function Builsql($uri, $ip, $virus)
{
$virus = str_replace("+", " ", $virus);
$virus = trim($virus);
$md5 = md5(time() . "{$uri},{$ip},{$virus}");
$ip = GetComputerName($ip);
$sql = "INSERT INTO `antivirus_events` (`zDate`, `TaskName`, `email`, `VirusName`, `InfectedPath`, `ComputerName`, `zmd5`) \n\tVALUES (NOW(), 'HTTP Scan', 0, '{$virus}', '{$uri}', '{$ip}', '{$md5}')";
$q = new mysql();
$q->QUERY_SQL($sql, "artica_events");
if (!$q->ok) {
events($q->mysql_error);
events($sql);
return;
}
events("Virus {$virus} found from {$uri} to {$ip}");
}
function Builsql($CLIENT, $username = null, $uri, $code_error, $size = 0, $time, $cached, $mac = null)
{
$squid_error["100"] = "Continue";
$squid_error["101"] = "Switching Protocols";
$squid_error["102"] = "Processing";
$squid_error["200"] = "Pass";
$squid_error["201"] = "Created";
$squid_error["202"] = "Accepted";
$squid_error["203"] = "Non-Authoritative Information";
$squid_error["204"] = "No Content";
$squid_error["205"] = "Reset Content";
$squid_error["206"] = "Partial Content";
$squid_error["207"] = "Multi Status";
$squid_error["300"] = "Multiple Choices";
$squid_error["301"] = "Moved Permanently";
$squid_error["302"] = "Moved Temporarily";
$squid_error["303"] = "See Other";
$squid_error["304"] = "Not Modified";
$squid_error["305"] = "Use Proxy";
$squid_error["307"] = "Temporary Redirect";
$squid_error["400"] = "Bad Request";
$squid_error["401"] = "Unauthorized";
$squid_error["402"] = "Payment Required";
$squid_error["403"] = "Forbidden";
$squid_error["404"] = "Not Found";
$squid_error["405"] = "Method Not Allowed";
$squid_error["406"] = "Not Acceptable";
$squid_error["407"] = "Proxy Authentication Required";
$squid_error["408"] = "Request Timeout";
$squid_error["409"] = "Conflict";
$squid_error["410"] = "Gone";
$squid_error["411"] = "Length Required";
$squid_error["412"] = "Precondition Failed";
$squid_error["413"] = "Request Entity Too Large";
$squid_error["414"] = "Request URI Too Large";
$squid_error["415"] = "Unsupported Media Type";
$squid_error["416"] = "Request Range Not Satisfiable";
$squid_error["417"] = "Expectation Failed";
$squid_error["424"] = "Locked";
$squid_error["424"] = "Failed Dependency";
$squid_error["433"] = "Unprocessable Entity";
$squid_error["500"] = "Internal Server Error";
$squid_error["501"] = "Not Implemented";
$squid_error["502"] = "Bad Gateway";
$squid_error["503"] = "Service Unavailable";
$squid_error["504"] = "Gateway Timeout";
$squid_error["505"] = "HTTP Version Not Supported";
$squid_error["507"] = "Insufficient Storage";
$squid_error["600"] = "Squid header parsing error";
if (preg_match("#^(?:[^/]+://)?([^/:]+)#", $uri, $re)) {
$sitename = $re[1];
if (preg_match("#^www\\.(.+)#", $sitename, $ri)) {
$sitename = $ri[1];
}
} else {
events("dansguardian-stats2:: unable to extract domain name from {$uri}");
return false;
}
$TYPE = $squid_error[$code_error];
$REASON = $TYPE;
$CLIENT = trim($CLIENT);
$date = date('Y-m-d') . " " . $time;
if ($username == null) {
$username = GetComputerName($ip);
}
if ($size == null) {
$size = 0;
}
if (trim($GLOBALS["IPs"][$sitename]) == null) {
$site_IP = trim(gethostbyname($sitename));
$GLOBALS["IPs"][$sitename] = $site_IP;
} else {
$site_IP = $GLOBALS["IPs"][$sitename];
}
if (count($_GET["IPs"]) > 5000) {
