->setHelp('Source Port'); + ))->setWidth(2)->setHelp('Source Port'); $group->add(new Form_Input( 'filterlogentries_protocol', null, 'text', $filterfieldsarray['proto'] - ))->setHelp('Protocol'); + ))->setWidth(2)->setHelp('Protocol'); $group->add(new Form_Input( 'filterlogentries_qty', @@ -263,7 +458,7 @@ if (!isset($config['syslog']['rawfilter'])) { // Advanced log filter form 'number', $filterlogentries_qty, ['placeholder' => $nentries] - ))->setHelp('Quantity'); + ))->setWidth(2)->setHelp('Quantity'); $section->add($group); @@ -275,32 +470,32 @@ if (!isset($config['syslog']['rawfilter'])) { // Advanced log filter form 'Block', in_arrayi('Block', $Include_Act), 'Block' - )); + ))->setWidth(1); $group->add(new Form_Input( 'filterlogentries_interfaces', null, 'text', $filterfieldsarray['interface'] - ))->setHelp('Interface'); + ))->setWidth(2)->setHelp('Interface'); $group->add(new Form_Input( 'filterlogentries_destinationport', null, 'text', $filterfieldsarray['dstport'] - ))->setHelp('Destination Port'); + ))->setWidth(2)->setHelp('Destination Port'); $group->add(new Form_Input( 'filterlogentries_protocolflags', null, 'text', $filterfieldsarray['tcpflags'] - ))->setHelp('Protocol Flags'); + ))->setWidth(2)->setHelp('Protocol Flags'); $btnsubmit = new Form_Button( 'filterlogentries_submit', - ' ' . 'Apply Filter', + ' ' . gettext('Apply Filter'), null, 'fa-filter' ); @@ -308,7 +503,7 @@ if (!isset($config['syslog']['rawfilter'])) { // Advanced log filter form else { // Simple log filter form $form = new Form(false); - $section = new Form_Section('Log Filter', 'basic-filter-panel', true); + $section = new Form_Section('Log Filter', 'basic-filter-panel', COLLAPSIBLE|$filter_state); $group = new Form_Group(''); @@ -317,7 +512,7 @@ else { // Simple log filter form 'Interface', $interfacefilter, build_if_list() - ))->setHelp('Interface'); + ))->setWidth(2)->setHelp('Interface'); $group->add(new Form_Input( 'filterlogentries_qty', @@ -325,7 +520,7 @@ else { // Simple log filter form 'number', $filterlogentries_qty, ['placeholder' => $nentries] - ))->setHelp('Quantity'); + ))->setWidth(2)->setHelp('Quantity'); $section->add($group); @@ -336,11 +531,11 @@ else { // Simple log filter form null, 'text', $filtertext - ))->setHelp('Filter Expression'); + ))->setWidth(6)->setHelp('Filter Expression'); $btnsubmit = new Form_Button( 'filtersubmit', - ' ' . 'Apply Filter', + ' ' . gettext('Apply Filter'), null, 'fa-filter' ); @@ -353,13 +548,13 @@ $group->add(new Form_StaticText( $btnsubmit )); -$group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . 'Regular expression reference</a> Precede with exclamation (!) to exclude match.'); +$group->setHelp('<a target="_blank" href="http://www.php.net/manual/en/book.pcre.php">' . gettext('Regular expression reference') . '</a> ' . gettext('Precede with exclamation (!) to exclude match.')); $section->add($group); $form->add($section); print($form); // Now the forms are complete we can draw the log table and its controls -if (!isset($config['syslog']['rawfilter'])) { +if (!$rawfilter) { $iflist = get_configured_interface_with_descr(false, true); if ($iflist[$interfacefilter]) @@ -371,52 +566,50 @@ if (!isset($config['syslog']['rawfilter'])) { $filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100, $filtertext, $interfacefilter); ?> -<form id="clearform" name="clearform" action="status_logs_filter.php" method="post" style="margin-top: 14px;"> - <input id="submit" name="clear" type="submit" class="btn btn-danger" value="<?