function demoplugin_Run($plugin_id)
{
print "<h3>Hello I'm the demo plugin with id {$plugin_id}</h3>\n";
print "Query backend plugin for function <b>try</b><br>\n";
// the command to be executed in the backend plugin
$command = 'demoplugin::try';
// two scalar values
$colour1 = '#72e3fa';
$colour2 = '#2a6f99';
// one array
$colours = array('#12af7d', '#56fc7b');
// prepare arguments
$opts = array();
$opts['colour1'] = $colour1;
$opts['colour2'] = $colour2;
$opts['colours'] = $colours;
// call command in backened plugin
$out_list = nfsend_query($command, $opts);
// get result
if (!is_array($out_list)) {
SetMessage('error', "Error calling backend plugin");
return FALSE;
}
$string = $out_list['string'];
print "Backend reported: <b>{$string}</b><br>\n";
print "<h3>Picture sent from the backend</h3>\n";
print "<IMG src='pic.php?picture=smily.jpg' border='0' alt='Smily'>\n";
}
function GetTopN($plugin_id, $avg24)
{
$opts = array();
$opts['interval'] = $avg24 ? 24 : 1;
$out_list = nfsend_query('PortTracker::get-topN', $opts, 0);
if (!is_array($out_list)) {
SetMessage('error', "Can not read topN list");
return FALSE;
}
$TopNline = $out_list['topN'];
/*
* 1116607500
* 10 0 0
* 80 135 445 389 3306 1433 4899 4662 8443 25
* 84046 52201 40543 28801 28419 16487 11108 7741 7278 6671
* 10 1 0
* 80 4662 22 119 20012 18253 9541 5001 2170 1521
* 2338000 382084 276332 227355 161488 152253 148814 147927 144201 134825
* 10 2 0
* 119 4662 80 20012 5001 18253 9541 21961 22 20031
* 319375447 254166206 238879858 238653710 220220412 219223561 207939341 195786183 166321579 160794781
* 10 0 1
* 53 1434 1026 4672 137 123 32768 6881 32769 6346
* 89132 58020 52625 24686 15922 15880 3872 3498 3495 3181
* 10 1 1
* 53 1026 6346 1434 7000 2326 6970 4672 40977 61402
* 200335 81466 77864 58021 45615 45130 39208 32767 30482 30448
* 10 2 1
* 1026 6970 1434 0 6346 6010 53 7001 2328 2485
* 38730783 26212262 23450415 21575743 20986592 18556143 16716194 14235457 10624559 9905871
*/
$TopNInfo = array();
$index = 1;
$TopNInfo[] = array_shift($TopNline);
for ($i = 0; $i < 6; $i++) {
$_tmp = array_shift($TopNline);
list($num, $typeindex, $protoindex) = explode(' ', $_tmp);
// Top N port numbers
$_tmp = array_shift($TopNline);
$TopNInfo[$protoindex + 1][$typeindex][0] = explode(' ', $_tmp);
// Top N values
$_tmp = array_shift($TopNline);
$TopNInfo[$protoindex + 1][$typeindex][1] = explode(' ', $_tmp);
}
return $TopNInfo;
}
function DisplayAdminPage()
{
// include all required javascript for this page
?>
<script language="Javascript" src="js/profileadmin.js" type="text/javascript">
</script>
<?php
switch ($_SESSION['display']) {
case "add_channel":
$num_pos = 0;
$num_neg = 0;
foreach ($_SESSION['profileinfo']['channel'] as $_chan) {
if ($_chan['sign'] == '+') {
$num_pos++;
}
if ($_chan['sign'] == '-') {
$num_neg++;
}
}
$liveprofile = ReadProfile('./live');
$is_live_profile = 0;
$is_new_channel = 1;
// setup channel defaults
if (array_key_exists('form_data', $_SESSION)) {
// add channel contained errors - interate ones more
$channel_defaults = $_SESSION['form_data'];
unset($_SESSION['form_data']);
if ($channel_defaults['sign'] == '+') {
$num_pos++;
} else {
if ($channel_defaults['sign'] == '-') {
$num_neg++;
}
}
} else {
// initial dialog
$channel_defaults = array();
$channel_defaults['name'] = '';
$channel_defaults['sign'] = '+';
$num_pos++;
$channel_defaults['colour'] = '#abcdef';
$channel_defaults['order'] = $num_pos;
$channel_defaults['sourcelist'] = NULL;
}
EditChannel($is_live_profile, $is_new_channel, $channel_defaults, $liveprofile, $num_pos, $num_neg);
break;
case 'edit_channel':
$channelinfo = $_SESSION['form_data'];
$profileswitch = $channelinfo['profileswitch'];
$num_pos = 0;
$num_neg = 0;
foreach ($_SESSION['profileinfo']['channel'] as $_chan) {
if ($_chan['sign'] == '+') {
$num_pos++;
}
if ($_chan['sign'] == '-') {
$num_neg++;
}
}
$liveprofile = ReadProfile('./live');
$is_live_profile = $profileswitch == './live';
$is_new_channel = 0;
// if edit icon was clicked, load channel data
if (array_key_exists('edit_channel', $channelinfo)) {
$channel = $channelinfo['edit_channel'];
$channelinfo = $_SESSION['profileinfo']['channel'][$channel];
$_opts['profile'] = $profileswitch;
$_opts['channel'] = $channel;
$_filter = nfsend_query("get-channelfilter", $_opts, 0);
if (!is_array($_filter)) {
$channelinfo['filter'] = array('Unable to get channel filter');
}
$channelinfo['filter'] = $_filter['filter'];
}
EditChannel($is_live_profile, $is_new_channel, $channelinfo, $liveprofile, $num_pos, $num_neg);
unset($_SESSION['form_data']);
break;
case "new_profile":
if (array_key_exists('form_data', $_SESSION)) {
$form_data = $_SESSION['form_data'];
unset($_SESSION['form_data']);
} else {
$form_data = array();
$form_data['profile'] = NULL;
$form_data['profilegroup'] = NULL;
$form_data['tstart'] = NULL;
$form_data['tend'] = NULL;
$form_data['channel_wizard'] = 'classic';
$form_data['expire'] = '1440';
$form_data['maxsize'] = '10G';
$form_data['shadow'] = 0;
$form_data['description'] = NULL;
$form_data['filter'] = NULL;
$form_data['channel'] = NULL;
$form_data['num_channels'] = 1;
}
NewProfileDialog($form_data);
break;
case 'default':
default:
ProfileDialog();
}
unset($_SESSION['display']);
/*
print "<pre>";
print_r($_SESSION);
print_r($_POST);
print "</pre>";
*/
}
function GetAnyPic()
{
if (!array_key_exists('picture', $_GET)) {
header("Content-type: image/png");
$fp = fopen("icons/Error.png", 'rb');
fpassthru($fp);
return 1;
}
$picture = $_GET['picture'];
if (!preg_match("/^[A-Za-z0-9][A-Za-z0-9\\-+_\\.\\/]+\$/", $picture)) {
header("Content-type: image/png");
$fp = fopen("icons/Error.png", 'rb');
fpassthru($fp);
return 1;
}
if (preg_match("/\\.png\$/i", $picture)) {
$type = "png";
} else {
if (preg_match("/\\.gif\$/i", $picture)) {
$type = "gif";
} else {
if (preg_match("/\\.jpg\$/i", $picture)) {
$type = "jpg";
} else {
$fp = fopen("icons/Error.png", 'rb');
fpassthru($fp);
return 1;
}
}
}
header("Content-type: image/" . $type);
$opts = array();
$opts['.silent'] = 1;
$opts['picture'] = $picture;
nfsend_query("@get-anypicture", $opts, 1);
nfsend_disconnect();
unset($_SESSION['nfsend']);
CloseLogFile();
}
function filter_validate(&$filter, $opts)
{
if (is_null($filter)) {
$filter = array();
return 0;
}
$filter = preg_replace("/\r/", '', $filter);
$filter = preg_replace("/^[\\s\n]+/", '', $filter);
$filter = preg_replace("/[\\s\n]+\$/", '', $filter);
if ($filter == '') {
$filter = array();
return 0;
}
if (!get_magic_quotes_gpc()) {
$filter = addslashes($filter);
}
// $filter = escapeshellarg($filter);
$filter = explode("\n", $filter);
$opts = array();
$opts['args'] = '-Z';
$opts['filter'] = $filter;
$out_list = nfsend_query('run-nfdump', $opts, 0);
if ($out_list == false) {
return 2;
}
if (array_key_exists("nfdump", $out_list) && $out_list["exit"] > 0) {
foreach ($out_list['nfdump'] as $line) {
SetMessage('error', "Filter error: {$line}");
}
return 2;
}
return 0;
}
}
}
// End of ReportLog
OpenLogFile();
$lookup = urldecode($_GET['lookup']);
$opts = array();
$opts['lookup'] = $lookup;
header("Content-type: text/html; charset=ISO-8859-1");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Lookup: '<?php
echo $lookup;
?>
'</title>
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
<link rel="stylesheet" type="text/css" href="css/lookup.css">
</head>
<body>
<?php
nfsend_query("@lookup", $opts, 1);
nfsend_disconnect();
unset($_SESSION['nfsend']);
CloseLogFile();
?>
</body>
</html>
function DisplayProcessing()
{
global $self;
global $ListNOption;
global $TopNOption;
global $OutputFormatOption;
global $IPStatOption;
global $IPStatOrder;
global $LimitScale;
require_once 'av_init.php';
$geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat");
$db_aux = new ossim_db();
$conn_aux = $db_aux->connect();
$aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1");
$ri_list = $aux_ri_interfaces[0];
$ri_total = $aux_ri_interfaces[1];
$ri_data = array();
if ($ri_total > 0) {
foreach ($ri_list as $r_interface) {
$ri_data[] = array("name" => $r_interface->get_name(), "id" => "web_interfaces", "target" => "_blank", "url" => $r_interface->get_ip());
}
}
$type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2);
if ($ri_total >= 0) {
echo '<a name="processing"></a>';
}
$detail_opts = $_SESSION['detail_opts'];
$process_form = $_SESSION['process_form'];
?>
<table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr>
<td class='nobborder'><b><?php
echo _("Netflow Processing");
?>
</b></td>
<td class='noborder nfsen_menu'>
<a href='javascript:lastsessions()'><?php
echo _("List last 500 sessions");
?>
</a> |
<a href='javascript:launch("2","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src IPs");
?>
</a> |
<a href='javascript:launch("3","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst IPs");
?>
</a> |
<a href='javascript:launch("5","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src Port");
?>
</a> |
<a href='javascript:launch("6","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst Port");
?>
</a> |
<a href='javascript:launch("13","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Proto");
