Example #1
0
function make_sensor_filter($conn, $alias = "acid_event")
{
    $sensor_where = "";
    if (Session::allowedSensors() != "") {
        $user_sensors = explode(",", Session::allowedSensors());
        $snortsensors = GetSnortSensorSids($conn);
        $sids = array();
        foreach ($user_sensors as $user_sensor) {
            //echo "Sids de $user_sensor ".$snortsensors[$user_sensor][0]."<br>";
            if (count($snortsensors[$user_sensor]) > 0) {
                foreach ($snortsensors[$user_sensor] as $sid) {
                    if ($sid != "") {
                        $sids[] = $sid;
                    }
                }
            }
        }
        $sensor_where = count($sids) > 0 ? " AND {$alias}.sid in (" . implode(",", $sids) . ")" : " AND {$alias}.sid in (0)";
        // Vacio
    }
    return $sensor_where;
}
Example #2
0
if (!empty($error_message)) {
    $config_nt = array('content' => $error_message, 'options' => array('type' => 'nf_error', 'cancel_button' => false), 'style' => 'width: 80%; margin: 20px auto; text-align: left;');
    $nt = new Notification('nt_1', $config_nt);
    $nt->show();
    exit(1);
}
$db = new ossim_db();
$conn = $db->connect();
$tsensors = explode(',', Session::allowedSensors());
$sensor_ids = array();
$conn->SetFetchMode(ADODB_FETCH_BOTH);
foreach ($tsensors as $s_ip) {
    $sensor_ids[$s_ip] = $conn->GetOne("SELECT HEX(id) FROM sensor WHERE INET_NTOA( CONV( HEX( ip ) , 16, 10 ) ) LIKE '{$s_ip}'");
}
// check permissions for selected server
if (!(valid_hex32($scan_server) && (Session::allowedSensors() == "" || in_array($scan_server, array_values($sensor_ids))))) {
    $scan_server = "";
}
$message_pre_scan = _("Pre-scan localy");
$message_force_pre_scan = _("Error: Need to force pre-scan locally");
$ctest = array();
// to save connection test to servers
$ttargets = array();
// to save check for targets
$sensor_error = false;
?>

