function PrintGeneralStats($db, $compact, $show_stats, $join = "", $where = "", $show_total_events = false) { global $events_report_type, $sensors_report_type, $unique_events_report_type, $unique_plugins_report_type; global $unique_addr_report_type, $src_port_report_type, $dst_port_report_type, $unique_iplinks_report_type; global $unique_country_events_report_type; global $siem_events_title, $cloud_instance; if ($show_stats == 1) { $sensor_cnt = SensorCnt($db, $join, $where); $sensor_total = SensorTotal($db); $unique_alert_cnt = UniqueAlertCnt($db, $join, $where); $event_cnt = EventCnt($db, $join, $where); $unique_ip_cnt = UniqueIPCnt($db, $join, $where); $unique_links_cnt = UniqueLinkCnt($db, $join, $where); $unique_port_cnt = UniquePortCnt($db, $join, $where); $unique_tcp_port_cnt = UniqueTCPPortCnt($db, $join, $where); $unique_udp_port_cnt = UniqueUDPPortCnt($db, $join, $where); } /*if ($db->baseGetDBversion() >= 103) { if ($show_stats == 1) { $result = $db->baseExecute("SELECT categories FROM event_stats ORDER BY timestamp DESC LIMIT 1"); $myrow = $result->baseFetchRow(); $class_cnt = $myrow[0]; $result->baseFreeRows(); } $class_cnt_info[0] = " <strong>" . gettext("Categories:") . " </strong>"; $class_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_class.php?sort_order=class_a\">"; $class_cnt_info[2] = "</a><a style='color:black;font-weight:bold' href=\"base_stat_class_graph.php?sort_order=class_a\"> <img src=\"images/ico_graph.gif\" align=\"absmiddle\" border=0></a>"; }*/ $sensor_cnt_info[0] = "<strong>" . gettext("Sensors/Total:") . "</strong>\n"; $sensor_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_sensor.php?sort_order=occur_d\">"; $sensor_cnt_info[2] = "</a>"; $unique_alert_cnt_info[0] = "<strong>" . gettext("Unique Events") . ":</strong>\n"; $unique_alert_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_alerts.php?sort_order=occur_d\">"; $unique_alert_cnt_info[2] = "</a>"; $unique_plugin_cnt_info[0] = "<strong>" . _("Unique Data Sources") . "</strong>\n"; $unique_plugin_cnt_info[1] = "<a style='color:black;font-weight:bold' href=\"base_stat_plugins.php?sort_order=occur_d\">"; $unique_plugin_cnt_info[2] = "</a>"; $event_cnt_info[0] = "<strong>" . gettext("Total Number of Events:") . "</strong>\n"; $event_cnt_info[1] = '<a style=\'color:black;font-weight:bold\' href="base_qry_main.php?&num_result_rows=-1' . '&submit=' . gettext("Query+DB") . '&current_view=-1">'; $event_cnt_info[2] = "</a>"; $unique_src_ip_cnt_info[0] = gettext("Src IP addrs:"); $unique_src_ip_cnt_info[1] = " " . BuildUniqueAddressLink(1, "", "color:black;font-weight:bold"); $unique_src_ip_cnt_info[2] = "</a>"; $unique_dst_ip_cnt_info[0] = gettext("Dest. IP addrs:"); $unique_dst_ip_cnt_info[1] = " " . BuildUniqueAddressLink(2, "", "color:black;font-weight:bold"); $unique_dst_ip_cnt_info[2] = "</a>"; $unique_ip_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_uaddress.php?sort_order=occur_d\">"; $unique_ip_cnt_info[2] = "</a>"; $unique_links_info[0] = gettext("Unique IP links"); $unique_links_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=no\">"; $unique_links_info[2] = "</a>"; $unique_links_fqdn = " <a style='color:black;font-weight:bold' href=\"base_stat_iplink.php?sort_order=events_d&fqdn=yes\">[FQDN]</a>"; $unique_src_port_cnt_info[0] = gettext("Source Ports: "); $unique_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=-1\">"; $unique_src_port_cnt_info[2] = "</a>"; $unique_dst_port_cnt_info[0] = gettext("Dest Ports: "); $unique_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=-1\">"; $unique_dst_port_cnt_info[2] = "</a>"; $unique_tcp_src_port_cnt_info[0] = "TCP ("; $unique_tcp_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=" . TCP . "\">"; $unique_tcp_src_port_cnt_info[2] = "</a>)"; $unique_tcp_dst_port_cnt_info[0] = "TCP ("; $unique_tcp_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=" . TCP . "\">"; $unique_tcp_dst_port_cnt_info[2] = "</a>)"; $unique_udp_src_port_cnt_info[0] = "UDP ("; $unique_udp_src_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=1&proto=" . UDP . "\">"; $unique_udp_src_port_cnt_info[2] = "</a>)"; $unique_udp_dst_port_cnt_info[0] = "UDP ("; $unique_udp_dst_port_cnt_info[1] = " <a style='color:black;font-weight:bold' href=\"base_stat_ports.php?sort_order=occur_d&port_type=2&proto=" . UDP . "\">"; $unique_udp_dst_port_cnt_info[2] = "</a>)"; if ($show_stats == 1) { echo $unique_alert_cnt_info[0] . $unique_alert_cnt_info[1] . $unique_alert_cnt . $unique_alert_cnt_info[2] . "\n<br />"; echo $sensor_cnt_info[0] . $sensor_cnt_info[1] . $sensor_cnt . $sensor_cnt_info[2] . $sensor_total . "\n<br />"; if ($db->baseGetDBversion() >= 103) { echo "<br />" . $class_cnt_info[0] . $class_cnt_info[1] . $class_cnt . $class_cnt_info[2]; } echo "<br />"; echo $event_cnt_info[0] . $event_cnt_info[1] . $event_cnt . $event_cnt_info[2]; echo "<ul>"; echo "<li>" . $unique_src_ip_cnt_info[0] . $unique_src_ip_cnt_info[1] . $unique_ip_cnt[0] . $unique_src_ip_cnt_info[2] . "</li>"; echo "<li>" . $unique_dst_ip_cnt_info[0] . $unique_dst_ip_cnt_info[1] . $unique_ip_cnt[1] . $unique_dst_ip_cnt_info[2] . "</li>"; echo "<li>" . $unique_links_info[0] . $unique_links_info[1] . $unique_links_cnt . $unique_links_info[2] . " (" . $unique_links_fqdn . ")</li>"; echo "<li>"; if ($compact == 0) { echo "<p>"; } echo $unique_src_port_cnt_info[0] . $unique_src_port_cnt_info[1] . $unique_port_cnt[0] . $unique_src_port_cnt_info[2] . "</li>"; if ($compact == 0) { echo "<li><ul><li>"; } else { echo "<li> -- "; } echo $unique_tcp_src_port_cnt_info[0] . $unique_tcp_src_port_cnt_info[1] . $unique_tcp_port_cnt[0] . $unique_tcp_src_port_cnt_info[2] . " " . $unique_udp_src_port_cnt_info[0] . $unique_udp_src_port_cnt_info[1] . $unique_udp_port_cnt[0] . $unique_udp_src_port_cnt_info[2]; if ($compact == 0) { echo "</li></ul></li>"; } echo "<li>" . $unique_dst_port_cnt_info[0] . $unique_dst_port_cnt_info[1] . $unique_port_cnt[1] . $unique_dst_port_cnt_info[2] . "</li>"; if ($compact == 0) { echo "<li><ul><li>"; } else { echo "<li> -- "; } echo $unique_tcp_dst_port_cnt_info[0] . $unique_tcp_dst_port_cnt_info[1] . $unique_tcp_port_cnt[1] . $unique_tcp_dst_port_cnt_info[2] . " " . $unique_udp_dst_port_cnt_info[0] . $unique_udp_dst_port_cnt_info[1] . $unique_udp_port_cnt[1] . $unique_udp_dst_port_cnt_info[2]; if ($compact == 0) { echo "</li></ul>"; } echo "</li></ul>"; } else { echo "<table width='100%' cellpadding=0 cellspacing=0 border=0><tr><td valign='top'>"; if ($show_total_events) { $event_cnt = EventCnt($db, $join, $where); echo "<li>" . $event_cnt_info[0] . $event_cnt_info[1] . $event_cnt . $event_cnt_info[2] . "</li><li><p>"; } //echo "<ul style='padding-left:20px'>"; ?> <table cellpadding=2 style="border-left:1px solid #CACACA;border-bottom:1px solid #CACACA;border-right:1px solid #CACACA" cellspacing=0 border=0 width="100%"> <tr> <?php //$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; $fontcolor = preg_match("/base_qry_main\\.php/", $_SERVER['SCRIPT_NAME']) ? "white" : "black"; ?