ob_implicit_flush();
require_once 'classes/Session.inc';
Session::logcheck("MenuPolicy", "5DSearch");
require_once 'classes/Host.inc';
require_once 'classes/Host_os.inc';
require_once 'classes/Net.inc';
require_once 'classes/Host_scan.inc';
require_once 'classes/Plugin.inc';
require_once 'ossim_db.inc';
require_once 'ossim_conf.inc';
include "functions.php";
// Database Object
$db = new ossim_db();
$conn = $db->connect();
$sensors = $hosts = $ossim_servers = array();
list($sensors, $hosts) = Host::get_ips_and_hostname($conn);
$allowed_hosts_aux = Host::get_list($conn);
// Allowed internal hosts
$allowed_hosts = array();
// Load allowed hosts and all internal hosts to check perms and do not use hostAllowed -> Improve speed!
foreach ($allowed_hosts_aux as $h) {
$allowed_hosts[$h->get_ip()]++;
}
$networks = "";
$hosts_ips = array_keys($hosts);
$operator = GET('operator');
$descr = GET('description');
$num = GET('num');
$descr = mb_detect_encoding($descr . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? $descr : mb_convert_encoding($descr, 'UTF-8', 'ISO-8859-1');
$descr = Util::utf8entities($descr);
$current_profile = !empty($_GET['profile']) ? $_GET['profile'] : $_SESSION['profile'];
$dst_ip = GET('dst_ip');
$backup_inf = $inf = GET('inf');
$sup = GET('sup');
$hide_closed = GET('hide_closed');
$no_resolv = intval(GET('no_resolv'));
$refresh_time = GET('refresh_time');
$autorefresh = GET('autorefresh');
$query = GET('query') != "" ? GET('query') : "";
$directive_id = GET('directive_id');
$sensor_query = GET('sensor_query');
$tag = GET('tag');
$num_events = GET('num_events');
$num_events_op = GET('num_events_op');
$params_string = "order={$order}&src_ip={$src_ip}&dst_ip={$dst_ip}&inf={$inf}&sup={$sup}&hide_closed={$hide_closed}&query={$query}&directive_id={$directive_id}&date_from={$date_from}&date_to={$date_to}&no_resolv={$no_resolv}&sensor_query={$sensor_query}&tag={$tag}";
$sensors = $hosts = $ossim_servers = array();
list($sensors, $hosts, $icons) = Host::get_ips_and_hostname($conn, true);
/*$networks = "";
$_nets = Net::get_all($conn);
$_nets_ips = $_host_ips = $_host = array();
foreach ($_nets as $_net) $_nets_ips[] = $_net->get_ips();
$networks = implode(",",$_nets_ips);*/
$hosts_ips = array_keys($hosts);
$tags = Tags::get_list($conn);
$tags_html = Tags::get_list_html($conn);
$date_from = GET('date_from');
$date_to = GET('date_to');
$num_alarms_page = GET('num_alarms_page');
$param_unique_id = GET('unique_id');
ossim_valid($order, OSS_ALPHA, OSS_SPACE, OSS_SCORE, OSS_NULLABLE, '.', 'illegal:' . _("order"));
ossim_valid($delete, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("delete"));
ossim_valid($close, OSS_DIGIT, OSS_NULLABLE, 'illegal:' . _("close"));
function DisplayProcessing()
{
global $self;
global $ListNOption;
global $TopNOption;
global $OutputFormatOption;
global $IPStatOption;
global $IPStatOrder;
global $LimitScale;
require_once 'classes/Session.inc';
require_once 'classes/Sensor.inc';
require_once 'ossim_db.inc';
$db_aux = new ossim_db();
$conn_aux = $db_aux->connect();
$sensors_list = Sensor::get_list($conn_aux);
$db_aux->close($conn_aux);
$detail_opts = $_SESSION['detail_opts'];
$process_form = $_SESSION['process_form'];
$type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2);
?>
<a name="processing"></a>
<table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr>
<td class='nobborder'><b><?php
echo _("Netflow Processing");
?>
</b></td>
<td class='noborder' style='text-align:center'>
[ <a href='javascript:lastsessions()'><?php
echo _("List last 500 sessions");
?>
</a> ]
[ <a href='javascript:launch("2","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src IPs");
?>
</a> ]
[ <a href='javascript:launch("3","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst IPs");
?>
</a> ]
[ <a href='javascript:launch("5","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src Port");
?>
</a> ]
[ <a href='javascript:launch("6","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst Port");
?>
</a> ]
[ <a href='javascript:launch("13","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Proto");