<style type="text/css">
    
    .sstatus{
        text-align:center;
Example #3
0
$chart['chart_rect'] = array('x' => 20, 'y' => -40, 'width' => 350, 'height' => 220, 'positive_alpha' => 0);
$chart['chart_transition'] = array('type' => "zoom", 'delay' => 0.1, 'duration' => 0.5, 'order' => "series");
$chart['chart_type'] = "3d column";
$chart['chart_value'] = array('position' => "cursor", 'size' => 10, 'color' => "000000", 'alpha' => 90, 'background_color' => "444444");
$chart['draw'] = array(array('type' => "image", 'url' => "/ossim/graphs/charts.swf??timeout=120&library_path=" . urlencode("/ossim/graphs/charts_library") . "&php_source=" . urlencode("/ossim/graphs/alarms_events_data2.php?bypassexpirationupdate=1")));
$chart['legend_label'] = array('layout' => "vertical", 'bullet' => "square", 'size' => 11, 'color' => "202020", 'alpha' => 85);
$chart['legend_rect'] = array('x' => 20, 'y' => 75, 'width' => 20, 'height' => 20, 'fill_alpha' => 0);
$chart['series_color'] = array("cc9944", "556688");
$chart['link_data'] = array('url' => "/ossim/graphs/handle.php?target_url=alarms_events&target_var=series", 'target' => "main");
$db = new ossim_db();
$conn = $db->connect();
$conn2 = $db->snort_connect();
$sensor_where = "";
$sensor_where_ossim = "";
if (Session::allowedSensors() != "") {
    $user_sensors = explode(",", Session::allowedSensors());
    $snortsensors = GetSensorSids($conn2);
    $sids = array();
    foreach ($user_sensors as $user_sensor) {
        //echo "Sids de $user_sensor ".$snortsensors[$user_sensor][0]."<br>";
        if (count($snortsensors[$user_sensor]) > 0) {
            foreach ($snortsensors[$user_sensor] as $sid) {
                if ($sid != "") {
                    $sids[] = $sid;
                }
            }
        }
    }
    if (count($sids) > 0) {
        $sensor_where = " AND sid in (" . implode(",", $sids) . ")";
        $sensor_where_ossim = " AND alarm.snort_sid in (" . implode(",", $sids) . ")";
Example #4
0
     }
     $buffer .= "]";
     if ($buffer == "[]") {
         $buffer = "[{title:'" . _("No Network Groups Found") . "', noLink:true}]";
     }
     echo $buffer;
 } else {
     if (preg_match("/^u_(.*)_net\$/", $key)) {
         echo Net::draw_nets_by_class($conn, $key, $filter, $length_name);
     } else {
         if (preg_match("/^u_(.*)_.class_(.*)/", $key)) {
             echo Net::draw_nets_by_class($conn, $key, $filter, $length_name);
         } else {
             if (preg_match("/u_(.*)_sensor/", $key, $found)) {
                 $sensor_list = Sensor::get_list($conn);
                 $allowedSensors = Session::allowedSensors($found[1]);
                 $sensors_allowed = array_fill_keys(explode(",", $allowedSensors), 1);
                 $j = 0;
                 $buffer .= "[";
                 foreach ($sensor_list as $sensor) {
                     if ($allowedSensors == "" || $sensors_allowed[$sensor->get_ip()]) {
                         $sensor_name = $sensor->get_name();
                         $s_title = Util::htmlentities($sensor_name);
                         $title = strlen($sensor_name) > $length_name ? substr($sensor_name, 0, $length_name) . "..." : $sensor_name;
                         $title = Util::htmlentities($title);
                         $tooltip = $s_title;
                         $li = "h:'{$h}', url:'../sensor/interfaces.php?sensor=" . $sensor->get_ip() . "&name=" . urlencode($sensor_name) . "', icon:'../../pixmaps/theme/server.png', title:'{$title}', tooltip:'{$tooltip}'\n";
                         $buffer .= ($j > 0 ? "," : "") . "{ {$li} }";
                         $j++;
                     }
                 }
Example #5
0
 function showWindowContents()
 {
     require_once 'ossim_db.inc';
     require_once 'classes/Event_viewer.inc';
     $dbname = $this->get('cloud_db');
     $link = $this->get('cloud_link');
     $max_len = $this->get('cloud_tag_max_len');
     $resolv_hostname = $this->get('cloud_resolv_ip');
     if (ossim_error()) {
         die(ossim_error());
     }
     $method = $dbname == 'snort' ? 'snort_connect' : 'connect';
     $db = new ossim_db();
     $conn = $db->{$method}();
     // User sensor filtering
     $sensor_where = "";
     if (Session::allowedSensors() != "") {
         $user_sensors = explode(",", Session::allowedSensors());
         $snortsensors = Event_viewer::GetSensorSids($conn);
         $sensor_str = "";
         foreach ($user_sensors as $user_sensor) {
             if (count($snortsensors[$user_sensor]) > 0) {
                 $sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]);
             }
         }
         if ($sensor_str == "") {
             $sensor_str = "0";
         }
         $sensor_where = " sid in (" . $sensor_str . ")";
     }
     $sql = $this->get('cloud_sql');
     if (!preg_match('/^\\s*\\(?\\s*SELECT\\s/i', $sql) || preg_match('/\\sFOR\\s+UPDATE/i', $sql) || preg_match('/\\sINTO\\s+OUTFILE/i', $sql) || preg_match('/\\sLOCK\\s+IN\\s+SHARE\\s+MODE/i', $sql)) {
         return _("SQL Query invalid due security reasons");
     }
     if ($sensor_where != "") {
         if (preg_match("/where/", $sql)) {
             $sql = str_replace("where", "where " . $sensor_where . " AND ", $sql);
         } else {
             $sql = str_replace("GROUP BY", "where " . $sensor_where . " GROUP BY", $sql);
         }
     }
     //echo "Ejecutando en $dbname: $sql";
     if (!($rs = $conn->Execute($sql))) {
         return "Error was: " . $conn->ErrorMsg() . "\n\nQuery was: " . $sql;
     }
     if ($resolv_hostname) {
         require_once "classes/Host.inc";
     }
     $tags = array();
     while (!$rs->EOF) {
         if ($resolv_hostname) {
             $tag_names[$rs->fields[0]] = Host::ip2hostname($conn, $rs->fields[0], $is_sensor = false, $force_no_dns = true);
         }
         $tags[$rs->fields[0]] = $rs->fields[1];
         $rs->MoveNext();
     }
     $db->close($conn);
     if (!count($tags)) {
         return "";
     }
     // Default font sizes
     $min_font_size = 8;
     $max_font_size = 35;
     $minimum_count = min(array_values($tags));
     $maximum_count = max(array_values($tags));
     $spread = $maximum_count - $minimum_count;
     if ($spread == 0) {
         $spread = 1;
     }
     if ($link == '') {
         $link = '#';
     }
     $cloud_html = '';
     $cloud_tags = array();
     // create an array to hold tag code
     foreach ($tags as $tag => $count) {
         $local_link = str_replace("_TAG_", $tag, $link);
         $local_name = $tag;
         if ($resolv_hostname) {
             $local_name = $tag_names[$tag];
         }
         if ($max_len > 0) {
             $tag = substr($tag, 0, $max_len);
         }
         $size = count($tags) == 1 ? $max_font_size : $min_font_size + ($count - $minimum_count) * ($max_font_size - $min_font_size) / $spread;
         $cloud_tags[] = '<a style="font-size: ' . floor($size) . 'px' . '" class="tag_cloud" href="' . htmlspecialchars($local_link) . '" title="\'' . $tag . '\' returned a count of ' . $count . '">' . htmlspecialchars(stripslashes($local_name)) . '</a>&nbsp;';
     }
     $cloud_html = join("\n", $cloud_tags) . "\n";
     return $cloud_html;
 }
Example #6
0
ossim_valid($type, "hn", "freetext", "service", OSS_NULLABLE, 'illegal: type');
if (ossim_error()) {
    die(ossim_error());
}
$net = "";
$hosts = array();
if ($type == "net" && preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d+/", $value)) {
    $net = $value;
}
//for autocomplete input
$autocnetworks = $autochosts = $autocsensors = "";
list($_sensors, $_hosts) = Host::get_ips_and_hostname($dbconn, true);
$_nets = Net::get_all($dbconn, true);
//echo "ok"; exit;
$sensor_list = Sensor::get_list($dbconn);
$allowedSensors = Session::allowedSensors();
foreach ($_hosts as $_ip => $_hostname) {
    if ($_hostname != $_ip) {
        $autochosts .= '{ txt:"' . $_hostname . ' [Host:' . $_ip . ']", id: "' . $_ip . '" },';
    } else {
        $autochosts .= '{ txt:"' . $_ip . '", id: "' . $_ip . '" },';
    }
}
foreach ($_nets as $_net) {
    $autocnetworks .= '{ txt:"' . $_net->get_name() . ' [Net:' . $_net->get_ips() . ']", id: "' . $_net->get_ips() . '" },';
}
foreach ($sensor_list as $sensor) {
    if (in_array($sensor->get_ip(), explode(",", $allowedSensors)) || $allowedSensors == "") {
        $autocsensors .= '{ txt:"' . $sensor->get_name() . ' [Sensor:' . $sensor->get_ip() . ']", id: "' . $sensor->get_ip() . '" },';
    }
}
Example #7
0
function server_get_sensors($conn)
{
    require_once 'ossim_conf.inc';
    $allowed_sensors = explode(",", Session::allowedSensors());
    $ossim_conf = $GLOBALS["CONF"];
    /* get the port and IP address of the server */
    $address = $ossim_conf->get_conf("server_address");
    $port = $ossim_conf->get_conf("server_port");
    /* create socket */
    $socket = socket_create(AF_INET, SOCK_STREAM, 0);
    if ($socket < 0) {
        echo _("socket_create() failed: reason: ") . socket_strerror($socket) . "\n";
        return array($list, $err);
    }
    $list = array();
    /* connect */
    socket_set_block($socket);
    socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array('sec' => 4, 'usec' => 0));
    socket_set_option($socket, SOL_SOCKET, SO_SNDTIMEO, array('sec' => 4, 'usec' => 0));
    $result = @socket_connect($socket, $address, $port);
    if (!$result) {
        $err = "<p><b>" . _("socket error") . "</b>: " . gettext("Is OSSIM server running at") . " {$address}:{$port}?</p>";
        return array($list, $err);
    }
    /* first send a connect message to server */
    $in = 'connect id="1" type="web"' . "\n";
    $out = '';
    socket_write($socket, $in, strlen($in));
    $out = @socket_read($socket, 2048, PHP_BINARY_READ);
    if (strncmp($out, "ok id=", 4)) {
        $err = "<p><b>" . gettext("Bad response from server") . "</b></p>";
        $err .= "<p><b>" . _("socket error") . "</b>: " . gettext("Is OSSIM server running at") . " {$address}:{$port}?</p>";
        return array($list, $err);
    }
    /* get sensors from server */
    $in = 'server-get-sensor-plugins id="2"' . "\n";
    $output = '';
    socket_write($socket, $in, strlen($in));
    //$pattern = '/sensor host="([^"]*)" state="([^"]*)"/ ';
    $pattern = '/sensor="([^"]*)" plugin_id="([^"]*)" state="([^"]*)" enabled="([^"]*)"/ ';
    $plugins = array();
    while ($output = socket_read($socket, 2048, PHP_BINARY_READ)) {
        $lines = explode("\n", $output);
        foreach ($lines as $out) {
            if (preg_match($pattern, $out, $regs)) {
                //if (Session::hostAllowed($conn, $regs[1])) {
                if (in_array($regs[1], $allowed_sensors) || Session::allowedSensors() == "") {
                    //$s["sensor"] = $regs[1];
                    //$s["state"] = $regs[3];
                    //# This should be checked in the server TODO FIXME
                    //if (!in_array($s, $list)) $list[] = $s;
                    $list[$regs[1]][$regs[2]]['enabled'] = $regs[4];
                    $list[$regs[1]][$regs[2]]['state'] = $regs[3];
                }
            } elseif (!strncmp($out, "ok id=", 4)) {
                break;
            }
        }
    }
    socket_close($socket);
    return array($list, "");
}
 echo "User '{$login}' has OpenSource perms. Trying to migrate...\n";
 foreach ($net_list as $net) {
     $net_cidr = $net['ips'];
     $net_name = $net['name'];
     if (false !== strpos(Session::allowedNets($login), $net_cidr)) {
         if ($nets == "") {
             $nets = $net_cidr;
         } else {
             $nets .= "," . $net_cidr;
         }
     }
 }
 foreach ($sensor_list as $sensor) {
     $sensor_name = $sensor['name'];
     $sensor_ip = $sensor['ip'];
     if (false !== strpos(Session::allowedSensors($login), $sensor_ip)) {
         if ($sensors == "") {
             $sensors = $sensor_ip;
         } else {
             $sensors .= "," . $sensor_ip;
         }
     }
 }
 foreach ($ACL_MAIN_MENU as $mainmenu => $menus) {
     foreach ($menus as $key => $menu) {
         if ($gacl->acl_check($mainmenu, $key, ACL_DEFAULT_USER_SECTION, $login)) {
             $perm_id = $permids[$mainmenu][$key];
             if ($perm_id > 0) {
                 $perms[$perm_id] = true;
             }
         }
Example #9
0
function ProcessCriteria()
{
    global $db, $join_sql, $where_sql, $criteria_sql, $sql, $debug_mode, $caller, $DBtype;
    /* XXX-SEC */
    global $cs, $timetz;
    /* the JOIN criteria */
    $ip_join_sql = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid ";
    $tcp_join_sql = " LEFT JOIN tcphdr ON acid_event.sid=tcphdr.sid AND acid_event.cid=tcphdr.cid ";
    $udp_join_sql = " LEFT JOIN udphdr ON acid_event.sid=udphdr.sid AND acid_event.cid=udphdr.cid ";
    $icmp_join_sql = " LEFT JOIN icmphdr ON acid_event.sid=icmphdr.sid AND acid_event.cid=icmphdr.cid ";
    $rawip_join_sql = " LEFT JOIN iphdr ON acid_event.sid=iphdr.sid AND acid_event.cid=iphdr.cid ";
    $sig_join_sql = " LEFT JOIN ossim.plugin_sid ON acid_event.plugin_id=plugin_sid.plugin_id AND acid_event.plugin_sid=plugin_sid.sid ";
    $sig_join = false;
    //$data_join_sql = " LEFT JOIN extra_data ON acid_event.sid=extra_data.sid AND acid_event.cid=extra_data.cid ";
    $data_join_sql = "";
    $ag_join_sql = " LEFT JOIN acid_ag_alert ON acid_event.sid=acid_ag_alert.ag_sid AND acid_event.cid=acid_ag_alert.ag_cid ";
    //$sig_join_sql = "";
    //$sql = "SELECT SQL_CALC_FOUND_ROWS acid_event.*,extra_data.userdata1,extra_data.userdata2,extra_data.userdata3,extra_data.userdata4,extra_data.userdata5,extra_data.userdata6,extra_data.userdata7,extra_data.userdata8,extra_data.userdata9,extra_data.username,extra_data.password,extra_data.filename FROM acid_event";
    $sql = "SELECT SQL_CALC_FOUND_ROWS acid_event.* FROM acid_event";
    // This needs to be examined!!! -- Kevin
    $where_sql = " WHERE ";
    //$where_sql = "";
    // $criteria_sql = " acid_event.sid > 0";
    // Initially show last 24hours events
    if ($_GET['time_range'] == "") {
        $criteria_sql = " ( timestamp >='" . gmdate("Y-m-d", $timetz) . "' ) ";
    } else {
        $criteria_sql = " 1 ";
    }
    //$criteria_sql = " ( timestamp <= CURDATE() ) ";
    //$criteria_sql = " 1 ";
    $join_sql = "";
    /* ********************** Meta Criteria ******************************************** */
    $sig = $cs->criteria['sig']->criteria;
    $sig_type = $cs->criteria['sig']->sig_type;
    $sig_class = $cs->criteria['sig_class']->criteria;
    $sig_priority = $cs->criteria['sig_priority']->criteria;
    $ag = $cs->criteria['ag']->criteria;
    $sensor = $cs->criteria['sensor']->criteria;
    $plugin = $cs->criteria['plugin']->criteria;
    $plugingroup = $cs->criteria['plugingroup']->criteria;
    $networkgroup = $cs->criteria['networkgroup']->criteria;
    $userdata = $cs->criteria['userdata']->criteria;
    $sourcetype = $cs->criteria['sourcetype']->criteria;
    $category = $cs->criteria['category']->criteria;
    $time = $cs->criteria['time']->GetUTC();
    //$cs->criteria['time']->criteria;
    //print_r($time);print_r($cs->criteria['time']->criteria);
    $time_cnt = $cs->criteria['time']->GetFormItemCnt();
    $ip_addr = $cs->criteria['ip_addr']->criteria;
    $ip_addr_cnt = $cs->criteria['ip_addr']->GetFormItemCnt();
    $layer4 = $cs->criteria['layer4']->criteria;
    $ip_field = $cs->criteria['ip_field']->criteria;
    $ip_field_cnt = $cs->criteria['ip_field']->GetFormItemCnt();
    $tcp_port = $cs->criteria['tcp_port']->criteria;
    $tcp_port_cnt = $cs->criteria['tcp_port']->GetFormItemCnt();
    $tcp_flags = $cs->criteria['tcp_flags']->criteria;
    $tcp_field = $cs->criteria['tcp_field']->criteria;
    $tcp_field_cnt = $cs->criteria['tcp_field']->GetFormItemCnt();
    $udp_port = $cs->criteria['udp_port']->criteria;
    $udp_port_cnt = $cs->criteria['udp_port']->GetFormItemCnt();
    $udp_field = $cs->criteria['udp_field']->criteria;
    $udp_field_cnt = $cs->criteria['udp_field']->GetFormItemCnt();
    $icmp_field = $cs->criteria['icmp_field']->criteria;
    $icmp_field_cnt = $cs->criteria['icmp_field']->GetFormItemCnt();
    $rawip_field = $cs->criteria['rawip_field']->criteria;
    $rawip_field_cnt = $cs->criteria['rawip_field']->GetFormItemCnt();
    $data = $cs->criteria['data']->criteria;
    $data_cnt = $cs->criteria['data']->GetFormItemCnt();
    $cs->criteria['data']->data_encode;
    //$data_encode[0] = "ascii"; $data_encode[1] = "hex";
    /* OSSIM */
    $ossim_type = $cs->criteria['ossim_type']->criteria;
    $ossim_priority = $cs->criteria['ossim_priority']->criteria;
    $ossim_reliability = $cs->criteria['ossim_reliability']->criteria;
    $ossim_asset_dst = $cs->criteria['ossim_asset_dst']->criteria;
    $ossim_risk_a = $cs->criteria['ossim_risk_a']->criteria;
    $tmp_meta = "";
    /* Sensor */
    if ($sensor != "" && $sensor != " ") {
        $tmp_meta = $tmp_meta . " AND acid_event.sid in (" . $sensor . ")";
    } else {
        $cs->criteria['sensor']->Set("");
        // Filter by user perms if no criteria
        if (Session::allowedSensors() != "") {
            $user_sensors = explode(",", Session::allowedSensors());
            $snortsensors = GetSensorSids($db);
            $sensor_str = "";
            foreach ($user_sensors as $user_sensor) {
                if (count($snortsensors[$user_sensor]) > 0) {
                    $sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]);
                }
            }