?>
</a>
</td></tr></table>
<form action="<?php
echo $self;
?>
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST" laction="<?php
echo $self;
?>
">
<?php
if (preg_match("/^\\d+\$/", $_SESSION['tend'])) {
?>
<input type="hidden" name="tend" value="<?php
echo intval($_SESSION['tend']);
?>
" />
<?php
}
if (preg_match("/^\\d+\$/", $_SESSION['tleft'])) {
?>
<input type="hidden" name="tleft" value="<?php
echo intval($_SESSION['tleft']);
?>
" />
<?php
}
if (preg_match("/^\\d+\$/", $_SESSION['tright'])) {
?>
<input type="hidden" name="tright" value="<?php
echo intval($_SESSION['tright']);
?>
" />
<?php
}
if ($_SESSION["detail_opts"]["cursor_mode"] != "") {
?>
<input type="hidden" name="cursor_mode" value="<?php
echo Util::htmlentities($_SESSION["detail_opts"]["cursor_mode"]);
?>
" />
<?php
}
if ($_SESSION["detail_opts"]["wsize"] != "") {
?>
<input type="hidden" name="wsize" value="<?php
echo Util::htmlentities($_SESSION["detail_opts"]["wsize"]);
?>
" />
<?php
}
if ($_SESSION["detail_opts"]["logscale"] != "") {
?>
<input type="hidden" name="logscale" value="<?php
echo Util::htmlentities($_SESSION["detail_opts"]["logscale"]);
?>
" />
<?php
}
if ($_SESSION["detail_opts"]["linegraph"] != "") {
?>
<input type="hidden" name="linegraph" value="<?php
echo Util::htmlentities($_SESSION["detail_opts"]["linegraph"]);
?>
" />
<?php
}
?>
<input type="hidden" name="login" value="<?php
echo Util::htmlentities($_SESSION["_remote_login"]);
?>
" />
<table class='nfsen_filters'>
<tr>
<th class="thold"><?php
echo _("Source");
?>
</th>
<th class="thold"><?php
echo _("Filter");
?>
</th>
<th class="thold"><?php
echo _("Options");
?>
</th>
</tr>
<tr>
<td style='vertical-align:top'>
<select name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple='multiple'>
<?php
foreach ($process_form['srcselector'] as $selected_channel) {
$_tmp[$selected_channel] = 1;
}
$i = 0;
foreach ($_SESSION['profileinfo']['channel'] as $channel) {
$channel_name = $channel['name'];
$checked = array_key_exists($channel['id'], $_tmp) ? 'selected' : '';
echo "<OPTION value='" . Util::htmlentities($channel['id']) . "' {$checked}>{$channel_name}</OPTION>\n";
}
?>
</select>
<div style='margin: 5px auto'>
<input class="small av_b_secondary" type="button" name="JSbutton2" value="All Sources" onClick="SelectAllSources()"/>
</div>
</td>
<td style="vertical-align:top;">
<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php
if (is_array($process_form)) {
$display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
} else {
$display_filter = array();
}
if (count($display_filter) < 1 && GET('ip') != "" && GET('ip2') != "") {
$display_filter[0] = "(src ip " . GET('ip') . " and dst ip " . GET('ip2') . ") or (src ip " . GET('ip2') . " and dst ip " . GET('ip') . ")";
} elseif (count($display_filter) < 1 && GET('ip') != "") {
$display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip');
} elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "" && GET('ip2') != "") {
$ip1 = GET('ip');
$ip2 = GET('ip2');
$filter = "(src ip {$ip1} and dst ip {$ip2}) or (src ip {$ip2} and dst ip {$ip1})";
$display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]);
$display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]);
} elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "") {
$filter = "src ip " . GET('ip') . " or dst ip " . GET('ip');
$display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]);
$display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]);
}
foreach ($display_filter as $line) {
print str_replace("&", "&", Util::htmlentities(stripslashes($line))) . "\n";
}
?>
</textarea>
<?php
$deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
?>
<input type="image" name="filter_delete" id="filter_delete" title="<?php
echo _("Delete filter");
?>
" align="right"
onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php
echo $deletefilter_display_style;
?>
>
<!-- <input type="image" name="filter_save" id="filter_save" title="Save filter" align="right"
onClick="HandleFilter(2)"
value="" src="icons/save.png"> -->
<input type="hidden" name="filter_name" id="filter_name" value="none">
<div style='margin: 5px auto'>
<span id="filter_span">and</span>
<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
<?php
print "<option value='-1' label='none'><none></option>\n";
foreach ($_SESSION['DefaultFilters'] as $name) {
$checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
print "<option value='" . Util::htmlentities($name) . "' {$checked}>" . Util::htmlentities($name) . "</option>\n";
}
$editfilter_display_style = 'style="display:none;"';
foreach ($_SESSION['DefaultFilters'] as $name) {
if ($process_form['DefaultFilter'] == $name) {
$editfilter_display_style = '';
}
}
?>
</select>
<input type="image" name="filter_save" id="filter_save" title="<?php
echo _("Save filter");
?>
"
onClick="HandleFilter(2)" value="" src="icons/save.png" border="0" align="absmiddle">
<input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php
echo $editfilter_display_style;
?>
onClick="HandleFilter(1)" value="" src="icons/edit.png">
</div>
<script language="Javascript" type="text/javascript">
var DefaultFilters = new Array();
<?php
foreach ($_SESSION['DefaultFilters'] as $name) {
print "DefaultFilters.push('" . Util::htmlentities($name) . "');\n";
}
if (array_key_exists('editfilter', $process_form)) {
print "edit_filter = '" . Util::htmlentities($process_form['DefaultFilter']) . "';\n";
}
?>
</script>
</td>
<!-- Options start here -->
<td style='padding: 0px;vertical-align:top;border:none;'>
<table border="0" id="ProcessOptionTable" style="font-size:14px;font-weight:bold;width:100%;border:none">
<tr>
<td class='TDnfprocLabel' style='white-space:nowrap'>
<?php
$i = 0;
foreach (array('List Flows', 'Stat TopN') as $s) {
$checked = $process_form['modeselect'] == $i ? 'checked' : '';
print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} ";
$i++;
}
$list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
$stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
$formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
?>
</td>
<td class='TDnfprocControl' >
<table class='noborder' style='margin: auto;'>
<tr>
<td class='nobborder'><input class="small av_b_secondary" type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()"/></td>
<td class='nobborder'><input class="small" type="submit" name="process" value="<?php
echo _("Process");
?>
" id="process_button" onClick="clean_remote_data();form_ok=true;" size="1"/></td>
<?php
if (count($RemoteInterfacesData) > 0 && !isset($_POST['login'])) {
?>
<td class='nobborder'><input type="button" name="remote_process" value="<?php
echo _("Remote Process");
?>
" id="remote_process_button" onclick="$('#rinterfaces').toggle()"/>
<div id='container_rmp' style='position:relative;'>
<div id="rinterfaces" style="position:absolute; top:0; right:0;display:none; margin:1px 0px 0px 2px; text-align:right;">
<?php
foreach ($RemoteInterfacesData as $data) {
$short_name = strlen($data['name']) > 12 ? substr($data['name'], 0, 12) . "..." : $data['name'];
?>
<input type="button" onclick="remote_interface('<?php
echo $data["url"];
?>
')" style="width:180px; font-size: 11px;" title="<?php
echo $data["name"] . " [" . $data["url"] . "]";
?>
" value="<?php
echo $short_name . " [" . $data["url"] . "]";
?>
"/><br />
<?php
}
?>
</div>
</div>
</td>
<?php
}
?>
</tr>
</table>
</td>
</tr>
<tr id="listNRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit to");
?>
:</td>
<td class='TDnfprocControl'>
<select name="listN" id="listN" style="margin-left:1" size="1">
<?php
for ($i = 0; $i < count($ListNOption); $i++) {
$checked = $process_form['listN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
}
?>
</select><?php
echo _("Flows");
?>
<br>
</td>
</tr>
<tr id="topNRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Top");
?>
:</td>
<td class='TDnfprocControl'>
<select name="topN" id="TopN" size="1">
<?php
for ($i = 0; $i < count($TopNOption); $i++) {
$checked = $process_form['topN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="stattypeRow" <?php
echo $stat_display_style;
?>
>
<td class="TDnfprocLabel"><?php
echo _("Stat");
?>
:</td>
<td class="TDnfprocControl">
<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
<?php
for ($i = 0; $i < count($IPStatOption); $i++) {
$checked = $process_form['stattype'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
}
?>
</select>
order by
<select name='statorder' id="statorder" size='1'>
<?php
for ($i = 0; $i < count($IPStatOrder); $i++) {
$checked = $process_form['statorder'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="AggregateRow" <?php
echo $formatselect_display_opts;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Aggregate");
?>
</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_bidir']);
?>
> <?php
echo _("bi-directional");
?>
<br>
<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_proto']);
?>
> <?php
echo _("proto");
?>
<br>
<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_srcport']);
?>
> <?php
echo _("srcPort");
?>
<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_srcip']);