unset($_GET["IPs"]);
}
if (count($_GET["COUNTRIES"]) > 5000) {
unset($_GET["COUNTRIES"]);
}
if (trim($GLOBALS["COUNTRIES"][$site_IP]) == null) {
if (function_exists("geoip_record_by_name")) {
if ($site_IP == null) {
$site_IP = $sitename;
}
$record = @geoip_record_by_name($site_IP);
if ($record) {
$Country = $record["country_name"];
$GLOBALS["COUNTRIES"][$site_IP] = $Country;
}
} else {
$geoerror = "geoip_record_by_name no such function...";
}
} else {
$Country = $GLOBALS["COUNTRIES"][$site_IP];
}
$zMD5 = md5("{$uri}{$date}{$CLIENT}{$username}{$TYPE}{$Country}{$site_IP}");
if (!is_dir("/var/log/artica-postfix/dansguardian-stats2")) {
@mkdir("/var/log/artica-postfix/dansguardian-stats2", 600, true);
}
if (!is_dir("/var/log/artica-postfix/dansguardian-stats3")) {
@mkdir("/var/log/artica-postfix/dansguardian-stats3", 600, true);
}
if (!$GLOBALS["SINGLE_SITE"][$sitename]) {
$filewebsite = "/var/log/artica-postfix/dansguardian-stats3/" . md5($sitename);
$filewebsite_array = array("sitename" => $sitename, "country" => $Country, "ipaddr" => $site_IP);
$filecontent = serialize($filewebsite_array);
if (!is_file($filewebsite)) {
events("{$date} dansguardian-stats3:: " . basename($filewebsite) . " -> \"sitename\"=>{$sitename},\"country\"=>{$Country},\"ipaddr\"=>{$site_IP} (" . __LINE__ . ")");
@file_put_contents($filewebsite, $filecontent);
if (is_file($filewebsite)) {
$GLOBALS["SINGLE_SITE"][$sitename] = true;
}
events("{$date} dansguardian-stats3:: " . count($GLOBALS["SINGLE_SITE"]) . " analyzed websites");
}
}
if (count($GLOBALS["SINGLE_SITE"]) > 1500) {
unset($GLOBALS["SINGLE_SITE"]);
}
events("{$date} dansguardian-stats2:: {$REASON}:: [{$mac}]{$CLIENT} ({$username}) -> {$sitename} ({$site_IP}) Country={$Country} ({$geoerror}) REASON:\"{$REASON}\" TYPE::\"{$TYPE}\" size={$size} (" . __LINE__ . ")");
$uri = addslashes($uri);
$Country = addslashes($Country);
$sql = "('{$sitename}','{$uri}','{$TYPE}','{$REASON}','{$CLIENT}','{$date}','{$zMD5}','{$site_IP}','{$Country}','{$size}','{$username}','{$cached}','{$mac}')";
@file_put_contents("/var/log/artica-postfix/dansguardian-stats2/{$zMD5}.sql", $sql);
if (count($GLOBALS["RTIME"]) > 500) {
unset($GLOBALS["RTIME"]);
}
$GLOBALS["RTIME"][] = array($sitename, $uri, $TYPE, $REASON, $CLIENT, $date, $zMD5, $site_IP, $Country, $size, $username, $mac);
@file_put_contents("/etc/artica-postfix/squid-realtime.cache", base64_encode(serialize($GLOBALS["RTIME"])));
}
function parseURL($url)
{
$uri = null;
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL():: Analyze [{$url}]");
}
$md5 = md5($url);
// 10.0.0.32 00:1e:8c:a5:39:19 - crash-
// 10.0.0.76 00:25:22:73:31:d5 -
// 10.0.0.60 00:1d:92:70:96:70 - fbexternal-a.akamaihd.net:443
if (preg_match("#([0-9\\.]+)\\s+([0-9\\:a-z]+)\\s+-(.+?):([0-9]+)\$#", $url, $re)) {
$GLOBALS["CACHE_URI"][$md5]["LOGIN"] = null;
$GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $re[1];
$GLOBALS["CACHE_URI"][$md5]["MAC"] = $re[2];
$GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($re[1]);
$GLOBALS["CACHE_URI"][$md5]["URI"] = null;
$GLOBALS["CACHE_URI"][$md5]["RHOST"] = $re[3];
return $GLOBALS["CACHE_URI"][$md5];
}
if (preg_match("#([0-9\\.]+)\\s+([0-9\\:a-z]+)\\s+-\$#", $url, $re)) {
$GLOBALS["CACHE_URI"][$md5]["LOGIN"] = null;
$GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $re[1];
$GLOBALS["CACHE_URI"][$md5]["MAC"] = $re[2];
$GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($re[1]);
$GLOBALS["CACHE_URI"][$md5]["URI"] = null;
$GLOBALS["CACHE_URI"][$md5]["RHOST"] = null;
return $GLOBALS["CACHE_URI"][$md5];
}
if (preg_match("#([0-9\\.]+)\\s+([0-9\\:a-z]+)\\s+-\\s+([a-z]+)-\$#", $url, $re)) {
$GLOBALS["CACHE_URI"][$md5]["LOGIN"] = null;
$GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $re[1];
$GLOBALS["CACHE_URI"][$md5]["MAC"] = $re[2];
$GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($re[1]);
$GLOBALS["CACHE_URI"][$md5]["URI"] = null;
$GLOBALS["CACHE_URI"][$md5]["RHOST"] = $re[3];
return $GLOBALS["CACHE_URI"][$md5];
}
if (preg_match("#(http|ftp|https|ftps):\\/\\/(.*)#i", $url, $re)) {
$uri = $re[1] . "://" . $re[2];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("found uri {$uri}");
}
$url = trim(str_replace($uri, "", $url));
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("Analyze {$url}");
}
}
if ($uri == null) {
if (preg_match("#([a-z0-9\\.]+):([0-9]+)\$#i", $url, $re)) {
$uri = "http://" . $re[1] . ":" . $re[2];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("found uri {$uri}");
}
$url = trim(str_replace($re[1] . ":" . $re[2], "", $url));
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("Analyze \"{$url}\"");
}
}
}
if ($uri != null) {
$URLAR = parse_url($uri);
if (isset($URLAR["host"])) {
$rhost = $URLAR["host"];
}
}
if (isset($GLOBALS["CACHE_URI"][$md5])) {
return $GLOBALS["CACHE_URI"][$md5];
}
$tr = explode(" ", $url);
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
while (list($index, $line) = each($tr)) {
WLOG("tr[{$index}] = {$line}");
}
}
//max auth=4
if (count($tr) == 4) {
WLOG("count --> 4");
$login = $tr[0];
$ipaddr = $tr[1];
$mac = $tr[2];
$forwarded = $tr[3];
if (isset($tr[4])) {
$uri = $tr[4];
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $forwarded)) {
$ipaddr = $forwarded;
}
if ($mac == null) {
$mac = GetMacFromIP($ipaddr);
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
$GLOBALS["CACHE_URI"][$md5]["LOGIN"] = $login;
$GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $ipaddr;
$GLOBALS["CACHE_URI"][$md5]["MAC"] = $mac;
$GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($ipaddr);
$GLOBALS["CACHE_URI"][$md5]["URI"] = $uri;
$GLOBALS["CACHE_URI"][$md5]["RHOST"] = $rhost;
return $GLOBALS["CACHE_URI"][$md5];
}
if (count($tr) == 3) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("count --> 3");
}
if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $tr[0])) {
//ip en premier donc mac=ok, pas de login
$login = null;
$ipaddr = $tr[0];
$mac = $tr[1];
$forwarded = $tr[2];
if (isset($tr[3])) {
$uri = $tr[3];
}
} else {
//login en premier donc mac=bad
$login = $tr[0];
$ipaddr = $tr[1];
$forwarded = $tr[2];
if (isset($tr[3])) {
$uri = $tr[3];
}
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
if (preg_match("#[0-9]+\\[0-9]+\\.[0-9]+\\.[0-9]+#", $forwarded)) {
$ipaddr = $forwarded;
}
if ($mac == null) {
$mac = GetMacFromIP($ipaddr);
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
$GLOBALS["CACHE_URI"][$md5]["LOGIN"] = $login;
$GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $ipaddr;
$GLOBALS["CACHE_URI"][$md5]["MAC"] = $mac;
$GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($ipaddr);