            if ($sensor_str == "") {
                $sensor_str = "0";
            }
            $tmp_meta .= " AND acid_event.sid in (" . $sensor_str . ")";
        }
    }
    /* Plugin */
    if ($plugin != "" && $plugin != " ") {
        $tmp_meta = $tmp_meta . " AND acid_event.plugin_id in (" . $plugin . ")";
    }
    /* Plugin Group */
    if ($plugingroup != "" && $plugingroup != " ") {
        $pg_ids = QueryOssimPluginGroup($plugingroup);
        if ($pg_ids != "") {
            $tmp_meta = $tmp_meta . " AND ({$pg_ids}) ";
        } else {
            $tmp_meta = $tmp_meta . " AND (acid_event.plugin_id=-1 AND acid_event.plugin_sid=-1)";
        }
    }
    /* Network Group */
    if ($networkgroup != "" && $networkgroup != " ") {
        $ng_ids = QueryOssimNetworkGroup($networkgroup);
        if ($ng_ids != "") {
            $tmp_meta = $tmp_meta . " AND ({$ng_ids}) ";
        }
    }
    /* User Data */
    //print_r($_SESSION);
    //echo "User Data:$userdata";
    if (trim($userdata[2]) != "") {
        $sql = "SELECT SQL_CALC_FOUND_ROWS acid_event.*,extra_data.* FROM acid_event";
        $data_join_sql = ",extra_data ";
        $flt = "extra_data." . $userdata[0] . " " . $userdata[1] . " " . ($userdata[1] == "like" ? "'%" . str_replace("'", "\\'", $userdata[2]) . "%'" : "'" . $userdata[2] . "'");
        $tmp_meta .= " AND acid_event.sid=extra_data.sid AND acid_event.cid=extra_data.cid AND ({$flt})";
    }
    /* Source Type */
    if (trim($sourcetype) != "") {
        $tmp_meta = $tmp_meta . " AND acid_event.plugin_id in (" . GetPluginListBySourceType($sourcetype) . ")";
    }
    /* Category */
    if ($category[0] != 0) {
        $sig_join = true;
        $tmp_meta = $tmp_meta . GetPluginListByCategory($category);
    }
    /* Alert Group */
    if ($ag != "" && $ag != " ") {
        $tmp_meta = $tmp_meta . " AND ag_id =" . $ag;
        $join_sql = $join_sql . $ag_join_sql;
    } else {
        $cs->criteria['ag']->Set("");
    }
    /* Signature */
    if (isset($sig[0]) && $sig[0] != " " && $sig[0] != "" && (isset($sig[1]) && $sig[1] != "")) {
        if ($sig_type == 1) {
            // sending sig[1]=plugin_id;plugin_sid
            $pidsid = preg_split("/[\\s;]+/", $sig[1]);
            $tmp_meta = $tmp_meta . " AND (acid_event.plugin_id=" . intval($pidsid[0]) . " AND acid_event.plugin_sid=" . intval($pidsid[1]) . ")";
        } else {
            // free string
            $sig_ids = QueryOssimSignature($sig[1], $sig[0], $sig[2]);
            $sig_join = true;
            $tmp_meta = $tmp_meta . " AND ({$sig_ids})";
            //if ($sig_ids != "")
            //  $tmp_meta = $tmp_meta . " AND ($sig_ids) ";
            //else
            //  $tmp_meta = $tmp_meta." AND (plugin_id=-1 AND plugin_sid=-1)";
        }
    } else {
        $cs->criteria['sig']->Set("");
    }
    /* Signature Classification
       if ($sig_class != " " && $sig_class != "" && $sig_class != "0") {
           $tmp_meta = $tmp_meta . " AND sig_class_id = '" . $sig_class . "'";
       } else if ($sig_class == "0") {
           $tmp_meta = $tmp_meta . " AND (sig_class_id is null OR sig_class_id = '0')";
       } else $cs->criteria['sig_class']->Set(""); */
    /* Signature Priority 
       if ($sig_priority[1] != " " && $sig_priority[1] != "" && $sig_priority[1] != "0") {
           $tmp_meta = $tmp_meta . " AND sig_priority " . $sig_priority[0] . " '" . $sig_priority[1] . "'";
       } else if ($sig_priority[1] == "0") {
           $tmp_meta = $tmp_meta . " AND (sig_priority is null OR sig_priority = '0')";
       } else $cs->criteria['sig_priority']->Set("");*/
    /* Date/Time
       if ( DateTimeRows2sql($time, $time_cnt, $tmp_meta) == 0 )
       $cs->criteria['time']->SetFormItemCnt(0); */
    /*
     * OSSIM Code
     */
    /* OSSIM Type */
    if ($ossim_type[1] != " " && $ossim_type[1] != "" && $ossim_type[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_type = '" . $ossim_type[1] . "'";
    } else {
        if ($ossim_type[1] == "0") {
            $tmp_meta = $tmp_meta . " AND (acid_event.ossim_type is null OR acid_event.ossim_type = '0')";
        } else {
            $cs->criteria['ossim_type']->Set("");
        }
    }
    /* OSSIM Priority */
    if ($ossim_priority[1] != " " && $ossim_priority[1] != "" && $ossim_priority[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_priority  " . $ossim_priority[0] . " '" . $ossim_priority[1] . "'";
    } else {
        if ($ossim_priority[1] == "0") {
            $tmp_meta = $tmp_meta . " AND (acid_event.ossim_priority is null OR acid_event.ossim_priority = '0')";
        } else {
            $cs->criteria['ossim_priority']->Set("");
        }
    }
    /* OSSIM Reliability */
    if ($ossim_reliability[1] != " " && $ossim_reliability[1] != "" && $ossim_reliability[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_reliability " . $ossim_reliability[0] . " '" . $ossim_reliability[1] . "'";
    } else {
        if ($ossim_reliability[1] == "0") {
            $tmp_meta = $tmp_meta . " AND (acid_event.ossim_reliability is null OR acid_event.ossim_reliability = '0')";
        } else {
            $cs->criteria['ossim_reliability']->Set("");
        }
    }
    /* OSSIM Asset DST */
    if ($ossim_asset_dst[1] != " " && $ossim_asset_dst[1] != "" && $ossim_asset_dst[1] != "0") {
        $tmp_meta = $tmp_meta . " AND acid_event.ossim_asset_dst " . $ossim_asset_dst[0] . " '" . $ossim_asset_dst[1] . "'";
    } else {
        if ($ossim_asset_dst[1] == "0") {
            $tmp_meta = $tmp_meta . " AND (acid_event.ossim_asset_dst is null OR acid_event.ossim_asset_dst = '0')";
        } else {
            $cs->criteria['ossim_asset_dst']->Set("");
        }
    }
    /* OSSIM Risk A */
    if ($ossim_risk_a != " " && $ossim_risk_a != "" && $ossim_risk_a != "0") {
        if ($ossim_risk_a == "low") {
            //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 1 AND ossim_risk_a <= 4 ";
            $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a < 1 ";
        } else {
            if ($ossim_risk_a == "medium") {
                //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 5 AND ossim_risk_a <= 7 ";
                $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a = 1 ";
            } else {
                if ($ossim_risk_a == "high") {
                    //$tmp_meta = $tmp_meta." AND ossim_risk_a >= 8 AND ossim_risk_a <= 10 ";
                    $tmp_meta = $tmp_meta . " AND acid_event.ossim_risk_a > 1 ";
                }
            }
        }
    } else {
        $cs->criteria['ossim_risk_a']->Set("");
    }
    /* Date/Time */
    if (DateTimeRows2sql($time, $time_cnt, $tmp_meta) == 0) {
        $cs->criteria['time']->SetFormItemCnt(0);
    }
    $criteria_sql = $criteria_sql . $tmp_meta;
    /* ********************** IP Criteria ********************************************** */
    /* IP Addresses */
    $tmp2 = "";
    for ($i = 0; $i < $ip_addr_cnt; $i++) {
        $tmp = "";
        if (isset($ip_addr[$i][3]) && $ip_addr[$i][1] != " ") {
            if ($ip_addr[$i][3] != "" && $ip_addr[$i][4] != "" && $ip_addr[$i][5] != "" && $ip_addr[$i][6] != "") {
                /* if use illegal 256.256.256.256 address then
                 *  this is the special case where need to search for portscans
                 */
                if ($ip_addr[$i][3] == "256" && $ip_addr[$i][4] == "256" && $ip_addr[$i][5] == "256" && $ip_addr[$i][6] == "256") {
                    $tmp = $tmp . " acid_event." . $ip_addr[$i][1] . " IS NULL" . " ";
                } else {
                    if ($ip_addr[$i][10] == "") {
                        $tmp = $tmp . " acid_event." . $ip_addr[$i][1] . $ip_addr[$i][2] . "'" . baseIP2long($ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6]) . "' ";
                    } else {
                        $mask = getIPMask($ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6], $ip_addr[$i][10]);
                        if ($ip_addr[$i][2] == "!=") {
                            $tmp_op = " NOT ";
                        } else {
                            $tmp_op = "";
                        }
                        $tmp = $tmp . $tmp_op . " (acid_event." . $ip_addr[$i][1] . ">= '" . baseIP2long($mask[0]) . "' AND " . "acid_event." . $ip_addr[$i][1] . "<= '" . baseIP2long($mask[1]) . "')";
                    }
                }
            }
            /* if have chosen the address type to be both source and destination */
            if (ereg("ip_both", $tmp)) {
                $tmp_src = ereg_replace("ip_both", "ip_src", $tmp);
                $tmp_dst = ereg_replace("ip_both", "ip_dst", $tmp);
                if ($ip_addr[$i][2] == '=') {
                    $tmp = "(" . $tmp_src . ') OR (' . $tmp_dst . ')';
                } else {
                    $tmp = "(" . $tmp_src . ') AND (' . $tmp_dst . ')';
                }
            }
            if ($tmp != "") {
                $tmp = $ip_addr[$i][0] . "(" . $tmp . ")" . $ip_addr[$i][8] . $ip_addr[$i][9];
            }
        } else {
            if (isset($ip_addr[$i][3]) && $ip_addr[$i][3] != "" || $ip_addr[$i][1] != " ") {
                /* IP_addr_type, but MALFORMED IP address */
                if ($ip_addr[$i][1] != " " && $ip_addr[$i][3] == "" && ($ip_addr[$i][4] != "" || $ip_addr[$i][5] != "" || $ip_addr[$i][6] != "")) {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Invalid IP address criteria") . " ' *." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6] . " '");
                }
                /* ADDRESS, but NO IP_addr_type was given */
                if (isset($ip_addr[$i][3]) && $ip_addr[$i][1] == " ") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("A IP address of") . " '" . $ip_addr[$i][3] . "." . $ip_addr[$i][4] . "." . $ip_addr[$i][5] . "." . $ip_addr[$i][6] . "' " . gettext("was entered for as a criteria value, but the type of address (e.g. source, destination) was not specified."));
                }
                /* IP_addr_type IS FILLED, but no ADDRESS */
                if ($ip_addr[$i][1] != " " && $ip_addr[$i][1] != "" && $ip_addr[$i][3] == "") {
                    ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("An IP address of type") . " '" . $ip_addr[$i][1] . "' " . gettext("was selected (at #") . $i . ") " . gettext("indicating that an IP address should be a criteria, but no address on which to match was specified."));
                }
            }
        }
        $tmp2 = $tmp2 . $tmp;
        if ($i > 0 && $ip_addr[$i - 1][9] == ' ' && $ip_addr[$i - 1][3] != "") {
            ErrorMessage("<B>" . gettext("Criteria warning:") . "</B> " . gettext("Multiple IP address criteria entered without a boolean operator (e.g. AND, OR) between IP Criteria") . " #{$i} and #" . ($i + 1) . ".");
        }
    }
    if ($tmp2 != "") {
        $criteria_sql = $criteria_sql . " AND ( " . $tmp2 . " )";
    } else {
        $cs->criteria['ip_addr']->SetFormItemCnt(0);
    }
    /* IP Fields */
    if (FieldRows2sql($ip_field, $ip_field_cnt, $criteria_sql) == 0) {
        $cs->criteria['ip_field']->SetFormItemCnt(0);
    }
    /* Layer-4 encapsulation */
    if ($layer4 == "TCP") {
        $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '6'";
    } else {
        if ($layer4 == "UDP") {
            $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '17'";
        } else {
            if ($layer4 == "ICMP") {
                $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '1'";
            } else {
                if ($layer4 == "RawIP") {
                    $criteria_sql = $criteria_sql . " AND acid_event.ip_proto= '255'";
                } else {
                    $cs->criteria['layer4']->Set("");
                }
            }
        }
    }
    /* Join the iphdr table if necessary */
    if (!$cs->criteria['ip_field']->isEmpty()) {
        $join_sql = $ip_join_sql . $join_sql;
    }
    /* ********************** TCP Criteria ********************************************** */
    if ($layer4 == "TCP") {
        $proto_tmp = "";
        /* TCP Ports */
        if (FieldRows2sql($tcp_port, $tcp_port_cnt, $proto_tmp) == 0) {
            $cs->criteria['tcp_port']->SetFormItemCnt(0);
        }
        $criteria_sql = $criteria_sql . $proto_tmp;
        $proto_tmp = "";
        /* TCP Flags */
        if (isset($tcp_flags) && sizeof($tcp_flags) == 8) {
            if ($tcp_flags[0] == "contains" || $tcp_flags[0] == "is") {
                $flag_tmp = $tcp_flags[1] + $tcp_flags[2] + $tcp_flags[3] + $tcp_flags[4] + $tcp_flags[5] + $tcp_flags[6] + $tcp_flags[7] + $tcp_flags[8];
                if ($tcp_flags[0] == "is") {
                    $proto_tmp = $proto_tmp . ' AND tcp_flags=' . $flag_tmp;
                } else {
                    if ($tcp_flags[0] == "contains") {
                        $proto_tmp = $proto_tmp . ' AND (tcp_flags & ' . $flag_tmp . ' = ' . $flag_tmp . " )";
                    } else {
                        $proto_tmp = "";
                    }
                }
            }
        }
        /* TCP Fields */
        if (FieldRows2sql($tcp_field, $tcp_field_cnt, $proto_tmp) == 0) {
            $cs->criteria['tcp_field']->SetFormItemCnt(0);
        }
        /* TCP Options
         *  - not implemented
         */
        if (!$cs->criteria['tcp_port']->isEmpty() || !$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            if (!$cs->criteria['tcp_flags']->isEmpty() || !$cs->criteria['tcp_field']->isEmpty()) {
                $join_sql = $tcp_join_sql . $join_sql;
            }
        }
    }
    /* ********************** UDP Criteria ********************************************* */
    if ($layer4 == "UDP") {
        $proto_tmp = "";
        /* UDP Ports */
        if (FieldRows2sql($udp_port, $udp_port_cnt, $proto_tmp) == 0) {
            $cs->criteria['udp_port']->SetFormItemCnt(0);
        }
        $criteria_sql = $criteria_sql . $proto_tmp;
        $proto_tmp = "";
        /* UDP Fields */
        if (FieldRows2sql($udp_field, $udp_field_cnt, $proto_tmp) == 0) {
            $cs->criteria['udp_field']->SetFormItemCnt(0);
        }
        if (!$cs->criteria['udp_port']->isEmpty() || !$cs->criteria['udp_field']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            if (!$cs->criteria['udp_field']->isEmpty()) {
                $join_sql = $udp_join_sql . $join_sql;
            }
        }
    }
    /* ********************** ICMP Criteria ******************************************** */
    if ($layer4 == "ICMP") {
        $proto_tmp = "";
        /* ICMP Fields */
        if (FieldRows2sql($icmp_field, $icmp_field_cnt, $proto_tmp) == 0) {
            $cs->criteria['icmp_field']->SetFormItemCnt(0);
        }
        if (!$cs->criteria['icmp_field']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            $join_sql = $icmp_join_sql . $join_sql;
        }
    }
    /* ********************** Packet Scan Criteria ************************************* */
    if ($layer4 == "RawIP") {
        $proto_tmp = "";
        /* RawIP Fields */
        if (FieldRows2sql($rawip_field, $rawip_field_cnt, $proto_tmp) == 0) {
            $cs->criteria['rawip_field']->SetFormItemCnt(0);
        }
        if (!$cs->criteria['rawip_field']->isEmpty()) {
            $criteria_sql = $criteria_sql . $proto_tmp;
            $join_sql = $rawip_join_sql . $join_sql;
        }
    }
    /* ********************** Payload Criteria ***************************************** */
    //$tmp_payload = "";
    if (DataRows2sql($data, $data_cnt, $data_encode, $tmp_payload) == 0) {
        $cs->criteria['data']->SetFormItemCnt(0);
    }
    //echo "<br><br><br>";
    //print_r($data);
    //print_r("data_cnt: [".$data_cnt."]");
    //print_r($cs->criteria['data']->isEmpty());
    //print_r("criteria_ sql: [".$criteria_sql."]");
    //print_r("tmp_payload: [".$tmp_payload."]");
    if (!$cs->criteria['data']->isEmpty()) {
        $sql = "SELECT SQL_CALC_FOUND_ROWS acid_event.*,extra_data.* FROM acid_event";
        $data_join_sql = ",extra_data ";
        $criteria_sql = $criteria_sql . $tmp_payload;
    }
    if ($sig_join) {
        $join_sql = $join_sql . $sig_join_sql;
    }
    $join_sql = $join_sql . $data_join_sql;
    $csql[0] = $join_sql;
    $criteria_sql = preg_replace("/AND\\s+\\)/", " )", preg_replace("/OR\\s+\\)/", " )", $criteria_sql));
    $csql[1] = $criteria_sql;
    //print_r($csql);
    return $csql;
}
function PrintBASESubHeader($page_title, $page_name, $back_link, $refresh = 0, $page = "")
{
    global $db, $timetz, $debug_mode, $BASE_VERSION, $BASE_path, $BASE_urlpath, $html_no_cache, $max_script_runtime, $Use_Auth_System, $stat_page_refresh_time, $refresh_stat_page, $ossim_servers, $sensors, $hosts, $database_servers, $DBlib_path, $DBtype, $db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password;
    if (ini_get("safe_mode") != true) {
        set_time_limit($max_script_runtime);
    }
    ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html>
        <head>
            <meta http-equiv="Content-Type" content="text/html; charset=<?php 
    echo gettext("iso-8859-1");
    ?>
"/>
            <?php 
    if ($html_no_cache == 1) {
        ?>
<meta http-equiv="pragma" content="no-cache"/><?php 
    }
    ?>
            <?php 
    if ($refresh == 1 && !$_SESSION['norefresh']) {
        PrintFreshPage($refresh_stat_page, $stat_page_refresh_time);
    }
    ?>
            
