$url = 'http://' . $graylog_sec . ':12900/search/universal/relative/terms?field=source_ip&query=' . $e_query . '&range=' . $range;
echo "# " . $url;
$curl = curl_init();
$opt = array(CURLOPT_URL => $url, CURLOPT_USERAGENT => "Mozilla", CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => false, CURLOPT_CONNECTTIMEOUT => 10, CURLOPT_USERPWD => "{$graylog_api_user}:{$graylog_api_pass}", CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt_array($curl, $opt);
$output = curl_exec($curl);
$http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
curl_close($curl);
return $output;
}
$gl_json = json_decode(getGraylogMessages($TIME_PERIOD), true);
$list = $gl_json['terms'];
arsort($list);
$output .= "\n";
foreach ($list as $ip => $hits) {
if (valid_ipv4_host($ip)) {
if ($hits > $MIN_HITS) {
$output .= "{$hits} {$ip}\n";
}
}
if (valid_ipv6_host($ip)) {
$ip = compress($ip);
if ($hits > $MIN_HITS) {
$output .= "{$hits} {$ip}\n";
}
}
}
if (php_sapi_name() == "cli") {
echo $output;
} else {
echo "<pre>{$output}<pre>";
function type($ip)
{
if (!$ip) {
return false;
}
if (valid_ipv4_host($ip)) {
return "ipv4";
}
if (valid_ipv6_host($ip)) {
return "ipv6";
}
return "unknown";
}
