//$addr_type = ImportHTTPVar("addr_type", VAR_DIGIT); $addr_type = 1; $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $dst_ip = NULL; // Check role out and redirect if needed -- Kevin $roleneeded = 10000; $BUser = new BaseUser(); if ($BUser->hasRole($roleneeded) == 0 && $Use_Auth_System == 1) { base_header("Location: " . $BASE_urlpath . "/index.php"); } $et = new EventTiming($debug_time_mode); // The below three lines were moved from line 87 because of the odd errors some users were having /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $cs = new CriteriaState("base_stat_country.php", "&addr_type=1"); $cs->ReadState(); /* Dump some debugging information on the shared state */ if ($debug_mode > 0) { PrintCriteriaState(); } $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d"); $qs->MoveView($submit); /* increment the view if necessary */ if ($addr_type == SOURCE_IP) { $page_title = gettext("Unique Source Address(es)"); $results_title = gettext("Src IP address"); $addr_type_name = "ip_src"; } else { if ($addr_type != DEST_IP) {
// if ($debug_mode > 1) { // SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": After BuildSigByID()"); // } $tmp_iplookup = 'base_qry_main.php?new=1&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&num_result_rows=-1&submit=' . gettext("Query DB") . '¤t_view=-1&ip_addr_cnt=2' . BuildIPFormVars(urlencode($ip)); $tmp_sensor_lookup = 'base_stat_sensor.php?sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&ip_addr_cnt=2' . BuildIPFormVars(urlencode($ip)); echo " <TD align='center'> <A HREF=\"{$tmp_iplookup}\">" . Util::htmlentities($total) . "</A> "; echo " <TD align='center'> <A HREF=\"{$tmp_sensor_lookup}\">" . Util::htmlentities($num_sensors) . "</A> "; //echo " <TD align='center'> $num_sensors"; echo " <TD align='center'> {$start_time}"; echo " <TD align='center' valign='middle'> {$stop_time}"; echo '</TR>'; } echo "</TABLE>\n"; } $et = new EventTiming($debug_time_mode); $cs = new CriteriaState("base_stat_ipaddr.php"); $cs->ReadState(); $ip = ImportHTTPVar("ip", VAR_DIGIT | VAR_PERIOD); $ip = Util::htmlentities($ip); $netmask = ImportHTTPVar("netmask", VAR_DIGIT); $action = ImportHTTPVar("action", VAR_ALPHA); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; #$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); if ($netmask == '') { $netmask = "32"; } $page_title = $ip . '/' . $netmask; /* Connect to the Alert database */
require "base_conf.php"; require "vars_session.php"; $_SESSION['norefresh'] = 1; require "{$BASE_path}/includes/base_constants.inc.php"; require "{$BASE_path}/includes/base_include.inc.php"; include_once "{$BASE_path}/includes/base_action.inc.php"; include_once "{$BASE_path}/base_db_common.php"; include_once "{$BASE_path}/base_common.php"; include_once "{$BASE_path}/base_ag_common.php"; include_once "{$BASE_path}/base_qry_common.php"; require_once 'av_init.php'; Session::logcheck("analysis-menu", "EventsForensics"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password); $cs = new CriteriaState("base_qry_main.php", "&new=1&submit=" . gettext("Query+DB")); $cs->ReadState(); /* This call can include many values. */ $submit = Util::htmlentities(ImportHTTPVar("submit", VAR_DIGIT | VAR_PUNC | VAR_LETTER, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), gettext("Delete Entire Query"), gettext("Query DB"), gettext("ADD TIME"), gettext("ADD Addr"), gettext("ADD IP Field"), gettext("ADD TCP Port"), gettext("ADD TCP Field"), gettext("ADD UDP Port"), gettext("ADD UDP Field"), _ADDICMPFIELD))); if ($submit == "TCP") { $cs->criteria['layer4']->Set("TCP"); } if ($submit == "UDP") { $cs->criteria['layer4']->Set("UDP"); } if ($submit == "ICMP") { $cs->criteria['layer4']->Set("ICMP"); } if ($submit == gettext("no layer4")) { $cs->criteria['layer4']->Set(""); }