            <!-- Included Styles -->
            <link rel="stylesheet" type="text/css" href="/ossim/style/av_common.css?t=<?php 
    echo Util::get_css_id();
    ?>
"/>
            <link rel="stylesheet" type="text/css" href="/ossim/style/analysis/security_events/security_events.css"/>

            <link rel="stylesheet" type="text/css" href="/ossim/style/jquery-ui.css"/>
            <link rel="stylesheet" type="text/css" href="/ossim/style/jquery.tag-it.css"/>
            <!-- <link rel="stylesheet" type="text/css" href="/ossim/style/flexigrid.css"/> -->
            <link rel="stylesheet" type="text/css" href="/ossim/style/jquery.autocomplete.css"/>
            <link rel="stylesheet" type="text/css" href="/ossim/style/tipTip.css"/>
            <link rel="stylesheet" type="text/css" href="/ossim/style/jslider.css"/>
            <link rel="stylesheet" type="text/css" href="/ossim/style/flipswitch.css"/>
            <link rel="stylesheet" type="text/css" href="/ossim/style/datepicker.css"/>
            
            <!-- Manual Styles -->
            <style type="text/css">
                
                #adv_search_button
                {
                    margin:0px 0px 0px 5px;
                }
                #views table, #taxonomy table, #mfilters table, #report table  {
                    background:none repeat scroll 0 0 #FAFAFA;
                    border:1px solid #BBBBBB;
                    color:black;
                    text-align:center;
                   -moz-border-radius:8px 8px 8px 8px;
                   padding: 2px;
                }
                
                #views table tr td, #taxonomy table tr td, #mfilters table tr td, #report table tr td{
                    padding: 0;
                }
                #views table tr td input, #views table, 
                #taxonomy table tr td input, #taxonomy table,
                #taxonomy table tr td input, #report table,
                #mfilters table tr td input, #mfilters table
                {
                    font-size: 0.9em;
                    line-height: 0.5em;
                }
                
                #views table tr td ul{
                    padding: 0px;
                }
                #views table tr td ul li{
                    padding: 0px 0px 0px 12px;
                    list-style-type: none;
                    text-align: left;
                    margin: 0px;
                    clear:left;
                    position: relative;
                    height: 23px;
                    line-height: 1em;
                }
                .margin0
                {
                    margin: 0px;
                }
                .left_np
                {
                    text-align: left;
                }
                .par{
                    background: #f2f2f2;
                }
                .impar{
                    background: #fff;
                }
                .padding_right_5
                {
                    padding: 0px 5px 0px 0px;
                }
                .padding_top_5
                {
                    padding: 5px 0px 0px 0px;
                }
                .float_left
                {
                    float: left;
                }
                .float_right
                {
                    float: right;
                }
                #views table tr th, #taxonomy table tr th, #mfilters table tr th{
                    white-space:nowrap;
                	padding:1px 10px;
                	border: 1px solid #CCCCCC;
                	font-size: 11px;
                	color: #222222;
                	font-weight: bold;
                	text-align: center;
                	background: #E5E5E5;
                	background: -webkit-linear-gradient(#EFEFEF, #E5E5E5);
                	background: -moz-linear-gradient(#EFEFEF, #E5E5E5);
                	background: -o-linear-gradient(#EFEFEF, #E5E5E5);
                	filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#EFEFEF', endColorstr='#E5E5E5');
                }
                
                
                #viewbox{
                	font-size: 1.5em;
                	margin: 0.5em;
                }
                
                #dhtmltooltip{
                position: absolute;
                width: 150px;
                border: 2px solid black;
                padding: 2px;
                background-color: lightyellow;
                visibility: hidden;
                z-index: 100;
                }
                
                img{
                	vertical-align:middle;
                }
                small {
                	font:12px arial;
                }
                
                #maintable{
                background-color: white;
                }
                #viewtable{
                background-color: white;
                }
                .negrita { font-weight:bold; font-size:14px; }
                .thickbox { color:gray; font-size:10px; }
                .header{
                line-height:28px; height: 28px; background: transparent url(../pixmaps/fondo_col.gif) repeat-x scroll 0% 0%; color: rgb(51, 51, 51); font-size: 12px; font-weight: bold; text-align:center;
                }
                
                .ne { color:black }
                .gr { color:#999999 }
                
                .disabled img {
                    filter:alpha(opacity=50);
                    -moz-opacity:0.5;
                    -khtml-opacity: 0.5;
                    opacity: 0.5;
                }
                
                td.head {
                    border:1px solid #CCCCCC;
                    
                    background: #E5E5E5;
                    background: -webkit-linear-gradient(#EFEFEF, #e5e5e5);
                    background: -moz-linear-gradient(#EFEFEF, #e5e5e5); 
                    background: -o-linear-gradient(#EFEFEF, #e5e5e5);
                    filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#efefef', endColorstr='#e5e5e5');
                    
                    font-size:14px;font-weight:bold;
                    color:#333333;
                }
                
                .left13 {
                	    text-align:left;
                	    font-size:13px;
                }
                
                ul.tagit
                {
                    margin: 0px;
                    border:none;
                }
                
                .separated
                {
                    border-spacing: 0px;
                    border-collapse: separated;
                	    padding: 0px;
                }
                
                .separated td
                {
                	    padding: 4px 4px 4px 0px;
                }
                                
            </style>
            
            <!-- jQuery and Javascript -->
            <!--[if IE]><script language="javascript" type="text/javascript" src="../js/jqplot/excanvas.js"></script><![endif]-->
		    <script type="text/javascript" src="../js/jquery.min.js"></script>
		    <script type="text/javascript" src="/ossim/js/jquery-ui.min.js"></script>
		    <script type="text/javascript" src="../js/greybox.js"></script>
            <script type="text/javascript" src="../js/jquery.flot.pie.js" language="javascript"></script>
            <script type="text/javascript" src="../js/jquery.bgiframe.min.js" language="javascript"></script>
            <script type="text/javascript" src="../js/jquery.autocomplete.pack.js" language="javascript"></script>
            <!-- <script type="text/javascript" src="../js/jquery.simpletip.js"></script> -->
            <script type="text/javascript" src="../js/jquery.tipTip-ajax.js"></script>
            
            <!-- jSlider -->
            <script type="text/javascript" src="../js/jslider/jshashtable-2.1_src.js"></script>
            <script type="text/javascript" src="../js/jslider/jquery.numberformatter-1.2.3.js"></script>
            <script type="text/javascript" src="../js/jslider/tmpl.js"></script>
            <script type="text/javascript" src="../js/jslider/jquery.dependClass-0.1.js"></script>
            <script type="text/javascript" src="../js/jslider/draggable-0.1.js"></script>
            <script type="text/javascript" src="../js/jslider/jquery.slider.js"></script>
            <script type="text/javascript" src="../js/jquery.tag-it.js"></script>
            <script type="text/javascript" src="../js/jquery.placeholder.js"></script>
            
            
            <?php 
    $ipsearch = 1;
    include "../host_report_menu.php";
    ?>
            
            <!-- Javascript functions -->
            <script type="text/javascript">

            // ***** Variables *****
            
            // Used in tooltips
            var url   = new Array(50);
            
            // For greybox
            var nogb  = false;
            
            // Used in calendar
            var state = false;
            
            // Selected Tab
            var current_section = "<?php 
    echo preg_match("/base_timeline/", $_SERVER['SCRIPT_NAME']) ? "timeline" : (preg_match("/base_stat/", $_SERVER['SCRIPT_NAME']) && $_SERVER['SCRIPT_NAME'] != '/ossim/forensics/base_stat_ipaddr.php' ? "grouped" : "events");
    ?>
";
            
            // ***** Functions *****
            
            // Tooltip used in unique events plots
            function showTooltip(x, y, contents, link) {
            		link = link.replace(".","");
                    link = link.replace(",","");
            		$('<div id="tooltip" class="tooltipLabel" onclick="load_link(\'' + url[link] + '&submit=Query DB\')"><a href="' + url[link] + '&submit=Query DB" style="font-size:10px;">' + contents + '</a></div>').css( {
            			position: 'absolute',
            			display: 'none',
            			top: y - 28,
            			left: x - 10,
            			border: '1px solid #ADDF53',
            			padding: '1px 2px 1px 2px',
            			'background-color': '#CFEF95',
            			opacity: 0.80
            		}).appendTo("body").fadeIn(200);
            	}
            
            	Array.prototype.in_array = function(p_val) {
            		for(var i = 0, l = this.length; i < l; i++) {
            			if(this[i] == p_val) {
            				return true;
            			}
            		}
            		return false;
            	}

            	// Auxiliary function for sensor input autocomplete
            	function mix_sensors(val) {
            		var sval = val.split(',');
            		if ($("#sensor").val() != "") var aval = $("#sensor").val().split(',');
            		else var aval = [];
            		var mixed = [];
            		var ind = 0;
            		for(var i = 0, l = sval.length; i < l; i++) {
            			if (aval.length>=0 || aval.in_array(sval[i])) // Before aval.length==0
            				mixed[ind++] = sval[i];
            		}
            		var str = "";
            		
            		if (mixed.length > 0) {
            			str = mixed[0];
            			for(var i = 1, l = mixed.length; i < l; i++) {
            				str = str + ',' + mixed[i];
            			}
            			//alert($("#sensor").val()+" + "+val+" = "+str);
            		}
            		// return intersection
            		$("#sensor").val(str);
            	}

            	// Used to delete events in background
            	function bgtask() {
            		$.ajax({
            			type: "GET",
            			url: "base_bgtask.php",
            			data: "",
            			success: function(msg) {
                            var redirection = false;
            				if (msg.match(/No pending tasks/)) {
                                if($("#task").is(":visible")) { // check if there was a pending task
                                    var redirection = true;
                                }
            					if ($("#task").is(":visible")) $("#task").toggle();
            					setTimeout("bgtask()",5000);
                                if(redirection) {
                                    load_link('./base_qry_main.php?num_result_rows=-1&submit=Query+DB&current_view=-1');
                                }
            				} else {
            					if ($("#task").is(":hidden")) $("#task").toggle();
            					$("#task").html("<img style='border: none' src='./images/sandglass.png'> Deleting in background...");
            					setTimeout("bgtask()",5000);
            				}
            			}
            		});
            	}

            	// Used in plot response
            	function SetIFrameSource(cid, url) {
                var myframe = document.getElementById(cid);
                if(myframe !== null) {
                    if(myframe.src){
                        myframe.src = url; }
                    else if(myframe.contentWindow !== null && myframe.contentWindow.location !== null){
                        myframe.contentWindow.location = url; }
                    else{ myframe.setAttribute('src', url); }
                }	
            }

            	// Used in top plot toggle
            	function trendgraph() {
                if ($("#iplot").is(":visible") == false) {
                    $('#graph_arrow').attr("src", "../pixmaps/arrow_green_down.png");
                    $('#iplot').toggle();
                    $('#loadingTrend').show();
                    SetIFrameSource('processframe','base_plot.php')
                } else {
                	$('#graph_arrow').attr("src", "../pixmaps/arrow_green.png");
                    $('#iplot').toggle();
                }
            }
            
            function show_search_tooltip()
            {
                var tooltip = 
                {
                    "<?php 
    echo _('Signature');
    ?>
"       : 1,
                    "<?php 
    echo _('Payload');
    ?>
"         : 1,
                    "<?php 
    echo _('Src or Dst IP');
    ?>
"   : 1,
                    "<?php 
    echo _('Src IP');
    ?>
"          : 1,
                    "<?php 
    echo _('Dst IP');
    ?>
"          : 1,
                    "<?php 
    echo _('Src or Dst Host');
    ?>
" : 2,
                    "<?php 
    echo _('Src Host');
    ?>
"        : 2,
                    "<?php 
    echo _('Dst Host');
    ?>
"        : 2
                }
                
                var selected = $(this).val();

                if (selected in tooltip)
                {                   
                    var ul = $('<ul></ul>');
                    
                    if (tooltip[selected] == 1)
                    {
                        $('<li></li>',
                        {
                            text: "<?php 
    echo _('Conjunction: ');
    ?>
 'AND'"
                        }).appendTo(ul)
                        