?>
</a> ]
</td></tr></table>
<form action="<?php
echo $self;
?>
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST">
<TABLE border="0" cellspacing="3" cellpadding="3" style='font-size:14px;font-weight:bold;width:100%'>
<tr>
<TD><?php
echo _("Source");
?>
:</TD>
<TD><?php
echo _("Filter");
?>
:</TD>
<TD><?php
echo _("Options");
?>
:</TD>
</tr>
<TR>
<TD style='vertical-align:top;border:none'>
<SELECT name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple>
<?php
foreach ($process_form['srcselector'] as $selected_channel) {
$_tmp[$selected_channel] = 1;
}
$i = 0;
foreach (array_keys($_SESSION['profileinfo']['channel']) as $channel) {
$has_perm = 0;
foreach ($sensors_list as $s) {
if ($channel == $s->get_name()) {
$has_perm = 1;
}
}
if (Session::am_i_admin()) {
$has_perm = 1;
}
if (!$has_perm) {
continue;
}
$checked = array_key_exists($channel, $_tmp) ? 'selected' : '';
print "<OPTION value='{$channel}' {$checked}>{$channel}</OPTION>\n";
}
?>
</SELECT><br>
<INPUT class="lbutton" TYPE="button" NAME="JSbutton2" Value="<?php
echo _("All Sources");
?>
" onClick="SelectAllSources()">
</TD>
<td style="vertical-align:top;border:none">
<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50"><?php
if (is_array($process_form)) {
$display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
} else {
$display_filter = array();
}
if (count($display_filter) < 1 && GET('ip') != "") {
$display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip');
}
foreach ($display_filter as $line) {
print htmlspecialchars(stripslashes($line)) . "\n";
}
?>
</textarea><br>
<?php
$deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
?>
<input type="image" name="filter_delete" id="filter_delete" title="<?php
echo _("Delete filter");
?>
" align="right"
onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php
echo $deletefilter_display_style;
?>
>
<input type="hidden" name="filter_name" id="filter_name" value="none">
<span id="filter_span">and
<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
<?php
print "<option value='-1' label='none'><none></option>\n";
foreach ($_SESSION['DefaultFilters'] as $name) {
$checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
print "<option value='{$name}' {$checked}>{$name}</option>\n";
}
$editfilter_display_style = 'style="display:none;"';
foreach ($_SESSION['DefaultFilters'] as $name) {
if ($process_form['DefaultFilter'] == $name) {
$editfilter_display_style = '';
}
}
?>
</select></span>
<input type="image" name="filter_save" id="filter_save" title="<?php
echo _("Save filter");
?>
"
onClick="HandleFilter(2)"
value="" src="icons/save.png" border="0" align="absmiddle">
<input type="image" name="filter_edit" id="filter_edit" title="<?php
echo _("Edit filter");
?>
" <?php
echo $editfilter_display_style;
?>
onClick="HandleFilter(1)" value="" src="icons/edit.png">
<script language="Javascript" type="text/javascript">
var DefaultFilters = new Array();
<?php
foreach ($_SESSION['DefaultFilters'] as $name) {
print "DefaultFilters.push('{$name}');\n";
}
if (array_key_exists('editfilter', $process_form)) {
print "edit_filter = '" . $process_form['DefaultFilter'] . "';\n";
}
?>
</script>
</td>
<!-- Options start here -->
<td style='padding: 0px;vertical-align:top;border:none'>
<table border="0"id="ProcessOptionTable" style="font-size:14px;font-weight:bold;border:none;width:100%">
<tr><td>
<?php
$i = 0;
foreach (array('List Flows', 'Stat TopN') as $s) {
$checked = $process_form['modeselect'] == $i ? 'checked' : '';
print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} ";
$i++;
}
$list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
$stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
$formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
?>
</td>
<td align="right" style="border:none">
<input class="button" type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()">
<input class="button" type="submit" name="process" value="<?php
echo _("Process");
?>
" style="font-weight:bold" id="process_button" onClick="form_ok=true;" size="1">
</td>
</tr>
