}
qroPrintEntryHeader($i);
/* Generating checkbox value -- nikns */
$addr_type == SOURCE_IP ? $src_ip = $myrow[0] : ($dst_ip = $myrow[0]);
$tmp_rowid = $src_ip . "_" . $dst_ip;
echo ' <TD><INPUT TYPE="checkbox" NAME="action_chk_lst[' . $i . ']" VALUE="' . $tmp_rowid . '">';
echo ' <INPUT TYPE="hidden" NAME="action_lst[' . $i . ']" VALUE="' . $tmp_rowid . '"></TD>';
/* Check for a NULL IP which indicates an event (e.g. portscan)
* which has no IP
*/
if ($no_ip) {
qroPrintEntry('<A HREF="' . $BASE_urlpath . '/help/base_app_faq.php#1">' . gettext("unknown") . '</A>');
} else {
$country = strtolower(geoip_country_code_by_addr($gi, $currentIP));
$country_name = geoip_country_name_by_addr($gi, $currentIP);
$homelan = ($match_cidr = Net::is_ip_in_cache_cidr($_conn, $currentIP)) || in_array($currentIP, $hosts_ips) ? " <a href='javascript:;' class='scriptinfo' style='text-decoration:none' ip='{$currentIP}'><img src=\"" . Host::get_homelan_icon($currentIP, $icons, $match_cidr, $_conn) . "\" border=0></a>" : "";
if ($country) {
$country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" title=\"" . $country_name . "\">";
$slnk = $current_url . "/pixmaps/flags/" . $country . ".png";
} else {
$country_img = "";
$slnk = $homelan != "" ? $current_url . "/forensics/images/homelan.png" : "";
}
$sip_aux = $sensors[$currentIP] != "" ? $sensors[$currentIP] : ($hosts[$currentIP] != "" ? $hosts[$currentIP] : $currentIP);
$div = '<div id="' . $currentIP . ';' . $ip_aux . '" class="HostReportMenu">';
$bdiv = '</div>';
qroPrintEntry($div . BuildAddressLink($currentIP, 32) . $currentIP . '</A> ' . $country_img . $homelan . $bdiv, 'center', '', 'nowrap');
}
if ($resolve_IP == 1) {
qroPrintEntry(' ' . baseGetHostByAddr($currentIP, $db, $dns_cache_lifetime) . ' ');
}
function host_row($host, $conn, $criterias, $has_criterias, $networks, $hosts_ips, $icons)
{
$ip = $host->get_ip();
$gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD);
$country = strtolower(geoip_country_code_by_addr($gi, $ip));
$country_name = geoip_country_name_by_addr($gi, $ip);
geoip_close($gi);
if ($country) {
$country_img = " <img src=\"../pixmaps/flags/" . $country . ".png\" alt=\"{$country_name}\" title=\"{$country_name}\">";
} else {
$country_img = "";
}
$homelan = ($match_cidr = Net::is_ip_in_cache_cidr($conn, $ip, $networks)) || in_array($ip, $hosts_ips) ? " <a href=\"javascript:;\" class=\"scriptinfo\" style=\"text-decoration:none\" ip=\"" . $ip . "\"><img src=\"" . Host::get_homelan_icon($ip, $icons, $match_cidr, $conn) . "\" border=0></a>" : "";
$os = Host_os::get_os_pixmap($conn, $ip);
$row = '
<tr>
<td style="padding-bottom:10px" class="nobborder">
<table class="noborder" style="background-color:white">
<tr>
<td class="nobborder"><a href="../report/host_report.php?host=' . $ip . '" id="' . $ip . ';' . $host->get_hostname() . '" class="HostReportMenu" style="color:#17457c;text-decoration:underline;font-size:15px;text-align:left"><b>' . $ip . '</b> <font style="font-size:12px">HostName: <b>' . $host->get_hostname() . '</b>' . $country_img . $homelan . ' ' . $os . '</font></a></td>
</tr>
<tr>
<td class="nobborder">
<table class="noborder" style="background-color:white" height="100%"><tr>';
foreach ($criterias as $type => $subtypes_arr) {
$row .= '<td class="nobborder" valign="top">' . Util::print_gadget($type, "white", criteria_row($conn, $ip, $type, $subtypes_arr, $has_criterias)) . '</td>';
}
$row .= '
</tr></table>
</td>
</tr>
</table>
</td>
</tr>';
echo str_replace("\n", "", str_replace("\r", "", $row));
}
function DisplayProcessing()
{
global $self;
global $ListNOption;
global $TopNOption;
global $OutputFormatOption;
global $IPStatOption;
global $IPStatOrder;
global $LimitScale;
require_once 'classes/Session.inc';
require_once 'classes/Sensor.inc';
require_once 'ossim_db.inc';
$db_aux = new ossim_db();
$conn_aux = $db_aux->connect();
$sensors_list = Sensor::get_list($conn_aux);
$db_aux->close($conn_aux);
$detail_opts = $_SESSION['detail_opts'];
$process_form = $_SESSION['process_form'];
$type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2);
?>
<a name="processing"></a>
<table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr>
<td class='nobborder'><b><?php
echo _("Netflow Processing");
?>
</b></td>
<td class='noborder' style='text-align:center'>