                        $('<li></li>',
                        {
                            text: "<?php 
    echo _('Disjunction: ');
    ?>
 'OR'"
                        }).appendTo(ul)
                    }
                    
                    $('<li></li>',
                    {
                        text: "<?php 
    echo _('Negation: ');
    ?>
 '!'"
                    }).appendTo(ul)
                    
                    var content = $('<div></div>',
                    {
                        id  : "search_opt_tip",
                        text: "<?php 
    echo _('For this search option you can use the following operator(s) to perform complex searches:');
    ?>
"
                    })
                    
                    content.append(ul)
                                        
                    $('#help_tooltip').removeData("tipTip").tipTip( 
                    {
                        maxWidth: "300px",
                        content: content
                    }).show();
                    
                }
                else
                {
                    $('#help_tooltip').hide().tipTip('destroy');
                } 
                
            }

            function show_calendar()
            {
                $('#date_from').trigger('focus');
            }


            	// Button more filters button action
            	function more_filters_toggle()
            	{
            		if ($('#more_filters').is(":visible"))
            		{
            			$('#more_filters').hide();
            			$('#more_filters_button').val("+ <?php 
    echo _("More Filters");
    ?>
");
            		}
            		else
            		{
            			$('#more_filters').show();
            			$('#more_filters_button').val("- <?php 
    echo _("More Filters");
    ?>
");
            		}
            	}

            	// Auxiliary format number for plot hovers
            	function formatNmb(nNmb){
            		var sRes = ""; 
            		for (var j, i = nNmb.length - 1, j = 0; i >= 0; i--, j++)
            			sRes = nNmb.charAt(i) + ((j > 0) && (j % 3 == 0)? "<?php 
    echo thousands_locale();
    ?>
": "") + sRes;
            		return sRes;
            	}

            	// [Events, Grouped, Timeline]
            	function load_section(section)
            	{
            		// Some layer changes when no page reload needed
            	    if (section == "grouped")
            	    {
            	        $('#plot_option').hide();
            	        $('#grouped_option').show();
            	    }

            	    if (section == "events")
            	    {
            	        $('#grouped_option').hide();
            	        $('#plot_option').show();
            	    }

            	    if (section == "timeline")
            	    {
            	        $('#grouped_option').hide();
            	    }

            	    current_section = section;
            	    
            	    $('#criteria_tagit').tagit(
                    {
                        onlyAllowDelete: true,
                        beforeTagRemoved: function(event, ui) 
                        {
                            var url   = $(ui.tag).data('info');
                            
                            if(typeof url != 'undefined' && url != '')
                            {
                                load_link(url);
                            }
                        }
                    });
            	}

                function load_link(url)
                {
                    if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner();
                    document.location.href=url;
                }
            	// Custom Views
            	// Get default view
            	<?php 
    require_once "ossim_conf.inc";
    $conf = $GLOBALS["CONF"];
    $idm_enabled = $conf->get_conf("enable_idm", FALSE) == 1 && Session::is_pro() ? true : false;
    $login = Session::get_session_user();
    $config = new User_config($db);
    $default_view = $config->get($login, 'custom_view_default', 'php', "siem") != "" ? $config->get($login, 'custom_view_default', 'php', "siem") : ($idm_enabled ? 'IDM' : 'default');
    ?>
            	var default_view = "<?php 
    echo $default_view;
    ?>
";
            	function set_default_view(name) {
            		$('#view_star_'+name).attr('src', '../pixmaps/loading.gif');
            		$.ajax({
            			type: "GET",
            			url: "custom_view_save.php",
            			data: "name="+name+"&set_default=1",
            			success: function(msg) {
            				if (msg != "") {
            					alert(msg);
            				} else {
            					$('.view_star').attr('src', '../pixmaps/star-small-empty.png');
            					$('#view_star_'+name).attr('src', '../pixmaps/star-small.png');
            					default_view = name;
            				}
            			}
            		});
            	}
            	
            	function change_view(view)
            	{
            		var url = "base_qry_main.php?num_result_rows=-1&submit=Query+DB&current_view=-1&custom_view="+view;
            		load_link(url);
            	}
            	
            	function save_view(id_img)
            	{
            		var img = $('#'+id_img).attr('src').split('/');
            	    img = img[img.length-1];
            	    var url = '../pixmaps/';
            		
            		var src1='loading3.gif';
            		var src2='tick.png';
            		
            		$('#'+id_img).attr('src', url+src1);
            						
            		$.ajax({
            			type: "GET",
            			url: "custom_view_save.php",
            			data: "",
            			success: function(msg) {
            				$('#'+id_img).attr('src', url+src2);
            				setTimeout("($('#"+id_img+"').attr('src', '"+url+img+"'))",1000);
            			}
            		});
            		
            		
            	}
            	
            	function delete_view(name)
            	{
            		$.ajax({
            			type: "GET",
            			url: "custom_view_delete.php",
            			data: "name="+name,
            			success: function(msg) {
            				if (msg != "") {
            					alert(msg);
            				} else {
            					var url = "base_qry_main.php?num_result_rows=-1&submit=Query+DB";
            					load_link(url);
            				}
            			}
            		});
            	}

            	// Greybox
            	//function GB_hide() { document.location.reload() }
            //function GB_onclose() { nogb=false; }
            function GB_onclose()
            {
                if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner();
                document.location.reload();
            }

            // Triggered by custom_view_edit.php when it creates or deletes
            function GB_onhide(url, params)
            {
            	if (url.match(/newincident/))
        		{
            		document.location.href="../incidents/index.php?m_opt=analysis&sm_opt=tickets&h_opt=tickets"
            		
            		return false
        		}
        		
            	if (typeof(params) == 'object' && typeof params['change_view'] != 'undefined')
            	{
            	    change_view(params['change_view']);
            	    
            	    return false
            	}
            }

            // Solera
            function solera_deepsee (from,to,src_ip,src_port,dst_ip,dst_port,proto)
            {
                $('#solera_form input[name=from]').val(from);
                $('#solera_form input[name=to]').val(to);
                $('#solera_form input[name=src_ip]').val(src_ip);
                $('#solera_form input[name=src_port]').val(src_port);
                $('#solera_form input[name=dst_ip]').val(dst_ip);
                $('#solera_form input[name=dst_port]').val(dst_port);
                $('#solera_form input[name=proto]').val(proto);
                GB_show_post('Solera DeepSee &trade;','#solera_form',300,600);
            }

            // Events grouping button click
            function dsgroup_for_selected()
            {
                	var idlist = "";
                	var sidlist = "";
                	$("input:checkbox:checked").each(function() {
                		if(this.className == "trlnks") {
                			if (idlist != "") idlist += ",";
                			if (sidlist != "") sidlist += ",";
                			idlist += this.getAttribute('pid');
                			sidlist += this.getAttribute('psid');
                		}
                	});
                	if (idlist != "" && sidlist != "") {
                		GB_show("<?php 
    echo _("Insert into existing DS Group");
    ?>
","/policy/insertsid.php?plugin_id="+idlist+"&plugin_sid="+sidlist,'650','65%');
                	}
            }

            // Top refresh link
            function re_load()
            {
                if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner();                
                if (typeof(pag_reload)=='function') pag_reload();
            }

            // Select all when DeleteAllOnScreen button click
            function click_all(bt)
            {
                $("input[name^='action_chk_lst']").each(function() { $(this).attr('checked',true); });
                $('#eqbtn'+bt).click()
            }

            // Group By selection
            function group_selected(val)
            {
                // Reset
                $('#group_button').hide();
                $('#group_ip_select').css('display', 'none');
                $('#group_hostname_select').css('display', 'none');
                $('#group_username_select').css('display', 'none');
                $('#group_port_select').css('display', 'none');
                $('#group_proto_select').css('display', 'none');

                // Second level
                if (val.match("^ip"))
                {
                    $('#group_ip_select').css('display', 'inline');
                }
                if (val.match("^hostname"))
                {
                    $('#group_hostname_select').css('display', 'inline');
                }
                if (val.match("^username"))
                {
                    $('#group_username_select').css('display', 'inline');
                }
                if (val.match("^port"))
                {
                    $('#group_port_select').css('display', 'inline');

                    // Third level (Ports)
                    if ($('#group_port_select').find(":selected").val() != "portempty")
                    {
                        if (val.match("port(src|dst)") || val.match("proto") || $('#group_proto_select').find(":selected").val() != "")
                        {
                            $('#group_proto_select').css('display', 'inline');
                        }
                    }
                }

                // Show Group Button (All options are ready to go)
                if (val == "signature"
                || val == "sensor"
                || val == "ptypes"
                || val == "plugins"
                || val == "country"
                || val == "categories"

                || (val.match("^ip")
                        && $('#groupby_ip').find(":selected").val() != "ipempty")
                
                || (val.match("^hostname")
                        && $('#groupby_hostname').find(":selected").val() != "hostnameempty")
                
                || (val.match("^username")
                        && $('#groupby_username').find(":selected").val() != "usernameempty")
                
                || (val.match("^port")
                        && $('#group_port_select').find(":selected").val() != "portempty"
                        && $('#group_proto_select').find(":selected").val() != "portprotoempty")) 
                {
                    $('#group_button').show();
                }
            }

            // Group by go
            function go_stats()
            {
                if ($('#groupby_1').val() == "ip")
                {
                    if ($('#groupby_ip').val() == "iplink")
                    {
                        load_link("base_stat_iplink.php?sort_order=events_d&fqdn=no");
                    }
                    else if ($('#groupby_ip').val() == "iplink_fqdn")
                    {
                        load_link("base_stat_iplink.php?sort_order=events_d&fqdn=yes");
                    }
                    else if ($('#groupby_ip').val() == "ipsrc")
                    {
                        load_link("base_stat_uaddr.php?addr_type=1&sort_order=occur_d");
                    }
                    else if ($('#groupby_ip').val() == "ipdst")
                    {
                        load_link("base_stat_uaddr.php?addr_type=2&sort_order=occur_d");
                    }
                    else if ($('#groupby_ip').val() == "ipboth")
                    {
                        load_link("base_stat_uaddress.php?sort_order=occur_d");
                    }
                }
                else if ($('#groupby_1').val() == "hostname")
                {
                    if ($('#groupby_hostname').val() == "hostnamesrc")
                    {
                        load_link("base_stat_uidmsel.php?addr_type=src_hostname&sort_order=occur_d");
                    }
                    else if ($('#groupby_hostname').val() == "hostnamedst")
                    {
                        load_link("base_stat_uidmsel.php?addr_type=dst_hostname&sort_order=occur_d");
                    }
                    else
                    {
                        load_link("base_stat_uidm.php?addr_type=hostname&sort_order=occur_d");
                    }
                }
                else if ($('#groupby_1').val() == "username")
                {
                    if ($('#groupby_username').val() == "usernamesrc")
                    {
                        load_link("base_stat_uidmsel.php?addr_type=src_userdomain&sort_order=occur_d");
                    }
                    else if ($('#groupby_username').val() == "usernamedst")
                    {
                        load_link("base_stat_uidmsel.php?addr_type=dst_userdomain&sort_order=occur_d");
                    }
                    else
                    {
                        load_link("base_stat_uidm.php?addr_type=userdomain&sort_order=occur_d");
                    }
                }
                else if ($('#groupby_1').val() == "signature")
                {
                    load_link("base_stat_alerts.php?sort_order=occur_d");
                }
                else if ($('#groupby_1').val() == "port")
                {
                    if ($('#groupby_port').val() == "portsrc")
                    {
                        if ($('#groupby_proto').val() == "portprototcp")
                        {
                            load_link("base_stat_ports.php?sort_order=occur_d&port_type=1&proto=6");
                        }
                        else if ($('#groupby_proto').val() == "portprotoudp")
                        {
                            load_link("base_stat_ports.php?sort_order=occur_d&port_type=1&proto=17");
                        }
                        else if ($('#groupby_proto').val() == "portprotoany")
                        {
                            load_link("base_stat_ports.php?sort_order=occur_d&port_type=1&proto=-1");
                        }
                    }
                    else if ($('#groupby_port').val() == "portdst")
                    {
                        if ($('#groupby_proto').val() == "portprototcp")
                        {
                            load_link("base_stat_ports.php?sort_order=occur_d&port_type=2&proto=6");
                        }
                        else if ($('#groupby_proto').val() == "portprotoudp")
                        {
                            load_link("base_stat_ports.php?sort_order=occur_d&port_type=2&proto=17");
                        }
                        else if ($('#groupby_proto').val() == "portprotoany")
                        {
                            load_link("base_stat_ports.php?sort_order=occur_d&port_type=2&proto=-1");
                        }
                    }
                }
                else if ($('#groupby_1').val() == "sensor")
                {
                    load_link("base_stat_sensor.php?sort_order=occur_d");
                }
                else if ($('#groupby_1').val() == "ptypes")
                {
                    load_link("base_stat_ptypes.php?sort_order=occur_d");
                }
                else if ($('#groupby_1').val() == "plugins")
                {
                    load_link("base_stat_plugins.php?sort_order=occur_d");
                }
                else if ($('#groupby_1').val() == "country")
                {
                    load_link("base_stat_country.php");
                }
                else if ($('#groupby_1').val() == "categories")
                {
                    load_link("base_stat_categories.php?sort_order=occur_d");
                }
            }