$GLOBALS["CACHE_URI"][$md5]["URI"] = $uri;
$GLOBALS["CACHE_URI"][$md5]["RHOST"] = $rhost;
return $GLOBALS["CACHE_URI"][$md5];
}
if (count($tr) == 2) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("count --> 2");
}
//pas de login et pas de MAC;
$login = null;
$ipaddr = $tr[0];
$mac = null;
$forwarded = $tr[1];
if (isset($tr[2])) {
$uri = $tr[2];
}
if (preg_match("#[0-9]+\\[0-9]+\\.[0-9]+\\.[0-9]+#", $forwarded)) {
$ipaddr = $forwarded;
}
}
if ($mac == null) {
$mac = GetMacFromIP($ipaddr);
} else {
if ($mac == "00:00:00:00:00:00") {
$mac = null;
$mac = GetMacFromIP($ipaddr);
}
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
$GLOBALS["CACHE_URI"][$md5]["LOGIN"] = $login;
$GLOBALS["CACHE_URI"][$md5]["IPADDR"] = $ipaddr;
$GLOBALS["CACHE_URI"][$md5]["MAC"] = $mac;
$GLOBALS["CACHE_URI"][$md5]["HOST"] = GetComputerName($ipaddr);
$GLOBALS["CACHE_URI"][$md5]["URI"] = $uri;
$GLOBALS["CACHE_URI"][$md5]["RHOST"] = $rhost;
return $GLOBALS["CACHE_URI"][$md5];
}
function ParseUsersSize()
{
return;
$f = array();
$unix = new unix();
$hostname = $unix->hostname_g();
$php5 = $unix->LOCATE_PHP5_BIN();
if (function_exists("system_is_overloaded")) {
if (system_is_overloaded()) {
return;
}
}
$q = new mysql_squid_builder();
$q->CreateUserSizeRTTTable();
if (!$q->TABLE_EXISTS("UserSizeRTT")) {
ufdbguard_admin_events("Fatal:{$hostname} UserSizeRTT no such table, die();", __FUNCTION__, __FILE__, __LINE__, "stats");
return;
}
if (!($handle = opendir("/var/log/artica-postfix/squid-usersize"))) {
@mkdir("/var/log/artica-postfix/squid-usersize", 0755, true);
}
if (!($handle = opendir("/var/log/artica-postfix/squid-usersize"))) {
ufdbguard_admin_events("Fatal:{$hostname} /var/log/artica-postfix/squid-usersize no such directory", __FUNCTION__, __FILE__, __LINE__, "stats");
return;
}
$prefix = "INSERT IGNORE INTO UserSizeRTT (`zMD5`,`uid`,`zdate`,`ipaddr`,`hostname`,`account`,`MAC`,`UserAgent`,`size`) VALUES";
$countDeFiles = 0;
while (false !== ($filename = readdir($handle))) {
if ($filename == ".") {
continue;
}
if ($filename == "..") {
continue;
}
$targetFile = "/var/log/artica-postfix/squid-usersize/{$filename}";
$countDeFiles++;
$account = 0;
$array = unserialize(@file_get_contents($targetFile));
if (!is_array($array)) {
@unlink($targetFile);
continue;
}
$time = $array["TIME"];
$md5 = $array["MD5"];
if ($md5 == null) {
@unlink($targetFile);
continue;
}
if (!is_numeric($time)) {
@unlink($targetFile);
continue;
}
if ($time == 0) {
@unlink($targetFile);
continue;
}
$zdate = date("Y-m-d H:i:s", $time);
$md5 = md5($md5 . $time);
$uid = $array["uid"];
if ($uid == "-") {
$uid = null;
}
$ipaddr = $array["IP"];
$MAC = $array["MAC"];
if (!__IsPhysicalAddress($MAC)) {
$MAC = null;
}
$hostname = $array["HOSTNAME"];
$UserAgent = $array["UGNT"];
if (strlen($UserAgent) < 2) {
$UserAgent = null;
}
$size = $array["SIZE"];
if ($size == 0) {
@unlink($targetFile);
continue;
}
if ($hostname == null) {
$hostname = GetComputerName($ipaddr);
}
if (!is_numeric($account)) {
$account = 0;
}
if ($MAC != null) {
if ($uid == null) {
$uid = $q->UID_FROM_MAC($MAC);
}
}
if ($ipaddr != null) {
if ($uid == null) {
$uid = $q->UID_FROM_IP($ipaddr);
}
}
if (strlen($UserAgent) < 3) {
$UserAgent = null;
}
if (strlen($uid) < 3) {
$uid = null;
}
