function parseURL($url) { $uri = null; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL():: Analyze [{$url}]"); } $md5 = md5($url); // 10.0.0.32 00:1e:8c:a5:39:19 - crash- // 10.0.0.76 00:25:22:73:31:d5 - // 10.0.0.60 00:1d:92:70:96:70 - fbexternal-a.akamaihd.net:443 if (preg_match("#([0-9\\.]+)\\s+([0-9\\:a-z]+)\\s+-(.+?):([0-9]+)\$#", $url, $re)) { $GLOBALS["CACHE_URI"][$md5]["LOGIN"] = null; $GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $re[1]; $GLOBALS["CACHE_URI"][$md5]["MAC"] = $re[2]; $GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($re[1]); $GLOBALS["CACHE_URI"][$md5]["URI"] = null; $GLOBALS["CACHE_URI"][$md5]["RHOST"] = $re[3]; return $GLOBALS["CACHE_URI"][$md5]; } if (preg_match("#([0-9\\.]+)\\s+([0-9\\:a-z]+)\\s+-\$#", $url, $re)) { $GLOBALS["CACHE_URI"][$md5]["LOGIN"] = null; $GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $re[1]; $GLOBALS["CACHE_URI"][$md5]["MAC"] = $re[2]; $GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($re[1]); $GLOBALS["CACHE_URI"][$md5]["URI"] = null; $GLOBALS["CACHE_URI"][$md5]["RHOST"] = null; return $GLOBALS["CACHE_URI"][$md5]; } if (preg_match("#([0-9\\.]+)\\s+([0-9\\:a-z]+)\\s+-\\s+([a-z]+)-\$#", $url, $re)) { $GLOBALS["CACHE_URI"][$md5]["LOGIN"] = null; $GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $re[1]; $GLOBALS["CACHE_URI"][$md5]["MAC"] = $re[2]; $GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($re[1]); $GLOBALS["CACHE_URI"][$md5]["URI"] = null; $GLOBALS["CACHE_URI"][$md5]["RHOST"] = $re[3]; return $GLOBALS["CACHE_URI"][$md5]; } if (preg_match("#(http|ftp|https|ftps):\\/\\/(.*)#i", $url, $re)) { $uri = $re[1] . "://" . $re[2]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("found uri {$uri}"); } $url = trim(str_replace($uri, "", $url)); if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("Analyze {$url}"); } } if ($uri == null) { if (preg_match("#([a-z0-9\\.]+):([0-9]+)\$#i", $url, $re)) { $uri = "http://" . $re[1] . ":" . $re[2]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("found uri {$uri}"); } $url = trim(str_replace($re[1] . ":" . $re[2], "", $url)); if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("Analyze \"{$url}\""); } } } if ($uri != null) { $URLAR = parse_url($uri); if (isset($URLAR["host"])) { $rhost = $URLAR["host"]; } } if (isset($GLOBALS["CACHE_URI"][$md5])) { return $GLOBALS["CACHE_URI"][$md5]; } $tr = explode(" ", $url); if ($GLOBALS["DEBUG_LEVEL"] > 1) { while (list($index, $line) = each($tr)) { WLOG("tr[{$index}] = {$line}"); } } //max auth=4 if (count($tr) == 4) { WLOG("count --> 4"); $login = $tr[0]; $ipaddr = $tr[1]; $mac = $tr[2]; $forwarded = $tr[3]; if (isset($tr[4])) { $uri = $tr[4]; } if ($mac == "00:00:00:00:00:00") { $mac = null; } if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $forwarded)) { $ipaddr = $forwarded; } if ($mac == null) { $mac = GetMacFromIP($ipaddr); } if ($mac == "00:00:00:00:00:00") { $mac = null; } $GLOBALS["CACHE_URI"][$md5]["LOGIN"] = $login; $GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $ipaddr; $GLOBALS["CACHE_URI"][$md5]["MAC"] = $mac; $GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($ipaddr); $GLOBALS["CACHE_URI"][$md5]["URI"] = $uri; $GLOBALS["CACHE_URI"][$md5]["RHOST"] = $rhost; return $GLOBALS["CACHE_URI"][$md5]; } if (count($tr) == 3) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("count --> 3"); } if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $tr[0])) { //ip en premier donc mac=ok, pas de login $login = null; $ipaddr = $tr[0]; $mac = $tr[1]; $forwarded = $tr[2]; if (isset($tr[3])) { $uri = $tr[3]; } } else { //login en premier donc mac=bad $login = $tr[0]; $ipaddr = $tr[1]; $forwarded = $tr[2]; if (isset($tr[3])) { $uri = $tr[3]; } } if ($mac == "00:00:00:00:00:00") { $mac = null; } if (preg_match("#[0-9]+\\[0-9]+\\.[0-9]+\\.[0-9]+#", $forwarded)) { $ipaddr = $forwarded; } if ($mac == null) { $mac = GetMacFromIP($ipaddr); } if ($mac == "00:00:00:00:00:00") { $mac = null; } $GLOBALS["CACHE_URI"][$md5]["LOGIN"] = $login; $GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $ipaddr; $GLOBALS["CACHE_URI"][$md5]["MAC"] = $mac; $GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($ipaddr); $GLOBALS["CACHE_URI"][$md5]["URI"] = $uri; $GLOBALS["CACHE_URI"][$md5]["RHOST"] = $rhost; return $GLOBALS["CACHE_URI"][$md5]; } if (count($tr) == 2) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("count --> 2"); } //pas de login et pas de MAC; $login = null; $ipaddr = $tr[0]; $mac = null; $forwarded = $tr[1]; if (isset($tr[2])) { $uri = $tr[2]; } if (preg_match("#[0-9]+\\[0-9]+\\.[0-9]+\\.[0-9]+#", $forwarded)) { $ipaddr = $forwarded; } } if ($mac == null) { $mac = GetMacFromIP($ipaddr); } else { if ($mac == "00:00:00:00:00:00") { $mac = null; $mac = GetMacFromIP($ipaddr); } } if ($mac == "00:00:00:00:00:00") { $mac = null; } $GLOBALS["CACHE_URI"][$md5]["LOGIN"] = $login; $GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $ipaddr; $GLOBALS["CACHE_URI"][$md5]["MAC"] = $mac; $GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($ipaddr); $GLOBALS["CACHE_URI"][$md5]["URI"] = $uri; $GLOBALS["CACHE_URI"][$md5]["RHOST"] = $rhost; return $GLOBALS["CACHE_URI"][$md5]; }
function youtube_array_to_sql($array) { $q = new mysql_squid_builder(); while (list($key, $val) = each($array)) { $val = str_replace("'", "`", $val); $val = mysql_escape_string2($val); $array[$key] = addslashes($val); } $VIDEOID = $array["VIDEOID"]; $clientip = $array["clientip"]; $username = $array["username"]; $time = $array["time"]; $mac = $array["mac"]; $hostname = $array["hostname"]; if ($username == "-") { $username = null; } if (strlen($username) < 3) { $username = null; } if (!__IsPhysicalAddress($mac)) { $mac = null; } if ($mac == null) { $mac = GetMacFromIP($clientip); } if ($GLOBALS["VERBOSE"]) { echo "{$mac}:: {$VIDEOID} -> \n"; } if (!youtube_infos($VIDEOID)) { youtube_events("youtube_infos:: {$VIDEOID} -> FAILED", __LINE__); } $timeint = strtotime($time); $timeKey = date('YmdH', $timeint); $account = 0; if ($mac != null) { if ($username == null) { $username = $q->UID_FROM_MAC($mac); } } if ($clientip != null) { if ($username == null) { $username = $q->UID_FROM_IP($clientip); } } youtube_events("{$timeKey} => ('{$time}','{$clientip}','{$hostname}','{$username}','{$mac}','{$account}','{$VIDEOID}')", __LINE__); return array($timeKey, "('{$time}','{$clientip}','{$hostname}','{$username}','{$mac}','{$account}','{$VIDEOID}')"); }
