function demoplugin_Run($plugin_id) { print "<h3>Hello I'm the demo plugin with id {$plugin_id}</h3>\n"; print "Query backend plugin for function <b>try</b><br>\n"; // the command to be executed in the backend plugin $command = 'demoplugin::try'; // two scalar values $colour1 = '#72e3fa'; $colour2 = '#2a6f99'; // one array $colours = array('#12af7d', '#56fc7b'); // prepare arguments $opts = array(); $opts['colour1'] = $colour1; $opts['colour2'] = $colour2; $opts['colours'] = $colours; // call command in backened plugin $out_list = nfsend_query($command, $opts); // get result if (!is_array($out_list)) { SetMessage('error', "Error calling backend plugin"); return FALSE; } $string = $out_list['string']; print "Backend reported: <b>{$string}</b><br>\n"; print "<h3>Picture sent from the backend</h3>\n"; print "<IMG src='pic.php?picture=smily.jpg' border='0' alt='Smily'>\n"; }
function GetTopN($plugin_id, $avg24) { $opts = array(); $opts['interval'] = $avg24 ? 24 : 1; $out_list = nfsend_query('PortTracker::get-topN', $opts, 0); if (!is_array($out_list)) { SetMessage('error', "Can not read topN list"); return FALSE; } $TopNline = $out_list['topN']; /* * 1116607500 * 10 0 0 * 80 135 445 389 3306 1433 4899 4662 8443 25 * 84046 52201 40543 28801 28419 16487 11108 7741 7278 6671 * 10 1 0 * 80 4662 22 119 20012 18253 9541 5001 2170 1521 * 2338000 382084 276332 227355 161488 152253 148814 147927 144201 134825 * 10 2 0 * 119 4662 80 20012 5001 18253 9541 21961 22 20031 * 319375447 254166206 238879858 238653710 220220412 219223561 207939341 195786183 166321579 160794781 * 10 0 1 * 53 1434 1026 4672 137 123 32768 6881 32769 6346 * 89132 58020 52625 24686 15922 15880 3872 3498 3495 3181 * 10 1 1 * 53 1026 6346 1434 7000 2326 6970 4672 40977 61402 * 200335 81466 77864 58021 45615 45130 39208 32767 30482 30448 * 10 2 1 * 1026 6970 1434 0 6346 6010 53 7001 2328 2485 * 38730783 26212262 23450415 21575743 20986592 18556143 16716194 14235457 10624559 9905871 */ $TopNInfo = array(); $index = 1; $TopNInfo[] = array_shift($TopNline); for ($i = 0; $i < 6; $i++) { $_tmp = array_shift($TopNline); list($num, $typeindex, $protoindex) = explode(' ', $_tmp); // Top N port numbers $_tmp = array_shift($TopNline); $TopNInfo[$protoindex + 1][$typeindex][0] = explode(' ', $_tmp); // Top N values $_tmp = array_shift($TopNline); $TopNInfo[$protoindex + 1][$typeindex][1] = explode(' ', $_tmp); } return $TopNInfo; }
function DisplayAdminPage() { // include all required javascript for this page ?> <script language="Javascript" src="js/profileadmin.js" type="text/javascript"> </script> <?php switch ($_SESSION['display']) { case "add_channel": $num_pos = 0; $num_neg = 0; foreach ($_SESSION['profileinfo']['channel'] as $_chan) { if ($_chan['sign'] == '+') { $num_pos++; } if ($_chan['sign'] == '-') { $num_neg++; } } $liveprofile = ReadProfile('./live'); $is_live_profile = 0; $is_new_channel = 1; // setup channel defaults if (array_key_exists('form_data', $_SESSION)) { // add channel contained errors - interate ones more $channel_defaults = $_SESSION['form_data']; unset($_SESSION['form_data']); if ($channel_defaults['sign'] == '+') { $num_pos++; } else { if ($channel_defaults['sign'] == '-') { $num_neg++; } } } else { // initial dialog $channel_defaults = array(); $channel_defaults['name'] = ''; $channel_defaults['sign'] = '+'; $num_pos++; $channel_defaults['colour'] = '#abcdef'; $channel_defaults['order'] = $num_pos; $channel_defaults['sourcelist'] = NULL; } EditChannel($is_live_profile, $is_new_channel, $channel_defaults, $liveprofile, $num_pos, $num_neg); break; case 'edit_channel': $channelinfo = $_SESSION['form_data']; $profileswitch = $channelinfo['profileswitch']; $num_pos = 0; $num_neg = 0; foreach ($_SESSION['profileinfo']['channel'] as $_chan) { if ($_chan['sign'] == '+') { $num_pos++; } if ($_chan['sign'] == '-') { $num_neg++; } } $liveprofile = ReadProfile('./live'); $is_live_profile = $profileswitch == './live'; $is_new_channel = 0; // if edit icon was clicked, load channel data if (array_key_exists('edit_channel', $channelinfo)) { $channel = $channelinfo['edit_channel']; $channelinfo = $_SESSION['profileinfo']['channel'][$channel]; $_opts['profile'] = $profileswitch; $_opts['channel'] = $channel; $_filter = nfsend_query("get-channelfilter", $_opts, 0); if (!is_array($_filter)) { $channelinfo['filter'] = array('Unable to get channel filter'); } $channelinfo['filter'] = $_filter['filter']; } EditChannel($is_live_profile, $is_new_channel, $channelinfo, $liveprofile, $num_pos, $num_neg); unset($_SESSION['form_data']); break; case "new_profile": if (array_key_exists('form_data', $_SESSION)) { $form_data = $_SESSION['form_data']; unset($_SESSION['form_data']); } else { $form_data = array(); $form_data['profile'] = NULL; $form_data['profilegroup'] = NULL; $form_data['tstart'] = NULL; $form_data['tend'] = NULL; $form_data['channel_wizard'] = 'classic'; $form_data['expire'] = '1440'; $form_data['maxsize'] = '10G'; $form_data['shadow'] = 0; $form_data['description'] = NULL; $form_data['filter'] = NULL; $form_data['channel'] = NULL; $form_data['num_channels'] = 1; } NewProfileDialog($form_data); break; case 'default': default: ProfileDialog(); } unset($_SESSION['display']); /* print "<pre>"; print_r($_SESSION); print_r($_POST); print "</pre>"; */ }
function GetAnyPic() { if (!array_key_exists('picture', $_GET)) { header("Content-type: image/png"); $fp = fopen("icons/Error.png", 'rb'); fpassthru($fp); return 1; } $picture = $_GET['picture']; if (!preg_match("/^[A-Za-z0-9][A-Za-z0-9\\-+_\\.\\/]+\$/", $picture)) { header("Content-type: image/png"); $fp = fopen("icons/Error.png", 'rb'); fpassthru($fp); return 1; } if (preg_match("/\\.png\$/i", $picture)) { $type = "png"; } else { if (preg_match("/\\.gif\$/i", $picture)) { $type = "gif"; } else { if (preg_match("/\\.jpg\$/i", $picture)) { $type = "jpg"; } else { $fp = fopen("icons/Error.png", 'rb'); fpassthru($fp); return 1; } } } header("Content-type: image/" . $type); $opts = array(); $opts['.silent'] = 1; $opts['picture'] = $picture; nfsend_query("@get-anypicture", $opts, 1); nfsend_disconnect(); unset($_SESSION['nfsend']); CloseLogFile(); }
function filter_validate(&$filter, $opts) { if (is_null($filter)) { $filter = array(); return 0; } $filter = preg_replace("/\r/", '', $filter); $filter = preg_replace("/^[\\s\n]+/", '', $filter); $filter = preg_replace("/[\\s\n]+\$/", '', $filter); if ($filter == '') { $filter = array(); return 0; } if (!get_magic_quotes_gpc()) { $filter = addslashes($filter); } // $filter = escapeshellarg($filter); $filter = explode("\n", $filter); $opts = array(); $opts['args'] = '-Z'; $opts['filter'] = $filter; $out_list = nfsend_query('run-nfdump', $opts, 0); if ($out_list == false) { return 2; } if (array_key_exists("nfdump", $out_list) && $out_list["exit"] > 0) { foreach ($out_list['nfdump'] as $line) { SetMessage('error', "Filter error: {$line}"); } return 2; } return 0; }
} } // End of ReportLog OpenLogFile(); $lookup = urldecode($_GET['lookup']); $opts = array(); $opts['lookup'] = $lookup; header("Content-type: text/html; charset=ISO-8859-1"); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Lookup: '<?php echo $lookup; ?> '</title> <meta HTTP-EQUIV="Pragma" CONTENT="no-cache"> <link rel="stylesheet" type="text/css" href="css/lookup.css"> </head> <body> <?php nfsend_query("@lookup", $opts, 1); nfsend_disconnect(); unset($_SESSION['nfsend']); CloseLogFile(); ?> </body> </html>