?>
>
<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
<?php
$i = 0;
foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
$checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits"
value="<?php
echo Util::htmlentities($process_form['aggr_srcnetbits']);
?>
" <?php
echo $_style;
?>
><br>
<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_dstport']);
?>
> <?php
echo _("dstPort");
?>
<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['aggr_dstip']);
?>
>
<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
<?php
$i = 0;
foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
$checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits"
value="<?php
echo Util::htmlentities($process_form['aggr_dstnetbits']);
?>
" <?php
echo $_style;
?>
><br>
</td>
</tr>
<tr id="timesortedRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Sort");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="timesorted" id="timesorted" value="checked"
style="margin-left:1" <?php
echo Util::htmlentities($process_form['timesorted']);
?>
>
<?php
echo _("start time of flows");
?>
</td>
</tr>
<tr id="limitoutputRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1"
size="1" <?php
echo Util::htmlentities($process_form['limitoutput']);
?>
>
<select name="limitwhat" id="limitwhat" size="1">
<?php
$i = 0;
foreach (array(gettext("Packets"), gettext("Traffic")) as $s) {
$checked = $process_form['limitwhat'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<select name="limithow" id="limithow" size="1">
<?php
$i = 0;
foreach (array('>', '<') as $s) {
$checked = $process_form['limithow'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<input type="text" name="limitsize" id="limitsize" value="<?php
echo Util::htmlentities($process_form['limitsize']);
?>
" SIZE="6" MAXLENGTH="8">
<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
<?php
$i = 0;
foreach ($LimitScale as $s) {
$checked = $process_form['limitscale'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
</td>
</tr>
<tr id="outputRow">
<td class='TDnfprocLabel'><?php
echo _("Output");
?>
:</td>
<td class='TDnfprocControl'>
<span id="FormatSelect" <?php
echo $formatselect_display_opts;
?>
>
<select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1">
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
$checked = $process_form['output'] == $key ? 'selected' : '';
print "<OPTION value='" . Util::htmlentities($key) . "' {$checked}>" . Util::htmlentities($key) . "</OPTION>\n";
}
$fmt = $_SESSION['formatlist'][$process_form['output']];
if ($process_form['output'] == $fmt) {
// built in format
$space_display_style = '';
$edit_display_style = 'style="display:none"';
} else {
$space_display_style = 'style="display:none"';
$edit_display_style = '';
}
?>
</select>
<script language="Javascript" type="text/javascript">
var fmts = new Hash();
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
print "fmts.setItem('" . Util::htmlentities($key) . "', '" . Util::htmlentities($value) . "');\n";
}
?>
</script>
<img src="icons/space.png" border="0" alt='space' id='space' <?php
echo $space_display_style;
?>
/>
<a href="#null" onClick="EditCustomFormat()"
title="<?php
echo _("Edit format");
?>
" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0"
<?php
echo $edit_display_style;
?>
alt="Edit format"></a>
</span>
<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php
echo Util::htmlentities($process_form['IPv6_long']);
?>
>
/ <?php
echo _("IPv6 long");
?>
<?php
$fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
?>
<span id="fmt_edit" <?php
echo $fmt_edit_display_style;
?>
>
<br><?php
echo _("Enter custom output format");
?>
:<br>
<input size="30" type="text" name="customfmt" id="customfmt"
value="<?php
echo Util::htmlentities($process_form['customfmt']);
?>
" >
<input type="image" name="fmt_save" id="fmt_save" title="<?php
echo _("Save format");
?>
"
onClick="SaveOutputFormat()"
value="" src="icons/save.png">
<input type="image" name="fmt_delete" id="fmt_delete" title="<?php
echo _("Delete format");
?>
"
onClick="DeleteOutputFormat()"
value="" src="icons/trash.png" <?php
echo $edit_display_style;
?>
>
</span>
</td>
</tr>
</table>
</td>
</tr>
<!--
<tr>
<td></td><td></td>
<td align="right" style="border:none">
<input type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()">
<input type="submit" name="process" value="<?php
echo _("process");
?>
" id="process_button" onClick="form_ok=true;" size="1">
</td>
</tr>
-->
</table>
</form>
<div id="lookupbox">
<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div>
<iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe>
</div>
<?php
if (!array_key_exists('run', $_SESSION)) {
return;
}
print "<div class='flowlist'>\n";
$run = $_SESSION['run'];
if ($run != null) {
$filter = $process_form['filter'];
if ($process_form['DefaultFilter'] != -1) {
$cmd_opts['and_filter'] = $process_form['DefaultFilter'];
}
$cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
$cmd_opts['profile'] = $_SESSION['profileswitch'];
$cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
#print "<pre>\n";
$patterns = array();
$replacements = array();
$patterns[0] = '/(\\s*)([^\\s]+)/';
$replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
// gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed.
function getHAP4NfSenId()
{
$plugins = GetPlugins();
for ($i = 0; $i < count($plugins); $i++) {
$plugin = $plugins[$i];
if ($plugin == "HAP4NfSen") {
return $i;
}
}
return -1;
}
ClearMessages();
$cmd_opts['args'] = "-T {$run}";
$cmd_opts['filter'] = $filter;
$titcol = get_tit_col($run);
$cmd_out = nfsend_query("run-nfdump", $cmd_opts);
if (!is_array($cmd_out)) {
ShowMessages();
} else {
$conf = $GLOBALS["CONF"];
$solera = $conf->get_conf("solera_enable", FALSE) ? true : false;
$db = new ossim_db();
$conn = $db->connect();
$sensors = $hosts = $ossim_servers = array();
$tz = Util::get_timezone();
list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE);
$entities = Session::get_all_entities($conn);
$_sensors = Av_sensor::get_basic_list($conn);
foreach ($_sensors as $s_id => $s) {
$sensors[$s['ip']] = $s['name'];
}
/*$hap4nfsen_id = getHAP4NfSenId();
if ($hap4nfsen_id >= 0) {
// ICMP "port" filter are no currently supported by the HAP4NfSen plugin
function isChecked(&$form, $name) { // helper function used to find out, if an option is checked
return $form[$name]=="checked";
}
$ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) &&
((isChecked($process_form,'aggr_srcip') && isChecked($process_form,'aggr_srcport')) ||
(isChecked($process_form,'aggr_dstip') && isChecked($process_form,'aggr_dstport')));
$ip_contains_port = $_SESSION["process_form"]["modeselect"]=='0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) ||
(preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !( // no boxes checked
isChecked($process_form,'aggr_srcip') || isChecked($process_form,'aggr_srcport') ||
isChecked($process_form,'aggr_dstip') || isChecked($process_form,'aggr_dstport')));
$_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts;
$hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />";
$default_pattern = array_pop($patterns);
$default_replacement = array_pop($replacements);
if ($ip_contains_port) { // matches cases like ip:port
$max_prot_length = 5; // max. port length = 5 chars(highest port number = 65535)
for ($i=$max_prot_length;$i>=1;$i--) {
$diff = ($max_prot_length-$i); // difference between actual and max port length
$ip_port_pattern_icmp = "/(\s*)([^\s|^:]+)(:)(0\s{4}|\d\.\d\s{2}|\d{2}\.\d\|\d\.\d{2}\s|\d{2}\.\d{2})/";
$ip_port_pattern_normal = "/(\s*)([^\s|^:]+)(:)([\d|\.]{{$i}})(\s{{$diff}})/";
$spaces = '';
for ($k=0;$k<$diff;$k++) {$spaces = $spaces . ' ';} // spaces required to align hap viewer icons
array_push($patterns, $ip_port_pattern_icmp);
array_push($replacements, $default_replacement .
"$3$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a> ");
array_push($patterns, $ip_port_pattern_normal);
array_push($replacements, $default_replacement .
"$3$4$spaces <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a> ");
}
array_push($patterns, '/(\sIP\sAddr:Port)/i');
array_push($replacements, "$1 $hap_pic");
} else {
if ($ip_and_port_columns) { // matches cases when both ip and port are available but are located in separate columns
// ICMP verion
$ip_and_port_pattern = "/(\s*)([^\s]+)(\s+)(0|\d\.\d)/";
$ip_and_port_replacement = "$1$2$3$4 " .
"<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>";
array_push($patterns, $ip_and_port_pattern);
array_push($replacements, $ip_and_port_replacement);
// non-ICMP version with port filter
$ip_and_port_pattern = "/(\s*)([^\s]+)(\s*)([\d|.]+)/";
$ip_and_port_replacement = "$1$2$3$4 " .
"<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a>";
array_push($patterns, $ip_and_port_pattern);
array_push($replacements, $ip_and_port_replacement);
array_push($patterns, '/(\s\s(Src\sIP\sAddr\s*Src\sPt|Dst\sIP\sAddr\s*Dst\sPt))/i');
array_push($replacements, "$1 $hap_pic");
} else { // matches all other cases
array_push($patterns, $default_pattern);
array_push($replacements, $default_replacement .
