require 'base_conf.php';
include_once $BASE_path . "includes/base_db.inc.php";
include_once "{$BASE_path}/includes/base_state_query.inc.php";
include_once "{$BASE_path}/includes/base_state_common.inc.php";
/* Connect to the Alert database */
$db_snort = NewBASEDBConnection($DBlib_path, $DBtype);
$db_snort->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 1);
$qs = new QueryState();
$newref = GET('newref');
$delete = GET('deleteref');
$error_msg = null;
if ($newref != "") {
ossim_valid($newref, OSS_ALPHA, OSS_NULLABLE, 'illegal:' . _("New Reference"));
if (!ossim_error()) {
$sql = "INSERT INTO reference_system (ref_system_name) VALUES (\"{$newref}\")";
$qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
} else {
$error_msg = ossim_get_error();
ossim_clean_error();
}
}
if (preg_match("/^\\d+\$/", $delete)) {
ossim_valid($delete, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("Reference ID"));
if (!ossim_error()) {
$sql = "SELECT sig_reference.ref_id FROM sig_reference,reference WHERE reference.ref_system_id={$delete} AND reference.ref_id=sig_reference.ref_id";
$result = $qs->ExecuteOutputQueryNoCanned($sql, $db_snort);
$ids = "";
while ($myrow = $result->baseFetchRow()) {
if ($ids != "") {
$ids .= ",";
}
<?php
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
$sqlgraph = $_SESSION['siem_current_query_graph'];
$tr = $_SESSION["time_range"] != "" ? $_SESSION["time_range"] : "all";
$trdata = array(0, 0, $tr);
if ($tr == "range") {
$desde = strtotime($_SESSION["time"][0][4] . "-" . $_SESSION["time"][0][2] . "-" . $_SESSION["time"][0][3] . ' ' . $_SESSION['time'][0][5] . ':' . $_SESSION['time'][0][6] . ':' . $_SESSION['time'][0][7]);
$hasta = strtotime($_SESSION["time"][1][4] . "-" . $_SESSION["time"][1][2] . "-" . $_SESSION["time"][1][3] . ' ' . $_SESSION['time'][1][5] . ':' . $_SESSION['time'][1][6] . ':' . $_SESSION['time'][1][7]);
$trdata = array($desde, $hasta, "range");
}
list($x, $y, $xticks, $xlabels) = range_graphic($trdata);
if (count($y) > 1) {
//echo "SQLG:$sqlgraph -->";
$res = $qs->ExecuteOutputQueryNoCanned($sqlgraph, $db);
//echo " COUNT:".$res->baseRecordCount()."<br>";
while ($rowgr = $res->baseFetchRow()) {
//print_r($rowgr);
$label = trim($rowgr[1] . " " . $rowgr[2]);
if (isset($y[$label]) && $y[$label] == 0) {
$y[$label] = $rowgr[0];
}
//echo "$label = $rowgr[0] <br>";
}
// Report data
$gdata = array();
foreach ($y as $label => $val) {
$gdata[] = array($label, "", "", "", "", "", "", "", "", "", "", $val, 0, 0);
}
$qs->SaveReportData($gdata, $graph_report_type);
$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort());
$sql = "(SELECT DISTINCT ip_src, 'S', COUNT(acid_event.cid) as num_events " . $sort_sql[0] . $from . $where . " GROUP BY ip_src HAVING num_events>0 " . $sort_sql[1] . ") UNION (SELECT DISTINCT ip_dst, 'D', COUNT(acid_event.cid) as num_events " . $sort_sql[0] . $from . $where . " GROUP BY ip_dst HAVING num_events>0 " . $sort_sql[1] . ")";
// use accumulate tables only with timestamp criteria
if ($use_ac) {
$where = $more = $sqla = $sqlb = $sqlc = "";
if (preg_match("/timestamp/", $criteria_clauses[1])) {
$where = "WHERE " . str_replace("timestamp", "day", $criteria_clauses[1]);
}
$orderby = str_replace("acid_event.", "", $sort_sql[1]);
// $orderby not included
$sql = "(SELECT DISTINCT ip_src, 'S', sum(cid) as num_events\n\t\tFROM ac_srcaddr_ipsrc {$where} GROUP BY ip_src HAVING num_events>0) UNION \n\t\t(SELECT DISTINCT ip_dst, 'D', sum(cid) as num_events\n\t\tFROM ac_dstaddr_ipdst {$where} GROUP BY ip_dst HAVING num_events>0)";
}
//echo $sql;
//print_r($_SESSION);
/* Run the Query again for the actual data (with the LIMIT) */
$result = $qs->ExecuteOutputQueryNoCanned($sql, $db);
//if ($use_ac) $qs->GetCalcFoundRows($cnt_sql, $db);
$et->Mark("Retrieve Query Data");
if ($debug_mode == 1) {
$qs->PrintCannedQueryList();
$qs->DumpState();
echo "{$sql}<BR>";
}
/* Print the current view number and # of rows */
//$qs->PrintResultCnt();
$country_acc = array();
$country_uhn = array();
$countries = array();
// Ordered
$hosts_ips = array_keys($hosts);
if (is_array($_SESSION["server"]) && $_SESSION["server"][0] != "") {
include_once "{$BASE_path}/base_stat_common.php";
if ($_SESSION['_siem_current_query_graph'] == "" || $_SESSION['_siem_ip_query'] == "" || $_SESSION["deletetask"] != "") {
echo "-##-##-";
die;
}
$tz = Util::get_timezone();
$plugin_id = ImportHTTPVar("id", VAR_DIGIT);
$plugin_sid = ImportHTTPVar("sid", VAR_DIGIT);
$sqlgraph = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['_siem_current_query_graph']));
$sqlunique = str_replace("PLUGINSID", $plugin_sid, str_replace("PLUGINID", $plugin_id, $_SESSION['_siem_ip_query']));
session_write_close();
$qs = new QueryState();
$db = NewBASEDBConnection($DBlib_path, $DBtype);
$db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password);
// Unique
$rs = $qs->ExecuteOutputQueryNoCanned($sqlunique, $db);
if ($row = $rs->baseFetchRow()) {
$last = $tz != 0 ? gmdate("Y-m-d H:i:s", get_utc_unixtime($db, $row[0]) + 3600 * $tz) : get_utc_unixtime($db, $row[0]);
if (preg_match("/_acid_event/", $sqlunique)) {
$last = str_replace(":00:00", "H", $last);
}
}
$rs->baseFreeRows();
//error_log("$sql\n$sqlunique\n$sqlgraph\n",3,"/tmp/graph");
echo "{$last}##";
// Graph
$tr = $_SESSION["time_range"] != "" ? $_SESSION["time_range"] : "all";
$trdata = array(0, 0, $tr);
if ($tr == "range") {
// Using offset date("Z") to fix the gmdate conversion into range_graphic(): Line 886
$desde = strtotime($_SESSION["time"][0][4] . "-" . $_SESSION["time"][0][2] . "-" . $_SESSION["time"][0][3]) + date("Z");