function DisplayProcessing() { global $self; global $ListNOption; global $TopNOption; global $OutputFormatOption; global $IPStatOption; global $IPStatOrder; global $LimitScale; require_once 'av_init.php'; $geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat"); $db_aux = new ossim_db(); $conn_aux = $db_aux->connect(); $aux_ri_interfaces = Remote_interface::get_list($conn_aux, "WHERE status = 1"); $ri_list = $aux_ri_interfaces[0]; $ri_total = $aux_ri_interfaces[1]; $ri_data = array(); if ($ri_total > 0) { foreach ($ri_list as $r_interface) { $ri_data[] = array("name" => $r_interface->get_name(), "id" => "web_interfaces", "target" => "_blank", "url" => $r_interface->get_ip()); } } $type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2); if ($ri_total >= 0) { echo '<a name="processing"></a>'; } $detail_opts = $_SESSION['detail_opts']; $process_form = $_SESSION['process_form']; ?> <table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr> <td class='nobborder'><b><?php echo _("Netflow Processing"); ?> </b></td> <td class='noborder nfsen_menu'> <a href='javascript:lastsessions()'><?php echo _("List last 500 sessions"); ?> </a> | <a href='javascript:launch("2","<?php echo $type; ?> ")'><?php echo _("Top 10 Src IPs"); ?> </a> | <a href='javascript:launch("3","<?php echo $type; ?> ")'><?php echo _("Top 10 Dst IPs"); ?> </a> | <a href='javascript:launch("5","<?php echo $type; ?> ")'><?php echo _("Top 10 Src Port"); ?> </a> | <a href='javascript:launch("6","<?php echo $type; ?> ")'><?php echo _("Top 10 Dst Port"); ?> </a> | <a href='javascript:launch("13","<?php echo $type; ?> ")'><?php echo _("Top 10 Proto"); ?> </a> </td></tr></table> <form action="<?php echo $self; ?> " onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST" laction="<?php echo $self; ?> "> <?php if (preg_match("/^\\d+\$/", $_SESSION['tend'])) { ?> <input type="hidden" name="tend" value="<?php echo intval($_SESSION['tend']); ?> " /> <?php } if (preg_match("/^\\d+\$/", $_SESSION['tleft'])) { ?> <input type="hidden" name="tleft" value="<?php echo intval($_SESSION['tleft']); ?> " /> <?php } if (preg_match("/^\\d+\$/", $_SESSION['tright'])) { ?> <input type="hidden" name="tright" value="<?php echo intval($_SESSION['tright']); ?> " /> <?php } if ($_SESSION["detail_opts"]["cursor_mode"] != "") { ?> <input type="hidden" name="cursor_mode" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["cursor_mode"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["wsize"] != "") { ?> <input type="hidden" name="wsize" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["wsize"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["logscale"] != "") { ?> <input type="hidden" name="logscale" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["logscale"]); ?> " /> <?php } if ($_SESSION["detail_opts"]["linegraph"] != "") { ?> <input type="hidden" name="linegraph" value="<?php echo Util::htmlentities($_SESSION["detail_opts"]["linegraph"]); ?> " /> <?php } ?> <input type="hidden" name="login" value="<?php echo Util::htmlentities($_SESSION["_remote_login"]); ?> " /> <table class='nfsen_filters'> <tr> <th class="thold"><?php echo _("Source"); ?> </th> <th class="thold"><?php echo _("Filter"); ?> </th> <th class="thold"><?php echo _("Options"); ?> </th> </tr> <tr> <td style='vertical-align:top'> <select name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple='multiple'> <?php foreach ($process_form['srcselector'] as $selected_channel) { $_tmp[$selected_channel] = 1; } $i = 0; foreach ($_SESSION['profileinfo']['channel'] as $channel) { $channel_name = $channel['name']; $checked = array_key_exists($channel['id'], $_tmp) ? 'selected' : ''; echo "<OPTION value='" . Util::htmlentities($channel['id']) . "' {$checked}>{$channel_name}</OPTION>\n"; } ?> </select> <div style='margin: 5px auto'> <input class="small av_b_secondary" type="button" name="JSbutton2" value="All Sources" onClick="SelectAllSources()"/> </div> </td> <td style="vertical-align:top;"> <textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php if (is_array($process_form)) { $display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter']; } else { $display_filter = array(); } if (count($display_filter) < 1 && GET('ip') != "" && GET('ip2') != "") { $display_filter[0] = "(src ip " . GET('ip') . " and dst ip " . GET('ip2') . ") or (src ip " . GET('ip2') . " and dst ip " . GET('ip') . ")"; } elseif (count($display_filter) < 1 && GET('ip') != "") { $display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip'); } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "" && GET('ip2') != "") { $ip1 = GET('ip'); $ip2 = GET('ip2'); $filter = "(src ip {$ip1} and dst ip {$ip2}) or (src ip {$ip2} and dst ip {$ip1})"; $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]); $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]); } elseif (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)/", $display_filter[0]) && GET('ip') != "") { $filter = "src ip " . GET('ip') . " or dst ip " . GET('ip'); $display_filter[0] = preg_replace("/\\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\) or \\(src ip \\d+\\.\\d+\\.\\d+\\.\\d+ and dst ip \\d+\\.\\d+\\.\\d+\\.\\d+\\)/", $filter, $display_filter[0]); $display_filter[0] = preg_replace("/src ip \\d+\\.\\d+\\.\\d+\\.\\d+ or dst ip \\d+\\.\\d+\\.\\d+\\.\\d+/", $filter, $display_filter[0]); } foreach ($display_filter as $line) { print str_replace("&", "&", Util::htmlentities(stripslashes($line))) . "\n"; } ?> </textarea> <?php $deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"'; ?> <input type="image" name="filter_delete" id="filter_delete" title="<?php echo _("Delete filter"); ?> " align="right" onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php echo $deletefilter_display_style; ?> > <!-- <input type="image" name="filter_save" id="filter_save" title="Save filter" align="right" onClick="HandleFilter(2)" value="" src="icons/save.png"> --> <input type="hidden" name="filter_name" id="filter_name" value="none"> <div style='margin: 5px auto'> <span id="filter_span">and</span> <select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1"> <?php print "<option value='-1' label='none'><none></option>\n"; foreach ($_SESSION['DefaultFilters'] as $name) { $checked = $process_form['DefaultFilter'] == $name ? 'selected' : ''; print "<option value='" . Util::htmlentities($name) . "' {$checked}>" . Util::htmlentities($name) . "</option>\n"; } $editfilter_display_style = 'style="display:none;"'; foreach ($_SESSION['DefaultFilters'] as $name) { if ($process_form['DefaultFilter'] == $name) { $editfilter_display_style = ''; } } ?> </select> <input type="image" name="filter_save" id="filter_save" title="<?php echo _("Save filter"); ?> " onClick="HandleFilter(2)" value="" src="icons/save.png" border="0" align="absmiddle"> <input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php echo $editfilter_display_style; ?> onClick="HandleFilter(1)" value="" src="icons/edit.png"> </div> <script language="Javascript" type="text/javascript"> var DefaultFilters = new Array(); <?php foreach ($_SESSION['DefaultFilters'] as $name) { print "DefaultFilters.push('" . Util::htmlentities($name) . "');\n"; } if (array_key_exists('editfilter', $process_form)) { print "edit_filter = '" . Util::htmlentities($process_form['DefaultFilter']) . "';\n"; } ?> </script> </td> <!-- Options start here --> <td style='padding: 0px;vertical-align:top;border:none;'> <table border="0" id="ProcessOptionTable" style="font-size:14px;font-weight:bold;width:100%;border:none"> <tr> <td class='TDnfprocLabel' style='white-space:nowrap'> <?php $i = 0; foreach (array('List Flows', 'Stat TopN') as $s) { $checked = $process_form['modeselect'] == $i ? 'checked' : ''; print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} "; $i++; } $list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"'; $stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : ''; $formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : ''; ?> </td> <td class='TDnfprocControl' > <table class='noborder' style='margin: auto;'> <tr> <td class='nobborder'><input class="small av_b_secondary" type="button" name="JSbutton1" value="<?php echo _("Clear Form"); ?> " onClick="ResetProcessingForm()"/></td> <td class='nobborder'><input class="small" type="submit" name="process" value="<?php echo _("Process"); ?> " id="process_button" onClick="clean_remote_data();form_ok=true;" size="1"/></td> <?php if (count($RemoteInterfacesData) > 0 && !isset($_POST['login'])) { ?