[ <a href='javascript:lastsessions()'><?php
echo _("List last 500 sessions");
?>
</a> ]
[ <a href='javascript:launch("2","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src IPs");
?>
</a> ]
[ <a href='javascript:launch("3","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst IPs");
?>
</a> ]
[ <a href='javascript:launch("5","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src Port");
?>
</a> ]
[ <a href='javascript:launch("6","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst Port");
?>
</a> ]
[ <a href='javascript:launch("13","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Proto");
?>
</a> ]
</td></tr></table>
<form action="<?php
echo $self;
?>
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST">
<TABLE border="0" cellspacing="3" cellpadding="3" style='font-size:14px;font-weight:bold;width:100%'>
<tr>
<TD><?php
echo _("Source");
?>
:</TD>
<TD><?php
echo _("Filter");
?>
:</TD>
<TD><?php
echo _("Options");
?>
:</TD>
</tr>
<TR>
<TD style='vertical-align:top;border:none'>
<SELECT name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple>
<?php
foreach ($process_form['srcselector'] as $selected_channel) {
$_tmp[$selected_channel] = 1;
}
$i = 0;
foreach (array_keys($_SESSION['profileinfo']['channel']) as $channel) {
$has_perm = 0;
foreach ($sensors_list as $s) {
if ($channel == $s->get_name()) {
$has_perm = 1;
}
}
if (Session::am_i_admin()) {
$has_perm = 1;
}
if (!$has_perm) {
continue;
}
$checked = array_key_exists($channel, $_tmp) ? 'selected' : '';
print "<OPTION value='{$channel}' {$checked}>{$channel}</OPTION>\n";
}
?>
</SELECT><br>
<INPUT class="lbutton" TYPE="button" NAME="JSbutton2" Value="<?php
echo _("All Sources");
?>
" onClick="SelectAllSources()">
</TD>
<td style="vertical-align:top;border:none">
<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50"><?php
if (is_array($process_form)) {
$display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
} else {
$display_filter = array();
}
if (count($display_filter) < 1 && GET('ip') != "") {
$display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip');
}
foreach ($display_filter as $line) {
print htmlspecialchars(stripslashes($line)) . "\n";
}
?>
</textarea><br>
<?php
$deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
?>
<input type="image" name="filter_delete" id="filter_delete" title="<?php
echo _("Delete filter");
?>
" align="right"
onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php
echo $deletefilter_display_style;
?>
>
<input type="hidden" name="filter_name" id="filter_name" value="none">
<span id="filter_span">and
<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
<?php
print "<option value='-1' label='none'><none></option>\n";
foreach ($_SESSION['DefaultFilters'] as $name) {
$checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
print "<option value='{$name}' {$checked}>{$name}</option>\n";
}
$editfilter_display_style = 'style="display:none;"';
foreach ($_SESSION['DefaultFilters'] as $name) {
if ($process_form['DefaultFilter'] == $name) {
$editfilter_display_style = '';
}
}
?>
</select></span>
<input type="image" name="filter_save" id="filter_save" title="<?php
echo _("Save filter");
?>
"
onClick="HandleFilter(2)"
value="" src="icons/save.png" border="0" align="absmiddle">
<input type="image" name="filter_edit" id="filter_edit" title="<?php
echo _("Edit filter");
?>
" <?php
echo $editfilter_display_style;
?>
onClick="HandleFilter(1)" value="" src="icons/edit.png">
<script language="Javascript" type="text/javascript">
var DefaultFilters = new Array();
<?php
foreach ($_SESSION['DefaultFilters'] as $name) {
print "DefaultFilters.push('{$name}');\n";
}
if (array_key_exists('editfilter', $process_form)) {
print "edit_filter = '" . $process_form['DefaultFilter'] . "';\n";
}
?>
</script>
</td>
<!-- Options start here -->
<td style='padding: 0px;vertical-align:top;border:none'>
<table border="0"id="ProcessOptionTable" style="font-size:14px;font-weight:bold;border:none;width:100%">
<tr><td>
<?php
$i = 0;
foreach (array('List Flows', 'Stat TopN') as $s) {
$checked = $process_form['modeselect'] == $i ? 'checked' : '';
print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} ";
$i++;
}
$list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
$stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
$formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