> <td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php echo $color; ?> "> <a style="color:<?php echo $fontcolor; ?> ;font-weight:bold" href='base_qry_main.php?num_result_rows=-1&submit=Query+DB¤t_view=-1'> <?php echo _("Events"); ?> </a> <?php if ($fontcolor == "white" && !$cloud_instance) { ?> <a href="javascript:;" onclick="javascript:report_launcher('Events_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('Events_Report','<?php echo $events_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php //$li_style = (preg_match("/base_stat_alerts\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_alerts\\.php|base_stat_alerts_graph\\.php/", $_SERVER['SCRIPT_NAME']) || preg_match("/base_stat_class\\.php|base_stat_class_graph\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_alert_cnt_info[1] = str_replace(":black", ":white", $unique_alert_cnt_info[1]); $class_cnt_info[1] = str_replace(":black", ":white", $class_cnt_info[1]); } //echo " <li$li_style>".$unique_alert_cnt_info[1].gettext("Unique Events").$unique_alert_cnt_info[2] . "</li>"; ?> <td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php echo $color; ?> "><?php echo $unique_alert_cnt_info[1] . gettext("Unique Events") . $unique_alert_cnt_info[2]; ?> <a href="base_stat_alerts_graph.php?sort_order=occur_d"><img src="images/ico_graph.gif" align="absmiddle" border=0></a> <?php if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_alerts\\.php/", $_SERVER['SCRIPT_NAME'])) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueEvents_Report','<?php echo $unique_events_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> <!--<br> (<?php echo $class_cnt_info[1] . gettext("classifications") . $class_cnt_info[2]; ?> )--> </td> <?php //$li_style = (preg_match("/base_stat_sensor\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_sensor\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $sensor_cnt_info[1] = str_replace(":black", ":white", $sensor_cnt_info[1]); } //echo " <li$li_style>".$sensor_cnt_info[1]. gettext("Sensors") . "</a></li>"; ?> <td nowrap align="center" style="border-right:1px solid #CACACA" bgcolor="<?php echo $color; ?> "><?php echo $sensor_cnt_info[1] . gettext("Sensors") . $sensor_cnt_info[2]; ?> <?php if ($color == "#28BC04" && !$cloud_instance) { ?> <a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('Sensors_Report','<?php echo $sensors_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php if ($db->baseGetDBversion() >= 103) { //$li_style = (preg_match("/base_stat_class\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_plugins\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_plugin_cnt_info[1] = str_replace(":black", ":white", $unique_plugin_cnt_info[1]); } //echo "<li$li_style> ( ".$class_cnt_info[1].gettext("classifications")."</a> )</li>"; ?> <td nowrap align="center" bgcolor="<?php echo $color; ?> "><?php echo $unique_plugin_cnt_info[1] . gettext("Unique Data Sources") . $unique_plugin_cnt_info[2]; ?> <?php if ($color == "#28BC04" && !$cloud_instance) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniquePlugin_Report','<?php echo $unique_plugins_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php } ?> </tr> <tr> <?php //$src_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=src' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>"; //$dst_lnk = "<a href='base_stat_uaddr.php?addr_type=".$_GET['addr_type']."