> <td class='nobborder'><input type="button" name="remote_process" value="<?php echo _("Remote Process"); ?> " id="remote_process_button" onclick="$('#rinterfaces').toggle()"/> <div id='container_rmp' style='position:relative;'> <div id="rinterfaces" style="position:absolute; top:0; right:0;display:none; margin:1px 0px 0px 2px; text-align:right;"> <?php foreach ($RemoteInterfacesData as $data) { $short_name = strlen($data['name']) > 12 ? substr($data['name'], 0, 12) . "..." : $data['name']; ?> <input type="button" onclick="remote_interface('<?php echo $data["url"]; ?> ')" style="width:180px; font-size: 11px;" title="<?php echo $data["name"] . " [" . $data["url"] . "]"; ?> " value="<?php echo $short_name . " [" . $data["url"] . "]"; ?> "/><br /> <?php } ?> </div> </div> </td> <?php } ?> </tr> </table> </td> </tr> <tr id="listNRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Limit to"); ?> :</td> <td class='TDnfprocControl'> <select name="listN" id="listN" style="margin-left:1" size="1"> <?php for ($i = 0; $i < count($ListNOption); $i++) { $checked = $process_form['listN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n"; } ?> </select><?php echo _("Flows"); ?> <br> </td> </tr> <tr id="topNRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Top"); ?> :</td> <td class='TDnfprocControl'> <select name="topN" id="TopN" size="1"> <?php for ($i = 0; $i < count($TopNOption); $i++) { $checked = $process_form['topN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="stattypeRow" <?php echo $stat_display_style; ?> > <td class="TDnfprocLabel"><?php echo _("Stat"); ?> :</td> <td class="TDnfprocControl"> <select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1"> <?php for ($i = 0; $i < count($IPStatOption); $i++) { $checked = $process_form['stattype'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n"; } ?> </select> order by <select name='statorder' id="statorder" size='1'> <?php for ($i = 0; $i < count($IPStatOrder); $i++) { $checked = $process_form['statorder'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="AggregateRow" <?php echo $formatselect_display_opts; ?> > <td class='TDnfprocLabel'><?php echo _("Aggregate"); ?> </td> <td class='TDnfprocControl'> <input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_bidir']); ?> > <?php echo _("bi-directional"); ?> <br> <input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_proto']); ?> > <?php echo _("proto"); ?> <br> <input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_srcport']); ?> > <?php echo _("srcPort"); ?> <input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_srcip']); ?> > <select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1"> <?php $i = 0; foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) { $checked = $process_form['aggr_srcselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits" value="<?php echo Util::htmlentities($process_form['aggr_srcnetbits']); ?> " <?php echo $_style; ?> ><br> <input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_dstport']); ?> > <?php echo _("dstPort"); ?> <input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['aggr_dstip']); ?> > <select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1"> <?php $i = 0; foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) { $checked = $process_form['aggr_dstselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits" value="<?php echo Util::htmlentities($process_form['aggr_dstnetbits']); ?> " <?php echo $_style; ?> ><br> </td> </tr> <tr id="timesortedRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Sort"); ?> :</td> <td class='TDnfprocControl'> <input type="checkbox" name="timesorted" id="timesorted" value="checked" style="margin-left:1" <?php echo Util::htmlentities($process_form['timesorted']); ?> > <?php echo _("start time of flows"); ?> </td> </tr> <tr id="limitoutputRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Limit"); ?> :</td> <td class='TDnfprocControl'> <input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1" size="1" <?php echo Util::htmlentities($process_form['limitoutput']); ?> > <select name="limitwhat" id="limitwhat" size="1"> <?php $i = 0; foreach (array(gettext("Packets"), gettext("Traffic")) as $s) { $checked = $process_form['limitwhat'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <select name="limithow" id="limithow" size="1"> <?php $i = 0; foreach (array('>', '<') as $s) { $checked = $process_form['limithow'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <input type="text" name="limitsize" id="limitsize" value="<?php echo Util::htmlentities($process_form['limitsize']); ?> " SIZE="6" MAXLENGTH="8"> <select name="limitscale" id="limitscale" size="1" style="margin-left:1"> <?php $i = 0; foreach ($LimitScale as $s) { $checked = $process_form['limitscale'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> </td> </tr> <tr id="outputRow"> <td class='TDnfprocLabel'><?php echo _("Output"); ?> :</td> <td class='TDnfprocControl'> <span id="FormatSelect" <?php echo $formatselect_display_opts; ?> > <select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1"> <?php foreach ($_SESSION['formatlist'] as $key => $value) { $checked = $process_form['output'] == $key ? 'selected' : ''; print "<OPTION value='" . Util::htmlentities($key) . "' {$checked}>" . Util::htmlentities($key) . "</OPTION>\n"; } $fmt = $_SESSION['formatlist'][$process_form['output']]; if ($process_form['output'] == $fmt) { // built in format $space_display_style = ''; $edit_display_style = 'style="display:none"'; } else { $space_display_style = 'style="display:none"'; $edit_display_style = ''; } ?> </select> <script language="Javascript" type="text/javascript"> var fmts = new Hash(); <?php foreach ($_SESSION['formatlist'] as $key => $value) { print "fmts.setItem('" . Util::htmlentities($key) . "', '" . Util::htmlentities($value) . "');\n"; } ?> </script> <img src="icons/space.png" border="0" alt='space' id='space' <?php echo $space_display_style; ?> /> <a href="#null" onClick="EditCustomFormat()" title="<?php echo _("Edit format"); ?> " ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0" <?php echo $edit_display_style; ?> alt="Edit format"></a> </span> <input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php echo Util::htmlentities($process_form['IPv6_long']); ?> > / <?php echo _("IPv6 long"); ?> <?php $fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"'; ?> <span id="fmt_edit" <?php echo $fmt_edit_display_style; ?> > <br><?php echo _("Enter custom output format"); ?> :<br> <input size="30" type="text" name="customfmt" id="customfmt" value="<?php echo Util::htmlentities($process_form['customfmt']); ?> " > <input type="image" name="fmt_save" id="fmt_save" title="<?php echo _("Save format"); ?> " onClick="SaveOutputFormat()" value="" src="icons/save.png"> <input type="image" name="fmt_delete" id="fmt_delete" title="<?php echo _("Delete format"); ?> " onClick="DeleteOutputFormat()" value="" src="icons/trash.png" <?php echo $edit_display_style; ?> > </span> </td> </tr> </table> </td> </tr> <!-- <tr> <td></td><td></td> <td align="right" style="border:none"> <input type="button" name="JSbutton1" value="<?php echo _("Clear Form"); ?> " onClick="ResetProcessingForm()"> <input type="submit" name="process" value="<?php echo _("process"); ?