/** * Assembles the notification string * @param int $impact Impact of the potential attack * @param IDS_Report $result the result of PHPIDSs check * @param string $level the level of the potential attack * @return string the assembled notification */ private function getNotificationString($impact, IDS_Report $result, $level) { $retstr = "ZIDS detected a potential attack! ZIDS LEVEL: " . $level; foreach ($this->_logitems as $item) { switch ($item) { case "ip": $retstr .= " from IP: " . $_SERVER['REMOTE_ADDR']; break; case "impact": $retstr .= " Impact: " . $impact; break; case "tags": $retstr .= " Tags: " . implode(',', $result->getTags()); break; case "variables": $retstr .= " Variables: "; foreach ($result->getIterator() as $event) { $retstr .= $event->getName() . " (Tags: " . $event->getTags() . "; Value: " . $event->getValue() . "; Impact: " . $event->getImpact() . ") "; } break; } } return $retstr; }
/** * Assembles the HTML notification string for the email plugin * @param int $impact Impact of the potential attack * @param IDS_Report $result the result of PHPIDSs check * @param string $level the level of the potential attack * @param array $options options usually defined in application.ini * @return string the assembled notification */ private function assembleEmailText($impact, IDS_Report $result, $level, $options) { $retstr = "[HUKUMONLINE] detected a potential attack! @LEVEL: " . $level . "<br><br>"; // parse email items parameters $items = explode(',', isset($options['items']) ? $options['items'] : 'ip, impact, tags, variables'); array_walk($items, create_function('&$arr', '$arr=trim($arr);')); foreach ($items as $item) { switch ($item) { case "ip": $retstr .= " from IP: " . $_SERVER['REMOTE_ADDR'] . '<br>'; break; case "impact": $retstr .= " Impact: " . $impact . '<br>'; break; case "tags": $retstr .= " Tags: " . implode(',', $result->getTags()) . '<br>'; break; case "variables": $retstr .= " Variables: "; foreach ($result->getIterator() as $event) { $retstr .= $event->getName() . " (Tags: " . $event->getTags() . "; Value: " . $event->getValue() . "; Impact: " . $event->getImpact() . ")<br>"; } break; } } return $retstr; }