$graylog_sec = 'X.Y.55.216'; $graylog_api_user = '******'; $graylog_api_pass = '******'; $query = 'user_agent:\\-'; $e_query = urlencode($query); $url = 'http://' . $graylog_sec . ':12900/search/universal/relative/terms?field=source_ip&query=' . $e_query . '&range=' . $range; echo "# " . $url; $curl = curl_init(); $opt = array(CURLOPT_URL => $url, CURLOPT_USERAGENT => "Mozilla", CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => false, CURLOPT_CONNECTTIMEOUT => 10, CURLOPT_USERPWD => "{$graylog_api_user}:{$graylog_api_pass}", CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt_array($curl, $opt); $output = curl_exec($curl); $http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE); curl_close($curl); return $output; } $gl_json = json_decode(getGraylogMessages($TIME_PERIOD), true); $list = $gl_json['terms']; arsort($list); $output .= "\n"; foreach ($list as $ip => $hits) { if (valid_ipv4_host($ip)) { if ($hits > $MIN_HITS) { $output .= "{$hits} {$ip}\n"; } } if (valid_ipv6_host($ip)) { $ip = compress($ip); if ($hits > $MIN_HITS) { $output .= "{$hits} {$ip}\n"; } }
$graylog_sec = 'X.Y.55.216'; $graylog_api_user = '******'; $graylog_api_pass = '******'; $query = 'http_method:' . $method . ' AND http_request_path:\\/*' . $filename; $e_query = urlencode($query); $url = 'http://' . $graylog_sec . ':12900/search/universal/relative/terms?field=source_ip&query=' . $e_query . '&range=' . $range; echo "# " . $url; $curl = curl_init(); $opt = array(CURLOPT_URL => $url, CURLOPT_USERAGENT => "Mozilla", CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => false, CURLOPT_CONNECTTIMEOUT => 10, CURLOPT_USERPWD => "{$graylog_api_user}:{$graylog_api_pass}", CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt_array($curl, $opt); $output = curl_exec($curl); $http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE); curl_close($curl); return $output; } $gl_json = json_decode(getGraylogMessages($TIME_PERIOD, $METHOD, $FILENAME), true); $list = $gl_json['terms']; arsort($list); $output .= "\n"; foreach ($list as $ip => $hits) { if (valid_ipv4_host($ip)) { if ($hits > $MIN_HITS) { $output .= "{$hits} {$ip}\n"; } } if (valid_ipv6_host($ip)) { $ip = compress($ip); if ($hits > $MIN_HITS) { $output .= "{$hits} {$ip}\n"; } }