if ($GLOBALS["VERBOSE"]) {
echo "('{$md5}','{$uid}','{$zdate}','{$ipaddr}','{$hostname}','{$account}','{$MAC}','{$UserAgent}','{$size}')\n";
}
$f[] = "('{$md5}','{$uid}','{$zdate}','{$ipaddr}','{$hostname}','{$account}','{$MAC}','{$UserAgent}','{$size}')";
@unlink($targetFile);
}
if (count($f) > 0) {
$q->QUERY_SQL("{$prefix} " . @implode(",", $f));
shell_exec("{$php5} /usr/share/artica-postfix/exec.squid.quotasbuild.php");
if (!$q->ok) {
events("Fatal:{$hostname} {$q->mysql_error}");
ufdbguard_admin_events("Fatal:{$hostname} {$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__, "stats");
}
}
events("Closing... /var/log/artica-postfix/squid-usersize/ ({$countDeFiles} files scanned)");
}
function parseURL($url, $return_rhost = false)
{
$uri = null;
$md5 = md5($url);
$MAIN_ARRAY = array();
if (isset($GLOBALS["CACHE_URI"][$md5])) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("MEMORY {$md5} " . strlen($GLOBALS["CACHE_URI"][$md5]) . " [" . __LINE__ . "]");
}
if ($return_rhost) {
$a = unserialize($GLOBALS["CACHE_URI"][$md5]);
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("RETURN MEMORY {$md5} [" . __LINE__ . "]");
}
return $a["RHOST"];
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("RETURN MEMORY {$md5} [" . __LINE__ . "]");
}
return unserialize($GLOBALS["CACHE_URI"][$md5]);
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("\n -----------------------------------------------------\n");
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL():: Analyze {$url} /CATZ = {$GLOBALS["CATZ-EXTRN"]} [" . __LINE__ . "]");
}
if ($GLOBALS["CATZ-EXTRN"] > 0) {
$tr = explode(" ", $url);
$MAIN_ARRAY["LOGIN"] = null;
$MAIN_ARRAY["IPADDR"] = $tr[0];
$MAIN_ARRAY["MAC"] = $tr[1];
$MAIN_ARRAY["HOST"] = GetComputerName($tr[0]);
$MAIN_ARRAY["URI"] = $tr[3];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL():: Analyze RHOST = {$tr[3]} [" . __LINE__ . "]");
}
if (preg_match("#^(.*?):([0-9]+)\$#i", $tr[3], $re)) {
$MAIN_ARRAY["RHOST"] = $re[1];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL():: FOUND RHOST = {$MAIN_ARRAY["RHOST"]} [" . __LINE__ . "]");
}
if ($return_rhost) {
return $re[1];
}
$GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY);
return $MAIN_ARRAY;
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL():: {$tr[3]} != ^([a-z0-9\\.]+):([0-9]+) [" . __LINE__ . "]");
}
if (preg_match("#^http.*?:#", $tr[3])) {
$URLAR = parse_url($tr[3]);
if (isset($URLAR["host"])) {
$MAIN_ARRAY["RHOST"] = $URLAR["host"];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL():: FOUND RHOST = {$MAIN_ARRAY["RHOST"]} [" . __LINE__ . "]");
}
if ($return_rhost) {
return $re[1];
}
$GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY);
return $MAIN_ARRAY;
}
}
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL():: Analyze {$url} [" . __LINE__ . "]");
}
if (preg_match("#-\\s+(.+?)\\s+ID([0-9]+)#", $url, $re)) {
$GLOBALS["RULE_ID"] = $re[2];
$url = str_replace($re[0], "", $url);
if (preg_match("#(.+?):([0-9]+)#", $re[1], $ri)) {
$re[1] = $ri[1];
}
$MAIN_ARRAY["RHOST"] = $re[1];
$MAIN_ARRAY["RULE_ID"] = $re[2];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::found ID:{$GLOBALS["RULE_ID"]} remote host={$re[1]} [" . __LINE__ . "]");
}
}
if (preg_match("#-\\s+ID([0-9]+)#", $url, $re)) {
$GLOBALS["RULE_ID"] = $re[1];
