$unique_event_cnt = $myrow['sig_cnt'] != "" ? $myrow['sig_cnt'] : "-";
$num_src_ip = $myrow['saddr_cnt'] != "" ? $myrow['saddr_cnt'] : "-";
$num_dst_ip = $myrow['daddr_cnt'] != "" ? $myrow['daddr_cnt'] : "-";
$_country_aux = $geoloc->get_country_by_host($conn, $sensor_ip);
$country = strtolower($_country_aux[0]);
$country_name = $_country_aux[1];
$homelan = "";
if ($country) {
$country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"{$country_name}\" title=\"{$country_name}\">";
$slnk = $current_url . "/pixmaps/flags/" . $country . ".png";
} else {
$country_img = "";
$slnk = "";
}
/* Print out */
qroPrintEntryHeader($i);
$tmp_rowid = $device_id;
echo ' <TD><INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">';
echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"></TD>';
qroPrintEntry($sensor_ip, 'center', 'middle');
qroPrintEntry($sname . $country_img . $homelan, 'center', 'middle');
qroPrintEntry($device_ip, 'center', 'middle');
qroPrintEntry('<A HREF="base_qry_main.php?new=1&sensor=' . $device_id . '&num_result_rows=-1&submit=' . gettext("Query DB") . '">' . Util::number_format_locale($event_cnt, 0) . '</A>', 'center', 'middle');
qroPrintEntry('<div id="ua' . $device_id . '" class="sens">' . $unique_event_cnt . '</div>', 'center', 'middle', 'nowrap');
qroPrintEntry('<div id="sa' . $device_id . '">' . $num_src_ip . '</div>', 'center', 'middle', 'nowrap');
qroPrintEntry('<div id="da' . $device_id . '">' . $num_dst_ip . '</div>', 'center', 'middle', 'nowrap');
/*qroPrintEntry(BuildUniqueAlertLink("?sensor=" . $device_id) . $unique_event_cnt . '</A>');
qroPrintEntry(BuildUniqueAddressLink(1, "&sensor=" . $device_id) . $num_src_ip . '</A>');
qroPrintEntry(BuildUniqueAddressLink(2, "&sensor=" . $device_id) . $num_dst_ip . '</A>');*/
qroPrintEntryFooter();
$i++;
} else {
if (stristr($current_sig_txt, "(portscan) TCP Portscan") || stristr($current_sig_txt, "(portscan) UDP Portscan")) {
$sql2 = "SELECT data_payload FROM data WHERE sid='" . $myrow["sid"] . "' AND cid='" . $myrow["cid"] . "'";
$result2 = $db->baseExecute($sql2);
$myrow_payload = $result2->baseFetchRow();
$result2->baseFreeRows();
$myrow_payload = PrintCleanHexPacketPayload($myrow_payload[0], 2);
$current_sig = $current_sig . stristr(stristr($myrow_payload, "Port/Proto Range"), ": ");
}
}
}
//$current_sig = GetTagTriger($current_sig, $db, $myrow[0], $myrow[1]);
// ********************** EVENTS TABLE **********************
// <TR>
//qroPrintEntryHeader((($colored_alerts == 1) ? GetSignaturePriority($myrow[2], $db) : $i) , $colored_alerts);
qroPrintEntryHeader($i, $colored_alerts, '', '', 'trcellclk');
$rowid = $qs->GetCurrentView() * $show_rows + $i;
$tmp_rowid = "#" . $rowid . "-(" . $myrow["sid"] . "-" . $myrow["cid"] . ")";
// <TD>
// Signature
$tmpsig = explode("##", $current_sig);
if ($tmpsig[1] != "") {
$antes = $tmpsig[0];
$despues = $tmpsig[1];
} else {
$antes = "";
$despues = $current_sig;
}
// Solera DeepSee API
$solera = "";
if ($_SESSION["_solera"]) {
/* get Total Occurrence */
$total_occurances = $myrow["sig_cnt"];
/* Get other data */
$num_sensors = $myrow["sid_cnt"];
$num_src_ip = $myrow["saddr_cnt"];
$num_dst_ip = $myrow["daddr_cnt"];
/* First and Last timestamp of this signature */
$start_time = $myrow["first_timestamp"];
$stop_time = $myrow["last_timestamp"];
if ($tz != 0) {
$start_time = gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $start_time) + 3600 * $tz);
$stop_time = gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $stop_time) + 3600 * $tz);
}
/* Print out (Colored Version) -- Alejandro */
//qroPrintEntryHeader((($colored_alerts == 1) ? GetSignaturePriority($sig_id, $db) : $i) , $colored_alerts);
qroPrintEntryHeader($i, $colored_alerts);
$tmp_rowid = $myrow["plugin_id"] . " " . $myrow["plugin_sid"];
echo ' <TD nowrap>
<INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">
</TD>';
echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">';
$sigstr = trim(preg_replace("/.*\\/\\s*(.*)/", "\\1", preg_replace("/^[\\.\\,\"\\!]|[\\.\\,\"\\!]\$/", "", preg_replace("/.*##/", "", html_entity_decode(strip_tags($signame))))));
$siglink = "base_qry_main.php?new=1&submit=" . gettext("Query+DB") . "&num_result_rows=-1&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=" . urlencode($sig_id);
$tmpsig = explode("##", $signame);
if ($tmpsig[1] != "") {
$antes = $tmpsig[0];
$despues = $tmpsig[1];
} else {
$antes = "";
$despues = $signame;
$qro->PrintHeader();
$i = 0;
while (($myrow = $result->baseFetchRow()) && $i < $qs->GetDisplayRowCnt()) {
$class_id = $myrow[0];
if ($class_id == "") {
$class_id = 0;
}
$total_occurances = $myrow[1];
$sensor_num = $myrow[2];
$sig_num = $myrow[3];
$sip_num = $myrow[4];
$dip_num = $myrow[5];
$min_time = $myrow[6];
$max_time = $myrow[7];
/* Print out */
qroPrintEntryHeader($i, 0, 'height="42"');
$tmp_rowid = rawurlencode($class_id);
echo ' <TD>
<INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">
</TD>';
echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">';
qroPrintEntry(GetSigClassName($class_id, $db), 'center', 'middle');
$ocurrlink = 'base_qry_main.php?new=1&sig_class=' . $class_id . '&submit=' . gettext("Query+DB") . '&num_result_rows=-1';
qroPrintEntry('<FONT>' . '<A HREF="' . $ocurrlink . '">' . $total_occurances . '</A>
(' . round($total_occurances / $event_cnt * 100) . '%)' . '</FONT>', '', 'middle');
qroPrintEntry('<FONT><A HREF="base_stat_sensor.php?sig_class=' . $class_id . '">' . $sensor_num . '</A>', 'center', 'middle');
qroPrintEntry('<FONT><A HREF="base_stat_alerts.php?sig_class=' . $class_id . '">' . $sig_num . '</FONT>', 'center', 'middle');
qroPrintEntry('<FONT>' . BuildUniqueAddressLink(1, '&sig_class=' . $class_id) . $sip_num . '</A></FONT>', 'center', 'middle');
qroPrintEntry('<FONT>' . BuildUniqueAddressLink(2, '&sig_class=' . $class_id) . $dip_num . '</A></FONT>', 'center', 'middle');
//qroPrintEntry('<FONT>'.$min_time.'</FONT>');