=gettext("Clear log")?>" /> -</form> - -<br /> <div class="panel panel-default"> <div class="panel-heading"> <h2 class="panel-title"> <?php if ((!$filtertext) && (!$filterfieldsarray)) - printf(gettext("Last %d %s log entries."), count($filterlog), gettext('firewall')); + printf(gettext("Last %d %s log entries."), count($filterlog), gettext($allowed_logs[$logfile]["name"])); else - printf(gettext('%d matched %s log entries.'), count($filterlog), gettext('firewall')); + printf(gettext("%d matched %s log entries."), count($filterlog), gettext($allowed_logs[$logfile]["name"])); - printf(gettext(" (Maximum %d)"), $nentries); + printf(" (" . gettext("Maximum %d") . ")", $nentries); ?> </h2> </div> <div class="panel-body"> <div class="table-responsive"> - <table class="table table-striped table-hover table-compact"> - <tr> - <th><?=gettext("Act")?></th> - <th><?=gettext("Time")?></th> - <th><?=gettext("IF")?></th> + <table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable> + <thead> + <tr> + <th><?=gettext("Act")?></th> + <th><?=gettext("Time")?></th> + <th><?=gettext("IF")?></th> <?php if ($config['syslog']['filterdescriptions'] === "1") { ?> - <th> + <th style="width:100%"> <?=gettext("Rule")?> </th> <?php } ?> - <th><?=gettext("Source")?></th> - <th><?=gettext("Destination")?></th> - <th><?=gettext("Proto")?></th> - </tr> + <th><?=gettext("Source")?></th> + <th><?=gettext("Destination")?></th> + <th><?=gettext("Proto")?></th> + </tr> + </thead> + <tbody> <?php if ($config['syslog']['filterdescriptions']) buffer_rules_load(); foreach ($filterlog as $filterent) { ?> - <tr> - <td> + <tr> + <td style="white-space:nowrap;"> <?php if ($filterent['act'] == "block") { $icon_act = "fa-times text-danger"; @@ -424,28 +617,28 @@ if (!isset($config['syslog']['rawfilter'])) { $icon_act = "fa-check text-success"; } ?> - <i class="fa <?php echo $icon_act;?> icon-pointer" title="<?php echo $filterent['act'] .'/'. $filterent['tracker'];?>" onclick="javascript:getURL('status_logs_filter.php?getrulenum=<?="{$filterent['rulenum']},{$filterent['tracker']},{$filterent['act']}"; ?>', outputrule);"></i> + <i class="fa <?php echo $icon_act;?> icon-pointer" title="<?php echo $filterent['act'] .'/'. $filterent['tracker'];?>" onclick="javascript:getURL('status_logs_filter.php?getrulenum=<?="{$filterent['rulenum']},{$filterent['tracker']},{$filterent['act']}"; ?>', outputrule);"></i> <?php if ($filterent['count']) echo $filterent['count']; ?> - </td> - <td> - <?=htmlspecialchars($filterent['time'])?> - </td> - <td> + </td> + <td style="white-space:nowrap;"> + <?=htmlspecialchars($filterent['time'])?> + </td> + <td style="white-space:nowrap;"> <?php - if ($filterent['direction'] == "out") - print('►' . ' '); + if ($filterent['direction'] == "out") + print('►' . ' '); ?> - <?=htmlspecialchars($filterent['interface'])?> - </td> + <?=htmlspecialchars($filterent['interface'])?> + </td> <?php if ($config['syslog']['filterdescriptions'] === "1") { ?> - <td> - <?=find_rule_by_number_buffer($filterent['rulenum'], $filterent['tracker'], $filterent['act'])?> - </td> + <td> + <?=find_rule_by_number_buffer($filterent['rulenum'], $filterent['tracker'], $filterent['act'])?> + </td> <?php } @@ -465,31 +658,31 @@ if (!isset($config['syslog']['rawfilter'])) { $dststr = $filterent['dstip'] . get_port_with_service($filterent['dstport'], $proto); $dst_htmlclass = str_replace(array('.', ':'), '-', $filterent['dstip']); ?