?>
</td>
<td align="right" style="border:none">
<input class="button" type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()">
<input class="button" type="submit" name="process" value="<?php
echo _("Process");
?>
" style="font-weight:bold" id="process_button" onClick="form_ok=true;" size="1">
</td>
</tr>
<tr id="listNRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit to");
?>
:</td>
<td class='TDnfprocControl'>
<select name="listN" id="listN" style="margin-left:1" size="1">
<?php
for ($i = 0; $i < count($ListNOption); $i++) {
$checked = $process_form['listN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
}
?>
</select> <?php
echo _("Flows");
?>
<br>
</td>
</tr>
<tr id="topNRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Top");
?>
:</td>
<td class='TDnfprocControl'>
<select name="topN" id="TopN" size="1">
<?php
for ($i = 0; $i < count($TopNOption); $i++) {
$checked = $process_form['topN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="stattypeRow" <?php
echo $stat_display_style;
?>
>
<td class="TDnfprocLabel"><?php
echo _("Stat");
?>
:</td>
<td class="TDnfprocControl">
<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
<?php
for ($i = 0; $i < count($IPStatOption); $i++) {
$checked = $process_form['stattype'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
}
?>
</select>
<?php
echo _("order by");
?>
<select name='statorder' id="statorder" size='1'>
<?php
for ($i = 0; $i < count($IPStatOrder); $i++) {
$checked = $process_form['statorder'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="AggregateRow" <?php
echo $formatselect_display_opts;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Aggregate");
?>
</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_proto'];
?>
> <?php
echo _("proto");
?>
<br>
<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_srcport'];
?>
> <?php
echo _("srcPort");
?>
<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_srcip'];
?>
>
<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
<?php
$i = 0;
foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
$checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits"
value="<?php
echo $process_form['aggr_srcnetbits'];
?>
" <?php
echo $_style;
?>
><br>
<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_dstport'];
?>
> <?php
echo _("dstPort");
?>
<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_dstip'];
?>
>
<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
<?php
$i = 0;
foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
$checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits"
value="<?php
echo $process_form['aggr_dstnetbits'];
?>
" <?php
echo $_style;
?>
><br>
</td>
</tr>
<tr id="timesortedRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Sort");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="timesorted" id="timesorted" value="checked"
style="margin-left:1" <?php
echo $process_form['timesorted'];
?>
>
<?php
echo _("start time of flows");
?>
</td>
</tr>
<tr id="limitoutputRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1"
size="1" <?php
echo $process_form['limitoutput'];
?>
>
<select name="limitwhat" id="limitwhat" size="1">
<?php
$i = 0;
foreach (array(gettext("Packets"), gettext("Traffic")) as $s) {
$checked = $process_form['limitwhat'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<select name="limithow" id="limithow" size="1">
<?php
$i = 0;
foreach (array('>', '<') as $s) {
$checked = $process_form['limithow'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<input type="text" name="limitsize" id="limitsize" value="<?php
echo $process_form['limitsize'];
?>
" SIZE="6" MAXLENGTH="8">
<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
<?php
$i = 0;
foreach ($LimitScale as $s) {
$checked = $process_form['limitscale'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
</td>
</tr>
<tr id="outputRow">
<td class='TDnfprocLabel'><?php
echo _("Output");
?>
:</td>
<td class='TDnfprocControl'>
<span id="FormatSelect" <?php
echo $formatselect_display_opts;
?>
>
<select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1">
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
$checked = $process_form['output'] == $key ? 'selected' : '';
print "<OPTION value='{$key}' {$checked}>{$key}</OPTION>\n";
}
$fmt = $_SESSION['formatlist'][$process_form['output']];
