if (!($rs =& $conn_ossim->Execute($query1))) {
print $conn_ossim->ErrorMsg();
exit;
}
while (!$rs->EOF) {
$plugins[$rs->fields["id"]] = preg_replace("/ossec-.*/", "ossec", $rs->fields["name"]);
$rs->MoveNext();
}
$data = array();
$data[] = "";
$host = $_SESSION['host_report'];
// User sensor filtering
$sensor_where = "";
if (Session::allowedSensors() != "") {
$user_sensors = explode(",", Session::allowedSensors());
$snortsensors = Event_viewer::GetSensorSids($conn);
$sensor_str = "";
foreach ($user_sensors as $user_sensor) {
if (count($snortsensors[$user_sensor]) > 0) {
$sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]);
}
}
if ($sensor_str == "") {
$sensor_str = "0";
}
$sensor_where = " AND sid in (" . $sensor_str . ")";
}
$hostname = Host::ip2hostname($conn_ossim, $host);
if ($hostname != $host) {
$title = $hostname . "({$host})";
} else {
function showWindowContents()
{
require_once 'ossim_db.inc';
require_once 'classes/Event_viewer.inc';
$dbname = $this->get('cloud_db');
$link = $this->get('cloud_link');
$max_len = $this->get('cloud_tag_max_len');
$resolv_hostname = $this->get('cloud_resolv_ip');
if (ossim_error()) {
die(ossim_error());
}
$method = $dbname == 'snort' ? 'snort_connect' : 'connect';
$db = new ossim_db();
$conn = $db->{$method}();
// User sensor filtering
$sensor_where = "";
if (Session::allowedSensors() != "") {
$user_sensors = explode(",", Session::allowedSensors());
$snortsensors = Event_viewer::GetSensorSids($conn);
$sensor_str = "";
foreach ($user_sensors as $user_sensor) {
if (count($snortsensors[$user_sensor]) > 0) {
$sensor_str .= $sensor_str != "" ? "," . implode(",", $snortsensors[$user_sensor]) : implode(",", $snortsensors[$user_sensor]);
}
}
if ($sensor_str == "") {
$sensor_str = "0";
}
$sensor_where = " sid in (" . $sensor_str . ")";
}
$sql = $this->get('cloud_sql');
if (!preg_match('/^\\s*\\(?\\s*SELECT\\s/i', $sql) || preg_match('/\\sFOR\\s+UPDATE/i', $sql) || preg_match('/\\sINTO\\s+OUTFILE/i', $sql) || preg_match('/\\sLOCK\\s+IN\\s+SHARE\\s+MODE/i', $sql)) {
return _("SQL Query invalid due security reasons");
}
if ($sensor_where != "") {
if (preg_match("/where/", $sql)) {
$sql = str_replace("where", "where " . $sensor_where . " AND ", $sql);
} else {
$sql = str_replace("GROUP BY", "where " . $sensor_where . " GROUP BY", $sql);
}
}
//echo "Ejecutando en $dbname: $sql";
if (!($rs = $conn->Execute($sql))) {
return "Error was: " . $conn->ErrorMsg() . "\n\nQuery was: " . $sql;
}
if ($resolv_hostname) {
require_once "classes/Host.inc";
}
$tags = array();
while (!$rs->EOF) {
if ($resolv_hostname) {
$tag_names[$rs->fields[0]] = Host::ip2hostname($conn, $rs->fields[0], $is_sensor = false, $force_no_dns = true);
}
$tags[$rs->fields[0]] = $rs->fields[1];
$rs->MoveNext();
}
$db->close($conn);
if (!count($tags)) {
return "";
}
// Default font sizes
$min_font_size = 8;
$max_font_size = 35;
$minimum_count = min(array_values($tags));
$maximum_count = max(array_values($tags));
$spread = $maximum_count - $minimum_count;
if ($spread == 0) {
$spread = 1;
}
if ($link == '') {
$link = '#';
}
$cloud_html = '';
$cloud_tags = array();
// create an array to hold tag code
foreach ($tags as $tag => $count) {
$local_link = str_replace("_TAG_", $tag, $link);
$local_name = $tag;
if ($resolv_hostname) {
$local_name = $tag_names[$tag];
}
if ($max_len > 0) {
$tag = substr($tag, 0, $max_len);
}
$size = count($tags) == 1 ? $max_font_size : $min_font_size + ($count - $minimum_count) * ($max_font_size - $min_font_size) / $spread;
$cloud_tags[] = '<a style="font-size: ' . floor($size) . 'px' . '" class="tag_cloud" href="' . htmlspecialchars($local_link) . '" title="\'' . $tag . '\' returned a count of ' . $count . '">' . htmlspecialchars(stripslashes($local_name)) . '</a> ';