> - <td> - <i class="fa fa-info icon-pointer icon-primary" onclick="javascript:resolve_with_ajax('<?="{$filterent['srcip']}"; ?>');" title="<?=gettext("Click to resolve")?>" alt="Reverse Resolve with DNS"/> - </i> - - <i class="fa fa-minus-square-o icon-pointer icon-primary" href="easyrule.php?<?="action=block&int={$int}&src={$filterent['srcip']}&ipproto={$ipproto}"; ?>" alt="Easy Rule: Add to Block List" title="<?=gettext("Easy Rule: Add to Block List")?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")?>')"> - </i> - - <?=$srcstr . '<span class="RESOLVE-' . $src_htmlclass . '"></span>'?> - </td> - <td> - <i class="fa fa-info icon-pointer icon-primary" onclick="javascript:resolve_with_ajax('<?="{$filterent['dstip']}"; ?>');" title="<?=gettext("Click to resolve")?>" class="ICON-<?= $dst_htmlclass; ?>" alt="Reverse Resolve with DNS"/> - </i> - - <i class="fa fa-plus-square-o icon-pointer icon-primary" href="easyrule.php?<?="action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic")?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")?>')"> - </i> - <?=$dststr . '<span class="RESOLVE-' . $dst_htmlclass . '"></span>'?> - </td> + <td style="white-space:nowrap;"> + <i class="fa fa-info icon-pointer icon-primary" onclick="javascript:resolve_with_ajax('<?="{$filterent['srcip']}"; ?>');" title="<?=gettext("Click to resolve")?>" alt="Reverse Resolve with DNS"/> + </i> + + <i class="fa fa-minus-square-o icon-pointer icon-primary" href="easyrule.php?<?="action=block&int={$int}&src={$filterent['srcip']}&ipproto={$ipproto}"; ?>" alt="Easy Rule: Add to Block List" title="<?=gettext("Easy Rule: Add to Block List")?>" onclick="return confirm('<?=gettext("Do you really want to add this BLOCK rule?")?>')"> + </i> + + <?=$srcstr . '<span class="RESOLVE-' . $src_htmlclass . '"></span>'?> + </td> + <td style="white-space:nowrap;"> + <i class="fa fa-info icon-pointer icon-primary" onclick="javascript:resolve_with_ajax('<?="{$filterent['dstip']}"; ?>');" title="<?=gettext("Click to resolve")?>" class="ICON-<?= $dst_htmlclass; ?>" alt="Reverse Resolve with DNS"/> + </i> + + <i class="fa fa-plus-square-o icon-pointer icon-primary" href="easyrule.php?<?="action=pass&int={$int}&proto={$proto}&src={$filterent['srcip']}&dst={$filterent['dstip']}&dstport={$filterent['dstport']}&ipproto={$ipproto}"; ?>" title="<?=gettext("Easy Rule: Pass this traffic")?>" onclick="return confirm('<?=gettext("Do you really want to add this PASS rule?")?>')"> + </i> + <?=$dststr . '<span class="RESOLVE-' . $dst_htmlclass . '"></span>'?> + </td> <?php if ($filterent['proto'] == "TCP") $filterent['proto'] .= ":{$filterent['tcpflags']}"; ?> - <td> - <?=htmlspecialchars($filterent['proto'])?> - </td> - </tr> + <td style="white-space:nowrap;"> + <?=htmlspecialchars($filterent['proto'])?> + </td> + </tr> <?php if (isset($config['syslog']['filterdescriptions']) && $config['syslog']['filterdescriptions'] === "2") { ?> @@ -502,26 +695,29 @@ if (!isset($config['syslog']['rawfilter'])) { } // e-o-foreach buffer_rules_clear(); ?> + </tbody> </table> +<?php + if (count($filterlog) == 0) + print_info_box(gettext('No logs to display')); +?> </div> </div> </div> <?php - if (count($filterlog) == 0) - print_info_box('No logs to display'); } else { ?> <div class="panel panel-default"> - <div class="panel-heading"><h2 class="panel-title"><?=gettext("Last ")?><?=$nentries?> <?='firewall'?><?=gettext(" log entries")?