" <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>");
array_push($patterns, '/(\s(|\s(Src|Dst))\sIP\sAddr)/i');
array_push($replacements, "$1 $hap_pic");
}
}
}
if ( array_key_exists('arg', $cmd_out) ) {
print "** nfdump " . $cmd_out['arg'] . "\n";
}
if ( array_key_exists('filter', $cmd_out) ) {
print "nfdump filter:\n";
foreach ( $cmd_out['filter'] as $line ) {
print "$line\n";
}
}
foreach ( $cmd_out['nfdump'] as $line ) {
print preg_replace($patterns, $replacements, $line) . "\n";
}*/
# parse command line
#2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1
$list = preg_match("/\\-o extended/", $cmd_out['arg']) ? 1 : 0;
$regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
echo '<div class="nfsen_list_title">' . _('Flows Info') . '</div>';
echo "<table class='table_list'>";
$geotools = false;
if ($list && file_exists("../kml/GoogleEarth.php")) {
$geotools = true;
$geoips = array();
$geotools_src = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>";
$geotools_dst = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>";
}
echo $list ? "\n \n <tr>\n <th>" . _("Date flow start") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "{$geotools_src}</th>\n <th>" . _("Dst IP Addr:Port") . "{$geotools_dst}</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "(%)</th>\n <th>" . _("Packets") . "(%)</th>\n <th>" . _("Bytes") . "(%)</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>";
$status = $errors = array();
$rep = new Reputation();
//print_r($cmd_out['arg']);
//print_r($cmd_out['nfdump']);
foreach ($cmd_out['nfdump'] as $k => $line) {
#capture status
if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) {
$status[$found[1]] = str_replace($found[1] . ":", "", $line);
}
# capture errors
if (preg_match("/ error /i", $line, $found)) {
if (preg_match("/stat\\(\\) error/i", $line)) {
$errors[] = _('The netflow information you are trying to access either has not been processed yet or does not exist. Please check your date filters.');
Av_exception::write_log(Av_exception::USER_ERROR, $line);
} else {
$errors[] = $line;
}
}
# print results
$line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line);
// Patch for ( 0.3)
$line = preg_replace("/(\\d)\\s*([KMGT])/", "\\1\\2", $line);
// Patch for 1.2 M(99.6)
$line = preg_replace("/(\\d+)(TCP|UDP|ICMP|IGMP)\\s/", "\\1 \\2 ", $line);
// Patch for 9.003TCP
$start = $end = $proto = "";
$ips = $ports = array();
if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) {
echo "<tr class='tr_flow_data'>\n";
foreach ($found as $ki => $field) {
if ($ki > 0) {
$wrap = $ki == 1 ? "nowrap" : "";
$field = Util::htmlentities(preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field));
if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) {
# match ip (resolve and geolocalize)
$ip = $fnd[1];
$port = $fnd[2];
list($name, $ctx, $host_id) = GetDataFromSingleIp($ip, $hosts);
if ($name == "" && $sensors[$ip] != "") {
$name = $sensors[$ip];
}
$output = Asset_host::get_extended_name($conn, $geoloc, $ip, $ctx, $host_id, '');
$homelan = $output['is_internal'] || $name != "" && $name != $ip;
$icon = $output['html_icon'];
# reputation info
if (!is_array($_SESSION["_repinfo_ips"][$ip])) {
$_SESSION["_repinfo_ips"][$ip] = $rep->get_data_by_ip($ip);
}
$rep_icon = Reputation::getrepimg($_SESSION["_repinfo_ips"][$ip][0], $_SESSION["_repinfo_ips"][$ip][1], $_SESSION["_repinfo_ips"][$ip][2], $ip);
$rep_bgcolor = Reputation::getrepbgcolor($_SESSION["_repinfo_ips"][$ip][0]);
$style_aux = $homelan ? 'style="font-weight:bold"' : '';
$bold_aux1 = $homelan ? '<b>' : '';
$bold_aux2 = $homelan ? '<b>' : '';
$field = '<div id="' . $ip . ';' . Util::htmlentities($name) . ';' . $host_id . '" id2="' . $ip . ';' . $ip . '" ctx="' . $ctx . '" class="HostReportMenu">' . $icon . ' <a ' . $style_aux . ' href="javascript:;">' . Util::htmlentities($name) . '</a>' . $bold_aux1 . $port . $bold_aux2 . ' ' . $rep_icon . '</div>';
$wrap = "nowrap style='{$rep_bgcolor}'";
$ips[] = $ip;
if ($geotools) {
if ($ki == 4) {
$geoips['ip_src'][$ip]++;
} elseif ($ki == 5) {
$geoips['ip_dst'][$ip]++;
}
}
$ports[] = str_replace(":", "", $port);
}
if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) {
# match date
$start = $end = $fnd[1];
$time = strtotime($fnd[1]);
$field = Util::htmlentities(gmdate("Y-m-d H:i:s", $time + 3600 * $tz) . "." . $fnd[2]);
}
if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) {
# match date
$proto = strtolower($fnd[1]);
}
print "<td {$wrap}>{$field}</td>";
}
}
// solera deepsee integration
if ($solera) {
echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('" . Util::htmlentities($start) . "','" . Util::htmlentities($end) . "','" . Util::htmlentities($ips[0]) . "','" . Util::htmlentities($ports[0]) . "','" . Util::htmlentities($ips[1]) . "','" . Util::htmlentities($ports[1]) . "','" . Util::htmlentities($proto) . "')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>";
}
echo "</tr>\n";
}
}
echo "</table>";
if ($geotools) {
foreach ($geoips as $type => $list) {
$ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w");
foreach ($list as $ip => $val) {
fputs($ipsfile, "{$ip}\n");
}
fclose($ipsfile);
}
}
#Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57
#Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26
#Total flows processed: 21, Records skipped: 0, Bytes read: 1128
#Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9
if (count($status) > 0) {
echo "<table class='transparent' style='margin-bottom:5px;width:100%'>";
foreach ($status as $key => $line) {
$line = preg_replace("/(Wall)\\:/", "<span class='th_summary'>\\1</span>", $line);
$line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th_summary'>\\1</span>", $line);
echo "<tr>\n <td class='nobborder' style='padding: 4px;'>\n <span class='th_summary'>{$key}</span>\n {$line}\n </td>\n </tr>";
}
echo "</table>";
}
# stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found!
if (count($errors) > 0) {
foreach ($errors as $line) {
echo "<div class='details_error'>" . _("ERROR FOUND: ") . "{$line}</div>";
}
}
$conn->disconnect();
}
#print "</pre>\n";
}
print "</div>\n";
$db_aux->close();
$geoloc->close();
return;
}
function DefaultFilters()
{
if (array_key_exists('DefaultFilters', $_SESSION)) {
if (array_key_exists('DefaultFiltersUpdate', $_SESSION) && time() - $_SESSION['DefaultFiltersUpdate'] < 600) {
return $_SESSION['DefaultFilters'];
}
}
$out_list = nfsend_query("get-filterlist", array(), 0);
if (!is_array($out_list)) {
$out_list = array();
}
$_SESSION['DefaultFilters'] = array_key_exists('list', $out_list) ? $out_list['list'] : array();
$_SESSION['DefaultFiltersUpdate'] = time();
return $out_list;
}
{
global $log_handle;
if ($log_handle) {
fwrite($log_handle, "{$message}\n");
}
}
// End of ReportLog
OpenLogFile();
$command = urldecode($_GET['cmd']);
ReportLog("RRD graph command is '{$command}'");
if (!array_key_exists('rrdgraph_cmds', $_SESSION) || !array_key_exists($command, $_SESSION['rrdgraph_cmds'])) {
ReportLog("RRD command not found");
header("Content-type: image/png");
exit;
}
$opts = array();
foreach ($_SESSION['rrdgraph_getparams'] as $getparam => $dummy) {
if (array_key_exists($getparam, $_GET)) {
$opts[$getparam] = $_GET[$getparam];
}
}
$arglist = split(' ', urldecode($_GET['arg']));
$opts['.silent'] = 1;
foreach ($arglist as $arg) {
$opts['arg'][] = $arg;
}
header("Content-type: image/png");
nfsend_query("@{$command}", $opts, 1);
nfsend_disconnect();
unset($_SESSION['nfsend']);
CloseLogFile();
function DisplayProcessing()
{
global $self;
global $ListNOption;
global $TopNOption;
global $OutputFormatOption;
global $IPStatOption;
global $IPStatOrder;
global $LimitScale;
require_once 'classes/Session.inc';
require_once 'classes/Sensor.inc';
require_once 'ossim_db.inc';
$db_aux = new ossim_db();
$conn_aux = $db_aux->connect();
$sensors_list = Sensor::get_list($conn_aux);
$db_aux->close($conn_aux);
$detail_opts = $_SESSION['detail_opts'];
$process_form = $_SESSION['process_form'];
$type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2);
?>
<a name="processing"></a>
<table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr>
<td class='nobborder'><b><?php
echo _("Netflow Processing");
?>
</b></td>
<td class='noborder' style='text-align:center'>
[ <a href='javascript:lastsessions()'><?php
echo _("List last 500 sessions");
?>
</a> ]
[ <a href='javascript:launch("2","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src IPs");
?>
</a> ]
[ <a href='javascript:launch("3","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst IPs");
?>
</a> ]
[ <a href='javascript:launch("5","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Src Port");
?>
</a> ]
[ <a href='javascript:launch("6","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Dst Port");
?>
</a> ]
[ <a href='javascript:launch("13","<?php
echo $type;
?>
")'><?php
echo _("Top 10 Proto");
?>
</a> ]
</td></tr></table>
<form action="<?php
echo $self;
?>
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST">
<TABLE border="0" cellspacing="3" cellpadding="3" style='font-size:14px;font-weight:bold;width:100%'>
<tr>
<TD><?php
echo _("Source");
?>
:</TD>
<TD><?php
echo _("Filter");
?>
:</TD>
<TD><?php
echo _("Options");
?>
:</TD>
</tr>
<TR>
<TD style='vertical-align:top;border:none'>
<SELECT name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple>
<?php
foreach ($process_form['srcselector'] as $selected_channel) {
$_tmp[$selected_channel] = 1;
}
$i = 0;
foreach (array_keys($_SESSION['profileinfo']['channel']) as $channel) {
$has_perm = 0;
foreach ($sensors_list as $s) {
if ($channel == $s->get_name()) {
$has_perm = 1;
}
}
if (Session::am_i_admin()) {
$has_perm = 1;
}
if (!$has_perm) {
continue;
}
$checked = array_key_exists($channel, $_tmp) ? 'selected' : '';
print "<OPTION value='{$channel}' {$checked}>{$channel}</OPTION>\n";
}
?>
</SELECT><br>
<INPUT class="lbutton" TYPE="button" NAME="JSbutton2" Value="<?php
echo _("All Sources");
?>
" onClick="SelectAllSources()">
</TD>
<td style="vertical-align:top;border:none">
<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50"><?php
if (is_array($process_form)) {
$display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
} else {
$display_filter = array();
}