<tr id="listNRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit to");
?>
:</td>
<td class='TDnfprocControl'>
<select name="listN" id="listN" style="margin-left:1" size="1">
<?php
for ($i = 0; $i < count($ListNOption); $i++) {
$checked = $process_form['listN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
}
?>
</select> <?php
echo _("Flows");
?>
<br>
</td>
</tr>
<tr id="topNRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Top");
?>
:</td>
<td class='TDnfprocControl'>
<select name="topN" id="TopN" size="1">
<?php
for ($i = 0; $i < count($TopNOption); $i++) {
$checked = $process_form['topN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="stattypeRow" <?php
echo $stat_display_style;
?>
>
<td class="TDnfprocLabel"><?php
echo _("Stat");
?>
:</td>
<td class="TDnfprocControl">
<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
<?php
for ($i = 0; $i < count($IPStatOption); $i++) {
$checked = $process_form['stattype'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
}
?>
</select>
<?php
echo _("order by");
?>
<select name='statorder' id="statorder" size='1'>
<?php
for ($i = 0; $i < count($IPStatOrder); $i++) {
$checked = $process_form['statorder'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="AggregateRow" <?php
echo $formatselect_display_opts;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Aggregate");
?>
</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_proto'];
?>
> <?php
echo _("proto");
?>
<br>
<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_srcport'];
?>
> <?php
echo _("srcPort");
?>
<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_srcip'];
?>
>
<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
<?php
$i = 0;
foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
$checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits"
value="<?php
echo $process_form['aggr_srcnetbits'];
?>
" <?php
echo $_style;
?>
><br>
<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_dstport'];
?>
> <?php
echo _("dstPort");
?>
<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_dstip'];
?>
>
<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
<?php
$i = 0;
foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
$checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits"
value="<?php
echo $process_form['aggr_dstnetbits'];
?>
" <?php
echo $_style;
?>
><br>
</td>
</tr>
<tr id="timesortedRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Sort");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="timesorted" id="timesorted" value="checked"
style="margin-left:1" <?php
echo $process_form['timesorted'];
?>
>
<?php
echo _("start time of flows");
?>
</td>
</tr>
<tr id="limitoutputRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1"
size="1" <?php
echo $process_form['limitoutput'];
?>
>
<select name="limitwhat" id="limitwhat" size="1">
<?php
$i = 0;
foreach (array(gettext("Packets"), gettext("Traffic")) as $s) {
$checked = $process_form['limitwhat'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<select name="limithow" id="limithow" size="1">
<?php
$i = 0;
foreach (array('>', '<') as $s) {
$checked = $process_form['limithow'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<input type="text" name="limitsize" id="limitsize" value="<?php
echo $process_form['limitsize'];
?>
" SIZE="6" MAXLENGTH="8">
<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
<?php
$i = 0;
foreach ($LimitScale as $s) {
$checked = $process_form['limitscale'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
</td>
</tr>
<tr id="outputRow">
<td class='TDnfprocLabel'><?php
echo _("Output");
?>
:</td>
<td class='TDnfprocControl'>
<span id="FormatSelect" <?php
echo $formatselect_display_opts;
?>
>
<select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1">
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
$checked = $process_form['output'] == $key ? 'selected' : '';
print "<OPTION value='{$key}' {$checked}>{$key}</OPTION>\n";
}
$fmt = $_SESSION['formatlist'][$process_form['output']];
if ($process_form['output'] == $fmt) {
// built in format
$space_display_style = '';