function UserDBTranslate($full) { if (count($GLOBALS["USERSDB"]) == 0) { if ($GLOBALS["DEBUG"]) { WLOG("UserDBTranslate:: no database.."); return $full; } } $array = explode(" ", $full); $ip = $array[1]; $slash = strpos($ip, '/'); if ($slash > 0) { $ip = substr($ip, 0, $slash); } $MAC = GetMacFromIP(trim($ip)); if ($GLOBALS["DEBUG"]) { WLOG("UserDBTranslate:: {$ip} = {$MAC}"); } if ($MAC == null) { return $full; } if (!isset($GLOBALS["USERSDB"]["MACS"][$MAC])) { if ($GLOBALS["DEBUG"]) { WLOG("UserDBTranslate:: `{$MAC}` no translation"); } return $full; } $uid = trim($GLOBALS["USERSDB"]["MACS"][$MAC]["UID"]); if ($uid == null) { return $full; } if ($GLOBALS["DEBUG"]) { WLOG("UserDBTranslate:: `{$MAC}` = `{$uid}`"); } $full = str_replace("/- -", "/- {$uid}", $full); if ($GLOBALS["DEBUG"]) { WLOG("UserDBTranslate:: return {$full}"); } return $full; }
function parseURL($url, $return_rhost = false) { $uri = null; $md5 = md5($url); $MAIN_ARRAY = array(); if (isset($GLOBALS["CACHE_URI"][$md5])) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("MEMORY {$md5} " . strlen($GLOBALS["CACHE_URI"][$md5]) . " [" . __LINE__ . "]"); } if ($return_rhost) { $a = unserialize($GLOBALS["CACHE_URI"][$md5]); if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("RETURN MEMORY {$md5} [" . __LINE__ . "]"); } return $a["RHOST"]; } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("RETURN MEMORY {$md5} [" . __LINE__ . "]"); } return unserialize($GLOBALS["CACHE_URI"][$md5]); } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("\n -----------------------------------------------------\n"); } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL():: Analyze {$url} /CATZ = {$GLOBALS["CATZ-EXTRN"]} [" . __LINE__ . "]"); } if ($GLOBALS["CATZ-EXTRN"] > 0) { $tr = explode(" ", $url); $MAIN_ARRAY["LOGIN"] = null; $MAIN_ARRAY["IPADDR"] = $tr[0]; $MAIN_ARRAY["MAC"] = $tr[1]; $MAIN_ARRAY["HOST"] = GetComputerName($tr[0]); $MAIN_ARRAY["URI"] = $tr[3]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL():: Analyze RHOST = {$tr[3]} [" . __LINE__ . "]"); } if (preg_match("#^(.*?):([0-9]+)\$#i", $tr[3], $re)) { $MAIN_ARRAY["RHOST"] = $re[1]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL():: FOUND RHOST = {$MAIN_ARRAY["RHOST"]} [" . __LINE__ . "]"); } if ($return_rhost) { return $re[1]; } $GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY); return $MAIN_ARRAY; } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL():: {$tr[3]} != ^([a-z0-9\\.]+):([0-9]+) [" . __LINE__ . "]"); } if (preg_match("#^http.*?:#", $tr[3])) { $URLAR = parse_url($tr[3]); if (isset($URLAR["host"])) { $MAIN_ARRAY["RHOST"] = $URLAR["host"]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL():: FOUND RHOST = {$MAIN_ARRAY["RHOST"]} [" . __LINE__ . "]"); } if ($return_rhost) { return $re[1]; } $GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY); return $MAIN_ARRAY; } } } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL():: Analyze {$url} [" . __LINE__ . "]"); } if (preg_match("#-\\s+(.+?)\\s+ID([0-9]+)#", $url, $re)) { $GLOBALS["RULE_ID"] = $re[2]; $url = str_replace($re[0], "", $url); if (preg_match("#(.