}
$cloud_html = join("\n", $cloud_tags) . "\n";
return $cloud_html;
}
USERDATA2: ''
USERDATA3: ''
USERDATA4: ''
USERDATA5: ''
USERDATA6: ''
USERDATA7: ''
USERDATA8: ''
USERDATA9: ''
IP_SRC: the source ip of the event
IP_DST: the destination ip of the event
IP_PROTO: the ip protocol
PORT_SRC: the source port
PORT_DST: the destination port
IP_PORTSRC: the source ip and port in the format ip:port
IP_PORTDST: the destination ip and port in the format ip:port
*/
// if no viewer configured show default settings
if ($selected_group == 0) {
$table_conf = array(1 => array('label' => _("Type"), 'align' => 'left', 'width' => '60', 'contents' => '[PLUGIN_NAME] <b>SID_NAME</b>'), 2 => array('label' => _("Date"), 'wrap' => false, 'contents' => 'DATE'), 3 => array('label' => _("Source IP"), 'contents' => 'IP_PORTSRC'), 4 => array('label' => _("Destination IP"), 'contents' => 'IP_PORTDST'));
$plugin_group = 0;
} else {
$table_conf = $groups_config[$selected_group];
$plugin_group = $selected_group;
}
$page_conf = array('results_per_page' => $total_rows, 'plugin_group' => $plugin_group);
$viewer = new Event_viewer($page_conf, $table_conf);
$viewer->init_plugins_conf();
$viewer->draw();
?>
</body></html>
if ($curid > 0) {
$sql = "UPDATE custom_report_types SET name=\"{$name}\",type='Custom SIEM Events',file='SIEM/CustomList.php',inputs='Number of Events:top:text:OSS_DIGIT:25:250',custom_report_types.sql=\"{$query1};{$query2};{$columns}\" WHERE id={$curid}";
} else {
$sql = "INSERT INTO custom_report_types (id,name,type,file,inputs,custom_report_types.sql) VALUES ({$id},\"{$name}\",'Custom SIEM Events','SIEM/CustomList.php','Number of Events:top:text:OSS_DIGIT:25:250',\"{$query1};{$query2};{$columns}\")";
}
if ($conn->Execute($sql)) {
$msg = $curid > 0 ? "<font style='color:green'>" . _("The report has been successfully updated") . "</font>" : "<font style='color:green'>" . _("The report has been successfully created as ") . "'Custom SIEM Events - {$name}'" . "</font>";
} else {
$msg = "<font style='color:red'>" . _("Error creating a new report type.") . "</font>";
}
$db->close($conn);
} else {
$msg = "<font style='color:red'>" . _("Error creating a new report type.") . "</font>";
}
}
$tags = Event_viewer::get_tags();
if ($opensource) {
unset($tags['PLUGIN_SOURCE_TYPE']);
unset($tags['PLUGIN_SID_CATEGORY']);
unset($tags['PLUGIN_SID_SUBCATEGORY']);
}
//print_r($tags);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> <?php
echo gettext("SIEM Custom View");
?>
</title>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
function draw_columns($group_id, $selected_col = 1)
{
global $conn, $config, $login;
$resp = new xajaxResponse();
list($group_data) = Plugingroup::get_list($conn, "plugin_group.group_id={$group_id}");
$groups_config = $config->get($login, 'event_viewer_tmp', 'php');
$html = '<form id="colopts">' . _('Columns display configuration for group') . ': <b>' . $group_data->get_name() . '</b><br>
<table width="100%" align="center" style="border-width: 0px">
<tr>
<td style="border-width: 0px">
';
if (is_array($groups_config) && isset($groups_config[$group_id])) {
/*
* Draw column tabs
*/
//xajax_debug($groups_config, $resp);
$html .= '<table width="100%" align="center"><tr>';
$num_cols = count($groups_config[$group_id]);
foreach ($groups_config[$group_id] as $col_num => $col_conf) {
if ($col_num == $selected_col) {
$td_bg = 'background-color: grey';
$bold = true;
} else {
$td_bg = '';
$bold = false;
}
$curr = $groups_config[$group_id][$col_num];
$curr_label = isset($curr['label']) ? $curr['label'] : $col_num;
$html .= '<td style="border-width: 0px;' . $td_bg . '">';