&addhomeips=dst' title='Add home networks IPs to current search criteria'><img src='images/homelan.png' border=0 align='absmiddle'></a>"; //$li_style = (preg_match("/base_stat_uaddr\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_uaddr/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_src_ip_cnt_info[1] = str_replace(":black", ":white", $unique_src_ip_cnt_info[1]); $unique_dst_ip_cnt_info[1] = str_replace(":black", ":white", $unique_dst_ip_cnt_info[1]); $unique_ip_cnt_info[1] = str_replace(":black", ":white", $unique_ip_cnt_info[1]); if (!$cloud_instance) { $pdf = " <a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\"> "; $csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('UniqueAddress_Report" . intval($_GET['addr_type']) . "','{$unique_addr_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a> "; } else { $pdf = ""; $csv = ""; } if ($_GET['addr_type'] == '1') { $unique_src_ip_cnt_info[2] .= $pdf . $csv; } if ($_GET['addr_type'] == '2') { $unique_dst_ip_cnt_info[2] .= $pdf . $csv; } } else { $pdf = "<br>"; $csv = ""; } // echo " <li$li_style>".gettext("Unique addresses: "). // $unique_src_ip_cnt_info[1].gettext("Source").' | '.$unique_src_ip_cnt_info[2]. // $unique_dst_ip_cnt_info[1].gettext("Destination").$unique_dst_ip_cnt_info[2]."</li>"; //echo "</td><td valign='top' style='padding-left:10px'>"; $addrtype1 = $_GET['addr_type'] == '1' ? "underline" : "none"; $addrtype2 = $_GET['addr_type'] == '2' ? "underline" : "none"; $report_type = $_GET['proto'] == '6' ? 1 : ($_GET['proto'] == '17' ? 2 : 0); ?> <td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php if ($color == "#28BC04") { echo "color:white"; } ?> ' bgcolor="<?php echo $color; ?> "><?php echo $unique_ip_cnt_info[1] . gettext("Unique addresses") . $unique_ip_cnt_info[2] . ":<br>" . $unique_src_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype1}'>" . gettext("Source") . "</font>" . $unique_src_ip_cnt_info[2] . " | " . $unique_dst_ip_cnt_info[1] . "<font style='text-decoration:{$addrtype2}'>" . gettext("Destination") . "</font>" . $unique_dst_ip_cnt_info[2]; ?> </td> <?php //$li_style = (preg_match("/base_stat_ports\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_ports\\.php/", $_SERVER['SCRIPT_NAME']) && $_GET['port_type'] == 1 ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_src_port_cnt_info[1]); $unique_tcp_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_tcp_src_port_cnt_info[1]); $unique_udp_src_port_cnt_info[1] = str_replace(":black", ":white", $unique_udp_src_port_cnt_info[1]); if (!$cloud_instance) { $pdf = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">"; $csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('SourcePort_Report{$report_type}','{$src_port_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a><br>"; } else { $pdf = "<br>"; $csv = ""; } } else { $pdf = "<br>"; $csv = ""; } //echo "<li$li_style>".$unique_src_port_cnt_info[1].gettext("Source")." ".$unique_src_port_cnt_info[2].gettext("Port").": ". // $unique_tcp_src_port_cnt_info[1]." TCP</a> | ". // $unique_tcp_src_port_cnt_info[1]." TCP</a> | ". // $unique_udp_src_port_cnt_info[1]." UDP</a>". // "</li><li$li_style>". // $unique_dst_port_cnt_info[1].gettext("Destination")." ".$unique_dst_port_cnt_info[2].gettext("Port").": ". // $unique_tcp_dst_port_cnt_info[1]." TCP</a> | ". // $unique_udp_dst_port_cnt_info[1]." UDP</a>" . // "</li>"; $sprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '1' ? "underline" : "none"; $sprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '1' ? "underline" : "none"; $dprototcp = $_GET['proto'] == '6' && $_GET['port_type'] == '2' ? "underline" : "none"; $dprotoudp = $_GET['proto'] == '17' && $_GET['port_type'] == '2' ? "underline" : "none"; ?