> " id="process_button" onClick="form_ok=true;" size="1"> </td> </tr> --> </table> </form> <div id="lookupbox"> <div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png" onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div> <iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe> </div> <?php if (!array_key_exists('run', $_SESSION)) { return; } print "<div class='flowlist'>\n"; $run = $_SESSION['run']; if ($run != null) { $filter = $process_form['filter']; if ($process_form['DefaultFilter'] != -1) { $cmd_opts['and_filter'] = $process_form['DefaultFilter']; } $cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real'; $cmd_opts['profile'] = $_SESSION['profileswitch']; $cmd_opts['srcselector'] = implode(':', $process_form['srcselector']); #print "<pre>\n"; $patterns = array(); $replacements = array(); $patterns[0] = '/(\\s*)([^\\s]+)/'; $replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>"; // gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed. function getHAP4NfSenId() { $plugins = GetPlugins(); for ($i = 0; $i < count($plugins); $i++) { $plugin = $plugins[$i]; if ($plugin == "HAP4NfSen") { return $i; } } return -1; } ClearMessages(); $cmd_opts['args'] = "-T {$run}"; $cmd_opts['filter'] = $filter; $titcol = get_tit_col($run); $cmd_out = nfsend_query("run-nfdump", $cmd_opts); if (!is_array($cmd_out)) { ShowMessages(); } else { $conf = $GLOBALS["CONF"]; $solera = $conf->get_conf("solera_enable", FALSE) ? true : false; $db = new ossim_db(); $conn = $db->connect(); $sensors = $hosts = $ossim_servers = array(); $tz = Util::get_timezone(); list($hosts, $host_ids) = Asset_host::get_basic_list($conn, array(), TRUE); $entities = Session::get_all_entities($conn); $_sensors = Av_sensor::get_basic_list($conn); foreach ($_sensors as $s_id => $s) { $sensors[$s['ip']] = $s['name']; } /*$hap4nfsen_id = getHAP4NfSenId(); if ($hap4nfsen_id >= 0) { // ICMP "port" filter are no currently supported by the HAP4NfSen plugin function isChecked(&$form, $name) { // helper function used to find out, if an option is checked return $form[$name]=="checked"; } $ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && ((isChecked($process_form,'aggr_srcip') && isChecked($process_form,'aggr_srcport')) || (isChecked($process_form,'aggr_dstip') && isChecked($process_form,'aggr_dstport'))); $ip_contains_port = $_SESSION["process_form"]["modeselect"]=='0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) || (preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !( // no boxes checked isChecked($process_form,'aggr_srcip') || isChecked($process_form,'aggr_srcport') || isChecked($process_form,'aggr_dstip') || isChecked($process_form,'aggr_dstport'))); $_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts; $hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />"; $default_pattern = array_pop($patterns); $default_replacement = array_pop($replacements); if ($ip_contains_port) { // matches cases like ip:port $max_prot_length = 5; // max. port length = 5 chars(highest port number = 65535) for ($i=$max_prot_length;$i>=1;$i--) { $diff = ($max_prot_length-$i); // difference between actual and max port length $ip_port_pattern_icmp = "/(\s*)([^\s|^:]+)(:)(0\s{4}|\d\.\d\s{2}|\d{2}\.\d\|\d\.\d{2}\s|\d{2}\.\d{2})/"; $ip_port_pattern_normal = "/(\s*)([^\s|^:]+)(:)([\d|\.]{{$i}})(\s{{$diff}})/"; $spaces = ''; for ($k=0;$k<$diff;$k++) {$spaces = $spaces . ' ';} // spaces required to align hap viewer icons array_push($patterns, $ip_port_pattern_icmp); array_push($replacements, $default_replacement . "$3$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a> "); array_push($patterns, $ip_port_pattern_normal); array_push($replacements, $default_replacement . "$3$4$spaces <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a> "); } array_push($patterns, '/(\sIP\sAddr:Port)/i'); array_push($replacements, "$1 $hap_pic"); } else { if ($ip_and_port_columns) { // matches cases when both ip and port are available but are located in separate columns // ICMP verion $ip_and_port_pattern = "/(\s*)([^\s]+)(\s+)(0|\d\.\d)/"; $ip_and_port_replacement = "$1$2$3$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>"; array_push($patterns, $ip_and_port_pattern); array_push($replacements, $ip_and_port_replacement); // non-ICMP version with port filter $ip_and_port_pattern = "/(\s*)([^\s]+)(\s*)([\d|.]+)/"; $ip_and_port_replacement = "$1$2$3$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&port=$4&mode=new\" title='HAP graphlet for $2 on port $4'>$hap_pic</a>"; array_push($patterns, $ip_and_port_pattern); array_push($replacements, $ip_and_port_replacement); array_push($patterns, '/(\s\s(Src\sIP\sAddr\s*Src\sPt|Dst\sIP\sAddr\s*Dst\sPt))/i'); array_push($replacements, "$1 $hap_pic"); } else { // matches all other cases array_push($patterns, $default_pattern); array_push($replacements, $default_replacement . " <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=$2&mode=new\" title='HAP graphlet for $2'>$hap_pic</a>"); array_push($patterns, '/(\s(|\s(Src|Dst))\sIP\sAddr)/i'); array_push($replacements, "$1 $hap_pic"); } } } if ( array_key_exists('arg', $cmd_out) ) { print "** nfdump " . $cmd_out['arg'] . "\n"; } if ( array_key_exists('filter', $cmd_out) ) { print "nfdump filter:\n"; foreach ( $cmd_out['filter'] as $line ) { print "$line\n"; } } foreach ( $cmd_out['nfdump'] as $line ) { print preg_replace($patterns, $replacements, $line) . "\n"; }*/ # parse command line #2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1 $list = preg_match("/\\-o extended/", $cmd_out['arg']) ? 1 : 0; $regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/"; echo '<div class="nfsen_list_title">' . _('Flows Info') . '</div>'; echo "<table class='table_list'>"; $geotools = false; if ($list && file_exists("../kml/GoogleEarth.php")) { $geotools = true; $geoips = array(); $geotools_src = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>"; $geotools_dst = " <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a>"; } echo $list ? "\n \n <tr>\n <th>" . _("Date flow start") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "{$geotools_src}</th>\n <th>" . _("Dst IP Addr:Port") . "{$geotools_dst}</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "<br><span style='font-size:8px'>" . Util::timezone($tz) . "</style></th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "(%)</th>\n <th>" . _("Packets") . "(%)</th>\n <th>" . _("Bytes") . "(%)</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>"; $status = $errors = array(); $rep = new Reputation(); //print_r($cmd_out['arg']); //print_r($cmd_out['nfdump']); foreach ($cmd_out['nfdump'] as $k => $line) { #capture status if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) { $status[$found[1]] = str_replace($found[1] . ":", "", $line); } # capture errors if (preg_match("/ error /i", $line, $found)) { if (preg_match("/stat\\(\\) error/i", $line)) { $errors[] = _('The netflow information you are trying to access either has not been processed yet or does not exist. Please check your date filters.'); Av_exception::write_log(Av_exception::USER_ERROR, $line); } else { $errors[] = $line; } } # print results $line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line); // Patch for ( 0.3) $line = preg_replace("/(\\d)\\s*([KMGT])/", "\\1\\2", $line); // Patch for 1.2 M(99.6) $line = preg_replace("/(\\d+)(TCP|UDP|ICMP|IGMP)\\s/", "\\1 \\2 ", $line); // Patch for 9.003TCP $start = $end = $proto = ""; $ips = $ports = array(); if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) { echo "<tr class='tr_flow_data'>\n"; foreach ($found as $ki => $field) { if ($ki > 0) { $wrap = $ki == 1 ? "nowrap" : ""; $field = Util::htmlentities(preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field)); if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) { # match ip (resolve and geolocalize) $ip = $fnd[1]; $port = $fnd[2]; list($name, $ctx, $host_id) = GetDataFromSingleIp($ip, $hosts); if ($name == "" && $sensors[$ip] != "") { $name = $sensors[$ip]; } $output = Asset_host::get_extended_name($conn, $geoloc, $ip, $ctx, $host_id, ''); $homelan = $output['is_internal'] || $name != "" && $name != $ip; $icon = $output['html_icon']; # reputation info if (!is_array($_SESSION["_repinfo_ips"][$ip])) { $_SESSION["_repinfo_ips"][$ip] = $rep->get_data_by_ip($ip); } $rep_icon = Reputation::getrepimg($_SESSION["_repinfo_ips"][$ip][0], $_SESSION["_repinfo_ips"][$ip][1], $_SESSION["_repinfo_ips"][$ip][2], $ip); $rep_bgcolor = Reputation::getrepbgcolor($_SESSION["_repinfo_ips"][$ip][0]); $style_aux = $homelan ? 