+?):([0-9]+)#", $re[1], $ri)) { $re[1] = $ri[1]; } $MAIN_ARRAY["RHOST"] = $re[1]; $MAIN_ARRAY["RULE_ID"] = $re[2]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::found ID:{$GLOBALS["RULE_ID"]} remote host={$re[1]} [" . __LINE__ . "]"); } } if (preg_match("#-\\s+ID([0-9]+)#", $url, $re)) { $GLOBALS["RULE_ID"] = $re[1]; $MAIN_ARRAY["RULE_ID"] = $re[1]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::found ID:{$GLOBALS["RULE_ID"]} [" . __LINE__ . "]"); } if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::Analyze {$re[0]} [" . __LINE__ . "]"); } $url = str_replace($re[0], "", $url); } if (preg_match("#(http|ftp|https|ftps):\\/\\/(.*)#i", $url, $re)) { $uri = $re[1] . "://" . $re[2]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::found uri {$uri} [" . __LINE__ . "]"); } $url = trim(str_replace($uri, "", $url)); if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::Analyze {$url} [" . __LINE__ . "]"); } } if ($uri == null) { if (preg_match("#^(.*?):([0-9]+)\$#i", $url, $re)) { $uri = "http://" . $re[1]; if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::found uri {$uri} [" . __LINE__ . "]"); } $url = trim(str_replace($re[1] . ":" . $re[2], "", $url)); if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::Analyze \"{$url}\" [" . __LINE__ . "]"); } } } if ($uri != null) { $URLAR = parse_url($uri); if (isset($URLAR["host"])) { $rhost = $URLAR["host"]; } } $tr = explode(" ", $url); if ($GLOBALS["DEBUG_LEVEL"] > 1) { while (list($index, $line) = each($tr)) { WLOG("parseURL()::tr[{$index}] = {$line}"); } } //max auth=4 if (count($tr) == 4) { $login = $tr[0]; $ipaddr = $tr[1]; $mac = $tr[2]; $forwarded = $tr[3]; if (isset($tr[4])) { $uri = $tr[4]; } if ($mac == "00:00:00:00:00:00") { $mac = null; } if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $forwarded)) { $ipaddr = $forwarded; } if ($mac == null) { $mac = GetMacFromIP($ipaddr); } if ($mac == "00:00:00:00:00:00") { $mac = null; } $MAIN_ARRAY["LOGIN"] = $login; $MAIN_ARRAY["IPADDR"] = $ipaddr; $MAIN_ARRAY["MAC"] = $mac; $MAIN_ARRAY["HOST"] = GetComputerName($ipaddr); $MAIN_ARRAY["URI"] = $uri; $MAIN_ARRAY["RHOST"] = $rhost; $GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY); return $MAIN_ARRAY; } if (count($tr) == 3) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::count --> 3"); } if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $tr[0])) { //ip en premier donc mac=ok, pas de login $login = null; $ipaddr = $tr[0]; $mac = $tr[1]; $forwarded = $tr[2]; if (isset($tr[3])) { $uri = $tr[3]; } } else { //login en premier donc mac=bad $login = $tr[0]; $ipaddr = $tr[1]; $forwarded = $tr[2]; if (isset($tr[3])) { $uri = $tr[3]; } } if ($mac == "00:00:00:00:00:00") { $mac = null; } if (preg_match("#[0-9]+\\[0-9]+\\.[0-9]+\\.[0-9]+#", $forwarded)) { $ipaddr = $forwarded; } if ($mac == null) { $mac = GetMacFromIP($ipaddr); } if ($mac == "00:00:00:00:00:00") { $mac = null; } $MAIN_ARRAY["LOGIN"] = $login; $MAIN_ARRAY["IPADDR"] = $ipaddr; $MAIN_ARRAY["MAC"] = $mac; $MAIN_ARRAY["HOST"] = GetComputerName($ipaddr); $MAIN_ARRAY["URI"] = $uri; $MAIN_ARRAY["RHOST"] = $rhost; $GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY); return $MAIN_ARRAY; } if (count($tr) == 2) { if ($GLOBALS["DEBUG_LEVEL"] > 1) { WLOG("parseURL()::count --> 2"); } //pas de login et pas de MAC; $login = null; $ipaddr = $tr[0]; $mac = null; $forwarded = $tr[1]; if (isset($tr[2])) { $uri = $tr[2]; } if (preg_match("#[0-9]+\\[0-9]+\\.