$tmp = '';
if ($col_num != 1) {
$tmp = '<a href="#" onClick="javascript: xajax_move_column(' . $group_id . ', ' . $col_num . ', \'left\');"><</a> ';
}
$tmp .= '<a href="#" onClick="javascript: xajax_draw_columns(' . $group_id . ', ' . $col_num . ')">' . $curr_label . '</a> ';
if ($col_num != $num_cols) {
$tmp .= '<a href="#" onClick="javascript: xajax_move_column(' . $group_id . ', ' . $col_num . ', \'right\');">></a> ';
}
$tmp .= '<small>(<a href="#" onClick="javascript: xajax_delete_column(' . $group_id . ', ' . $col_num . ')">' . _("delete") . '</a>)</small>';
$html .= $bold ? "<b>{$tmp}</b>" : $tmp;
$html .= '</td>';
}
/*
* Draw column options
*/
$current_col = $groups_config[$group_id][$selected_col];
$col_label = isset($current_col['label']) ? $current_col['label'] : '';
$col_contents = isset($current_col['contents']) ? $current_col['contents'] : '';
$col_width = isset($current_col['width']) ? $current_col['width'] : '';
$col_align = isset($current_col['align']) ? $current_col['align'] : 'left';
$col_selected_left = $col_selected_center = $col_selected_right = '';
switch ($col_align) {
case 'center':
$col_selected_center = 'selected';
break;
case 'right':
$col_selected_right = 'selected';
break;
default:
$col_selected_left = 'selected';
}
$col_wrap = !isset($current_col['wrap']) ? true : false;
$col_selected_wrap = $col_selected_nowrap = '';
if ($col_wrap) {
$col_selected_wrap = 'selected';
} else {
$col_selected_nowrap = 'selected';
}
// SELECT tag
$tags = Event_viewer::get_tags();
$select = '<option value="">' . _("Add replacement tag") . "</option>";
foreach ($tags as $label => $descr) {
$select .= "<option value= '{$label}'>{$label}</option>";
}
$select = '<select id="tags" onChange="javascript: add_tag(this)">' . $select . '</select>';
$html .= '</tr><tr><td colspan="' . $num_cols . '" style="border-width: 0px">
' . _("Options for column") . ': <b>' . $selected_col . '</b><br>
<table width="100%" align="left" style="border-width: 0px">
<tr>
<th>' . _("Column label") . '</th>
<td style="text-align: left"><input type="text" value="' . $col_label . '" name="label" size="25"></td>
</tr><tr>
<th>' . _("Column contents") . '</th>
<td style="text-align: left" nowrap><input type="text" id="contents" value="' . $col_contents . '" name="contents" size="50"><-' . $select . '</td>
</tr><tr>
<th>' . _("Column settings") . '</th>
<td style="text-align: left" nowrap>' . _("Align") . ': <select name="align">
<option value="left" ' . $col_selected_left . '>' . _("left") . '</option>
<option value="center" ' . $col_selected_center . '>' . _("center") . '</option>
<option value="right" ' . $col_selected_right . '>' . _("right") . '</option>
</select> ' . _("Wrap") . ': <select name="wrap">
<option value="yes" ' . $col_selected_wrap . '>' . _("Yes") . '</option>
<option value="no" ' . $col_selected_nowrap . '>' . _("No") . '</option>
</select> ' . _("Width") . ': <input type="text" value="' . $col_width . '" name="width" size="3">% (1-100)
</td>
</tr><tr>
<td colspan="2" style="border-width: 0px">
<input type="button" name="save" value="' . _("save column") . ' ' . $selected_col . '"
onclick="javascript: xajax_save_column_opts(' . $group_id . ', ' . $selected_col . ', xajax.getFormValues(\'colopts\'))">
</td>
</tr>
</table>';
$html .= '</td></tr></table>';
}
$html .= '
</td><td>
<td valign="top" style="border-width: 0px; text-align: right"><a href="#" onClick="javascript: xajax_add_column(' . $group_id . ')">' . _("add column") . '</td>
</td>
</tr>
</table>
</form>
';
$resp->addAssign("columns_config", "innerHTML", $html);
$resp->addAssign("columns_config", "style.display", '');
return $resp;
}