></h2></div> + <div class="panel-heading"><h2 class="panel-title"><?=gettext("Last ")?><?=$nentries?> <?=gettext($allowed_logs[$logfile]["name"])?><?=gettext(" log entries")?></h2></div> <div class="table table-responsive"> <table class="table table-striped table-hover"> <thead> <tr> - <th class="col-sm-2"></th> - <th></th> + <th><?=gettext("Time")?></th> + <th style="width:100%"><?=gettext("Message")?></th> </tr> </thead> <tbody> @@ -529,19 +725,21 @@ else if ($filtertext) $rows = dump_clog($filter_logfile, $nentries, true, array("$filtertext")); else - $rows = dump_clog($filter_logfile, $nentries); + $rows = dump_clog($filter_logfile, $nentries, true, array()); ?> </tbody> </table> +<?php + if ($rows == 0) + print_info_box(gettext('No logs to display')); +?> </div> </div> <?php - if ($rows == 0) - print_info_box('No logs to display'); } ?> -<div id="infoblock" +<div id="infoblock"> <?php @@ -551,6 +749,210 @@ print_info_box('<a href="https://doc.pfsense.org/index.php/What_are_TCP_Flags%3F ?> </div> + +<?php +# Manage Log - Section/Form + +if ($input_errors) { + print_input_errors($input_errors); + $manage_log_active = true; +} + +if ($manage_log_active) + $manage_log_state = SEC_OPEN; +else + $manage_log_state = SEC_CLOSED; + +$form = new Form(false); + +$section = new Form_Section(gettext('Manage') . ' ' . gettext($allowed_logs[$logfile]["name"]) . ' ' . gettext('Log'), 'log-manager-panel', COLLAPSIBLE|$manage_log_state); + +$section->addInput(new Form_StaticText( + '', + 'These settings override the "General Logging Options" settings.' +)); + + +# All +$group = new Form_Group('Forward/Reverse Display'); + +$group->add(new Form_Checkbox( + 'cronorder', + null, + 'Forward', + ($pconfig['cronorder'] == 'forward') ? true : false, + 'forward' +))->displayAsRadio()->setHelp('(newest at bottom)'); + +$group->add(new Form_Checkbox( + 'cronorder', + null, + 'Reverse', + ($pconfig['cronorder'] == 'reverse') ? true : false, + 'reverse' +))->displayAsRadio()->setHelp('(newest at top)'); + +$group->add(new Form_Checkbox( + 'cronorder', + null, + 'General Logging Options Setting', + ($pconfig['cronorder'] == '') ? true : false, + '' +))->displayAsRadio(); + +$group->setHelp('Show log entries in forward or reverse order.'); +$section->add($group); + +$group = new Form_Group('GUI Log Entries'); + +# Use the general logging options setting (global) as placeholder. +$group->add(new Form_Input( + 'nentries', + 'GUI Log Entries', + 'number', + $pconfig['nentries'], + ['placeholder' => $config['syslog']['nentries']] +))->setWidth(2); + +$group->setHelp('This is the number of log entries displayed in the GUI. It does not affect how many entries are contained in the log.'); +$section->add($group); + +$group = new Form_Group('Log file size (Bytes)'); + +# Use the general logging options setting (global) as placeholder. +$group->add(new Form_Input( + 'logfilesize', + 'Log file size (Bytes)', + 'number', + $pconfig['logfilesize'], + ['placeholder' => $config['syslog']['logfilesize'] ? $config['syslog']['logfilesize'] : "511488"] +))->setWidth(2); +$group->setHelp("The log is held in a constant-size circular log file. This field controls how large the log file is, and thus how many entries may exist inside the log. The default is approximately 500KB." . + '<br /><br />' . + "NOTE: The log size is changed the next time it is cleared. To immediately change the log size, first save the options to set the size, then clear the log using the \"Clear Log\" action below. "); +$section->add($group); + +$group = new Form_Group('Formatted/Raw Display'); + +$group->add(new Form_Checkbox( + 'format', + null, + 'Formatted', + ($pconfig['format'] == 'formatted') ? true : false, + 'formatted' +))->displayAsRadio(); + +$group->add(new Form_Checkbox( + 'format', + null, + 'Raw', + ($pconfig['format'] == 'raw') ? true : false, + 'raw' +))->displayAsRadio(); + +$group->add(new Form_Checkbox( + 'format', + null, + 'General Logging Options Setting', + ($pconfig['format'] == '') ? true : false, + '' +))->displayAsRadio(); + +$group->setHelp('Show the log entries as formatted or raw output as generated by the service. The raw output will reveal more detailed information, but it is more difficult to read.'); +$section->add($group); + + +# System General (main) Specific +if ($logfile == 'system') { + $section->addInput(new Form_Checkbox( + 'loglighttpd', + 'Web Server Log', + 'Log errors from the web server process', + $pconfig['loglighttpd'] + ))->setHelp('If this is checked, errors from the lighttpd web server process for the GUI or Captive Portal will appear in the system log.'); +} + + +# Firewall Specific +if ($logfile == 'filter') { +$section->addInput(new Form_Checkbox( + 'logdefaultblock', + 'Log firewall default blocks', + 'Log packets matched from the default block rules in the ruleset', + $pconfig['logdefaultblock'] +))->setHelp('Packets that are blocked by the implicit default block rule will not be logged if this option is unchecked. Per-rule logging options are still respected.'); + +$section->addInput(new Form_Checkbox( + 'logdefaultpass', + null, + 'Log packets matched from the default pass rules put in the ruleset', + $pconfig['logdefaultpass'] +))->setHelp('Packets that are allowed by the implicit default pass rule will be logged if this option is checked. Per-rule logging options are still respected. '); + +$section->addInput(new Form_Checkbox( + 'logbogons', + null, + 'Log packets blocked by \'Block Bogon Networks\' rules', + $pconfig['logbogons'] +)); + +$section->addInput(new Form_Checkbox( + 'logprivatenets', + null, + 'Log packets blocked by \'Block Private Networks\' rules', + $pconfig['logprivatenets'] +)); + +$section->addInput(new Form_Select( + 'filterdescriptions', + 'Where to show rule descriptions', + !isset($pconfig['filterdescriptions']) ? '0':$pconfig['filterdescriptions'], + array( + '0' => 'Dont load descriptions', + '1' => 'Display as column', + '2' => 'Display as second row' + ) +))->setHelp('Show the applied rule description below or in the firewall log rows' . '<br />' . + 'Displaying rule descriptions for all lines in the log might affect performance with large rule sets'); +} + + +$group = new Form_Group('Action'); + +$btnsavesettings = new Form_Button( + 'save_settings', + gettext('Save'), + null +); + +$btnsavesettings->addClass('btn-sm'); + +$group->add(new Form_StaticText( + '', + $btnsavesettings +))->setHelp('Saves changed settings.'); + + +$btnclear = new Form_Button( + 'clear', + ' ' . gettext('Clear log'), + null, + 'fa-trash' +); + +$btnclear->removeClass('btn-primary')->addClass('btn-danger')->addClass('btn-sm'); + +$group->add(new Form_StaticText( + '', + $btnclear +))->setHelp('Clears local log file and reinitializes it as an empty log. Save any settings changes first.'); + +$section->add($group); +$form->add($section); +print $form; +?> + + <!-- AJAXY STUFF --> <script type="text/javascript"> //<![CDATA[ |