            // Postload action (call from host_report_menu.php)
            function postload() {
            	   if (typeof(parent.hide_overlay_spinner)=='function' && parent.is_loading_box())
            	   {
            	       parent.hide_overlay_spinner();                
                   }
                   // Show spinner on form submit
                   $('#go_button,#bsf').on('click',function(){
                        if (typeof(parent.show_overlay_spinner)=='function') parent.show_overlay_spinner(); 
                   });
                   
            		// CAPTURE ENTER KEY
            		$("#search_str").bind("keydown", function(event) {
            			// track enter key
            			var keycode = (event.keyCode ? event.keyCode : (event.which ? event.which : event.charCode));
            			if (keycode == 13) { // keycode for enter key
            				$('#submit').val('<?php 
    echo _("Signature");
    ?>
');
            				$('#go_button').click();
            				return false;
            			} else  {
            				return true;
            			}
            		});
            		// TOOLTIPS
            		$('.scriptinfo').tipTip({
            			defaultPosition: "right",
            			content: function (e) {
            				var ip  = $(this).attr('data-title').replace(/\-.*/,'');
            				var ctx = $(this).attr('data-title').replace(/.*\-/,'');
            				$.ajax({
            					url: 'base_netlookup.php?ip=' + ip + ';' + ctx,
            					success: function (response) {
            						e.content.html(response); // the var e is the callback function data (see above)
            					}
            				});
            				return '<?php 
    echo _("Searching") . "...";
    ?>
'; // We temporary show a Please wait text until the ajax success callback is called.
            			}
            	    });
            	   $('.task_info').tipTip({
                       defaultPosition: "down",
                       delay_load: 100,
                       maxWidth: "auto",
                       edgeOffset: 3,
                       keepAlive:false,
                       content: function (e) {               
                           $.ajax({
                               type: 'GET',
                               url: 'base_bgtask.php',
                               success: function (response) {                                                                                                                    
                                   e.content.html(response); // the var e is the callback function data (see above)
                               }
                           });
                           return '<?php 
    echo _("Waiting status") . "...";
    ?>
'; // We temporary show a Please wait text until the ajax success callback is called.               
                        }
                     });
            	    $('.riskinfo').tipTip({
            			defaultPosition: "left",
            			content: function (e) {
            				return $(this).attr('txt')
            			}
            	    });
            	    $('.idminfo').tipTip({
            			defaultPosition: "top",
            			content: function (e) {
            				return $(this).attr('txt')
            			}
            	    });
            	    $('.scriptinfoimg').tipTip({
            			defaultPosition: "right",
            			content: function (e) {
            				return $(this).attr('txt')
            			}
            	    });   
            	    $(".tztooltip").tipTip({
                        defaultposition: 'right',
                        content: function (e) {
            				return $(this).attr('txt')
            			}
            	    });	
            	    $('.scriptinf').tipTip({
            			defaultPosition: "bottom",
            			content: function (e) {
            				return $(this).attr('txt')
            			}
            	    });
            	    
            		// AUTOCOMPLETE SEARCH FACILITY FOR SENSOR
            	    <?php 
    $snortsensors = GetSensorSids($db);
    $sns = array();
    $sensor_keys = array();
    if (Session::allowedSensors() != "") {
        $user_sensors = explode(",", Session::allowedSensors());
        foreach ($user_sensors as $user_sensor) {
            $sensor_keys[$user_sensor]++;
        }
    } else {
        $sensor_keys['all'] = 1;
    }
    foreach ($snortsensors as $ip => $sids) {
        //$ip = preg_replace ("/^\[.+\]\s*/","",$ip);
        $sid = implode(",", $sids);
        $sname = $sensors[$ip] != "" ? $sensors[$ip] : $ip;
        $sns[$sname] = array($ip, $sid);
    }
    // sort by sensor name
    $sensor = $_GET["sensor"] != "" ? $_GET["sensor"] : $_SESSION["sensor"];
    ksort($sns);
    $str = $notstr = $ipsel = $ents = "";
    foreach ($sns as $sname => $ip) {
        if ($sensor_keys['all'] || $sensor_keys[$ip[0]]) {
            $ip[0] = $sname != "" && $sname != $ip[0] ? "{$sname} [" . $ip[0] . "]" : $ip[0];
            $ip[0] = preg_replace("/^\\[(.+)\\]\\s*(.+)/", "\\1 [\\2]", $ip[0]);
            if ($ipsel == "") {
                if ($ip[1] != "" && $sensor == "!" . $ip[1]) {
                    $ipsel = "\$('#sip').val('!" . $ip[0] . "');";
                } elseif ($ip[1] != "" && $sensor == $ip[1]) {
                    $ipsel = "\$('#sip').val('" . $ip[0] . "');";
                }
            }
            $notstr .= '{ txt:"!' . $ip[0] . '", id: "!' . $ip[1] . '" },';
            $str .= '{ txt:"' . $ip[0] . '", id: "' . $ip[1] . '" },';
        }
    }
    // IP Selected
    echo $ipsel;
    $db_aux = new ossim_db();
    $conn_aux = $db_aux->connect();
    if (Session::is_pro()) {
        $my_entities = Acl::get_entities_to_assign($conn_aux);
        foreach ($my_entities as $e_id => $e_name) {
            if (Session::get_entity_type($conn_aux, $e_id) != 'context') {
                continue;
            }
            $ents .= '{ txt:"' . _('Context') . ': ' . $e_name . '", id: "' . $e_id . '" },';
        }
    }
    $db_aux->close($conn_aux);
    ?>
            		var sensors = [
            			<?php 
    echo preg_replace("/,\$/", "", $str . $notstr . $ents);
    ?>
            		];
            		$("#sip").autocomplete(sensors, {
            			minChars: 0,
            			width: 175,
            			max: 100,
            			matchContains: "word",
            			autoFill: true,
            			formatItem: function(row, i, max) {
            				return row.txt;
            			}
            		}).result(function(event, item) {
            			mix_sensors(item.id);
            			$("#bsf").click();
            		});
            		
            		<?php 
    if (Session::is_pro()) {
        ?>
            		// AUTOCOMPLETE FOR DEVICE IP
            		<?php 
        // Load IPs for autocomplete
        $device_ips = "";
        $_already = array();
        $_device_ips_aux = GetDeviceIPs($db);
        foreach ($_device_ips_aux as $_s_id => $_ip) {
            if (!$_already[$_ip]) {
                if ($device_ips != "") {
                    $device_ips .= ",";
                }
                $device_ips .= "{ txt:\"{$_ip}\", id: \"{$_ip}\" }";
                $_already[$_ip]++;
            }
        }
        ?>
            		var device_ips = [<?php 
        echo $device_ips;
        ?>
];
            		$("#device_input").autocomplete(device_ips, {
            			minChars: 0,
            			width: 175,
            			max: 100,
            			matchContains: "word",
            			autoFill: true,
            			formatItem: function(row, i, max) {
            				return row.txt;
            			}
            		}).result(function(event, item) {
            			$("#device_input").val(item.id);
            			$("#bsf").click();
            		});
            		<?php 
    }
    ?>
    
            		var dayswithevents = [ <?php 
    echo GetDatesWithEvents($db);
    ?>
 ];

            		/*  CALENDAR PLUGIN  */
            	    $('.date_filter').datepicker(
            	    {
            	        buttonText: "",
            	        showOn: "both",
            	        dateFormat: "yy-mm-dd",
            	        buttonImage: "/ossim/pixmaps/calendar.png",

            	        // Color of the cells
                    beforeShowDay: function ( date )
                    {
                        var classname = '';
                        
                        // With-Events color
                        var withevents = (dayswithevents.in_array(date.getTime())) ? ' evented-date' : ''
                        
                        return [true, classname + withevents];
                    },
            	        onClose: function(selectedDate)
            	        {
            	            // End date must be greater than the start date
                    
                            if ($(this).attr('id') == 'date_from')
                            {
                               $('#date_to').datepicker('option', 'minDate', selectedDate );
                            }
                           else
                            {
                                $('#date_from').datepicker('option', 'maxDate', selectedDate );
                            }
            	        
            	            var from   = $('#date_from').val();
            	            var to     = $('#date_to').val();

            	            if (from != '' && to != '')
            	            {
                            var url = "&time_range=range&time_cnt=2&time%5B0%5D%5B0%5D=+&time%5B0%5D%5B1%5D=%3E%3D&time%5B0%5D%5B8%5D=+&time%5B0%5D%5B9%5D=AND&time%5B1%5D%5B1%5D=%3C%3D"
                            var f1 = from.split(/\-/);
                            url = url + '&time%5B0%5D%5B2%5D=' + f1[1]; // month
                            url = url + '&time%5B0%5D%5B3%5D=' + f1[2]; // day
                            url = url + '&time%5B0%5D%5B4%5D=' + f1[0]; // year
                            url = url + '&time%5B0%5D%5B5%5D=00&time%5B0%5D%5B6%5D=00&time%5B0%5D%5B7%5D=00';
                            var f2 = to.split(/\-/);
                            url = url + '&time%5B1%5D%5B2%5D=' + f2[1]; // month
                            url = url + '&time%5B1%5D%5B3%5D=' + f2[2]; // day
                            url = url + '&time%5B1%5D%5B4%5D=' + f2[0]; // year
                            url = url + '&time%5B1%5D%5B5%5D=23&time%5B1%5D%5B6%5D=59&time%5B1%5D%5B7%5D=59';
                               
                            <?php 
    $uri = Util::htmlentities_url(Util::get_sanitize_request_uri($_SERVER['REQUEST_URI']));
    $actual_url = str_replace("?clear_allcriteria=1&", "?", str_replace("&clear_allcriteria=1", "", $uri)) . (preg_match("/\\?.*/", $uri) ? "&" : "?");
    ?>
                            // Go
                            load_link('<?php 
    echo $actual_url;
    ?>
'+url);
            	            }
            	        }
            	    });
            		
            		$('.ndc').disableTextSelect();
            		// timeline
            		if (typeof load_tree == 'function') load_tree();
            		// timeline
            		if (typeof gen_timeline == 'function') gen_timeline();
            		// report
            		if (typeof parent.launch_form == 'function') parent.launch_form();

            		// Some link handlers
            		$('a.trlnk,a.trlnka').each(function() {
            			$(this).click(function() {
            				nogb=true;
            			});
            		});	
            		$('a.trlnks,input.trlnks').each(function() {
            			$(this).click(function() {
            				nogb=true;
            				setTimeout("nogb=false",1000);
            			});
            		});
                $('.greybox').click(function(){
                    var t = this.title || $(this).text() || this.href;
                    GB_show(t,this.href, 550,'85%');
                    return false; 		
                });

                // Clean search box
                $('#frm').submit(function() {
                    if ($('#search_str').attr('class') == "gr")
                    {
                        $('#search_str').val("");
                    }
              	});

                // Risk slider
                /*
                $("#risk_slider").slider({
                    from: 1,
                    to:   5,
                    smooth: false,
                    callback: function( event, ui ) { alert('yeah'); }
                });
                */

                $('#more_filters_button').click(function(){
                    more_filters_toggle();
                });
                $('#adv_search_button').click(function(){
                    GB_show("<?php 
    echo _("Advanced Search");
    ?>
","/forensics/base_qry_form.php", 550, 900);
                    return false;
                });

                <?php 
    if ($_POST['gbhide'] == "1") {
        ?>
                var params       = new Array();
                params['nostop'] = 1;
                parent.GB_hide(params);
                <?php 
    }
    ?>
                
                // Select Section Tab
                load_section(current_section);

                if (current_section == 'grouped')
                {
                    var selected_tab = 1;
                }
                else if (current_section == 'timeline')
                {
                    var selected_tab = 2;
                }
                else
                {
                    var selected_tab = 0;
                }
                /*  Activating the tab plugin   */
                $("#tab_siem").tabs(
                {
                		selected: selected_tab,
                		select:   function(event, ui)
                		{
                		    var action_id = $(ui.tab).data('action_id');
                		     
                		    switch(action_id)
                		    {
                		    case 0:
                		        load_section('events');
                		        break;
                		    case 1:
                		        load_link('base_qry_main.php?submit=Query+DB');
                		        break;
                		    case 2:
                		        load_link('<?php 
    echo $_SESSION["siem_default_group"] != "" ? $_SESSION["siem_default_group"] : "base_stat_alerts.php?sort_order=occur_d";
    ?>
');
                		        break;
                		    case 3:
                		        load_section('timeline');
                		        break;
                		    case 4:
                		        load_link('base_timeline.php');
                		        break;
                		    }
                		}
            	    });
            	}
    
            	function report_launcher(data,type) {
            		var url = '<?php 
    echo urlencode((preg_match("/\\?/", $_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $_SERVER["REQUEST_URI"] . "?" . $_SERVER["QUERY_STRING"]) . "&complete=1");
    ?>
';
            		var dates = '<?php 
    echo $y1 != "" ? "&date_from=" . urlencode("{$y1}-{$m11}-{$d1}") : "&date_from=";
    echo $y2 != "" ? "&date_to=" . urlencode("{$y2}-{$m21}-{$d2}") : "&date_to=";
    ?>
';
            		GB_show("<?php 
    echo _("Report options");
    ?>
",'/forensics/report_launcher.php?url='+url+'&data='+data+'&type='+type+dates,200,'40%');
            		return false;
            	}
            