if (count($display_filter) < 1 && GET('ip') != "") {
$display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip');
}
foreach ($display_filter as $line) {
print htmlspecialchars(stripslashes($line)) . "\n";
}
?>
</textarea><br>
<?php
$deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
?>
<input type="image" name="filter_delete" id="filter_delete" title="<?php
echo _("Delete filter");
?>
" align="right"
onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php
echo $deletefilter_display_style;
?>
>
<input type="hidden" name="filter_name" id="filter_name" value="none">
<span id="filter_span">and
<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
<?php
print "<option value='-1' label='none'><none></option>\n";
foreach ($_SESSION['DefaultFilters'] as $name) {
$checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
print "<option value='{$name}' {$checked}>{$name}</option>\n";
}
$editfilter_display_style = 'style="display:none;"';
foreach ($_SESSION['DefaultFilters'] as $name) {
if ($process_form['DefaultFilter'] == $name) {
$editfilter_display_style = '';
}
}
?>
</select></span>
<input type="image" name="filter_save" id="filter_save" title="<?php
echo _("Save filter");
?>
"
onClick="HandleFilter(2)"
value="" src="icons/save.png" border="0" align="absmiddle">
<input type="image" name="filter_edit" id="filter_edit" title="<?php
echo _("Edit filter");
?>
" <?php
echo $editfilter_display_style;
?>
onClick="HandleFilter(1)" value="" src="icons/edit.png">
<script language="Javascript" type="text/javascript">
var DefaultFilters = new Array();
<?php
foreach ($_SESSION['DefaultFilters'] as $name) {
print "DefaultFilters.push('{$name}');\n";
}
if (array_key_exists('editfilter', $process_form)) {
print "edit_filter = '" . $process_form['DefaultFilter'] . "';\n";
}
?>
</script>
</td>
<!-- Options start here -->
<td style='padding: 0px;vertical-align:top;border:none'>
<table border="0"id="ProcessOptionTable" style="font-size:14px;font-weight:bold;border:none;width:100%">
<tr><td>
<?php
$i = 0;
foreach (array('List Flows', 'Stat TopN') as $s) {
$checked = $process_form['modeselect'] == $i ? 'checked' : '';
print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} ";
$i++;
}
$list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
$stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
$formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
?>
</td>
<td align="right" style="border:none">
<input class="button" type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()">
<input class="button" type="submit" name="process" value="<?php
echo _("Process");
?>
" style="font-weight:bold" id="process_button" onClick="form_ok=true;" size="1">
</td>
</tr>
<tr id="listNRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit to");
?>
:</td>
<td class='TDnfprocControl'>
<select name="listN" id="listN" style="margin-left:1" size="1">
<?php
for ($i = 0; $i < count($ListNOption); $i++) {
$checked = $process_form['listN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
}
?>
</select> <?php
echo _("Flows");
?>
<br>
</td>
</tr>
<tr id="topNRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Top");
?>
:</td>
<td class='TDnfprocControl'>
<select name="topN" id="TopN" size="1">
<?php
for ($i = 0; $i < count($TopNOption); $i++) {
$checked = $process_form['topN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="stattypeRow" <?php
echo $stat_display_style;
?>
>
<td class="TDnfprocLabel"><?php
echo _("Stat");
?>
:</td>
<td class="TDnfprocControl">
<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
<?php
for ($i = 0; $i < count($IPStatOption); $i++) {
$checked = $process_form['stattype'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
}
?>
</select>
<?php
echo _("order by");
?>
<select name='statorder' id="statorder" size='1'>
<?php
for ($i = 0; $i < count($IPStatOrder); $i++) {
$checked = $process_form['statorder'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="AggregateRow" <?php
echo $formatselect_display_opts;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Aggregate");
?>
</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_proto'];
?>
> <?php
echo _("proto");
?>
<br>
<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_srcport'];
?>
> <?php
echo _("srcPort");
?>
<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_srcip'];
?>
>
<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
<?php
$i = 0;
foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
$checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits"
value="<?php
echo $process_form['aggr_srcnetbits'];
?>
" <?php
echo $_style;
?>
><br>
<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_dstport'];
?>
> <?php
echo _("dstPort");
?>
<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_dstip'];
?>
>
<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
<?php
$i = 0;
foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
$checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits"
value="<?php
echo $process_form['aggr_dstnetbits'];
?>
" <?php
echo $_style;
?>
><br>
</td>
</tr>
<tr id="timesortedRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Sort");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="timesorted" id="timesorted" value="checked"
style="margin-left:1" <?php
echo $process_form['timesorted'];
?>
>
<?php
echo _("start time of flows");
?>
</td>
</tr>
<tr id="limitoutputRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'><?php
echo _("Limit");
?>
:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1"
size="1" <?php
echo $process_form['limitoutput'];
?>
>
<select name="limitwhat" id="limitwhat" size="1">
<?php
$i = 0;
foreach (array(gettext("Packets"), gettext("Traffic")) as $s) {
$checked = $process_form['limitwhat'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<select name="limithow" id="limithow" size="1">
<?php
$i = 0;
foreach (array('>', '<') as $s) {
$checked = $process_form['limithow'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<input type="text" name="limitsize" id="limitsize" value="<?php
echo $process_form['limitsize'];
?>
" SIZE="6" MAXLENGTH="8">
<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
<?php
$i = 0;
foreach ($LimitScale as $s) {
$checked = $process_form['limitscale'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
</td>
</tr>
<tr id="outputRow">
<td class='TDnfprocLabel'><?php
echo _("Output");
?>
:</td>
<td class='TDnfprocControl'>
<span id="FormatSelect" <?php
echo $formatselect_display_opts;
?>
>
<select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1">
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
$checked = $process_form['output'] == $key ? 'selected' : '';
print "<OPTION value='{$key}' {$checked}>{$key}</OPTION>\n";
}
$fmt = $_SESSION['formatlist'][$process_form['output']];
if ($process_form['output'] == $fmt) {
// built in format
$space_display_style = '';
$edit_display_style = 'style="display:none"';
} else {
$space_display_style = 'style="display:none"';
$edit_display_style = '';
}
?>
</select>
<script language="Javascript" type="text/javascript">
var fmts = new Hash();
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
print "fmts.setItem('{$key}', '{$value}');\n";
}
?>
</script>
<img src="icons/space.png" border="0" alt='space' id='space' <?php
echo $space_display_style;
?>
></img>
<a href="#null" onClick="EditCustomFormat()"
title="<?php
echo _("Edit format");
?>
" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0"
<?php
echo $edit_display_style;
?>
alt="<?php
echo _("Edit format");
?>
"></a>
</span>
<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php
echo $process_form['IPv6_long'];
?>
>
/ <?php
echo _("IPv6 long");
$fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
?>
<span id="fmt_edit" <?php
echo $fmt_edit_display_style;
?>
>
<br><?php
echo _("Enter custom output format");
?>
:<br>
<input size="30" type="text" name="customfmt" id="customfmt"
value="<?php
echo htmlspecialchars(stripslashes($process_form['customfmt']));
?>
" >
<input type="image" name="fmt_save" id="fmt_save" title="<?php
echo _("Save format");
?>
"
onClick="SaveOutputFormat()"
value="" src="icons/save.png">
<input type="image" name="fmt_delete" id="fmt_delete" title="<?php
echo _("Delete format");
?>
"
onClick="DeleteOutputFormat()"
value="" src="icons/trash.png" <?php
echo $edit_display_style;
?>
>
</span>
</td>
</tr>
</table>
</td>
</tr>
<!--
<tr>
<td></td><td></td>
<td align="right" style="border:none">
<input type="button" name="JSbutton1" value="<?php
echo _("Clear Form");
?>
" onClick="ResetProcessingForm()">
<input type="submit" name="process" value="<?php
echo _("process");
?>
" id="process_button" onClick="form_ok=true;" size="1">
</td>
</tr>
-->
</TABLE>
</form>
<div id="lookupbox">
<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="<?php
echo _("Close lookup box");
?>
"></div>
<iframe id="cframe" src="" frameborder="0" width=100% height=100%></iframe>
</div>
<?php
if (!array_key_exists('run', $_SESSION)) {
return;
}
print "<div class='flowlist'>\n";
$run = $_SESSION['run'];
if ($run != null) {
$filter = $process_form['filter'];
if ($process_form['DefaultFilter'] != -1) {
$cmd_opts['and_filter'] = $process_form['DefaultFilter'];
}
$cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
$cmd_opts['profile'] = $_SESSION['profileswitch'];
$cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
print "<pre>\n";
$pattern = '/(\\s*)([^\\s]+)/';
$replacement = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
ClearMessages();
$cmd_opts['args'] = "-T {$run}";
$cmd_opts['filter'] = $filter;
$titcol = "";
if (preg_match("/ srcip/", $run)) {
$titcol = _("Src IP");
} elseif (preg_match("/ dstip/", $run)) {
$titcol = _("Dst IP");
} elseif (preg_match("/ srcport/", $run)) {
$titcol = _("Src Port");
} elseif (preg_match("/ dstport/", $run)) {
$titcol = _("Dst Port");
}
$cmd_out = nfsend_query("run-nfdump", $cmd_opts);
if (!is_array($cmd_out)) {
ShowMessages();
} else {
require_once "classes/Host.inc";
require_once "classes/Net.inc";
require_once 'ossim_db.inc';
require_once "ossim_conf.inc";
$conf = $GLOBALS["CONF"];
$solera = $conf->get_conf("solera_enable", FALSE) ? true : false;
include "geoip.inc";
$gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD);