$MAIN_ARRAY["RULE_ID"] = $re[1];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::found ID:{$GLOBALS["RULE_ID"]} [" . __LINE__ . "]");
}
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::Analyze {$re[0]} [" . __LINE__ . "]");
}
$url = str_replace($re[0], "", $url);
}
if (preg_match("#(http|ftp|https|ftps):\\/\\/(.*)#i", $url, $re)) {
$uri = $re[1] . "://" . $re[2];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::found uri {$uri} [" . __LINE__ . "]");
}
$url = trim(str_replace($uri, "", $url));
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::Analyze {$url} [" . __LINE__ . "]");
}
}
if ($uri == null) {
if (preg_match("#^(.*?):([0-9]+)\$#i", $url, $re)) {
$uri = "http://" . $re[1];
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::found uri {$uri} [" . __LINE__ . "]");
}
$url = trim(str_replace($re[1] . ":" . $re[2], "", $url));
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::Analyze \"{$url}\" [" . __LINE__ . "]");
}
}
}
if ($uri != null) {
$URLAR = parse_url($uri);
if (isset($URLAR["host"])) {
$rhost = $URLAR["host"];
}
}
$tr = explode(" ", $url);
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
while (list($index, $line) = each($tr)) {
WLOG("parseURL()::tr[{$index}] = {$line}");
}
}
//max auth=4
if (count($tr) == 4) {
$login = $tr[0];
$ipaddr = $tr[1];
$mac = $tr[2];
$forwarded = $tr[3];
if (isset($tr[4])) {
$uri = $tr[4];
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $forwarded)) {
$ipaddr = $forwarded;
}
if ($mac == null) {
$mac = GetMacFromIP($ipaddr);
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
$MAIN_ARRAY["LOGIN"] = $login;
$MAIN_ARRAY["IPADDR"] = $ipaddr;
$MAIN_ARRAY["MAC"] = $mac;
$MAIN_ARRAY["HOST"] = GetComputerName($ipaddr);
$MAIN_ARRAY["URI"] = $uri;
$MAIN_ARRAY["RHOST"] = $rhost;
$GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY);
return $MAIN_ARRAY;
}
if (count($tr) == 3) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::count --> 3");
}
if (preg_match("#^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+\$#", $tr[0])) {
//ip en premier donc mac=ok, pas de login
$login = null;
$ipaddr = $tr[0];
$mac = $tr[1];
$forwarded = $tr[2];
if (isset($tr[3])) {
$uri = $tr[3];
}
} else {
//login en premier donc mac=bad
$login = $tr[0];
$ipaddr = $tr[1];
$forwarded = $tr[2];
if (isset($tr[3])) {
$uri = $tr[3];
}
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
if (preg_match("#[0-9]+\\[0-9]+\\.[0-9]+\\.[0-9]+#", $forwarded)) {
$ipaddr = $forwarded;
}
if ($mac == null) {
$mac = GetMacFromIP($ipaddr);
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
$MAIN_ARRAY["LOGIN"] = $login;
$MAIN_ARRAY["IPADDR"] = $ipaddr;
$MAIN_ARRAY["MAC"] = $mac;
$MAIN_ARRAY["HOST"] = GetComputerName($ipaddr);
$MAIN_ARRAY["URI"] = $uri;
$MAIN_ARRAY["RHOST"] = $rhost;
$GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY);
return $MAIN_ARRAY;
}
if (count($tr) == 2) {
if ($GLOBALS["DEBUG_LEVEL"] > 1) {
WLOG("parseURL()::count --> 2");
}
//pas de login et pas de MAC;
$login = null;
$ipaddr = $tr[0];
$mac = null;
$forwarded = $tr[1];
if (isset($tr[2])) {
$uri = $tr[2];
}
if (preg_match("#[0-9]+\\[0-9]+\\.[0-9]+\\.[0-9]+#", $forwarded)) {
$ipaddr = $forwarded;
}
}
if ($mac == null) {
$mac = GetMacFromIP($ipaddr);
} else {
if ($mac == "00:00:00:00:00:00") {