$edit_display_style = 'style="display:none"';
} else {
$space_display_style = 'style="display:none"';
$edit_display_style = '';
}
?>
</select>
<script language="Javascript" type="text/javascript">
var fmts = new Hash();
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
print "fmts.setItem('{$key}', '{$value}');\n";
}
?>
</script>
<img src="icons/space.png" border="0" alt='space' id='space' <?php
echo $space_display_style;
?>
></img>
<a href="#null" onClick="EditCustomFormat()"
title="<?php
echo _("Edit format");
?>
" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0"
<?php
echo $edit_display_style;
?>
alt="<?php
echo _("Edit format");
?>
"></a>
</span>
<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php
echo $process_form['IPv6_long'];
?>
>
/ <?php
echo _("IPv6 long");
$fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
?>
<span id="fmt_edit" <?php
echo $fmt_edit_display_style;
?>
>
<br><?php
echo _("Enter custom output format");
?>
:<br>
<input size="30" type="text" name="customfmt" id="customfmt"
value="<?php
echo htmlspecialchars(stripslashes($process_form['customfmt']));
?>
" >
<input type="image" name="fmt_save" id="fmt_save" title="<?php
echo _("Save format");
?>
"
onClick="SaveOutputFormat()"
value="" src="icons/save.png">
<input type="image" name="fmt_delete" id="fmt_delete" title="<?php
echo _("Delete format");
?>
"
onClick="DeleteOutputFormat()"
value="" src="icons/trash.png" <?php
echo $edit_display_style;
?>
>
</span>
</td>
</tr>
</table>
</td>
</tr>
<!--
<tr>
<td></td><td></td>
<td align="right" style="border:none">
<input type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()">
<input type="submit" name="process" value="<?php
echo _("process");
?>
" id="process_button" onClick="form_ok=true;" size="1">
</td>
</tr>
-->
</TABLE>
</form>
<div id="lookupbox">
<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="<?php
echo _("Close lookup box");
?>
"></div>
<iframe id="cframe" src="" frameborder="0" width=100% height=100%></iframe>
</div>
<?php
if (!array_key_exists('run', $_SESSION)) {
return;
}
print "<div class='flowlist'>\n";
$run = $_SESSION['run'];
if ($run != null) {
$filter = $process_form['filter'];
if ($process_form['DefaultFilter'] != -1) {
$cmd_opts['and_filter'] = $process_form['DefaultFilter'];
}
$cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
$cmd_opts['profile'] = $_SESSION['profileswitch'];
$cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
print "<pre>\n";
$pattern = '/(\\s*)([^\\s]+)/';
$replacement = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
ClearMessages();
$cmd_opts['args'] = "-T {$run}";
$cmd_opts['filter'] = $filter;
$titcol = "";
if (preg_match("/ srcip/", $run)) {
$titcol = _("Src IP");
} elseif (preg_match("/ dstip/", $run)) {
$titcol = _("Dst IP");
} elseif (preg_match("/ srcport/", $run)) {
$titcol = _("Src Port");
} elseif (preg_match("/ dstport/", $run)) {
$titcol = _("Dst Port");
}
$cmd_out = nfsend_query("run-nfdump", $cmd_opts);
if (!is_array($cmd_out)) {
ShowMessages();
} else {
require_once "classes/Host.inc";
require_once "classes/Net.inc";
require_once 'ossim_db.inc';
require_once "ossim_conf.inc";
$conf = $GLOBALS["CONF"];
$solera = $conf->get_conf("solera_enable", FALSE) ? true : false;
include "geoip.inc";
$gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD);
$db = new ossim_db();
$conn = $db->connect();
$sensors = $hosts = $ossim_servers = array();
list($sensors, $hosts, $icons) = Host::get_ips_and_hostname($conn);
/*$networks = "";
$_nets = Net::get_all($conn);
$_nets_ips = $_host_ips = $_host = array();
foreach ($_nets as $_net) $_nets_ips[] = $_net->get_ips();
$networks = implode(",",$_nets_ips);*/
$hosts_ips = array_keys($hosts);
/*
if ( array_key_exists('arg', $cmd_out) ) {
print "** nfdump " . $cmd_out['arg'] . "\n";
}
if ( array_key_exists('filter', $cmd_out) ) {
print "nfdump filter:\n";
foreach ( $cmd_out['filter'] as $line ) {
print "$line\n";
}
}
foreach ( $cmd_out['nfdump'] as $line ) {
print preg_replace($pattern, $replacement, $line) . "\n";
}
print "</pre>\n";*/