$db = new ossim_db();
$conn = $db->connect();
$sensors = $hosts = $ossim_servers = array();
list($sensors, $hosts, $icons) = Host::get_ips_and_hostname($conn);
/*$networks = "";
$_nets = Net::get_all($conn);
$_nets_ips = $_host_ips = $_host = array();
foreach ($_nets as $_net) $_nets_ips[] = $_net->get_ips();
$networks = implode(",",$_nets_ips);*/
$hosts_ips = array_keys($hosts);
/*
if ( array_key_exists('arg', $cmd_out) ) {
print "** nfdump " . $cmd_out['arg'] . "\n";
}
if ( array_key_exists('filter', $cmd_out) ) {
print "nfdump filter:\n";
foreach ( $cmd_out['filter'] as $line ) {
print "$line\n";
}
}
foreach ( $cmd_out['nfdump'] as $line ) {
print preg_replace($pattern, $replacement, $line) . "\n";
}
print "</pre>\n";*/
# parse command line
#2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1
$list = preg_match("/ \\-a \\-A /", $cmd_out['arg']) ? 1 : 0;
$regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
echo "<table style='width:100%;margin-bottom:5px''>";
$geotools = false;
if ($list && file_exists("../kml/GoogleEarth.php")) {
$geotools = true;
$geoips = array();
echo "<tr><td class='nobborder'></td><td class='nobborder'></td><td class='nobborder'></td>";
echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>";
echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>";
echo "</tr>";
}
echo $list ? "<tr>\n <th>" . _("Date flow start") . "</th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "</th>\n <th>" . _("Dst IP Addr:Port") . "</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "</th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>";
$status = $errors = array();
//print_r($cmd_out['nfdump']);
foreach ($cmd_out['nfdump'] as $k => $line) {
echo "<tr>\n";
#capture status
if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) {
$status[$found[1]] = str_replace($found[1] . ":", "", $line);
}
# capture errors
if (preg_match("/ error /i", $line, $found)) {
$errors[] = $line;
}
# print results
$line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line);
// Patch for ( 0.3)
$line = preg_replace("/(\\d)\\s([KMG])/", "\\1\\2", $line);
// Patch for 1.2 M(99.6)
$start = $end = $proto = "";
$ips = $ports = array();
if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) {
foreach ($found as $ki => $field) {
if ($ki > 0) {
$wrap = $ki == 1 ? "nowrap" : "";
$field = preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field);
if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) {
# match ip (resolve and geolocalize)
$ip = $fnd[1];
$port = $fnd[2];
$name = $sensors[$ip] != "" ? $sensors[$ip] : ($hosts[$ip] != "" ? $hosts[$ip] : $ip);
$homelan = ($match_cidr = Net::is_ip_in_cache_cidr($conn, $ip)) || in_array($ip, $hosts_ips) ? " <a href='javascript:;' class='scriptinfo' style='text-decoration:none' ip='{$ip}'><img src=\"" . Host::get_homelan_icon($ip, $icons, $match_cidr, $conn) . "\" border=0></a>" : "";
$country = strtolower(geoip_country_code_by_addr($gi, $ip));
$country_name = geoip_country_name_by_addr($gi, $ip);
if ($country) {
$country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"" . _($country_name) . "\" title=\"" . _($country_name) . "\">";
} else {
$country_img = "";
}
$field = "<a href='javascript:;' class='HostReportMenu' id='{$ip};{$name}'>{$name}</a>{$port} {$country_img} {$homelan}";
$wrap = "nowrap";
$ips[] = $ip;
if ($geotools) {
if ($ki == 4) {
$geoips['ip_src'][$ip]++;
} elseif ($ki == 5) {
$geoips['ip_dst'][$ip]++;
}
}
$ports[] = str_replace(":", "", $port);
}
if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) {
# match date
$start = $end = $fnd[1];
}
if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) {
# match date
$proto = strtolower($fnd[1]);
}
print "<td {$wrap}>{$field}</td>";
}
}
// solera deepsee integration
if ($solera) {
echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('{$start}','{$end}','" . $ips[0] . "','" . $ports[0] . "','" . $ips[1] . "','" . $ports[1] . "','{$proto}')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>";
}
}
echo "</tr>\n";
}
echo "</table>";
if ($geotools) {
foreach ($geoips as $type => $list) {
$ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w");
foreach ($list as $ip => $val) {
fputs($ipsfile, "{$ip}\n");
}
fclose($ipsfile);
}
}
#Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57
#Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26
#Total flows processed: 21, Records skipped: 0, Bytes read: 1128
#Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9
if (count($status) > 0) {
echo "<table style='margin-bottom:5px;width:100%'>";
foreach ($status as $key => $line) {
$line = preg_replace("/(Wall)\\:/", "<span class='th'>\\1</span>", $line);
$line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th'>\\1</span>", $line);
echo "<tr><td class='nobborder'><span class='th'>{$key}</span>{$line}</td></tr>";
}
echo "</table>";
}
# stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found!
if (count($errors) > 0) {
echo "<table style='margin-bottom:5px;width:100%'>";
foreach ($errors as $key => $line) {
echo "<tr><td class='nobborder'><span class='th'>" . _("Error found") . "</span> {$line}</td></tr>";
}
echo "</table>";
}
$conn->disconnect();
}
#print "</pre>\n";
}
print "</div>\n";
return;
}
function Process_alert_tab($tab_changed, $profile_changed)
{
global $num_ConditionList;
global $ConditionList;
global $num_ConditionList;
global $ConditionList;
global $ActionList;
global $FlowStat_type;
global $SumStat_type_options;
global $SumStat_comp_type;
global $SumStat_scale;
// register 'get-alertgraph' command for rrdgraph.php
if (!array_key_exists('rrdgraph_cmds', $_SESSION) || !array_key_exists('get-alertgraph', $_SESSION['rrdgraph_cmds'])) {
$_SESSION['rrdgraph_cmds']['get-alertgraph'] = 1;
$_SESSION['rrdgraph_getparams']['alert'] = 1;
}
$_SESSION['action'] = 'list';
// Delete an alert?
if (array_key_exists('delete_alert_x', $_POST)) {
$parse_opts = array("alert" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => $_SESSION['alertlist'], "validate" => null, "must_exist" => 1));
list($form_data, $has_errors) = ParseForm($parse_opts);
if ($has_errors) {
return;
}
$cmd_out = nfsend_query("delete-alert", $form_data, 0);
$_SESSION['action'] = 'list';
UpdateAlertList();
return;
}
// Arm the alert
if (array_key_exists('arm_trigger_x', $_POST)) {
$parse_opts = array("alert" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => $_SESSION['alertlist'], "validate" => null, "must_exist" => 1));
list($form_data, $has_errors) = ParseForm($parse_opts);
if ($has_errors) {
return;
}
$cmd_out = nfsend_query("arm-alert", $form_data, 0);
$_SESSION['action'] = 'list';
UpdateAlert($_SESSION['alertinfo']['name']);
return;
}
// cancel a new alert dialog
if (array_key_exists('new_alert_cancel', $_POST)) {
$_SESSION['action'] = 'list';
return;
}
// provide the add new alert dialog?
if (array_key_exists('new_alert_x', $_POST)) {
$_SESSION['action'] = 'new';
$_SESSION['refresh'] = 0;
// preset alert info for new alert
$alertinfo['alert'] = '';
$alertinfo['type'] = 0;
$alertinfo['visible_0'] = 1;
$alertinfo['status'] = 'disabled';
$alertinfo['trigger_type'] = 0;
$alertinfo['trigger_status'] = 0;
$alertinfo['trigger_number'] = 0;
$alertinfo['trigger_blocks'] = 0;
$alertinfo['action_type'] = 0;
$alertinfo['action_email'] = '';
$alertinfo['action_subject'] = 'Alert triggered';
$alertinfo['action_system'] = '';
$alertinfo['filter'] = array();
$alertinfo['channellist'] = implode('|', array_keys($_SESSION['profileinfo']['channel']));
for ($i = 0; $i < 2 * $num_ConditionList; $i++) {
$alertinfo["visible_{$i}"] = 0;
$alertinfo["op_{$i}"] = 0;
$alertinfo["type_{$i}"] = 0;
$alertinfo["comp_{$i}"] = 0;
$alertinfo["comp_type_{$i}"] = 0;
$alertinfo["stat_type_{$i}"] = 0;
$alertinfo["comp_value_{$i}"] = 0;
$alertinfo["scale_{$i}"] = 0;
}
$_SESSION['alertinfo'] = $alertinfo;
// disable page refresh
$_SESSION['refresh'] = 0;
return;
}
// create the new alert
$ModifyOrNew = NULL;
if (array_key_exists('new_alert_commit_x', $_POST) || array_key_exists('new_alert_commit', $_POST)) {
$ModifyOrNew = 'new';
}
if (array_key_exists('edit_alert_commit', $_POST)) {
$ModifyOrNew = 'modify';
}
if ($ModifyOrNew != NULL) {
$parse_opts = array("alert" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^[A-Za-z0-9][A-Za-z0-9\\-+_]*\$/", "validate" => 'alert_name_check', "must_exists" => $ModifyOrNew == 'modify'), "channellist" => array("required" => 0, "default" => '', "allow_null" => 0, "match" => null, "validate" => 'channellist_validate'), "filter" => array("required" => 0, "default" => NULL, "allow_null" => 1, "match" => "/^[\\s!-~]*\$/", "validate" => 'filter_validate'), "type" => array("required" => 1, "default" => 0, "allow_null" => 1, "match" => array(0, 1, 2), "validate" => null), "status" => array("required" => 0, "default" => 'disabled', "allow_null" => 1, "match" => array('enabled', 'disabled'), "validate" => null), "trigger_type" => array("required" => 1, "default" => 0, "allow_null" => 1, "match" => array(0, 1, 2), "validate" => null), "trigger_number" => array("required" => 1, "default" => 1, "allow_null" => 0, "match" => range(1, 9), "validate" => null), "trigger_blocks" => array("required" => 1, "default" => 0, "allow_null" => 1, "match" => range(0, 9), "validate" => null), "plugin_condition" => array("required" => 0, "default" => -1, "allow_null" => 0, "match" => range(-1, count($_SESSION['alert_condition_plugin'])), "validate" => null), "action_plugin" => array("required" => 0, "default" => -1, "allow_null" => 0, "match" => range(-1, count($_SESSION['alert_action_plugin'])), "validate" => null), "action_email" => array("required" => 0, "default" => '', "allow_null" => 1, "match" => null, "validate" => 'check_email_address'), "action_subject" => array("required" => 0, "default" => 'Alert triggered', "allow_null" => 1, "match" => "/^[\\s!-~]+\$/", "validate" => 'subject_validate'), "action_system" => array("required" => 0, "default" => null, "allow_null" => 1, "match" => "/^[\\s!-~]+\$/", "validate" => null));
for ($i = 0; $i < 2 * $num_ConditionList; $i++) {
$name = "op_{$i}";
$parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => array(0, 1), "validate" => null);
$name = "visible_{$i}";
$parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => array(0, 1), "validate" => null);
$name = "type_{$i}";
$parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => range(0, count($SumStat_type_options) - 1), "validate" => null);
$name = "comp_{$i}";
$parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => array(0, 1, 2), "validate" => null);
$name = "comp_type_{$i}";
$parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => range(0, count($SumStat_comp_type) - 1), "validate" => null);
$name = "stat_type_{$i}";
$parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => range(0, count($FlowStat_type) - 1), "validate" => null);
$name = "comp_value_{$i}";
$parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => "/^\\d+\$/", "validate" => null);
$name = "scale_{$i}";
$parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => range(0, count($SumStat_scale) - 1), "validate" => null);
}
list($alertinfo, $has_errors) = ParseForm($parse_opts);
$form_values = $alertinfo;
if ($has_errors) {
if ($ModifyOrNew == 'new') {
$_SESSION['action'] = 'new';
$_SESSION['refresh'] = 0;
} else {
$_SESSION['action'] = 'details';
$_SESSION['refresh'] = 0;
}
return;
}
// process action types
$action_type = 0;
for ($i = 1; $i < 4; $i++) {
if (array_key_exists("action_{$i}", $_POST)) {
$action_type += 1 << $i - 1;
}
}
$alertinfo['action_type'] = $action_type;
$form_values['action_type'] = $action_type;
if ($alertinfo['type'] == 2) {
$lim = 2 * $num_ConditionList;
} else {
$lim = $alertinfo['type'] == 0 ? 0 : $num_ConditionList;
}
if ($alertinfo['action_plugin'] > -1) {
$alertinfo['action_plugin'] = $_SESSION['alert_action_plugin'][$alertinfo['action_plugin']];
} else {
unset($alertinfo['action_plugin']);
}
// prepare condition array
$condition = array();
if ($alertinfo['type'] == 2) {
$condition[] = $_SESSION['alert_condition_plugin'][$alertinfo['plugin_condition']];
} else {
for ($i = 0; $i < 2 * $num_ConditionList; $i++) {
if ($i >= $lim && $i < $lim + $num_ConditionList && $alertinfo["visible_{$i}"]) {
// add to condition array
$condition[] = implode(':', array($alertinfo["op_{$i}"], $alertinfo["type_{$i}"], $alertinfo["comp_{$i}"], $alertinfo["comp_type_{$i}"], $alertinfo["stat_type_{$i}"], $alertinfo["comp_value_{$i}"], $alertinfo["scale_{$i}"]));
}
}
}
for ($i = 0; $i < 2 * $num_ConditionList; $i++) {
// delete other condition values
unset($alertinfo["visible_{$i}"]);
unset($alertinfo["op_{$i}"]);
unset($alertinfo["type_{$i}"]);
unset($alertinfo["comp_{$i}"]);
unset($alertinfo["comp_type_{$i}"]);
unset($alertinfo["stat_type_{$i}"]);
unset($alertinfo["comp_value_{$i}"]);
unset($alertinfo["scale_{$i}"]);
}
unset($alertinfo['plugin_condition']);
$alertinfo['condition'] = $condition;
ob_start();
print "Add/modify alert - alertinfo\n";
print_r($alertinfo);
ReportLog(ob_get_contents());
ob_clean();
if ($ModifyOrNew == 'new') {
$cmd_out = nfsend_query("add-alert", $alertinfo, 0);
if (!is_array($cmd_out)) {
$_SESSION['action'] = 'new';
$_SESSION['alertinfo'] = $form_values;
return;
}
// Update alert list
UpdateAlertList();
} else {
$cmd_out = nfsend_query("modify-alert", $alertinfo, 0);
if (!is_array($cmd_out)) {
$_SESSION['action'] = 'details';
$_SESSION['refresh'] = 0;
return;
}
}
// prepare details view of new alert
UpdateAlert($alertinfo['alert']);
return;
}
// status change
$status = 'none';
if (array_key_exists('status', $_POST) && !array_key_exists('status_hidden', $_POST)) {
// status set to enabled
$status = 'enabled';
}
if (!array_key_exists('status', $_POST) && array_key_exists('status_hidden', $_POST)) {
// status set to disabled
$status = 'disabled';
}
if ($status != 'none') {
// redisplay alert
$_SESSION['action'] = 'details';
$_SESSION['refresh'] = 0;
$cmd_out = nfsend_query("modify-alert", array('alert' => $_SESSION['alertinfo']['name'], 'status' => $status), 0);
if (!is_array($cmd_out)) {
return;
}
UpdateAlert($_SESSION['alertinfo']['name']);
return;
}
if (array_key_exists('view_alert_x', $_POST)) {
$parse_opts = array("alert" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => $_SESSION['alertlist'], "validate" => null, "must_exist" => 1));
list($form_data, $has_errors) = ParseForm($parse_opts);
if ($has_errors) {
return;
}
$_SESSION['refresh'] = 0;
UpdateAlert($form_data['alert']);
return;
}
if (array_key_exists('edit_alert_cancel', $_POST)) {
// redisplay current alert
$_SESSION['action'] = 'details';
$_SESSION['refresh'] = 0;
return;
}
// everything else - show alert list
UpdateAlertList();
return;
}
function DisplayProcessing()
{
global $self;
global $ListNOption;
global $TopNOption;
global $OutputFormatOption;
global $IPStatOption;
global $IPStatOrder;
global $LimitScale;
$detail_opts = $_SESSION['detail_opts'];
$process_form = $_SESSION['process_form'];
?>
<a name="processing"></a>
<h3 class="NfProcessing">Netflow Processing</h3>
<form action="<?php
echo $self;
?>
" onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST">
<TABLE border="0" cellspacing="3" cellpadding="3" style='font-size:14px;font-weight:bold'>
<tr>
<TD>Source:</TD>
<TD>Filter:</TD>
<TD>Options:</TD>
</tr>
<TR>
<TD style='vertical-align:top;'>
<SELECT name="srcselector[]" id=SourceSelector size="6" style="width: 100%" multiple>
<?php
foreach ($process_form['srcselector'] as $selected_channel) {
$_tmp[$selected_channel] = 1;
}
$i = 0;
foreach (array_keys($_SESSION['profileinfo']['channel']) as $channel) {
$checked = array_key_exists($channel, $_tmp) ? 'selected' : '';
print "<OPTION value='{$channel}' {$checked}>{$channel}</OPTION>\n";
}
?>
</SELECT><br>
<INPUT TYPE="button" NAME="JSbutton2" Value="All Sources" onClick="SelectAllSources()">
</TD>
<td style="vertical-align:top;">
<textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php
$display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter'];
foreach ($display_filter as $line) {
print htmlspecialchars(stripslashes($line)) . "\n";
}
?>
</textarea><br>
<?php
$deletefilter_display_style = array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"';
?>
<input type="image" name="filter_delete" id="filter_delete" title="Delete filter" align="right"
onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php
echo $deletefilter_display_style;
?>
>
<input type="image" name="filter_save" id="filter_save" title="Save filter" align="right"
onClick="HandleFilter(2)"
value="" src="icons/save.png">
<input type="hidden" name="filter_name" id="filter_name" value="none">
<span id="filter_span">and
<select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1">
<?php
print "<option value='-1' label='none'><none></option>\n";
foreach ($_SESSION['DefaultFilters'] as $name) {
$checked = $process_form['DefaultFilter'] == $name ? 'selected' : '';
print "<option value='{$name}' {$checked}>{$name}</option>\n";
}
$editfilter_display_style = 'style="display:none;"';
foreach ($_SESSION['DefaultFilters'] as $name) {
if ($process_form['DefaultFilter'] == $name) {
$editfilter_display_style = '';
}
}
?>
</select></span>
<input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php
echo $editfilter_display_style;
?>
onClick="HandleFilter(1)" value="" src="icons/edit.png">
<script language="Javascript" type="text/javascript">
var DefaultFilters = new Array();
<?php
foreach ($_SESSION['DefaultFilters'] as $name) {
print "DefaultFilters.push('{$name}');\n";
}
if (array_key_exists('editfilter', $process_form)) {
print "edit_filter = '" . $process_form['DefaultFilter'] . "';\n";
}
?>
</script>
</td>
<!-- Options start here -->
<td style='padding: 0px;vertical-align:top;'>
<table border="0"id="ProcessOptionTable" style="font-size:14px;font-weight:bold;">
<tr><td colspan="2">
<?php
$i = 0;
foreach (array('List Flows', 'Stat TopN') as $s) {
$checked = $process_form['modeselect'] == $i ? 'checked' : '';
print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} ";
$i++;
}
$list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"';
$stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : '';
$formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : '';
?>
</td></tr>
<tr id="listNRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'>Limit to:</td>
<td class='TDnfprocControl'>
<select name="listN" id="listN" style="margin-left:1" size="1">
<?php
for ($i = 0; $i < count($ListNOption); $i++) {
$checked = $process_form['listN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n";
}
?>
</select> Flows<br>
</td>
</tr>
<tr id="topNRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'>Top:</td>
<td class='TDnfprocControl'>
<select name="topN" id="TopN" size="1">
<?php
for ($i = 0; $i < count($TopNOption); $i++) {
$checked = $process_form['topN'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="stattypeRow" <?php
echo $stat_display_style;
?>
>
<td class="TDnfprocLabel">Stat:</td>
<td class="TDnfprocControl">
<select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1">
<?php
for ($i = 0; $i < count($IPStatOption); $i++) {
$checked = $process_form['stattype'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n";
}
?>
</select>
order by
<select name='statorder' id="statorder" size='1'>
<?php
for ($i = 0; $i < count($IPStatOrder); $i++) {
$checked = $process_form['statorder'] == $i ? 'selected' : '';
print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n";
}
?>
</select>
</td>
</tr>
<tr id="AggregateRow" <?php
echo $formatselect_display_opts;
?>
>
<td class='TDnfprocLabel'>Aggregate</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();"
style="margin-left:1" <?php
echo $process_form['aggr_bidir'];
?>
> bi-directional<br>
<input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_proto'];
?>
> proto<br>
<input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_srcport'];
?>
> srcPort
<input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_srcip'];
?>
>
<select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1">
<?php
$i = 0;
foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) {
$checked = $process_form['aggr_srcselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits"
value="<?php
echo $process_form['aggr_srcnetbits'];
?>
" <?php
echo $_style;
?>
><br>
<input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_dstport'];
?>
> dstPort
<input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked"