'style="font-weight:bold"' : ''; $bold_aux1 = $homelan ? '<b>' : ''; $bold_aux2 = $homelan ? '<b>' : ''; $field = '<div id="' . $ip . ';' . Util::htmlentities($name) . ';' . $host_id . '" id2="' . $ip . ';' . $ip . '" ctx="' . $ctx . '" class="HostReportMenu">' . $icon . ' <a ' . $style_aux . ' href="javascript:;">' . Util::htmlentities($name) . '</a>' . $bold_aux1 . $port . $bold_aux2 . ' ' . $rep_icon . '</div>'; $wrap = "nowrap style='{$rep_bgcolor}'"; $ips[] = $ip; if ($geotools) { if ($ki == 4) { $geoips['ip_src'][$ip]++; } elseif ($ki == 5) { $geoips['ip_dst'][$ip]++; } } $ports[] = str_replace(":", "", $port); } if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) { # match date $start = $end = $fnd[1]; $time = strtotime($fnd[1]); $field = Util::htmlentities(gmdate("Y-m-d H:i:s", $time + 3600 * $tz) . "." . $fnd[2]); } if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) { # match date $proto = strtolower($fnd[1]); } print "<td {$wrap}>{$field}</td>"; } } // solera deepsee integration if ($solera) { echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('" . Util::htmlentities($start) . "','" . Util::htmlentities($end) . "','" . Util::htmlentities($ips[0]) . "','" . Util::htmlentities($ports[0]) . "','" . Util::htmlentities($ips[1]) . "','" . Util::htmlentities($ports[1]) . "','" . Util::htmlentities($proto) . "')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>"; } echo "</tr>\n"; } } echo "</table>"; if ($geotools) { foreach ($geoips as $type => $list) { $ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w"); foreach ($list as $ip => $val) { fputs($ipsfile, "{$ip}\n"); } fclose($ipsfile); } } #Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57 #Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26 #Total flows processed: 21, Records skipped: 0, Bytes read: 1128 #Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9 if (count($status) > 0) { echo "<table class='transparent' style='margin-bottom:5px;width:100%'>"; foreach ($status as $key => $line) { $line = preg_replace("/(Wall)\\:/", "<span class='th_summary'>\\1</span>", $line); $line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th_summary'>\\1</span>", $line); echo "<tr>\n <td class='nobborder' style='padding: 4px;'>\n <span class='th_summary'>{$key}</span>\n {$line}\n </td>\n </tr>"; } echo "</table>"; } # stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found! if (count($errors) > 0) { foreach ($errors as $line) { echo "<div class='details_error'>" . _("ERROR FOUND: ") . "{$line}</div>"; } } $conn->disconnect(); } #print "</pre>\n"; } print "</div>\n"; $db_aux->close(); $geoloc->close(); return; }
function DefaultFilters() { if (array_key_exists('DefaultFilters', $_SESSION)) { if (array_key_exists('DefaultFiltersUpdate', $_SESSION) && time() - $_SESSION['DefaultFiltersUpdate'] < 600) { return $_SESSION['DefaultFilters']; } } $out_list = nfsend_query("get-filterlist", array(), 0); if (!is_array($out_list)) { $out_list = array(); } $_SESSION['DefaultFilters'] = array_key_exists('list', $out_list) ? $out_list['list'] : array(); $_SESSION['DefaultFiltersUpdate'] = time(); return $out_list; }
{ global $log_handle; if ($log_handle) { fwrite($log_handle, "{$message}\n"); } } // End of ReportLog OpenLogFile(); $command = urldecode($_GET['cmd']); ReportLog("RRD graph command is '{$command}'"); if (!array_key_exists('rrdgraph_cmds', $_SESSION) || !array_key_exists($command, $_SESSION['rrdgraph_cmds'])) { ReportLog("RRD command not found"); header("Content-type: image/png"); exit; } $opts = array(); foreach ($_SESSION['rrdgraph_getparams'] as $getparam => $dummy) { if (array_key_exists($getparam, $_GET)) { $opts[$getparam] = $_GET[$getparam]; } } $arglist = split(' ', urldecode($_GET['arg'])); $opts['.silent'] = 1; foreach ($arglist as $arg) { $opts['arg'][] = $arg; } header("Content-type: image/png"); nfsend_query("@{$command}", $opts, 1); nfsend_disconnect(); unset($_SESSION['nfsend']); CloseLogFile();
function DisplayProcessing() { global $self; global $ListNOption; global $TopNOption; global $OutputFormatOption; global $IPStatOption; global $IPStatOrder; global $LimitScale; require_once 'classes/Session.inc'; require_once 'classes/Sensor.inc'; require_once 'ossim_db.inc'; $db_aux = new ossim_db(); $conn_aux = $db_aux->connect(); $sensors_list = Sensor::get_list($conn_aux); $db_aux->close($conn_aux); $detail_opts = $_SESSION['detail_opts']; $process_form = $_SESSION['process_form']; $type = $detail_opts['type'] == "flows" ? 0 : ($detail_opts['type'] == "packets" ? 1 : 2); ?> <a name="processing"></a> <table style='width:100%;margin-top:15px;margin-bottom:5px;border:none'><tr> <td class='nobborder'><b><?php echo _("Netflow Processing"); ?> </b></td> <td class='noborder' style='text-align:center'> [ <a href='javascript:lastsessions()'><?php echo _("List last 500 sessions"); ?> </a> ] [ <a href='javascript:launch("2","<?php echo $type; ?> ")'><?php echo _("Top 10 Src IPs"); ?> </a> ] [ <a href='javascript:launch("3","<?php echo $type; ?> ")'><?php echo _("Top 10 Dst IPs"); ?> </a> ] [ <a href='javascript:launch("5","<?php echo $type; ?> ")'><?php echo _("Top 10 Src Port"); ?> </a> ] [ <a href='javascript:launch("6","<?php echo $type; ?> ")'><?php echo _("Top 10 Dst Port"); ?> </a> ] [ <a href='javascript:launch("13","<?php echo $type; ?> ")'><?php echo _("Top 10 Proto"); ?> </a> ] </td></tr></table> <form action="<?php echo $self; ?> " onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST"> <TABLE border="0" cellspacing="3" cellpadding="3" style='font-size:14px;font-weight:bold;width:100%'> <tr> <TD><?php echo _("Source"); ?> :</TD> <TD><?php echo _("Filter"); ?> :</TD> <TD><?php echo _("Options"); ?> :</TD> </tr> <TR> <TD style='vertical-align:top;border:none'> <SELECT name="srcselector[]" id='SourceSelector' size="6" style="width: 100%" multiple> <?php foreach ($process_form['srcselector'] as $selected_channel) { $_tmp[$selected_channel] = 1; } $i = 0; foreach (array_keys($_SESSION['profileinfo']['channel']) as $channel) { $has_perm = 0; foreach ($sensors_list as $s) { if ($channel == $s->get_name()) { $has_perm = 1; } } if (Session::am_i_admin()) { $has_perm = 1; } if (!$has_perm) { continue; } $checked = array_key_exists($channel, $_tmp) ? 'selected' : ''; print "<OPTION value='{$channel}' {$checked}>{$channel}</OPTION>\n"; } ?> </SELECT><br> <INPUT class="lbutton" TYPE="button" NAME="JSbutton2" Value="<?php echo _("All Sources"); ?> " onClick="SelectAllSources()"> </TD> <td style="vertical-align:top;border:none"> <textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50"><?php if (is_array($process_form)) { $display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter']; } else { $display_filter = array(); } if (count($display_filter) < 1 && GET('ip') != "") { $display_filter[0] = "src ip " . GET('ip') . " or dst ip " . GET('ip'); } foreach ($display_filter as $line) { print htmlspecialchars(stripslashes($line)) . "\n"; } ?> </textarea><br> <?php $deletefilter_display_style = is_array($process_form) && array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"'; ?> <input type="image" name="filter_delete" id="filter_delete" title="<?php echo _("Delete filter"); ?> " align="right" onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php echo $deletefilter_display_style; ?> > <input type="hidden" name="filter_name" id="filter_name" value="none"> <span id="filter_span">and <select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1"> <?php print "<option value='-1' label='none'><none></option>\n"; foreach ($_SESSION['DefaultFilters'] as $name) { $checked = $process_form['DefaultFilter'] == $name ? 'selected' : ''; print "<option value='{$name}' {$checked}>{$name}</option>\n"; } $editfilter_display_style = 'style="display:none;"'; foreach ($_SESSION['DefaultFilters'] as $name) { if ($process_form['DefaultFilter'] == $name) { $editfilter_display_style = ''; } } ?> </select></span> <input type="image" name="filter_save" id="filter_save" title="<?php echo _("Save filter"); ?