# parse command line
#2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1
$list = preg_match("/ \\-a \\-A /", $cmd_out['arg']) ? 1 : 0;
$regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
echo "<table style='width:100%;margin-bottom:5px''>";
$geotools = false;
if ($list && file_exists("../kml/GoogleEarth.php")) {
$geotools = true;
$geoips = array();
echo "<tr><td class='nobborder'></td><td class='nobborder'></td><td class='nobborder'></td>";
echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>";
echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>";
echo "</tr>";
}
echo $list ? "<tr>\n <th>" . _("Date flow start") . "</th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "</th>\n <th>" . _("Dst IP Addr:Port") . "</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "</th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>";
$status = $errors = array();
//print_r($cmd_out['nfdump']);
foreach ($cmd_out['nfdump'] as $k => $line) {
echo "<tr>\n";
#capture status
if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) {
$status[$found[1]] = str_replace($found[1] . ":", "", $line);
}
# capture errors
if (preg_match("/ error /i", $line, $found)) {
$errors[] = $line;
}
# print results
$line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line);
// Patch for ( 0.3)
$line = preg_replace("/(\\d)\\s([KMG])/", "\\1\\2", $line);
// Patch for 1.2 M(99.6)
$start = $end = $proto = "";
$ips = $ports = array();
if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) {
foreach ($found as $ki => $field) {
if ($ki > 0) {
$wrap = $ki == 1 ? "nowrap" : "";
$field = preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field);
if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) {
# match ip (resolve and geolocalize)
$ip = $fnd[1];
$port = $fnd[2];
$name = $sensors[$ip] != "" ? $sensors[$ip] : ($hosts[$ip] != "" ? $hosts[$ip] : $ip);
$homelan = ($match_cidr = Net::is_ip_in_cache_cidr($conn, $ip)) || in_array($ip, $hosts_ips) ? " <a href='javascript:;' class='scriptinfo' style='text-decoration:none' ip='{$ip}'><img src=\"" . Host::get_homelan_icon($ip, $icons, $match_cidr, $conn) . "\" border=0></a>" : "";
$country = strtolower(geoip_country_code_by_addr($gi, $ip));
$country_name = geoip_country_name_by_addr($gi, $ip);
if ($country) {
$country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"" . _($country_name) . "\" title=\"" . _($country_name) . "\">";
} else {
$country_img = "";
}
$field = "<a href='javascript:;' class='HostReportMenu' id='{$ip};{$name}'>{$name}</a>{$port} {$country_img} {$homelan}";
$wrap = "nowrap";
$ips[] = $ip;
if ($geotools) {
if ($ki == 4) {
$geoips['ip_src'][$ip]++;
} elseif ($ki == 5) {
$geoips['ip_dst'][$ip]++;
}
}
$ports[] = str_replace(":", "", $port);
}
if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) {
# match date
$start = $end = $fnd[1];
}
if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) {
# match date
$proto = strtolower($fnd[1]);
}
print "<td {$wrap}>{$field}</td>";
}
}
// solera deepsee integration
if ($solera) {
echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('{$start}','{$end}','" . $ips[0] . "','" . $ports[0] . "','" . $ips[1] . "','" . $ports[1] . "','{$proto}')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>";
}
}
echo "</tr>\n";
}
echo "</table>";
if ($geotools) {
foreach ($geoips as $type => $list) {
$ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w");
foreach ($list as $ip => $val) {
fputs($ipsfile, "{$ip}\n");
}
fclose($ipsfile);
}
}
#Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57
#Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26
#Total flows processed: 21, Records skipped: 0, Bytes read: 1128
#Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9
if (count($status) > 0) {
echo "<table style='margin-bottom:5px;width:100%'>";
foreach ($status as $key => $line) {
$line = preg_replace("/(Wall)\\:/", "<span class='th'>\\1</span>", $line);
$line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th'>\\1</span>", $line);
echo "<tr><td class='nobborder'><span class='th'>{$key}</span>{$line}</td></tr>";
}
echo "</table>";