$mac = null;
$mac = GetMacFromIP($ipaddr);
}
}
if ($mac == "00:00:00:00:00:00") {
$mac = null;
}
$MAIN_ARRAY["LOGIN"] = $login;
$MAIN_ARRAY["IPADDR"] = $ipaddr;
$MAIN_ARRAY["MAC"] = $mac;
$MAIN_ARRAY["HOST"] = GetComputerName($ipaddr);
$MAIN_ARRAY["URI"] = $uri;
$MAIN_ARRAY["RHOST"] = $rhost;
$GLOBALS["CACHE_URI"][$md5] = serialize($MAIN_ARRAY);
return $MAIN_ARRAY;
}
function haproxy_events()
{
$qs = new mysql_squid_builder();
$q = new mysql_haproxy_builder();
if (!($handle = opendir("{$GLOBALS["ARTICALOGDIR"]}/haproxy-rtm"))) {
@mkdir("{$GLOBALS["ARTICALOGDIR"]}/haproxy-rtm", 0755, true);
return;
}
$hash = array();
$prefixMid = " (sitename,uri,td,http_code,client,hostname,familysite,service,backend,zDate,size,MAC,zMD5,statuslb)";
while (false !== ($filename = readdir($handle))) {
if ($filename == ".") {
continue;
}
if ($filename == "..") {
continue;
}
$targetFile = "{$GLOBALS["ARTICALOGDIR"]}/haproxy-rtm/{$filename}";
$countDeFiles++;
$ARRAY = unserialize(@file_get_contents($targetFile));
while (list($key, $value) = each($ARRAY)) {
$ARRAY[$key] = trim(addslashes($value));
}
$ARRAY["MAC"] = GetMacFromIP($ARRAY["SOURCE"]);
$hostname = GetComputerName($ARRAY["SOURCE"]);
$dayhour = date("YmdH", $ARRAY["TIME"]);
$time = date("H:i:s", $ARRAY["TIME"]);
$fulldate = date('Y-m-d H:i:s', $ARRAY["TIME"]);
$table = "hour_{$dayhour}";
if (preg_match("#(.+?)\\s+(.*?)#", $ARRAY["SERVICE"], $ri)) {
$ARRAY["SERVICE"] = $ri[1];
}
if (preg_match("#(.+?)\\s+(.*?)#", $ARRAY["BACKEND"], $ri)) {
$ARRAY["BACKEND"] = $ri[1];
}
$uri = $ARRAY["URI"];
$md5 = md5(serialize($ARRAY));
if (preg_match("#^(?:[^/]+://)?([^/:]+)#", $uri, $re)) {
$sitename = $re[1];
if (preg_match("#^www\\.(.+)#", $sitename, $ri)) {
$sitename = $ri[1];
}
$familysite = $qs->GetFamilySites($sitename);
}
$linsql = "('{$sitename}','{$uri}','{$ARRAY["TD"]}','{$ARRAY["HTTP_CODE"]}','{$ARRAY["SOURCE"]}','{$hostname}','{$familysite}','{$ARRAY["SERVICE"]}','{$ARRAY["BACKEND"]}','{$fulldate}','{$ARRAY["BYTES"]}','{$ARRAY["MAC"]}','{$md5}','{$ARRAY["STATUSLB"]}')";
$hash[$table][] = $linsql;
if ($GLOBALS["VERBOSE"]) {
echo "Remove: {$targetFile}\n";
}
@unlink($targetFile);
if (system_is_overloaded()) {
break;
}
}
while (list($table, $tr) = each($hash)) {
if (trim($table) == null) {
continue;
}
if (!$q->create_TableHour($table)) {
@mkdir("{$GLOBALS["ARTICALOGDIR"]}/haproxy-errors", 0755, true);
@file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/haproxy-errors/" . md5(serialize($hash)), serialize($hash));
return;
}
$sql = "INSERT IGNORE INTO {$table} {$prefixMid} VALUES " . @implode(",", $tr);
$q->QUERY_SQL($sql);
if (!$q->ok) {
WriteMyLogs($q->mysql_error, __FUNCTION__, __FILE__, __LINE__);
@mkdir("{$GLOBALS["ARTICALOGDIR"]}/haproxy-errors", 0755, true);
@file_put_contents("{$GLOBALS["ARTICALOGDIR"]}/haproxy-errors/" . md5(serialize($hash)), serialize($hash));
return;
}
}
haproxy_errors();
}
function Builsql($CLIENT, $username = null, $uri, $code_error, $size = 0, $time)
{
$squid_error["100"] = "Continue";
$squid_error["101"] = "Switching Protocols";
$squid_error["102"] = "Processing";
$squid_error["200"] = "Pass";
$squid_error["201"] = "Created";
$squid_error["202"] = "Accepted";
$squid_error["203"] = "Non-Authoritative Information";
$squid_error["204"] = "No Content";