> " onClick="HandleFilter(2)" value="" src="icons/save.png" border="0" align="absmiddle"> <input type="image" name="filter_edit" id="filter_edit" title="<?php echo _("Edit filter"); ?> " <?php echo $editfilter_display_style; ?> onClick="HandleFilter(1)" value="" src="icons/edit.png"> <script language="Javascript" type="text/javascript"> var DefaultFilters = new Array(); <?php foreach ($_SESSION['DefaultFilters'] as $name) { print "DefaultFilters.push('{$name}');\n"; } if (array_key_exists('editfilter', $process_form)) { print "edit_filter = '" . $process_form['DefaultFilter'] . "';\n"; } ?> </script> </td> <!-- Options start here --> <td style='padding: 0px;vertical-align:top;border:none'> <table border="0"id="ProcessOptionTable" style="font-size:14px;font-weight:bold;border:none;width:100%"> <tr><td> <?php $i = 0; foreach (array('List Flows', 'Stat TopN') as $s) { $checked = $process_form['modeselect'] == $i ? 'checked' : ''; print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} "; $i++; } $list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"'; $stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : ''; $formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : ''; ?> </td> <td align="right" style="border:none"> <input class="button" type="button" name="JSbutton1" value="<?php echo _("Clear Form"); ?> " onClick="ResetProcessingForm()"> <input class="button" type="submit" name="process" value="<?php echo _("Process"); ?> " style="font-weight:bold" id="process_button" onClick="form_ok=true;" size="1"> </td> </tr> <tr id="listNRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Limit to"); ?> :</td> <td class='TDnfprocControl'> <select name="listN" id="listN" style="margin-left:1" size="1"> <?php for ($i = 0; $i < count($ListNOption); $i++) { $checked = $process_form['listN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n"; } ?> </select> <?php echo _("Flows"); ?> <br> </td> </tr> <tr id="topNRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Top"); ?> :</td> <td class='TDnfprocControl'> <select name="topN" id="TopN" size="1"> <?php for ($i = 0; $i < count($TopNOption); $i++) { $checked = $process_form['topN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="stattypeRow" <?php echo $stat_display_style; ?> > <td class="TDnfprocLabel"><?php echo _("Stat"); ?> :</td> <td class="TDnfprocControl"> <select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1"> <?php for ($i = 0; $i < count($IPStatOption); $i++) { $checked = $process_form['stattype'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n"; } ?> </select> <?php echo _("order by"); ?> <select name='statorder' id="statorder" size='1'> <?php for ($i = 0; $i < count($IPStatOrder); $i++) { $checked = $process_form['statorder'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="AggregateRow" <?php echo $formatselect_display_opts; ?> > <td class='TDnfprocLabel'><?php echo _("Aggregate"); ?> </td> <td class='TDnfprocControl'> <input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked" style="margin-left:1" <?php echo $process_form['aggr_proto']; ?> > <?php echo _("proto"); ?> <br> <input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked" style="margin-left:1" <?php echo $process_form['aggr_srcport']; ?> > <?php echo _("srcPort"); ?> <input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked" style="margin-left:1" <?php echo $process_form['aggr_srcip']; ?> > <select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1"> <?php $i = 0; foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) { $checked = $process_form['aggr_srcselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits" value="<?php echo $process_form['aggr_srcnetbits']; ?> " <?php echo $_style; ?> ><br> <input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked" style="margin-left:1" <?php echo $process_form['aggr_dstport']; ?> > <?php echo _("dstPort"); ?> <input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked" style="margin-left:1" <?php echo $process_form['aggr_dstip']; ?> > <select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1"> <?php $i = 0; foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) { $checked = $process_form['aggr_dstselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits" value="<?php echo $process_form['aggr_dstnetbits']; ?> " <?php echo $_style; ?> ><br> </td> </tr> <tr id="timesortedRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Sort"); ?> :</td> <td class='TDnfprocControl'> <input type="checkbox" name="timesorted" id="timesorted" value="checked" style="margin-left:1" <?php echo $process_form['timesorted']; ?> > <?php echo _("start time of flows"); ?> </td> </tr> <tr id="limitoutputRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'><?php echo _("Limit"); ?> :</td> <td class='TDnfprocControl'> <input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1" size="1" <?php echo $process_form['limitoutput']; ?> > <select name="limitwhat" id="limitwhat" size="1"> <?php $i = 0; foreach (array(gettext("Packets"), gettext("Traffic")) as $s) { $checked = $process_form['limitwhat'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <select name="limithow" id="limithow" size="1"> <?php $i = 0; foreach (array('>', '<') as $s) { $checked = $process_form['limithow'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <input type="text" name="limitsize" id="limitsize" value="<?php echo $process_form['limitsize']; ?> " SIZE="6" MAXLENGTH="8"> <select name="limitscale" id="limitscale" size="1" style="margin-left:1"> <?php $i = 0; foreach ($LimitScale as $s) { $checked = $process_form['limitscale'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> </td> </tr> <tr id="outputRow"> <td class='TDnfprocLabel'><?php echo _("Output"); ?> :</td> <td class='TDnfprocControl'> <span id="FormatSelect" <?php echo $formatselect_display_opts; ?> > <select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1"> <?php foreach ($_SESSION['formatlist'] as $key => $value) { $checked = $process_form['output'] == $key ? 'selected' : ''; print "<OPTION value='{$key}' {$checked}>{$key}</OPTION>\n"; } $fmt = $_SESSION['formatlist'][$process_form['output']]; if ($process_form['output'] == $fmt) { // built in format $space_display_style = ''; $edit_display_style = 'style="display:none"'; } else { $space_display_style = 'style="display:none"'; $edit_display_style = ''; } ?> </select> <script language="Javascript" type="text/javascript"> var fmts = new Hash(); <?php foreach ($_SESSION['formatlist'] as $key => $value) { print "fmts.setItem('{$key}', '{$value}');\n"; } ?> </script> <img src="icons/space.png" border="0" alt='space' id='space' <?php echo $space_display_style; ?> ></img> <a href="#null" onClick="EditCustomFormat()" title="<?php echo _("Edit format"); ?> " ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0" <?php echo $edit_display_style; ?> alt="<?php echo _("Edit format"); ?> "></a> </span> <input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php echo $process_form['IPv6_long']; ?> > / <?php echo _("IPv6 long"); $fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"'; ?> <span id="fmt_edit" <?php echo $fmt_edit_display_style; ?> > <br><?php echo _("Enter custom output format"); ?> :<br> <input size="30" type="text" name="customfmt" id="customfmt" value="<?php echo htmlspecialchars(stripslashes($process_form['customfmt'])); ?> " > <input type="image" name="fmt_save" id="fmt_save" title="<?php echo _("Save format"); ?> " onClick="SaveOutputFormat()" value="" src="icons/save.png"> <input type="image" name="fmt_delete" id="fmt_delete" title="<?php echo _("Delete format"); ?> " onClick="DeleteOutputFormat()" value="" src="icons/trash.png" <?php echo $edit_display_style; ?> > </span> </td> </tr> </table> </td> </tr> <!-- <tr> <td></td><td></td> <td align="right" style="border:none"> <input type="button" name="JSbutton1" value="<?php echo _("Clear Form"); ?> " onClick="ResetProcessingForm()"> <input type="submit" name="process" value="<?php echo _("process"); ?