function PrintEventsByIP($db, $ip) { $ip = Util::htmlentities($ip); global $debug_mode; $count = 0; /* Jeffs stuff */ /* Count total events for the given address */ $event_cnt = EventCntByAddr($db, $ip); /* Grab unique alerts and count them */ $unique_events = UniqueEventCntByAddr($db, $ip, $count); $unique_event_cnt = count($unique_events); printf("<B>" . gettext("%d unique events detected among %d events on %s") . "/32</B><BR>", $unique_event_cnt, $event_cnt, Util::htmlentities($ip)); /* Print the Statistics on Each of the Unique Alerts */ echo '<TABLE BORDER=0 class="table_list"> <TR> <TD CLASS="headerbasestat">' . gettext("TCP Flags") . '</TD> <TD CLASS="headerbasestat">' . gettext("Total<BR> Occurrences") . '</TD> <TD CLASS="headerbasestat">' . gettext("Num of Sensors") . '</TD> <TD CLASS="headerbasestat">' . gettext("First<BR> Occurrence") . '</TD> <TD CLASS="headerbasestat">' . gettext("Last<BR> Occurrence") . '</TD> </TR>'; for ($i = 0; $i < $unique_event_cnt; $i++) { $current_event = $unique_events[$i]; $total = UniqueEventTotalsByAddr($db, $ip, $current_event); $num_sensors = UniqueSensorCntByAddr($db, $ip, $current_event); $start_time = StartTimeForUniqueEventByAddr($db, $ip, $current_event); $stop_time = StopTimeForUniqueEventByAddr($db, $ip, $current_event); $cellcolor = $i % 2 != 0 ? "bgcolor='#f2f2f2'" : ""; /* Print out */ echo "<TR {$cellcolor}>"; // if ($debug_mode > 1) { // SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": Before BuildSigByID()"); // } $signame = BuildSigByPlugin($unique_events[$i][0], $unique_events[$i][1], $db); echo " <TD ALIGN='center'> " . str_replace("##", "", html_entity_decode($signame)); // if ($debug_mode > 1) { // SQLTraceLog(__FILE__ . ":" . __LINE__ . ":" . __FUNCTION__ . ": After BuildSigByID()"); // } $tmp_iplookup = 'base_qry_main.php?new=1&sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&num_result_rows=-1&submit=' . gettext("Query DB") . '¤t_view=-1&ip_addr_cnt=2' . BuildIPFormVars(urlencode($ip)); $tmp_sensor_lookup = 'base_stat_sensor.php?sig_type=1&sig%5B0%5D=%3D&sig%5B1%5D=' . urlencode($unique_events[$i][0] . ";" . $unique_events[$i][1]) . '&ip_addr_cnt=2' . BuildIPFormVars(urlencode($ip)); echo " <TD align='center'> <A HREF=\"{$tmp_iplookup}\">" . Util::htmlentities($total) . "</A> "; echo " <TD align='center'> <A HREF=\"{$tmp_sensor_lookup}\">" . Util::htmlentities($num_sensors) . "</A> "; //echo " <TD align='center'> $num_sensors"; echo " <TD align='center'> {$start_time}"; echo " <TD align='center' valign='middle'> {$stop_time}"; echo '</TR>'; } echo "</TABLE>\n"; }
} $sip_aux = $sensors[$currentIP] != "" ? $sensors[$currentIP] : ($hosts[$currentIP] != "" ? $hosts[$currentIP] : $currentIP); $div = '<div id="' . $currentIP . ';' . $ip_aux . '" class="HostReportMenu">'; $bdiv = '</div>'; qroPrintEntry($div . BuildAddressLink($currentIP, 32) . $currentIP . '</A> ' . $country_img . $homelan . $bdiv, 'center', '', 'nowrap'); } if ($resolve_IP == 1) { qroPrintEntry(' ' . baseGetHostByAddr($currentIP, $db, $dns_cache_lifetime) . ' '); } /* Print # of Occurances */ $tmp_iplookup = 'base_qry_main.php?num_result_rows=-1' . '&submit=' . gettext("Query+DB") . '&current_view=-1'; $tmp_iplookup2 = 'base_stat_alerts.php?num_result_rows=-1' . '&submit=' . gettext("Query+DB") . '&current_view=-1&sort_order=occur_d'; if ($no_ip) { $url_criteria = BuildIPFormVars(NULL_IP); } else { $url_criteria = BuildIPFormVars($currentIP); } if ($no_ip) { $url_criteria_src = BuildSrcIPFormVars(NULL_IP); } else { $url_criteria_src = BuildSrcIPFormVars($currentIP); } if ($no_ip) { $url_criteria_dst = BuildDstIpFormVars(NULL_IP); } else { $url_criteria_dst = BuildDstIPFormVars($currentIP); } qroPrintEntry($num_sensors); qroPrintEntry('<A HREF="' . $tmp_iplookup . $url_criteria . '">' . $num_events . '</A>'); qroPrintEntry('<A HREF="' . $tmp_iplookup2 . $url_criteria_src . '">' . $num_sig_src . '</A>'); qroPrintEntry('<A HREF="' . $tmp_iplookup2 . $url_criteria_dst . '">' . $num_sig_dst . '</A>');