Add ports to events page (#5043)

* Add ports to Events page

* Update Makefile

* Update pkg-descr

* Update security/q-feeds-connector/pkg-descr

Co-authored-by: Franco Fichtner <franco@lastsummer.de>

* Update security/q-feeds-connector/Makefile

Co-authored-by: Franco Fichtner <franco@lastsummer.de>

---------

Co-authored-by: Franco Fichtner <franco@lastsummer.de>

security/q-feeds-connector/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		q-feeds-connector
-PLUGIN_VERSION=		1.2
+PLUGIN_VERSION=		1.3
 PLUGIN_TIER=		2
 PLUGIN_COMMENT=		Connector for Q-Feeds threat intel
 PLUGIN_MAINTAINER=	devel@qfeeds.com

security/q-feeds-connector/pkg-descr

@@ -2,6 +2,10 @@ Connector for Q-Feeds threat intel
 
 Plugin Changelog
 ================
+1.3
+
+* Events: added source and destination port
+* Widget: Added license info 
 
 1.2
 

security/q-feeds-connector/src/opnsense/mvc/app/controllers/OPNsense/QFeeds/Api/SettingsController.php

@@ -85,6 +85,8 @@ class SettingsController extends ApiMutableModelControllerBase
                     'direction' => $row[2],
                     'source' => $row[3],
                     'destination' => $row[4],
+                    'source_port' => $row[5] ?? '',
+                    'destination_port' => $row[6] ?? '',
                 ];
             }
         }

security/q-feeds-connector/src/opnsense/mvc/app/views/OPNsense/QFeeds/index.volt

@@ -110,7 +110,9 @@ POSSIBILITY OF SUCH DAMAGE.
                     <th data-column-id="interface" data-type="string">{{ lang._('Interface') }}</th>
                     <th data-column-id="direction" data-type="string">{{ lang._('Direction') }}</th>
                     <th data-column-id="source" data-type="string">{{ lang._('Source') }}</th>
+                    <th data-column-id="source_port" data-type="string">{{ lang._('Source Port') }}</th>
                     <th data-column-id="destination" data-type="string">{{ lang._('Destination') }}</th>
+                    <th data-column-id="destination_port" data-type="string">{{ lang._('Destination Port') }}</th>
                 </tr>
             </thead>
             <tbody>

security/q-feeds-connector/src/opnsense/scripts/qfeeds/lib/log.py

@@ -58,10 +58,15 @@ class PFLogCrawler:
 
     @staticmethod
     def _parse_log_line(line):
-        # quick scan for datetime, interface, direction, source, dest
+        # quick scan for datetime, interface, direction, source, dest, source_port, dest_port
         parts = line.split()
         fw_line = parts[-1].split(',') # strip syslog
-        return [parts[1], fw_line[4], fw_line[7]] + [x for x in fw_line if is_ip_address(x)]
+        ip_addresses = [x for x in fw_line if is_ip_address(x)]
+        # Find destination IP position to get ports from next fields (only if numeric)
+        dest_idx = fw_line.index(ip_addresses[1]) if len(ip_addresses) > 1 else len(fw_line)
+        source_port = fw_line[dest_idx + 1] if dest_idx + 1 < len(fw_line) and fw_line[dest_idx + 1].isdigit() else ''
+        dest_port = fw_line[dest_idx + 2] if dest_idx + 2 < len(fw_line) and fw_line[dest_idx + 2].isdigit() else ''
+        return [parts[1], fw_line[4], fw_line[7]] + ip_addresses + [source_port, dest_port]
 
     def find(self, max_time=60, max_results=50000):
         result = []