> <td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php if ($color == "#28BC04") { echo "color:white"; } ?> ' bgcolor="<?php echo $color; ?> "><?php echo $unique_src_port_cnt_info[1] . gettext("Source Port") . $unique_src_port_cnt_info[2] . ": {$pdf} {$csv}" . $unique_tcp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprototcp}'>TCP</font></a> | " . $unique_udp_src_port_cnt_info[1] . " <font style='text-decoration:{$sprotoudp}'>UDP</font></a>"; ?> </td> <?php $color = preg_match("/base_stat_ports\\.php/", $_SERVER['SCRIPT_NAME']) && $_GET['port_type'] == 2 ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_dst_port_cnt_info[1]); $unique_tcp_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_tcp_dst_port_cnt_info[1]); $unique_udp_dst_port_cnt_info[1] = str_replace(":black", ":white", $unique_udp_dst_port_cnt_info[1]); if (!$cloud_instance) { $pdf = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','pdf');return false\"><img src=\"images/pdf-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Launch PDF Report") . "\">"; $csv = "<a href=\"javascript:;\" onclick=\"javascript:report_launcher('DestinationPort_Report{$report_type}','{$dst_port_report_type}');return false\"><img src=\"images/csv-icon.png\" border=\"0\" align=\"absmiddle\" title=\"" . _("Download data in csv format") . "\"></a><br>"; } else { $pdf = "<br>"; $csv = ""; } } else { $pdf = "<br>"; $csv = ""; } ?> <td align="center" style='border-right:1px solid #CACACA;border-top:1px solid #CACACA;<?php if ($color == "#28BC04") { echo "color:white"; } ?> ' bgcolor="<?php echo $color; ?> "><?php echo $unique_dst_port_cnt_info[1] . gettext("Destination Port") . $unique_dst_port_cnt_info[2] . ": {$pdf} {$csv}" . $unique_tcp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprototcp}'>TCP</font></a> | " . $unique_udp_dst_port_cnt_info[1] . " <font style='text-decoration:{$dprotoudp}'>UDP</font></a>"; ?> </td> <?php //$li_style = (preg_match("/base_stat_iplink\.php/",$_SERVER['SCRIPT_NAME'])) ? " style='color:#F37914'" : ""; $color = preg_match("/base_stat_iplink\\.php|base_stat_country\\.php/", $_SERVER['SCRIPT_NAME']) ? "#28BC04" : "#FFFFFF"; if ($color == "#28BC04") { $unique_links_info[1] = str_replace(":black", ":white", $unique_links_info[1]); $unique_links_fqdn = str_replace(":black", ":white", $unique_links_fqdn); } //echo "<li$li_style>".$unique_links_info[1].$unique_links_info[0].$unique_links_info[2]."</li>"; ?> <td nowrap align="center" style='border-top:1px solid #CACACA;' bgcolor="<?php echo $color; ?> "><?php echo $unique_links_info[1] . $unique_links_info[0] . $unique_links_info[2] . $unique_links_fqdn; ?> <?php if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_iplink\\.php/", $_SERVER['SCRIPT_NAME']) && GET('fqdn') == 'no') { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueIPLinks_Report','<?php echo $unique_iplinks_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> <br><a style='color:<?php echo $color == "#28BC04" ? "white" : "black"; ?> ;font-weight:bold' href="base_stat_country.php"><?php echo _("Unique Country Events"); ?> </a> <?php if ($color == "#28BC04" && !$cloud_instance && preg_match("/base_stat_country\\.php/", $_SERVER['SCRIPT_NAME'])) { ?> <a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','pdf');return false"><img src="images/pdf-icon.png" border="0" align="absmiddle" title="<?php echo _("Launch PDF Report"); ?> "></a> <a href="javascript:;" onclick="javascript:report_launcher('UniqueCountryEvents_Report','<?php echo $unique_country_events_report_type; ?> ');return false"><img src="images/csv-icon.png" border="0" align="absmiddle" title="<?php echo _("Download data in csv format"); ?> "></a> <?php } ?> </td> <?php //echo "</td></tr></table>"; ?> </tr> </table> <?php echo "</td></tr></table>"; } }
$sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort()); $sql = "SELECT DISTINCT sig_class_id, " . " COUNT(acid_event.cid) as num_events," . " COUNT( DISTINCT acid_event.sid) as num_sensors, " . " COUNT( DISTINCT signature ) as num_sig, " . " COUNT( DISTINCT ip_src ) as num_sip, " . " COUNT( DISTINCT ip_dst ) as num_dip, " . " min(timestamp) as first_timestamp, " . " max(timestamp) as last_timestamp " . $sort_sql[0] . $from . $where . " GROUP BY sig_class_id " . $sort_sql[1]; //echo $sql."<br>"; // use accumulate tables only with timestamp criteria if ($use_ac) { $where = $more = $sqla = $sqlb = $sqlc = $sqld = ""; if (preg_match("/timestamp/", $criteria_clauses[1])) { $where = "WHERE " . str_replace("timestamp", "day", $criteria_clauses[1]); $sqla = " and ac_alertsclas_classid.day=ac_alertsclas_sid.day"; $sqlb = " and ac_alertsclas_classid.day=ac_alertsclas_signature.day"; $sqlc = " and ac_alertsclas_classid.day=ac_alertsclas_ipsrc.day"; $sqld = " and ac_alertsclas_classid.day=ac_alertsclas_ipdst.day"; } $orderby = str_replace("acid_event.", "", $sort_sql[1]); $sql = "SELECT SQL_CALC_FOUND_ROWS DISTINCT sig_class_id, sum(cid) as num_events,\n (select count(distinct(sid)) from ac_alertsclas_sid where ac_alertsclas_classid.sig_class_id=ac_alertsclas_sid.sig_class_id {$sqla}) as num_sensors,\n (select count(distinct(signature)) from ac_alertsclas_signature where ac_alertsclas_classid.sig_class_id=ac_alertsclas_signature.sig_class_id {$sqlb}) as num_sig,\n (select count(distinct(ip_src)) from ac_alertsclas_ipsrc where ac_alertsclas_classid.sig_class_id=ac_alertsclas_ipsrc.sig_class_id {$sqlc}) as num_sip,\n (select count(distinct(ip_dst)) from ac_alertsclas_ipdst where ac_alertsclas_classid.sig_class_id=ac_alertsclas_ipdst.sig_class_id {$sqld}) as num_dip,\n min(first_timestamp) as first_timestamp, max(last_timestamp) as last_timestamp\n FROM ac_alertsclas_classid FORCE INDEX(primary) {$where} GROUP BY sig_class_id {$orderby}"; $event_cnt = EventCnt($db, "", "", "SELECT sum(cid) FROM ac_alertsclas_classid {$where}"); } //echo $sql; /* Run the Query again for the actual data (with the LIMIT) */ $result = $qs->ExecuteOutputQuery($sql, $db); if ($use_ac) { $qs->GetCalcFoundRows($cnt_sql, $db); } $et->Mark("Retrieve Query Data"); if ($debug_mode == 1) { $qs->PrintCannedQueryList(); $qs->DumpState(); echo "{$sql}<BR>"; } /* Print the current view number and # of rows */ $qs->PrintResultCnt();
$orderby = str_replace("acid_event.", "", $sort_sql[1]); $sql = "SELECT SQL_CALC_FOUND_ROWS DISTINCT plugin_id, plugin_sid, \n sum(sig_cnt) as sig_cnt,\n min(ac_alerts_signature.first_timestamp) as first_timestamp,\n max(ac_alerts_signature.last_timestamp) as last_timestamp,\n (select count(distinct(sid)) from ac_alerts_sid where ac_alerts_signature.plugin_id=ac_alerts_sid.plugin_id AND ac_alerts_signature.plugin_sid=ac_alerts_sid.plugin_sid {$sqla}) as sid_cnt,\n (select count(distinct(ip_src)) from ac_alerts_ipsrc where ac_alerts_signature.plugin_id=ac_alerts_ipsrc.plugin_id AND ac_alerts_signature.plugin_sid=ac_alerts_ipsrc.plugin_sid {$sqlb}) as saddr_cnt,\n (select count(distinct(ip_dst)) from ac_alerts_ipdst where ac_alerts_signature.plugin_id=ac_alerts_ipdst.plugin_id