> " id="process_button" onClick="form_ok=true;" size="1"> </td> </tr> --> </TABLE> </form> <div id="lookupbox"> <div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png" onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="<?php echo _("Close lookup box"); ?> "></div> <iframe id="cframe" src="" frameborder="0" width=100% height=100%></iframe> </div> <?php if (!array_key_exists('run', $_SESSION)) { return; } print "<div class='flowlist'>\n"; $run = $_SESSION['run']; if ($run != null) { $filter = $process_form['filter']; if ($process_form['DefaultFilter'] != -1) { $cmd_opts['and_filter'] = $process_form['DefaultFilter']; } $cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real'; $cmd_opts['profile'] = $_SESSION['profileswitch']; $cmd_opts['srcselector'] = implode(':', $process_form['srcselector']); print "<pre>\n"; $pattern = '/(\\s*)([^\\s]+)/'; $replacement = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>"; ClearMessages(); $cmd_opts['args'] = "-T {$run}"; $cmd_opts['filter'] = $filter; $titcol = ""; if (preg_match("/ srcip/", $run)) { $titcol = _("Src IP"); } elseif (preg_match("/ dstip/", $run)) { $titcol = _("Dst IP"); } elseif (preg_match("/ srcport/", $run)) { $titcol = _("Src Port"); } elseif (preg_match("/ dstport/", $run)) { $titcol = _("Dst Port"); } $cmd_out = nfsend_query("run-nfdump", $cmd_opts); if (!is_array($cmd_out)) { ShowMessages(); } else { require_once "classes/Host.inc"; require_once "classes/Net.inc"; require_once 'ossim_db.inc'; require_once "ossim_conf.inc"; $conf = $GLOBALS["CONF"]; $solera = $conf->get_conf("solera_enable", FALSE) ? true : false; include "geoip.inc"; $gi = geoip_open("/usr/share/geoip/GeoIP.dat", GEOIP_STANDARD); $db = new ossim_db(); $conn = $db->connect(); $sensors = $hosts = $ossim_servers = array(); list($sensors, $hosts, $icons) = Host::get_ips_and_hostname($conn); /*$networks = ""; $_nets = Net::get_all($conn); $_nets_ips = $_host_ips = $_host = array(); foreach ($_nets as $_net) $_nets_ips[] = $_net->get_ips(); $networks = implode(",",$_nets_ips);*/ $hosts_ips = array_keys($hosts); /* if ( array_key_exists('arg', $cmd_out) ) { print "** nfdump " . $cmd_out['arg'] . "\n"; } if ( array_key_exists('filter', $cmd_out) ) { print "nfdump filter:\n"; foreach ( $cmd_out['filter'] as $line ) { print "$line\n"; } } foreach ( $cmd_out['nfdump'] as $line ) { print preg_replace($pattern, $replacement, $line) . "\n"; } print "</pre>\n";*/ # parse command line #2009-12-09 17:08:17.596 40.262 TCP 192.168.1.9:80 -> 217.126.167.80:51694 .AP.SF 0 70 180978 1 35960 2585 1 $list = preg_match("/ \\-a \\-A /", $cmd_out['arg']) ? 1 : 0; $regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/"; echo "<table style='width:100%;margin-bottom:5px''>"; $geotools = false; if ($list && file_exists("../kml/GoogleEarth.php")) { $geotools = true; $geoips = array(); echo "<tr><td class='nobborder'></td><td class='nobborder'></td><td class='nobborder'></td>"; echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_src&ip=&flows=1\",\"Flows sources - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>"; echo "<td class='center nobborder'>Geo Tools: <a href='' onclick='window.open(\"../kml/TourConfig.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Earth API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_earth_icon.png' border='0'></a> <a href='' onclick='window.open(\"../kml/IPGoogleMap.php?type=ip_dst&ip=&flows=1\",\"Flows destinations - Goggle Maps API\",\"width=1024,height=700,scrollbars=NO,toolbar=1\");return false'><img align='absmiddle' src='../pixmaps/google_maps_icon.png' border='0'></a></td>"; echo "</tr>"; } echo $list ? "<tr>\n <th>" . _("Date flow start") . "</th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . _("Src IP Addr:Port") . "</th>\n <th>" . _("Dst IP Addr:Port") . "</th>\n <th>" . _("Flags") . "</th>\n <th>" . _("Tos") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("Bpp") . "</th>\n <th>" . _("Flows") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>" : "<tr>\n <th>" . _("Date flow seen") . "</th>\n <th>" . _("Duration") . "</th>\n <th>" . _("Proto") . "</th>\n <th>" . $titcol . "</th>\n <th>" . _("Flows") . "</th>\n <th>" . _("Packets") . "</th>\n <th>" . _("Bytes") . "</th>\n <th>" . _("pps") . "</th>\n <th>" . _("bps") . "</th>\n <th>" . _("bpp") . "</th>\n \t" . ($solera ? "<th></th>" : "") . "\n </tr>"; $status = $errors = array(); //print_r($cmd_out['nfdump']); foreach ($cmd_out['nfdump'] as $k => $line) { echo "<tr>\n"; #capture status if (preg_match("/^(Summary|Time window|Total flows processed|Sys)\\:/", $line, $found)) { $status[$found[1]] = str_replace($found[1] . ":", "", $line); } # capture errors if (preg_match("/ error /i", $line, $found)) { $errors[] = $line; } # print results $line = preg_replace("/\\(\\s(\\d)/", "(\\1", $line); // Patch for ( 0.3) $line = preg_replace("/(\\d)\\s([KMG])/", "\\1\\2", $line); // Patch for 1.2 M(99.6) $start = $end = $proto = ""; $ips = $ports = array(); if (preg_match($regex, preg_replace('/\\s*/', ' ', $line), $found)) { foreach ($found as $ki => $field) { if ($ki > 0) { $wrap = $ki == 1 ? "nowrap" : ""; $field = preg_replace("/(\\:\\d+)\\.0\$/", "\\1", $field); if (preg_match("/(\\d+\\.\\d+\\.\\d+\\.\\d+)(.*)/", $field, $fnd)) { # match ip (resolve and geolocalize) $ip = $fnd[1]; $port = $fnd[2]; $name = $sensors[$ip] != "" ? $sensors[$ip] : ($hosts[$ip] != "" ? $hosts[$ip] : $ip); $homelan = ($match_cidr = Net::is_ip_in_cache_cidr($conn, $ip)) || in_array($ip, $hosts_ips) ? " <a href='javascript:;' class='scriptinfo' style='text-decoration:none' ip='{$ip}'><img src=\"" . Host::get_homelan_icon($ip, $icons, $match_cidr, $conn) . "\" border=0></a>" : ""; $country = strtolower(geoip_country_code_by_addr($gi, $ip)); $country_name = geoip_country_name_by_addr($gi, $ip); if ($country) { $country_img = " <img src=\"/ossim/pixmaps/flags/" . $country . ".png\" alt=\"" . _($country_name) . "\" title=\"" . _($country_name) . "\">"; } else { $country_img = ""; } $field = "<a href='javascript:;' class='HostReportMenu' id='{$ip};{$name}'>{$name}</a>{$port} {$country_img} {$homelan}"; $wrap = "nowrap"; $ips[] = $ip; if ($geotools) { if ($ki == 4) { $geoips['ip_src'][$ip]++; } elseif ($ki == 5) { $geoips['ip_dst'][$ip]++; } } $ports[] = str_replace(":", "", $port); } if (preg_match("/(\\d+-\\d+-\\d+ \\d+:\\d+:\\d+)(.*)/", $field, $fnd)) { # match date $start = $end = $fnd[1]; } if (preg_match("/(TCP|UDP|ICMP|RAW)/", $field, $fnd)) { # match date $proto = strtolower($fnd[1]); } print "<td {$wrap}>{$field}</td>"; } } // solera deepsee integration if ($solera) { echo "<td><a href=\"javascript:;\" onclick=\"solera_deepsee('{$start}','{$end}','" . $ips[0] . "','" . $ports[0] . "','" . $ips[1] . "','" . $ports[1] . "','{$proto}')\"><img src='/ossim/pixmaps/solera.png' border='0' align='absmiddle'></a></td>"; } } echo "</tr>\n"; } echo "</table>"; if ($geotools) { foreach ($geoips as $type => $list) { $ipsfile = fopen("/var/tmp/flowips_" . Session::get_session_user() . ".{$type}", "w"); foreach ($list as $ip => $val) { fputs($ipsfile, "{$ip}\n"); } fclose($ipsfile); } } #Summary: total flows: 20, total bytes: 7701, total packets: 133, avg bps: 60, avg pps: 0, avg bpp: 57 #Time window: 2009-12-10 08:21:30 - 2009-12-10 08:38:26 #Total flows processed: 21, Records skipped: 0, Bytes read: 1128 #Sys: 0.000s flows/second: 0.0 Wall: 0.000s flows/second: 152173.9 if (count($status) > 0) { echo "<table style='margin-bottom:5px;width:100%'>"; foreach ($status as $key => $line) { $line = preg_replace("/(Wall)\\:/", "<span class='th'>\\1</span>", $line); $line = preg_replace("/\\,\\s+(.*?)\\:/", " <span class='th'>\\1</span>", $line); echo "<tr><td class='nobborder'><span class='th'>{$key}</span>{$line}</td></tr>"; } echo "</table>"; } # stat() error '/home/dk/nfsen/profiles-data/live/device2/2009/12/10/nfcapd.200912100920': File not found! if (count($errors) > 0) { echo "<table style='margin-bottom:5px;width:100%'>"; foreach ($errors as $key => $line) { echo "<tr><td class='nobborder'><span class='th'>" . _("Error found") . "</span> {$line}</td></tr>"; } echo "</table>"; } $conn->disconnect(); } #print "</pre>\n"; } print "</div>\n"; return; }