            // bgtask check
            <?php 
    if ($_SESSION["deletetask"] != "") {
        echo "bgtask();\n";
    } else {
        echo "// Not running";
    }
    ?>
            
            $('document').ready(function()
            {                                
                $('#search_type_combo').on('change', show_search_tooltip);   
                $('#search_type_combo').trigger('change');             
                
                $('.pholder').placeholder();
            });
            
            </script>
            
        </head>
        <body>
    <?php 
    // Include search form, current criteria box, and stats box
    if (!array_key_exists("minimal_view", $_GET) && !array_key_exists("noheader", $_GET)) {
        include "base_header.php";
    }
}
Example #11
0
function top_siem_events($conn, $limit)
{
    $data = array();
    $sensor_where = "";
    $sensor_join = "";
    if (Session::allowedSensors() != "") {
        $user_sensors = explode(",", Session::allowedSensors());
        $snortsensors = get_sensor_sids($conn);
        $sids = array();
        foreach ($user_sensors as $user_sensor) {
            //echo "Sids de $user_sensor ".$snortsensors[$user_sensor][0]."<br>";
            if (count($snortsensors[$user_sensor]) > 0) {
                foreach ($snortsensors[$user_sensor] as $sid) {
                    if ($sid != "") {
                        $sids[] = $sid;
                    }
                }
            }
        }
        if (count($sids) > 0) {
            $sensor_where = " AND acid_event.plugin_id=alarm.plugin_id AND acid_event.plugin_sid=alarm.plugin_sid AND acid_event.sid in (" . implode(",", $sids) . ")";
            $sensor_where_ac = " WHERE acid_event.sid in (" . implode(",", $sids) . ")";
        } else {
            $sensor_where = " AND acid_event.plugin_id=alarm.plugin_id AND acid_event.plugin_sid=alarm.plugin_sid AND acid_event.sid in (0)";
            // Vacio
            $sensor_where_ac = " WHERE acid_event.sid in (0)";
            // Vacio
        }
        $sensor_join = $counter == 1 ? "snort.acid_event as acid_event," : "snort.acid_event,";
    }
    if ($sensor_where_ac != "") {
        $query = "SELECT count(*) as num, plugin_sid.name FROM " . str_replace(",", "", $sensor_join) . " LEFT JOIN ossim.plugin_sid ON plugin_sid.plugin_id=acid_event.plugin_id AND plugin_sid.sid=acid_event.plugin_sid {$sensor_where_ac} GROUP BY name ORDER BY num DESC LIMIT {$limit}";
    } else {
        $query = "SELECT sum(ac.sig_cnt) as num, plugin_sid.name FROM snort.ac_alerts_signature AS ac LEFT JOIN ossim.plugin_sid ON plugin_sid.plugin_id=ac.plugin_id AND plugin_sid.sid=ac.plugin_sid GROUP BY name ORDER BY num DESC LIMIT {$limit}";
    }
    if (!($rs =& $conn->Execute($query))) {
        echo "error";
        die($conn->ErrorMsg());
    }
    while (!$rs->EOF) {
        $data[Util::signaturefilter($rs->fields["name"])] = $rs->fields["num"];
        $rs->MoveNext();
    }
    return $data;
}
 function PrintForm()
 {
     global $db;
     echo '<SELECT NAME="sensor" id="sensor">
          <OPTION VALUE="" ' . chk_select($this->criteria, " ") . '>' . gettext("{ any Sensor }");
     // Filter by user perms if no criteria
     $where_sensor = "";
     if (Session::allowedSensors() != "") {
         $user_sensors = explode(",", Session::allowedSensors());
         $snortsensors = GetSensorSids($db);
         $sensor_str = "";
         foreach ($user_sensors as $user_sensor) {
             if (count($snortsensors[$user_sensor]) > 0) {
                 $sensor_str .= ($sensor_str != "" ? ',' : '') . $snortsensors[$user_sensor];
             }
         }
         if ($sensor_str == "") {
             $sensor_str = "0";
         }
         $where_sensor = " AND d.id in (" . $sensor_str . ")";
     }
     $temp_sql = "SELECT d.id,s.name,s.ip FROM alienvault_siem.device d,alienvault.sensor s WHERE d.sensor_id=s.id {$where_sensor}";
     $tmp_result = $this->db->baseExecute($temp_sql);
     $varjs = "var sensortext = Array(); var sensorvalue = Array();\n";
     $sensor_sid_names = array();
     if ($tmp_result->row) {
         $i = 0;
         while ($myrow = $tmp_result->baseFetchRow()) {
             //$sname = GetSensorName($myrow["sid"], $this->db);
             $sname = $myrow["name"];
             $sensor_sid_names[$sname] .= ($sensor_sid_names[$sname] != "" ? "," : "") . $myrow["id"];
         }
         foreach ($sensor_sid_names as $name => $sids) {
             echo '<OPTION VALUE="' . $sids . '" ' . chk_select($this->criteria, $sids) . '>' . $name;
             $varjs .= "sensortext[{$i}] = '{$name}';\n";
             $varjs .= "sensorvalue[{$i}] = '" . $sids . "';\n";
             $i++;
         }
         $tmp_result->baseFreeRows();
     }
     echo '</SELECT><script>' . $varjs . ' var num_sensors=' . $i . ';</script>&nbsp;&nbsp;';
 }
    // SENSOR Filter mysql layer (not implemented)
    //$query = "SELECT DISTINCT ac_sensor_sid.sid, sum(ac_sensor_sid.cid) as event_cnt, (select count(distinct plugin_id, plugin_sid) from ac_sensor_signature where ac_sensor_signature.sid=ac_sensor_sid.sid and ac_sensor_sid.day=ac_sensor_signature.day) as sig_cnt, (select count(distinct(ip_src)) from ac_sensor_ipsrc where ac_sensor_sid.sid=ac_sensor_ipsrc.sid and ac_sensor_sid.day=ac_sensor_ipsrc.day) as saddr_cnt, (select count(distinct(ip_dst)) from ac_sensor_ipdst where ac_sensor_sid.sid=ac_sensor_ipdst.sid and ac_sensor_sid.day=ac_sensor_ipdst.day) as daddr_cnt, min(ac_sensor_sid.first_timestamp) as first_timestamp, max(ac_sensor_sid.last_timestamp) as last_timestamp FROM ac_sensor_sid FORCE INDEX(primary) GROUP BY ac_sensor_sid.sid ORDER BY event_cnt DESC LIMIT 10";
    $query = "SELECT DISTINCT sid, sum(cid) as event_cnt FROM ac_sensor_sid GROUP BY sid ORDER BY event_cnt DESC";
} else {
    $query = "SELECT DISTINCT sid, sum(cid) as event_cnt FROM ac_sensor_sid GROUP BY sid ORDER BY event_cnt DESC";
}
if (!($rs =& $conn->Execute($query))) {
    print $conn->ErrorMsg();
    exit;
}
$s = 0;
$data = array();
while (!$rs->EOF) {
    // SENSOR Filter PHP layer
    $sensor_plugin = explode("-", GetSensorName($rs->fields["sid"], $conn), 2);
    if ($s < 20 && (Session::allowedSensors() == "" || $sensorkeys[$sensor_plugin[0]] > 0)) {
        $plugin = $sensor_plugin[1] != "" ? preg_replace("/:.*/", "", $sensor_plugin[1]) : "snort";
        if ($plugin == "") {
            $plugin = "snort";
        }
        $plugin = preg_replace("/ossec-.*/", "ossec", $plugin);
        $sensor_plugin[0] = preg_replace("/:.*/", "", $sensor_plugin[0]);
        $sensor = $sensors[$sensor_plugin[0]] != "" ? $sensors[$sensor_plugin[0]] : $sensor_plugin[0];
        $data[$sensor][$plugin] += $rs->fields["event_cnt"];
        $s++;
    }
    $rs->MoveNext();
}
$header = $events = array();
$header[] = "";
// first row blank
Example #14
0
 foreach ($plgs as $encoded) {
     $plugins .= "," . base64_decode($encoded);
 }
 $plugins = preg_replace("/^,/", "", $plugins);
 $risk = GET('risk');
 if ($from_snort) {
     // read from acid_event
     $where = $plugins != "" ? "AND {$acid_table}.sid in ({$plugins}) AND timestamp>" . strtotime("-1 days") : "";
     // Limit in second select when sensor is specified (OJO)
     $firstlimit = Session::allowedSensors() != "" ? " limit 99999" : " limit {$max_rows}";
     $key_index = $plugins != "" ? "" : str_replace("IND", "timestamp", $key_index);
     //$sql = 'select "0" as plugin_id,"0" as plugin_sid, unix_timestamp(timestamp) as id, sid, signature.sig_name as plugin_sid_name, inet_ntoa(ip_src) as aux_src_ip, inet_ntoa(ip_dst) as aux_dst_ip, timestamp, ossim_risk_a as risk_a, ossim_risk_c as risk_c, (select substring_index(substring_index(hostname,":",1),"-",1) from sensor where sensor.sid = acid_event.sid) as sensor, layer4_sport as src_port, layer4_dport as dst_port, ossim_priority as priority, ossim_reliability as reliability, ossim_asset_src as asset_src, ossim_asset_dst as asset_dst, ip_proto as protocol, (select interface from sensor where sensor.sid = acid_event.sid) as interface from acid_event force index(' . $index . '), signature WHERE signature.sig_id=acid_event.signature ' . $where . ' order by timestamp desc'.$firstlimit;
     $sql = "select {$acid_table}.plugin_id, {$acid_table}.plugin_sid, unix_timestamp(timestamp) as id, {$acid_table}.sid, plugin_sid.name as plugin_sid_name, inet_ntoa(ip_src) as aux_src_ip, inet_ntoa(ip_dst) as aux_dst_ip, convert_tz(timestamp,'+00:00','{$tzc}') as timestamp, ossim_risk_a as risk_a, ossim_risk_c as risk_c, (select substring_index(substring_index(hostname,':',1),'-',1) from sensor where sensor.sid = {$acid_table}.sid) as sensor, layer4_sport as src_port, layer4_dport as dst_port, ossim_priority as priority, ossim_reliability as reliability, ossim_asset_src as asset_src, ossim_asset_dst as asset_dst, ip_proto as protocol, (select interface from sensor where sensor.sid = {$acid_table}.sid) as interface from {$acid_table} {$key_index} LEFT JOIN ossim.plugin_sid ON plugin_sid.plugin_id={$acid_table}.plugin_id AND plugin_sid.sid={$acid_table}.plugin_sid WHERE 1=1 " . $where . " order by timestamp desc" . $firstlimit;
     // Reselect when SENSOR is specified (better than join tables)
     if (Session::allowedSensors() != "") {
         $sensorlist = explode(",", Session::allowedSensors());
         foreach ($sensorlist as $s) {
             $wheresensor .= $wheresensor != "" ? " OR sensor='{$s}'" : " WHERE sensor='{$s}'";
         }
         $sql = "SELECT * FROM ({$sql}) as preselect{$wheresensor} LIMIT {$max_rows}";
     }
     // QUERY DEBUG:
     //$f = fopen ("/tmp/sensordebug","w");
     //fputs ($f,$sql."\n");
     //fclose ($f);
     if (!($rs =& $snort_conn->Execute($sql))) {
         echo "// Query error: {$sql}\n// " . $snort_conn->ErrorMsg() . "\n";
         return;
     }
 } else {
     // read from event_tmp
Example #15
0
$conf = $GLOBALS['CONF'];
$conf_threshold = $conf->get_conf('threshold');
$db = new ossim_db();
$conn = $db->connect();
//ajax_set_values();
$host_qualification_cache = get_host_qualification($conn);
$net_qualification_cache = get_net_qualification($conn);
////////////////////////////////////////////////////////////////
// Network Groups
////////////////////////////////////////////////////////////////
// If allowed_nets === null, then permit all
$allowed_nets = Session::allowedNets($user);
if ($allowed_nets) {
    $allowed_nets = explode(',', $allowed_nets);
}
$allowed_sensors = Session::allowedSensors($user);
if ($allowed_sensors) {
    $allowed_sensors = explode(',', $allowed_sensors);
}
$net_where = "";
if ($allowed_sensors != "" || $allowed_nets != "") {
    $nets_aux = Net::get_list($conn);
    $networks_str = "";
    foreach ($nets_aux as $net) {
        $networks_str .= $networks_str != "" ? ",'" . $net->get_name() . "'" : "'" . $net->get_name() . "'";
    }
    if ($networks_str != "") {
        $net_where = " AND net.name in ({$networks_str})";
    }
}
//$net_limit = " LIMIT $from,$max";
Example #16
0
 function PrintForm()
 {
     global $db;
     echo '<SELECT NAME="sensor" id="sensor">
          <OPTION VALUE=" " ' . chk_select($this->criteria, " ") . '>' . gettext("{ any Sensor }");
     // Filter by user perms if no criteria
     $where_sensor = "";
     if (Session::allowedSensors() != "") {
         $user_sensors = explode(",", Session::allowedSensors());
         $snortsensors = GetSensorSids($db);
         $sensor_str = "";
         foreach ($user_sensors as $user_sensor) {
             if (count($snortsensors[$user_sensor]) > 0) {
                 $sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]);
             }
         }
         if ($sensor_str == "") {
             $sensor_str = "0";
         }
         $where_sensor = " WHERE sid in (" . $sensor_str . ")";
     }
     $temp_sql = "SELECT * FROM sensor{$where_sensor}";
     $tmp_result = $this->db->baseExecute($temp_sql);
     $varjs = "var sensortext = Array(); var sensorvalue = Array();\n";
     $sensor_sid_names = array();
     if ($tmp_result->row) {
         $i = 0;
         while ($myrow = $tmp_result->baseFetchRow()) {
             //$sname = GetSensorName($myrow["sid"], $this->db);
             $sname = $myrow["sensor"] != "" ? $myrow["sensor"] : preg_replace("/-.*/", "", $myrow["hostname"]);
             $sensor_sid_names[$sname] .= ($sensor_sid_names[$sname] != "" ? "," : "") . $myrow["sid"];
             //echo '<OPTION VALUE="' . $myrow[0] . '" ' . chk_select($this->criteria, $myrow[0]) . '>' . '[' . $myrow[0] . '] ' . $sname;
             //$varjs.= "sensortext[$i] = '$sname';\n";
             //$varjs.= "sensorvalue[$i] = '" . $myrow[0] . "';\n";
         }
         foreach ($sensor_sid_names as $name => $sids) {
             echo '<OPTION VALUE="' . $sids . '" ' . chk_select($this->criteria, $sids) . '>' . $name;
             $varjs .= "sensortext[{$i}] = '{$name}';\n";
             $varjs .= "sensorvalue[{$i}] = '" . $sids . "';\n";
             $i++;
         }
         $tmp_result->baseFreeRows();
     }
     echo '</SELECT><script>' . $varjs . ' var num_sensors=' . $i . ';</script>&nbsp;&nbsp;';
 }
Example #17
0
function import_assets_csv($filename)
{
    require_once 'classes/Util.inc';
    $response = array();
    $db = new ossim_db();
    $conn = $db->connect();
    if (($content = file($filename, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES)) == false) {
        $response['file_errors'] = "Failed to read file";
        $response['status'] = false;
        return $response;
    } else {
        foreach ($content as $k => $v) {
            $data[] = explode(";", $v);
        }
    }
    $cont = 0;
    ini_set('max_execution_time', 180);
    ids_valid($data);
    if (count($data) <= 0) {
        $response['file_errors'] = _("Incompatible file format");
        $response['status'] = false;
        return $response;
    }
    $allowed_sensors = Session::allowedSensors();
    if (!empty($allowed_sensors)) {
        $my_allowed_sensors = explode(',', $allowed_sensors);
    } else {
        $response['file_errors'] = _("You need at least one sensor assigned");
        $response['status'] = false;
        return $response;
    }
    foreach ($data as $k => $v) {
        $response['status'] = true;
        $response['read_line'] = $cont;
        $cont++;
        if (count($v) != 8) {
            $response['line_errors'][$cont][] = array("Line", _("Format not allowed"));
            $response['status'] = false;
        }
        $param = array();
        foreach ($v as $i => $field) {
            $parameter = trim($field);
            $pattern = '/^\\"|\\"$|^\'|\'$/';
            $param[] = preg_replace($pattern, '', $parameter);
        }
        //IP
        if (!ossim_valid($param[0], OSS_IP_ADDR, 'illegal:' . _("IP"))) {
            $response['line_errors'][$cont][] = array("IP", ossim_get_error_clean());
            $response['status'] = false;
        }
        //Hostname
        if (empty($param[1])) {
            $param[1] = $param[0];
        } else {
            if (!ossim_valid($param[1], OSS_SCORE, OSS_ALPHA, OSS_PUNC, 'illegal:' . _("Hostname"))) {
                $response['line_errors'][$cont][] = array("Hostname", ossim_get_error_clean());
                $response['status'] = false;
                ossim_clean_error();
            }
        }
        //FQDNs
        if (!empty($param[2])) {
            $fqdns_list = explode(",", $param[2]);
            foreach ($fqdns_list as $k => $fqdn) {
                if (!ossim_valid(trim($fqdn), OSS_NULLABLE, OSS_ALPHA, OSS_PUNC, 'illegal:' . _("FQDN/Aliases"))) {
                    $response['line_errors'][$cont][] = array("FQDN/Aliases", ossim_get_error_clean());
                    $response['status'] = false;
                    ossim_clean_error();
                }
            }
        }
        //Description
        if (!ossim_valid($param[3], OSS_NULLABLE, OSS_SCORE, OSS_ALPHA, OSS_PUNC, OSS_AT, 'illegal:' . _("Description"))) {
            $response['line_errors'][$cont][] = array("Description", ossim_get_error_clean());
            $response['status'] = false;
            ossim_clean_error();
        }
        //Asset
        if ($param[4] == '') {
            $param[4] = 2;
        } else {
            if (!ossim_valid($param[4], OSS_NULLABLE, OSS_DIGIT, 'illegal:' . _("Asset value"))) {
                $response['line_errors'][$cont][] = array("Asset", ossim_get_error_clean());
                $response['status'] = false;
                ossim_clean_error();
            }
        }
        //NAT
        if (!ossim_valid($param[5], OSS_NULLABLE, OSS_IP_ADDR, 'illegal:' . _("NAT"))) {
            $response['line_errors'][$cont][] = array("NAT", ossim_get_error_clean());
            $response['status'] = false;
            ossim_clean_error();
        }
        //Sensors
        $sensors = array();
        if (!empty($param[6])) {
            $sensor_name = array();
            $list = explode(",", $param[6]);
            $sensors_list = array_intersect($list, $my_allowed_sensors);
            if (!empty($sensors_list)) {
                foreach ($sensors_list as $sensor) {
                    $sensors[] = Sensor::get_sensor_name($conn, $sensor);
                }
            } else {
                $response['line_errors'][$cont][] = array("Sensors", _("You need at least one allowed Sensor"));
                $response['status'] = false;
                ossim_clean_error();
            }
        } else {
            $response['line_errors'][$cont][] = array("Sensors", _("Column Sensors is empty"));
            $response['status'] = false;
            ossim_clean_error();
        }
        $list_os = array("Windows", "Linux", "FreeBSD", "NetBSD", "OpenBSD", "MacOS", "Solaris", "Cisco", "AIX", "HP-UX", "Tru64", "IRIX", "BSD/OS", "SunOS", "Plan9", "IPhone");
        //Operating System
        if (!empty($param[7]) && !in_array($param[7], $list_os)) {
            $param[7] = "Unknown";
        }
        if ($response['status'] == true) {
            //Parameters
            $ip = $param[0];
            $hostname = $param[1];
            $asset = $param[4];
            $threshold_c = 30;
            $threshold_a = 30;
            $rrd_profile = "";
            $alert = 0;
            $persistence = 0;
            $nat = $param[5];
            $descr = $param[3];
            $os = $param[7];
            $fqdns = $param[2];
            $latitude = '';
            $longitude = '';
            $icon = 0;
            if (!Host::in_host($conn, $ip)) {
                Host::insert($conn, $ip, $hostname, $asset, $threshold_c, $threshold_a, $rrd_profile, $alert, $persistence, $nat, $sensors, $descr, $os, $mac, $mac_vendor, $latitude, $longitude, $fqdns, $icon);
            } else {
                Host::update($conn, $ip, $hostname, $asset, $threshold_c, $threshold_a, $rrd_profile, $alert, $persistence, $nat, $sensors, $descr, $os, $mac, $mac_vendor, $latitude, $longitude, $fqdns, $icon);
            }
        }
    }
    $response['read_line'] = $cont;
    return $response;
}
Example #18
0
			</table>
		</td>
	