}
# stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found!
if (count($errors) > 0) {
echo "<table style='margin-bottom:5px;width:100%'>";
foreach ($errors as $key => $line) {
echo "<tr><td class='nobborder'><span class='th'>" . _("Error found") . "</span> {$line}</td></tr>";
}
echo "</table>";
}
$conn->disconnect();
}
#print "</pre>\n";
}
print "</div>\n";
return;
}
require_once 'classes/User_config.inc';
require_once 'ossim_db.inc';
require_once 'ossim_conf.inc';
include "functions.php";
$new = GET('new') == "1" ? 1 : 0;
$ip = GET('ip');
ossim_valid($ip, OSS_IP_ADDR, OSS_NULLABLE, 'illegal:' . _("ip"));
if (ossim_error()) {
die(ossim_error());
}
// Database Object
$db = new ossim_db();
$conn = $db->connect();
$net_search = Net::GetClosestNet($conn, $ip, 1);
// Get Networks
list($_sensors, $_hosts) = Host::get_ips_and_hostname($conn, true);
$_nets = Net::get_all($conn, true);
$networks = $hosts = "";
foreach ($_nets as $_net) {
$networks .= '{ txt:"' . $_net->get_name() . ' [' . $_net->get_ips() . ']", id: "' . $_net->get_ips() . '" },';
}
foreach ($_hosts as $_ip => $_hostname) {
if ($_hostname != $_ip) {
$hosts .= '{ txt:"' . $_ip . ' [' . $_hostname . ']", id: "' . $_ip . '" },';
} else {
$hosts .= '{ txt:"' . $_ip . '", id: "' . $_ip . '" },';
}
}
// Get Services and OS
$inventory = "";
$query = "(SELECT DISTINCT os as element FROM host_os ORDER BY os) UNION (SELECT DISTINCT service as element FROM host_services ORDER BY service)";
function print_indicators($map, $print_inputs = false, $linked = 1)
{
require_once 'classes/Host.inc';
require_once 'classes/Net.inc';
require_once 'ossim_db.inc';
$db = new ossim_db();
$conn = $db->connect();
list($sensors_aux, $hosts_aux) = Host::get_ips_and_hostname($conn, true);
$all_nets = Net::get_list($conn);
$hosts = array_flip($hosts_aux);
$sensors = array_flip($sensors_aux);
$nets = array();
foreach ($all_nets as $k => $v) {
$nets[$v->get_name()] = $v->get_name();
}
$query = "SELECT * FROM risk_indicators WHERE name <> 'rect' AND map= ?";
$params = array($map);
if (!($rs =& $conn->Execute($query, $params))) {
print $conn->ErrorMsg();
} else {
while (!$rs->EOF) {
if (Session::am_i_admin()) {
$has_perm = 1;
} else {
$has_perm = indicatorAllowed($conn, $rs->fields['type'], $rs->fields['type_name'], $hosts, $sensors, $nets);
}
if ($has_perm) {
$id = $rs->fields["id"];
if ($print_inputs) {
$name = mb_detect_encoding($rs->fields["name"] . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? $rs->fields["name"] : mb_convert_encoding($rs->fields["name"], 'UTF-8', 'ISO-8859-1');
$type = $rs->fields["type"];
$type_name = mb_detect_encoding($rs->fields["type_name"] . " ", 'UTF-8,ISO-8859-1') == 'UTF-8' ? $rs->fields["type_name"] : mb_convert_encoding($rs->fields["type_name"], 'UTF-8', 'ISO-8859-1');
$url = $rs->fields["url"];
$size = $rs->fields["size"];
$icon = preg_replace("/\\#.*/", "", $rs->fields["icon"]);
$val = preg_match("/\\#(.+)/", $rs->fields["icon"], $found) ? $found[1] : "";