style="margin-left:1" <?php
echo $process_form['aggr_dstip'];
?>
>
<select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1">
<?php
$i = 0;
foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) {
$checked = $process_form['aggr_dstselect'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
$_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : '';
?>
</select>
<input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits"
value="<?php
echo $process_form['aggr_dstnetbits'];
?>
" <?php
echo $_style;
?>
><br>
</td>
</tr>
<tr id="timesortedRow" <?php
echo $list_display_style;
?>
>
<td class='TDnfprocLabel'>Sort:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="timesorted" id="timesorted" value="checked"
style="margin-left:1" <?php
echo $process_form['timesorted'];
?>
>
start time of flows</td>
</tr>
<tr id="limitoutputRow" <?php
echo $stat_display_style;
?>
>
<td class='TDnfprocLabel'>Limit:</td>
<td class='TDnfprocControl'>
<input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1"
size="1" <?php
echo $process_form['limitoutput'];
?>
>
<select name="limitwhat" id="limitwhat" size="1">
<?php
$i = 0;
foreach (array('Packets', 'Traffic') as $s) {
$checked = $process_form['limitwhat'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<select name="limithow" id="limithow" size="1">
<?php
$i = 0;
foreach (array('>', '<') as $s) {
$checked = $process_form['limithow'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
<input type="text" name="limitsize" id="limitsize" value="<?php
echo $process_form['limitsize'];
?>
" SIZE="6" MAXLENGTH="8">
<select name="limitscale" id="limitscale" size="1" style="margin-left:1">
<?php
$i = 0;
foreach ($LimitScale as $s) {
$checked = $process_form['limitscale'] == $i ? 'selected' : '';
print "<option value='{$i}' {$checked}>{$s}</option>\n";
$i++;
}
?>
</select>
</td>
</tr>
<tr id="outputRow">
<td class='TDnfprocLabel'>Output:</td>
<td class='TDnfprocControl'>
<span id="FormatSelect" <?php
echo $formatselect_display_opts;
?>
>
<select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1">
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
$checked = $process_form['output'] == $key ? 'selected' : '';
print "<OPTION value='{$key}' {$checked}>{$key}</OPTION>\n";
}
$fmt = $_SESSION['formatlist'][$process_form['output']];
if ($process_form['output'] == $fmt) {
// built in format
$space_display_style = '';
$edit_display_style = 'style="display:none"';
} else {
$space_display_style = 'style="display:none"';
$edit_display_style = '';
}
?>
</select>
<script language="Javascript" type="text/javascript">
var fmts = new Hash();
<?php
foreach ($_SESSION['formatlist'] as $key => $value) {
print "fmts.setItem('{$key}', '{$value}');\n";
}
?>
</script>
<img src="icons/space.png" border="0" alt='space' id='space' <?php
echo $space_display_style;
?>
></img>
<a href="#null" onClick="EditCustomFormat()"
title="Edit format" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0"
<?php
echo $edit_display_style;
?>
alt="Edit format"></a>
</span>
<input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php
echo $process_form['IPv6_long'];
?>
>
/ IPv6 long
<?php
$fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"';
?>
<span id="fmt_edit" <?php
echo $fmt_edit_display_style;
?>
>
<br>Enter custom output format:<br>
<input size="30" type="text" name="customfmt" id="customfmt"
value="<?php
echo htmlspecialchars(stripslashes($process_form['customfmt']));
?>
" >
<input type="image" name="fmt_save" id="fmt_save" title="Save format"
onClick="SaveOutputFormat()"
value="" src="icons/save.png">
<input type="image" name="fmt_delete" id="fmt_delete" title="Delete format"
onClick="DeleteOutputFormat()"
value="" src="icons/trash.png" <?php
echo $edit_display_style;
?>
>
</span>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td></td><td></td>
<td align="right">
<input type="button" name="JSbutton1" value="Clear Form" onClick="ResetProcessingForm()">
<input type="submit" name="process" value="process" onClick="form_ok=true;" size="1">
</td>
</tr>
</TABLE>
</form>
<div id="lookupbox">
<div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png"
onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div>
<iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe>
</div>
<?php
if (!array_key_exists('run', $_SESSION)) {
return;
}
//print var_dump($_SESSION);
print "<div class='flowlist'>\n";
$run = $_SESSION['run'];
if ($run != null) {
$filter = $process_form['filter'];
if ($process_form['DefaultFilter'] != -1) {
$cmd_opts['and_filter'] = $process_form['DefaultFilter'];
}
$cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real';
$cmd_opts['profile'] = $_SESSION['profileswitch'];
$cmd_opts['srcselector'] = implode(':', $process_form['srcselector']);
print "<pre>\n";
$patterns = array();
$replacements = array();
$patterns[0] = '/(\\s*)([^\\s]+)/';
$replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>";
// gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed.
function getHAP4NfSenId()
{
$plugins = GetPlugins();
for ($i = 0; $i < count($plugins); $i++) {
$plugin = $plugins[$i];
if ($plugin == "HAP4NfSen") {
return $i;
}
}
return -1;
}
ClearMessages();
$cmd_opts['args'] = "-T {$run}";
$cmd_opts['filter'] = $filter;
$cmd_out = nfsend_query("run-nfdump", $cmd_opts);
if (!is_array($cmd_out)) {
ShowMessages();
} else {
$hap4nfsen_id = getHAP4NfSenId();
if ($hap4nfsen_id >= 0) {
// ICMP "port" filter are no currently supported by the HAP4NfSen plugin
function isChecked(&$form, $name)
{
// helper function used to find out, if an option is checked
return $form[$name] == "checked";
}
$ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && (isChecked($process_form, 'aggr_srcip') && isChecked($process_form, 'aggr_srcport') || isChecked($process_form, 'aggr_dstip') && isChecked($process_form, 'aggr_dstport'));
$ip_contains_port = $_SESSION["process_form"]["modeselect"] == '0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) || preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !(isChecked($process_form, 'aggr_srcip') || isChecked($process_form, 'aggr_srcport') || isChecked($process_form, 'aggr_dstip') || isChecked($process_form, 'aggr_dstport'));
$_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts;
$hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />";
$default_pattern = array_pop($patterns);
$default_replacement = array_pop($replacements);
if ($ip_contains_port) {
// matches cases like ip:port
$max_prot_length = 5;
// max. port length = 5 chars(highest port number = 65535)
for ($i = $max_prot_length; $i >= 1; $i--) {
$diff = $max_prot_length - $i;
// difference between actual and max port length
$ip_port_pattern_icmp = "/(\\s*)([^\\s|^:]+)(:)(0\\s{4}|\\d\\.\\d\\s{2}|\\d{2}\\.\\d\\|\\d\\.\\d{2}\\s|\\d{2}\\.\\d{2})/";
$ip_port_pattern_normal = "/(\\s*)([^\\s|^:]+)(:)([\\d|\\.]{{$i}})(\\s{{$diff}})/";
$spaces = '';
for ($k = 0; $k < $diff; $k++) {
$spaces = $spaces . ' ';
}
// spaces required to align hap viewer icons
array_push($patterns, $ip_port_pattern_icmp);
array_push($replacements, $default_replacement . "\$3\$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&mode=new\" title='HAP graphlet for \$2'>{$hap_pic}</a> ");
array_push($patterns, $ip_port_pattern_normal);
array_push($replacements, $default_replacement . "\$3\$4{$spaces} <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&port=\$4&mode=new\" title='HAP graphlet for \$2 on port \$4'>{$hap_pic}</a> ");
}
array_push($patterns, '/(\\sIP\\sAddr:Port)/i');
array_push($replacements, "\$1 {$hap_pic}");
} else {
if ($ip_and_port_columns) {
// matches cases when both ip and port are available but are located in separate columns
// ICMP verion
$ip_and_port_pattern = "/(\\s*)([^\\s]+)(\\s+)(0|\\d\\.\\d)/";
$ip_and_port_replacement = "\$1\$2\$3\$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&mode=new\" title='HAP graphlet for \$2'>{$hap_pic}</a>";
array_push($patterns, $ip_and_port_pattern);
array_push($replacements, $ip_and_port_replacement);
// non-ICMP version with port filter
$ip_and_port_pattern = "/(\\s*)([^\\s]+)(\\s*)([\\d|.]+)/";
$ip_and_port_replacement = "\$1\$2\$3\$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&port=\$4&mode=new\" title='HAP graphlet for \$2 on port \$4'>{$hap_pic}</a>";
array_push($patterns, $ip_and_port_pattern);
array_push($replacements, $ip_and_port_replacement);
array_push($patterns, '/(\\s\\s(Src\\sIP\\sAddr\\s*Src\\sPt|Dst\\sIP\\sAddr\\s*Dst\\sPt))/i');
array_push($replacements, "\$1 {$hap_pic}");
} else {
// matches all other cases
array_push($patterns, $default_pattern);
array_push($replacements, $default_replacement . " <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&mode=new\" title='HAP graphlet for \$2'>{$hap_pic}</a>");
array_push($patterns, '/(\\s(|\\s(Src|Dst))\\sIP\\sAddr)/i');
array_push($replacements, "\$1 {$hap_pic}");
}
}
}
if (array_key_exists('arg', $cmd_out)) {
print "** nfdump " . $cmd_out['arg'] . "\n";
}
if (array_key_exists('filter', $cmd_out)) {
print "nfdump filter:\n";
foreach ($cmd_out['filter'] as $line) {
print "{$line}\n";
}
}
foreach ($cmd_out['nfdump'] as $line) {
print preg_replace($patterns, $replacements, $line) . "\n";
}
}
print "</pre>\n";
}
print "</div>\n";
return;
}
$hourFile = $hourFile[0] . '0';
} else {
if ($hourFile[0] <= '6' && $hourFile[0] > '1') {
$hourFile[0] = (string) ($hourFile[0] - 1);
} else {
$hourFile[0] = '1';
}
$hourFile = $hourFile[0] . '5';
}
$hourFrom = date('H', strtotime('-1 hour')) . $hourFile;
$hourTo = date('H', time()) . $hourFile;
$cmd_opts['args'] = '-T -R ' . $date_from . '/nfcapd.' . $date_from_format . $hourFrom . ':' . $date_to . '/nfcapd.' . $date_to_format . $hourTo . ' -o extended -m';
if ($maxrows > 0) {
$cmd_opts['args'] .= " -c {$maxrows}";
}
$cmd_out = nfsend_query('run-nfdump', $cmd_opts);
//Very important to disconnect!!
nfsend_disconnect();
} else {
Av_exception::throw_error(Av_exception::USER_ERROR, _('Error retrieving information'));
}
} catch (Exception $e) {
$db->close();
Util::response_bad_request($e->getMessage());
}
$list = preg_match("/ extended /", $cmd_out['args']) ? 1 : 0;
$regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/";
$data = array();
$total = 0;
$error = '';
// Error