		<td class="left" valign="top" style="padding-top:8px; border:none;">
			<a href="#" onclick="checkall('sensor');return false;"><?php 
echo gettext("Select / Unselect all");
?>
</a>
			<hr noshade='noshade'>
			<?php 
$i = 0;
foreach ($sensor_list as $sensor) {
    $sensor_name = $sensor->get_name();
    $sensor_ip = $sensor->get_ip();
    $input = "<input type=\"checkbox\" class='sensor' name=\"sensor{$i}\" value=\"" . $sensor_ip . "\"";
    if (false !== strpos(Session::allowedSensors($user->get_login()), $sensor_ip)) {
        $input .= " checked='checked' ";
    }
    if ($sensors || $user->get_login() == 'admin') {
        $input .= " checked='checked' ";
    }
    if ($user->get_login() == 'admin') {
        $input .= "disabled='disabled'";
    }
    $input .= "/>{$sensor_name}<br/>";
    echo $input;
    $i++;
}
?>
			
			<input type="hidden" name="nsensors" value="<?php 
Example #19
0
function server_get_sensors_socket()
{
    $allowed_sensors = explode(',', Session::allowedSensors());
    $ossim_conf = $GLOBALS['CONF'];
    if (!$ossim_conf) {
        $ossim_conf = new Ossim_conf();
        $GLOBALS['CONF'] = $ossim_conf;
    }
    /* get the port and IP address of the server */
    $address = $ossim_conf->get_conf('server_address');
    $port = $ossim_conf->get_conf('server_port');
    /* create socket */
    $socket = socket_create(AF_INET, SOCK_STREAM, 0);
    if ($socket < 0) {
        return array($list, '<strong>' . _('socket_create() failed') . '<br/> ' . _('Reason: ') . '</strong>' . socket_strerror($socket));
    }
    $list = array();
    /* connect */
    socket_set_block($socket);
    socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array('sec' => 4, 'usec' => 0));
    socket_set_option($socket, SOL_SOCKET, SO_SNDTIMEO, array('sec' => 4, 'usec' => 0));
    $result = @socket_connect($socket, $address, $port);
    if (!$result) {
        $errmsg = sprintf(_("Unable to connect to %s server. Please, wait until it's available again or check if it's running at %s"), Session::is_pro() ? "USM" : "OSSIM", "{$address}:{$port}");
        return array($list, $errmsg);
    }
    /* first send a connect message to server */
    $in = 'connect id="1" type="web"' . "\n";
    $out = '';
    socket_write($socket, $in, strlen($in));
    $out = @socket_read($socket, 2048, PHP_BINARY_READ);
    if (strncmp($out, 'ok id=', 4)) {
        $errmsg = sprintf(_("Bad response from %s server. Please, wait until it's available again or check if it's running at %s"), Session::is_pro() ? "USM" : "OSSIM", "{$address}:{$port}");
        return array($list, $errmsg);
    }
    /* get sensors from server */
    $in = 'server-get-sensor-plugins id="2"' . "\n";
    $output = '';
    socket_write($socket, $in, strlen($in));
    $pattern = '/sensor="([^"]*)" plugin_id="([^"]*)" state="([^"]*)" enabled="([^"]*)"/ ';
    // parse results
    while ($output = socket_read($socket, 2048, PHP_BINARY_READ)) {
        $lines = explode("\n", $output);
        foreach ($lines as $out) {
            if (preg_match($pattern, $out, $regs)) {
                //if (Session::hostAllowed($conn, $regs[1])) {
                if (in_array($regs[1], $allowed_sensors) || Session::allowedSensors() == "") {
                    $list[$regs[1]][$regs[2]]['enabled'] = $regs[4];
                    $list[$regs[1]][$regs[2]]['state'] = $regs[3];
                }
            } elseif (!strncmp($out, 'ok id=', 4)) {
                break;
            }
        }
    }
    socket_close($socket);
    return array($list, '');
}
Example #20
0
require_once "ossim_db.inc";
$db = new ossim_db();
$conn = $db->connect();
if ($debug) {
    echo "Retrieving Assets from entity/user: {$filter_by}...";
}
$allowedNets = "";
$allowedSensors = "";
if ($filter_by != "") {
    // Entity
    if (preg_match("/^\\d+\$/", $filter_by)) {
        $allowedSensors = Session::entityPerm($conn, $filter_by, "sensors");
        $allowedNets = Session::entityPerm($conn, $filter_by, "assets");
        // Username
    } elseif (preg_match("/^[A-Za-z0-9\\_\\-\\.]+\$/", $filter_by)) {
        $allowedSensors = Session::allowedSensors($filter_by);
        $allowedNets = Session::allowedNets($filter_by);
    }
}
if ($allowedNets == "" && $allowedSensors == "") {
    if ($debug) {
        echo "no filters for {$filter_by}\n";
    }
} else {
    // 1) GET ALLOWED HOSTS
    $sensor_where = "";
    if ($allowedSensors != "") {
        $user_sensors = explode(",", $allowedSensors);
        $sensor_str = "";
        foreach ($user_sensors as $user_sensor) {
            if ($user_sensor != "") {