AND ac_alerts_signature.plugin_sid=ac_alerts_ipdst.plugin_sid {$sqlc}) as daddr_cnt\n FROM ac_alerts_signature FORCE INDEX(primary) \n WHERE ac_alerts_signature.sig_cnt>0 {$where} GROUP BY plugin_id, plugin_sid {$orderby}"; $event_cnt = EventCnt($db, "", "", "SELECT sum(sig_cnt) FROM ac_alerts_signature FORCE INDEX(primary) " . preg_replace("/^AND /", "WHERE ", $where)); /* $sql = "SELECT SQL_CALC_FOUND_ROWS DISTINCT signature, sum(sig_cnt) as sig_cnt, min(ac_alerts_signature.first_timestamp) as first_timestamp, max(ac_alerts_signature.last_timestamp) as last_timestamp, sig_name, (select count(distinct(sid)) from ac_alerts_sid where ac_alerts_signature.signature=ac_alerts_sid.signature $sqla) as sig_cnt, (select count(distinct(ip_src)) from ac_alerts_ipsrc where ac_alerts_signature.signature=ac_alerts_ipsrc.signature $sqlb) as saddr_cnt, (select count(distinct(ip_dst)) from ac_alerts_ipdst where ac_alerts_signature.signature=ac_alerts_ipdst.signature $sqlc) as daddr_cnt, sig_class_id FROM ac_alerts_signature FORCE INDEX(primary) WHERE ac_alerts_signature.sig_cnt>0 $where GROUP BY signature, sig_name, sig_class_id $orderby"; $event_cnt = EventCnt($db, "", "", "SELECT sum(sig_cnt) FROM ac_alerts_signature FORCE INDEX(primary) WHERE ac_alerts_signature.sig_cnt>0 $where"); */ } else { $event_cnt = EventCnt($db, "", "", "SELECT count(*) " . $from . $where); if ($event_cnt == 0) { $event_cnt = 1; } } //echo $sql; echo $cnt_sql; /* Run the Query again for the actual data (with the LIMIT) */ $result = $qs->ExecuteOutputQuery($sql, $db); if ($use_ac) { $qs->GetCalcFoundRows($cnt_sql, $db); } $debug_time_mode >= 1 ? $et->Mark("Retrieve Query Data") : ''; if ($debug_mode == 1) { $qs->PrintCannedQueryList(); $qs->DumpState(); echo "{$sql}<BR>";
/* Setup the Query Results Table */ $qro = new QueryResultsOutput("base_stat_plugins.php?caller=" . $caller); //$qro->AddTitle(" "); $qro->AddTitle(_("Data Source")); $qro->AddTitle(_("Events"), "occur_a", " ", " ORDER BY events ASC, sensors DESC", "occur_d", ", ", " ORDER BY events DESC, sensors DESC"); $qro->AddTitle(gettext("Sensor") . " #", "sid_a", " ", " ORDER BY sensors ASC, events DESC", "sid_d", " ", " ORDER BY sensors DESC, events DESC"); $qro->AddTitle(gettext("Last Event")); $qro->AddTitle(gettext("Source Address")); $qro->AddTitle(gettext("Dest. Address")); $qro->AddTitle(gettext("Date") . " " . Util::timezone($tz)); $sort_sql = $qro->GetSortSQL($qs->GetCurrentSort(), $qs->GetCurrentCannedQuerySort()); /* mstone 20050309 add sig_name to GROUP BY & query so it can be used in postgres ORDER BY */ /* mstone 20050405 add sid & ip counts */ $sql = "select SQL_CALC_FOUND_ROWS max(acid_event.cid),acid_event.plugin_id,count(distinct acid_event.plugin_sid) as events,acid_event.timestamp,count(distinct acid_event.sid) as sensors,plugin.name " . $fromcnt . ",ossim.plugin " . $where . " AND plugin.id=acid_event.plugin_id GROUP BY acid_event.plugin_id " . $sort_sql[1]; //echo $sql; $event_cnt = EventCnt($db, "", "", $sql); if ($event_cnt == 0) { $event_cnt = 1; } /* Run the Query again for the actual data (with the LIMIT) */ $result = $qs->ExecuteOutputQuery($sql, $db); $qs->GetCalcFoundRows($cnt_sql, $db); $debug_time_mode >= 1 ? $et->Mark("Retrieve Query Data") : ''; if ($debug_mode == 1) { $qs->PrintCannedQueryList(); $qs->DumpState(); echo "{$sql}<BR>"; } /* Print the current view number and # of rows */ $displaying = gettext("Displaying unique data sources %d-%d of <b>%s</b> matching your selection."); if (Session::am_i_admin()) {