$squid_error["205"] = "Reset Content";
$squid_error["206"] = "Partial Content";
$squid_error["207"] = "Multi Status";
$squid_error["300"] = "Multiple Choices";
$squid_error["301"] = "Moved Permanently";
$squid_error["302"] = "Moved Temporarily";
$squid_error["303"] = "See Other";
$squid_error["304"] = "Not Modified";
$squid_error["305"] = "Use Proxy";
$squid_error["307"] = "Temporary Redirect";
$squid_error["400"] = "Bad Request";
$squid_error["401"] = "Unauthorized";
$squid_error["402"] = "Payment Required";
$squid_error["403"] = "Forbidden";
$squid_error["404"] = "Not Found";
$squid_error["405"] = "Method Not Allowed";
$squid_error["406"] = "Not Acceptable";
$squid_error["407"] = "Proxy Authentication Required";
$squid_error["408"] = "Request Timeout";
$squid_error["409"] = "Conflict";
$squid_error["410"] = "Gone";
$squid_error["411"] = "Length Required";
$squid_error["412"] = "Precondition Failed";
$squid_error["413"] = "Request Entity Too Large";
$squid_error["414"] = "Request URI Too Large";
$squid_error["415"] = "Unsupported Media Type";
$squid_error["416"] = "Request Range Not Satisfiable";
$squid_error["417"] = "Expectation Failed";
$squid_error["424"] = "Locked";
$squid_error["424"] = "Failed Dependency";
$squid_error["433"] = "Unprocessable Entity";
$squid_error["500"] = "Internal Server Error";
$squid_error["501"] = "Not Implemented";
$squid_error["502"] = "Bad Gateway";
$squid_error["503"] = "Service Unavailable";
$squid_error["504"] = "Gateway Timeout";
$squid_error["505"] = "HTTP Version Not Supported";
$squid_error["507"] = "Insufficient Storage";
$squid_error["600"] = "Squid header parsing error";
if (preg_match("#^(?:[^/]+://)?([^/:]+)#", $uri, $re)) {
$sitename = $re[1];
} else {
events("unable to extract domain name from {$uri}");
return false;
}
$TYPE = $squid_error[$code_error];
$REASON = $TYPE;
$CLIENT = trim($CLIENT);
$date = date('Y-m-d') . " " . $time;
if ($username == null) {
$username = GetComputerName($ip);
}
if ($size == null) {
$size = 0;
}
if (trim($GLOBALS["IPs"][$sitename]) == null) {
$site_IP = trim(gethostbyname($sitename));
$GLOBALS["IPs"][$sitename] = $site_IP;
} else {
$site_IP = $GLOBALS["IPs"][$sitename];
}
if (count($_GET["IPs"]) > 5000) {
unset($_GET["IPs"]);
}
if (count($_GET["COUNTRIES"]) > 5000) {
unset($_GET["COUNTRIES"]);
}
if (trim($GLOBALS["COUNTRIES"][$site_IP]) == null) {
if (function_exists("geoip_record_by_name")) {
if ($site_IP == null) {
$site_IP = $sitename;
}
$record = geoip_record_by_name($site_IP);
if ($record) {
$Country = $record["country_name"];
$GLOBALS["COUNTRIES"][$site_IP] = $Country;
}
}
} else {
$Country = $GLOBALS["COUNTRIES"][$site_IP];
}
$zMD5 = md5("{$uri}{$date}{$CLIENT}{$username}{$TYPE}{$Country}{$site_IP}");
events("{$date} {$REASON}:: {$CLIENT} ({$username}) -> {$sitename} ({$site_IP}) Country={$Country} REASON:\"{$REASON}\" TYPE::\"{$TYPE}\" size={$size}");
$uri = addslashes($uri);
$sql = "INSERT INTO dansguardian_events (`sitename`,`uri`,`TYPE`,`REASON`,`CLIENT`,`zDate`,`zMD5`,`remote_ip`,`country`,`QuerySize`,`uid`) \n\tVALUES('{$sitename}','{$uri}','{$TYPE}','{$REASON}','{$CLIENT}','{$date}','{$zMD5}','{$site_IP}','{$Country}','{$size}','{$username}');";
@file_put_contents("/var/log/artica-postfix/dansguardian-stats/{$zMD5}.sql", $sql);
}