if ($process_form['output'] == $fmt) {
// built in format
$space_display_style = '';
$edit_display_style = 'style="display:none"';
} else {
$space_display_style = 'style="display:none"';
$edit_display_style = '';
}
?>
</select>
<script language="Javascript" type="text/javascript">
var fmts = new Hash();
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
print "fmts.setItem('{$key}', '{$value}');\n";
}
?>
</script>
<img src="icons/space.png" border="0" alt='space' id='space' <?php
echo $space_display_style;
?>
></img>
<a href="#null" onClick="EditCustomFormat()"
title="<?php
echo _("Edit format");
?>
" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0"
<?php
echo $edit_display_style;
?>
alt="<?php
echo _("Edit format");
?>
"></a>
</span>
<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php
echo $process_form['IPv6_long'];
?>
>
/ <?php
echo _("IPv6 long");
$fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
?>
<span id="fmt_edit" <?php
echo $fmt_edit_display_style;
?>
>
<br><?php
echo _("Enter custom output format");
?>
:<br>
<input size="30" type="text" name="customfmt" id="customfmt"
value="<?php
echo htmlspecialchars(stripslashes($process_form['customfmt']));
?>
" >
<input type="image" name="fmt_save" id="fmt_save" title="<?php
echo _("Save format");
?>
"
onClick="SaveOutputFormat()"
value="" src="icons/save.png">
<input type="image" name="fmt_delete" id="fmt_delete" title="<?php
echo _("Delete format");
?>
"
onClick="DeleteOutputFormat()"
value="" src="icons/trash.png" <?php
echo $edit_display_style;
?>
>
</span>
</td>
</tr>
</table>
</td>
</tr>
<!--
<tr>
<td></td><td></td>
<td align="right" style="border:none">
<input type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()">
<input type="submit" name="process" value="<?php
echo _("process");
?>
" id="process_button" onClick="form_ok=true;" size="1">
</td>
</tr>
-->
</TABLE>
</form>
<div id="lookupbox">
<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="<?php
echo _("Close lookup box");
?>
"></div>
<iframe id="cframe" src="" frameborder="0" width=100% height=100%></iframe>
</div>
<?php
if (!array_key_exists('run', $_SESSION)) {
return;
}
print "<div class='flowlist'>\n";
$run = $_SESSION['run'];
if ($run != null) {
$filter = $process_form['filter'];
if ($process_form['DefaultFilter'] != -1) {
$cmd_opts['and_filter'] = $process_form['DefaultFilter'];
}
$cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
$cmd_opts['profile'] = $_SESSION['profileswitch'];
$cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
print "<pre>\n";
$pattern = '/(\\s*)([^\\s]+)/';
$replacement = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
ClearMessages();
$cmd_opts['args'] = "-T {$run}";
$cmd_opts['filter'] = $filter;
$titcol = "";
if (preg_match("/ srcip/", $run)) {
$titcol = _("Src IP");
} elseif (preg_match("/ dstip/", $run)) {
$titcol = _("Dst IP");
} elseif (preg_match("/ srcport/", $run)) {
$titcol = _("Src Port");
} elseif (preg_match("/ dstport/", $run)) {
$titcol = _("Dst Port");
}
$cmd_out = nfsend_query("run-nfdump", $cmd_opts);
if (!is_array($cmd_out)) {
ShowMessages();
} else {
require_once "classes/Host.inc";
require_once "classes/Net.inc";
require_once 'ossim_db.inc';
require_once "ossim_conf.inc";
$conf = $GLOBALS["CONF"];
$solera = $conf->get_conf("solera_enable", FALSE) ? true : false;
include "geoip.inc";
$gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD);
$db = new ossim_db();
$conn = $db->connect();
$sensors = $hosts = $ossim_servers = array();
list($sensors, $hosts, $icons) = Host::get_ips_and_hostname($conn);
/*$networks = "";
$_nets = Net::get_all($conn);
$_nets_ips = $_host_ips = $_host = array();
foreach ($_nets as $_net) $_nets_ips[] = $_net->get_ips();
$networks = implode(",",$_nets_ips);*/
$hosts_ips = array_keys($hosts);
/*
if ( array_key_exists('arg', $cmd_out) ) {
print "** nfdump " . $cmd_out['arg'] . "\n";
}
if ( array_key_exists('filter', $cmd_out) ) {
print "nfdump filter:\n";
foreach ( $cmd_out['filter'] as $line ) {
print "$line\n";
}
}
foreach ( $cmd_out['nfdump'] as $line ) {
print preg_replace($pattern, $replacement, $line) . "\n";
}
print "</pre>\n";*/
# parse command line
#2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1
$list = preg_match("/ \\-a \\-A /", $cmd_out['arg']) ? 1 : 0;
$regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
echo "<table style='width:100%;margin-bottom:5px''>";
$geotools = false;
if ($list && file_exists("../kml/GoogleEarth.php")) {
$geotools = true;
$geoips = array();
echo "<tr><td class='nobborder'></td><td class='nobborder'></td><td class='nobborder'></td>";
echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>";
echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>";
echo "</tr>";
}
echo $list ? "<tr>\n <th>" . _("Date flow start") . "</th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "</th>\n <th>" . _("Dst IP Addr:Port") . "</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "</th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>";
$status = $errors = array();
//print_r($cmd_out['nfdump']);
foreach ($cmd_out['nfdump'] as $k => $line) {
echo "<tr>\n";
#capture status
if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) {
$status[$found[1]] = str_replace($found[1] . ":", "", $line);
}
# capture errors
if (preg_match("/ error /i", $line, $found)) {
$errors[] = $line;
}
# print results
$line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line);
// Patch for ( 0.3)
$line = preg_replace("/(\\d)\\s([KMG])/", "\\1\\2", $line);
// Patch for 1.2 M(99.6)
$start = $end = $proto = "";
$ips = $ports = array();
if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) {
foreach ($found as $ki => $field) {
if ($ki > 0) {
$wrap = $ki == 1 ? "nowrap" : "";
$field = preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field);
if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) {
# match ip (resolve and geolocalize)
$ip = $fnd[1];
$port = $fnd[2];
$name = $sensors[$ip] != "" ? $sensors[$ip] : ($hosts[$ip] != "" ? $hosts[$ip] : $ip);
$homelan = ($match_cidr = Net::is_ip_in_cache_cidr($conn, $ip)) || in_array($ip, $hosts_ips) ? " <a href='javascript:;' class='scriptinfo' style='text-decoration:none' ip='{$ip}'><img src=\"" . Host::get_homelan_icon($ip, $icons, $match_cidr, $conn) . "\" border=0></a>" : "";
$country = strtolower(geoip_country_code_by_addr($gi, $ip));
$country_name = geoip_country_name_by_addr($gi, $ip);
if ($country) {
$country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"" . _($country_name) . "\" title=\"" . _($country_name) . "\">";
} else {
$country_img = "";
}
$field = "<a href='javascript:;' class='HostReportMenu' id='{$ip};{$name}'>{$name}</a>{$port} {$country_img} {$homelan}";
$wrap = "nowrap";
$ips[] = $ip;
if ($geotools) {
if ($ki == 4) {
$geoips['ip_src'][$ip]++;
} elseif ($ki == 5) {
$geoips['ip_dst'][$ip]++;
}
}
$ports[] = str_replace(":", "", $port);
}
if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) {
# match date
$start = $end = $fnd[1];
}
if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) {
# match date
$proto = strtolower($fnd[1]);
}
print "<td {$wrap}>{$field}</td>";
}
}
// solera deepsee integration
if ($solera) {
echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('{$start}','{$end}','" . $ips[0] . "','" . $ports[0] . "','" . $ips[1] . "','" . $ports[1] . "','{$proto}')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>";
}
}
echo "</tr>\n";
}
echo "</table>";
if ($geotools) {
foreach ($geoips as $type => $list) {
$ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w");
foreach ($list as $ip => $val) {
fputs($ipsfile, "{$ip}\n");
}
fclose($ipsfile);
}
}
#Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57
#Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26
#Total flows processed: 21, Records skipped: 0, Bytes read: 1128
#Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9
if (count($status) > 0) {
echo "<table style='margin-bottom:5px;width:100%'>";
foreach ($status as $key => $line) {
$line = preg_replace("/(Wall)\\:/", "<span class='th'>\\1</span>", $line);
$line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th'>\\1</span>", $line);
echo "<tr><td class='nobborder'><span class='th'>{$key}</span>{$line}</td></tr>";
}
echo "</table>";
}
# stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found!
if (count($errors) > 0) {
echo "<table style='margin-bottom:5px;width:100%'>";
foreach ($errors as $key => $line) {
echo "<tr><td class='nobborder'><span class='th'>" . _("Error found") . "</span> {$line}</td></tr>";
}
echo "</table>";
}
$conn->disconnect();
}
#print "</pre>\n";
}
print "</div>\n";
return;
}