[0-9]+\\.[0-9]+#", $forwarded)) { $ipaddr = $forwarded; } } if ($mac == null) { $mac = GetMacFromIP($ipaddr); } else { if ($mac == "00:00:00:00:00:00") { $mac = null; $mac = GetMacFromIP($ipaddr); } } if ($mac == "00:00:00:00:00:00") { $mac = null; } $MAIN_ARRAY["LOGIN"] = $login; $MAIN_ARRAY["IPADDR"] = $ipaddr; $MAIN_ARRAY["MAC"] = $mac; $MAIN_ARRAY["HOST"] = GetComputerName($ipaddr); $MAIN_ARRAY["URI"] = $uri; $MAIN_ARRAY["RHOST"] = $rhost; $GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY); return $MAIN_ARRAY; }
function haproxy_events() { $qs = new mysql_squid_builder(); $q = new mysql_haproxy_builder(); if (!($handle = opendir("{$GLOBALS["ARTICALOGDIR"]}/haproxy-rtm"))) { @mkdir("{$GLOBALS["ARTICALOGDIR"]}/haproxy-rtm", 0755, true); return; } $hash = array(); $prefixMid = " (sitename,uri,td,http_code,client,hostname,familysite,service,backend,zDate,size,MAC,zMD5,statuslb)"; while (false !== ($filename = readdir($handle))) { if ($filename == ".") { continue; } if ($filename == "..") { continue; } $targetFile = "{$GLOBALS["ARTICALOGDIR"]}/haproxy-rtm/{$filename}"; $countDeFiles++; $ARRAY = unserialize(@file_get_contents($targetFile)); while (list($key, $value) = each($ARRAY)) { $ARRAY[$key] = trim(addslashes($value)); } $ARRAY["MAC"] = GetMacFromIP($ARRAY["SOURCE"]); $hostname = GetComputerName($ARRAY["SOURCE"]); $dayhour = date("YmdH", $ARRAY["TIME"]); $time = date("H:i:s", $ARRAY["TIME"]); $fulldate = date('Y-m-d H:i:s', $ARRAY["TIME"]); $table = "hour_{$dayhour}"; if (preg_match("#(.+?)\\s+(.*?)#", $ARRAY["SERVICE"], $ri)) { $ARRAY["SERVICE"] = $ri[1]; } if (preg_match("#(.+?)\\s+(.*?)#", $ARRAY["BACKEND"], $ri)) { $ARRAY["BACKEND"] = $ri[1]; } $uri = $ARRAY["URI"]; $md5 = md5(serialize($ARRAY)); if (preg_match("#^(?:[^/]+://)?([^/:]+)#", $uri, $re)) { $sitename = $re[1]; if (preg_match("#^www\\.(.+)#", $sitename, $ri)) { $sitename = $ri[1]; } $familysite = $qs->GetFamilySites($sitename); } $linsql = "('{$sitename}','{$uri}','{$ARRAY["TD"]}','{$ARRAY["HTTP_CODE"]}','{$ARRAY["SOURCE"]}','{$hostname}','{$familysite}','{$ARRAY["SERVICE"]}','{$ARRAY["BACKEND"]}','{$fulldate}','{$ARRAY["BYTES"]}','{$ARRAY["MAC"]}','{$md5}','{$ARRAY["STATUSLB"]}')"; $hash[$table][] = $linsql; if ($GLOBALS["VERBOSE"]) { echo "Remove: {$targetFile}\n"; } @unlink($targetFile); if (system_is_overloaded()) { break; } } while (list($table, $tr) = each($hash)) { if (trim($table) == null) { continue; } if (!$q->create_TableHour($table)) { @mkdir("{$GLOBALS["ARTICALOGDIR"]}/haproxy-errors", 0755, true); @file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/haproxy-errors/" . md5(serialize($hash)), serialize($hash)); return; } $sql = "INSERT IGNORE INTO {$table} {$prefixMid} VALUES " . @implode(",", $tr); $q->QUERY_SQL($sql); if (!$q->ok) { WriteMyLogs($q->mysql_error, __FUNCTION__, __FILE__, __LINE__); @mkdir("{$GLOBALS["ARTICALOGDIR"]}/haproxy-errors", 0755, true); @file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/haproxy-errors/" . md5(serialize($hash)), serialize($hash)); return; } } haproxy_errors(); }