2006-05-13 00:31:38 +02:00
|
|
|
$NetBSD: patch-aa,v 1.2 2006/05/12 22:31:38 adrianp Exp $
|
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
2006-01-03 22:09:44 +01:00
|
|
|
|
2006-05-13 00:31:38 +02:00
|
|
|
--- base_conf.php.dist.orig 2006-03-19 22:22:43.000000000 +0000
|
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
2006-01-03 22:09:44 +01:00
|
|
|
+++ base_conf.php.dist
|
2006-05-13 00:31:38 +02:00
|
|
|
@@ -40,7 +40,7 @@ $Use_Auth_System = 0;
|
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
2006-01-03 22:09:44 +01:00
|
|
|
But also put the preceding slash. e.g. Your URL is http://127.0.0.1/base
|
|
|
|
|
set this to /base
|
|
|
|
|
*/
|
2006-05-13 00:31:38 +02:00
|
|
|
-$BASE_urlpath = '';
|
|
|
|
|
+$BASE_urlpath = '/base';
|
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
2006-01-03 22:09:44 +01:00
|
|
|
|
|
|
|
|
/* Unique BASE ID. The below variable, if set, will append its value to the
|
|
|
|
|
* title bar of the browser. This is for people who manage multiple installs
|
2006-05-13 00:31:38 +02:00
|
|
|
@@ -62,7 +62,7 @@ $base_custom_footer = '';
|
|
|
|
|
* $foo = 'c:\tmp' [OK]
|
|
|
|
|
* $foo = 'c:\tmp\' [WRONG]
|
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
2006-01-03 22:09:44 +01:00
|
|
|
*/
|
2006-05-13 00:31:38 +02:00
|
|
|
-$DBlib_path = '';
|
|
|
|
|
+$DBlib_path = '@PREFIX@/share/adodb';
|
|
|
|
|
|
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
2006-01-03 22:09:44 +01:00
|
|
|
|
|
|
|
|
/* The type of underlying alert database
|
2006-05-13 00:31:38 +02:00
|
|
|
@@ -72,7 +72,7 @@ $DBlib_path = '';
|
|
|
|
|
* MS SQL Server : 'mssql'
|
|
|
|
|
* Oracle : 'oci8'
|
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
2006-01-03 22:09:44 +01:00
|
|
|
*/
|
2006-05-13 00:31:38 +02:00
|
|
|
-$DBtype = 'mysql';
|
|
|
|
|
+$DBtype = '@DBTYPE@';
|
The Basic Analysis and Security Engine (BASE) is a PHP-based analysis
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
2006-01-03 22:09:44 +01:00
|
|
|
|
|
|
|
|
/* Alert DB connection parameters
|
|
|
|
|
* - $alert_dbname : MySQL database name of Snort alert DB
|