echo "<input type='hidden' name='dataname" . $id . "' id='dataname" . $id . "' value='" . $name . "'/>\n";
echo "<input type='hidden' name='datatype" . $id . "' id='datatype" . $id . "' value='" . $type . "'/>\n";
echo "<input type='hidden' name='type_name" . $id . "' id='type_name" . $id . "' value='" . $type_name . "'/>\n";
echo "<input type='hidden' name='dataurl" . $id . "' id='dataurl" . $id . "' value='" . $url . "'/>\n";
echo "<input type='hidden' name='dataicon" . $id . "' id='dataicon" . $id . "' value='" . $icon . "'/>\n";
echo "<input type='hidden' name='dataiconsize" . $id . "' id='dataiconsize" . $id . "' value='" . $size . "'/>\n";
echo "<input type='hidden' name='dataiconbg" . $id . "' id='dataiconbg" . $id . "' value='" . $val . "'/>\n";
}
$style = "z-index:10;\r\n\t\t\t\t\t\t border:1px solid transparent;\r\n\t\t\t\t\t\t cursor:pointer;\r\n\t\t\t\t\t\t background:url(../pixmaps/1x1.png);\r\n\t\t\t\t\t\t visibility:hidden;\r\n\t\t\t\t\t\t position:absolute;\r\n\t\t\t\t\t\t left:" . $rs->fields["x"] . "px;\r\n\t\t\t\t\t\t top:" . $rs->fields["y"] . "px;\r\n\t\t\t\t\t\t height:" . $rs->fields["h"] . "px;\r\n\t\t\t\t\t\t width:" . $rs->fields["w"] . "px;\r\n\t\t\t\t";
?>
<div id="indicator<?php
echo $id;
?>
" class="itcanbemoved" style="<?php
echo $style;
?>
">
<?php
print_indicator_content($conn, $rs, $linked);
?>
</div>
<?php
}
$rs->MoveNext();
}
}
$query = "SELECT * FROM risk_indicators WHERE name='rect' AND map = ?";
$params = array($map);
if (!($rs =& $conn->Execute($query, $params))) {
print $conn->ErrorMsg();
} else {
while (!$rs->EOF) {
$has_perm = 0;
if (Session::am_i_admin()) {
$has_perm = 1;
} else {
if ($type == "host") {
$has_perm = !empty($hosts[$type_name]) ? 1 : 0;
} elseif ($type == "sensor" || $type == "server") {
$has_perm = !empty($sensors[$type_name]) ? 1 : 0;
} elseif ($type == "net") {
$has_perm = !empty($nets[$type_name]) ? 1 : 0;
} elseif ($type == "host_group") {
if (Session::groupHostAllowed($conn, $type_name)) {
$has_perm = 1;
}
} else {
$has_perm = 1;
}
}
if ($has_perm) {
$id = $rs->fields["id"];
if ($print_inputs) {
$name = $rs->fields["name"];
$url = $rs->fields["url"];
echo "<input type='hidden' name='dataname" . $id . "' id='dataname" . $id . "' value='" . $name . "'/>\n";
echo "<input type='hidden' name='dataurl" . $id . "' id='dataurl" . $id . "' value='" . $url . "'/>\n";
}
$style = "border:1px solid transparent;\r\n\t\t\t\t\t\t cursor:pointer;\r\n\t\t\t\t\t\t background:url(../pixmaps/1x1.png);\r\n\t\t\t\t\t\t visibility:hidden;\r\n\t\t\t\t\t\t position:absolute;\r\n\t\t\t\t\t\t left:" . $rs->fields["x"] . "px;\r\n\t\t\t\t\t\t top:" . $rs->fields["y"] . "px;\r\n\t\t\t\t\t\t height:" . $rs->fields["h"] . "px;\r\n\t\t\t\t\t\t width:" . $rs->fields["w"] . "px;\r\n\t\t\t\t";
?>
<div id="rect<?php
echo $id;
?>
" class="itcanbemoved" style="<?php
echo $style;
?>
">
<?php
print_rectangle_content($conn, $print_inputs);
?>
</div>
<?php
}
$rs->MoveNext();
}
}
}