function Process_alert_tab($tab_changed, $profile_changed) { global $num_ConditionList; global $ConditionList; global $num_ConditionList; global $ConditionList; global $ActionList; global $FlowStat_type; global $SumStat_type_options; global $SumStat_comp_type; global $SumStat_scale; // register 'get-alertgraph' command for rrdgraph.php if (!array_key_exists('rrdgraph_cmds', $_SESSION) || !array_key_exists('get-alertgraph', $_SESSION['rrdgraph_cmds'])) { $_SESSION['rrdgraph_cmds']['get-alertgraph'] = 1; $_SESSION['rrdgraph_getparams']['alert'] = 1; } $_SESSION['action'] = 'list'; // Delete an alert? if (array_key_exists('delete_alert_x', $_POST)) { $parse_opts = array("alert" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => $_SESSION['alertlist'], "validate" => null, "must_exist" => 1)); list($form_data, $has_errors) = ParseForm($parse_opts); if ($has_errors) { return; } $cmd_out = nfsend_query("delete-alert", $form_data, 0); $_SESSION['action'] = 'list'; UpdateAlertList(); return; } // Arm the alert if (array_key_exists('arm_trigger_x', $_POST)) { $parse_opts = array("alert" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => $_SESSION['alertlist'], "validate" => null, "must_exist" => 1)); list($form_data, $has_errors) = ParseForm($parse_opts); if ($has_errors) { return; } $cmd_out = nfsend_query("arm-alert", $form_data, 0); $_SESSION['action'] = 'list'; UpdateAlert($_SESSION['alertinfo']['name']); return; } // cancel a new alert dialog if (array_key_exists('new_alert_cancel', $_POST)) { $_SESSION['action'] = 'list'; return; } // provide the add new alert dialog? if (array_key_exists('new_alert_x', $_POST)) { $_SESSION['action'] = 'new'; $_SESSION['refresh'] = 0; // preset alert info for new alert $alertinfo['alert'] = ''; $alertinfo['type'] = 0; $alertinfo['visible_0'] = 1; $alertinfo['status'] = 'disabled'; $alertinfo['trigger_type'] = 0; $alertinfo['trigger_status'] = 0; $alertinfo['trigger_number'] = 0; $alertinfo['trigger_blocks'] = 0; $alertinfo['action_type'] = 0; $alertinfo['action_email'] = ''; $alertinfo['action_subject'] = 'Alert triggered'; $alertinfo['action_system'] = ''; $alertinfo['filter'] = array(); $alertinfo['channellist'] = implode('|', array_keys($_SESSION['profileinfo']['channel'])); for ($i = 0; $i < 2 * $num_ConditionList; $i++) { $alertinfo["visible_{$i}"] = 0; $alertinfo["op_{$i}"] = 0; $alertinfo["type_{$i}"] = 0; $alertinfo["comp_{$i}"] = 0; $alertinfo["comp_type_{$i}"] = 0; $alertinfo["stat_type_{$i}"] = 0; $alertinfo["comp_value_{$i}"] = 0; $alertinfo["scale_{$i}"] = 0; } $_SESSION['alertinfo'] = $alertinfo; // disable page refresh $_SESSION['refresh'] = 0; return; } // create the new alert $ModifyOrNew = NULL; if (array_key_exists('new_alert_commit_x', $_POST) || array_key_exists('new_alert_commit', $_POST)) { $ModifyOrNew = 'new'; } if (array_key_exists('edit_alert_commit', $_POST)) { $ModifyOrNew = 'modify'; } if ($ModifyOrNew != NULL) { $parse_opts = array("alert" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => "/^[A-Za-z0-9][A-Za-z0-9\\-+_]*\$/", "validate" => 'alert_name_check', "must_exists" => $ModifyOrNew == 'modify'), "channellist" => array("required" => 0, "default" => '', "allow_null" => 0, "match" => null, "validate" => 'channellist_validate'), "filter" => array("required" => 0, "default" => NULL, "allow_null" => 1, "match" => "/^[\\s!-~]*\$/", "validate" => 'filter_validate'), "type" => array("required" => 1, "default" => 0, "allow_null" => 1, "match" => array(0, 1, 2), "validate" => null), "status" => array("required" => 0, "default" => 'disabled', "allow_null" => 1, "match" => array('enabled', 'disabled'), "validate" => null), "trigger_type" => array("required" => 1, "default" => 0, "allow_null" => 1, "match" => array(0, 1, 2), "validate" => null), "trigger_number" => array("required" => 1, "default" => 1, "allow_null" => 0, "match" => range(1, 9), "validate" => null), "trigger_blocks" => array("required" => 1, "default" => 0, "allow_null" => 1, "match" => range(0, 9), "validate" => null), "plugin_condition" => array("required" => 0, "default" => -1, "allow_null" => 0, "match" => range(-1, count($_SESSION['alert_condition_plugin'])), "validate" => null), "action_plugin" => array("required" => 0, "default" => -1, "allow_null" => 0, "match" => range(-1, count($_SESSION['alert_action_plugin'])), "validate" => null), "action_email" => array("required" => 0, "default" => '', "allow_null" => 1, "match" => null, "validate" => 'check_email_address'), "action_subject" => array("required" => 0, "default" => 'Alert triggered', "allow_null" => 1, "match" => "/^[\\s!-~]+\$/", "validate" => 'subject_validate'), "action_system" => array("required" => 0, "default" => null, "allow_null" => 1, "match" => "/^[\\s!-~]+\$/", "validate" => null)); for ($i = 0; $i < 2 * $num_ConditionList; $i++) { $name = "op_{$i}"; $parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => array(0, 1), "validate" => null); $name = "visible_{$i}"; $parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => array(0, 1), "validate" => null); $name = "type_{$i}"; $parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => range(0, count($SumStat_type_options) - 1), "validate" => null); $name = "comp_{$i}"; $parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => array(0, 1, 2), "validate" => null); $name = "comp_type_{$i}"; $parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => range(0, count($SumStat_comp_type) - 1), "validate" => null); $name = "stat_type_{$i}"; $parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => range(0, count($FlowStat_type) - 1), "validate" => null); $name = "comp_value_{$i}"; $parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => "/^\\d+\$/", "validate" => null); $name = "scale_{$i}"; $parse_opts[$name] = array("required" => 0, "default" => 0, "allow_null" => 1, "match" => range(0, count($SumStat_scale) - 1), "validate" => null); } list($alertinfo, $has_errors) = ParseForm($parse_opts); $form_values = $alertinfo; if ($has_errors) { if ($ModifyOrNew == 'new') { $_SESSION['action'] = 'new'; $_SESSION['refresh'] = 0; } else { $_SESSION['action'] = 'details'; $_SESSION['refresh'] = 0; } return; } // process action types $action_type = 0; for ($i = 1; $i < 4; $i++) { if (array_key_exists("action_{$i}", $_POST)) { $action_type += 1 << $i - 1; } } $alertinfo['action_type'] = $action_type; $form_values['action_type'] = $action_type; if ($alertinfo['type'] == 2) { $lim = 2 * $num_ConditionList; } else { $lim = $alertinfo['type'] == 0 ? 0 : $num_ConditionList; } if ($alertinfo['action_plugin'] > -1) { $alertinfo['action_plugin'] = $_SESSION['alert_action_plugin'][$alertinfo['action_plugin']]; } else { unset($alertinfo['action_plugin']); } // prepare condition array $condition = array(); if ($alertinfo['type'] == 2) { $condition[] = $_SESSION['alert_condition_plugin'][$alertinfo['plugin_condition']]; } else { for ($i = 0; $i < 2 * $num_ConditionList; $i++) { if ($i >= $lim && $i < $lim + $num_ConditionList && $alertinfo["visible_{$i}"]) { // add to condition array $condition[] = implode(':', array($alertinfo["op_{$i}"], $alertinfo["type_{$i}"], $alertinfo["comp_{$i}"], $alertinfo["comp_type_{$i}"], $alertinfo["stat_type_{$i}"], $alertinfo["comp_value_{$i}"], $alertinfo["scale_{$i}"])); } } } for ($i = 0; $i < 2 * $num_ConditionList; $i++) { // delete other condition values unset($alertinfo["visible_{$i}"]); unset($alertinfo["op_{$i}"]); unset($alertinfo["type_{$i}"]); unset($alertinfo["comp_{$i}"]); unset($alertinfo["comp_type_{$i}"]); unset($alertinfo["stat_type_{$i}"]); unset($alertinfo["comp_value_{$i}"]); unset($alertinfo["scale_{$i}"]); } unset($alertinfo['plugin_condition']); $alertinfo['condition'] = $condition; ob_start(); print "Add/modify alert - alertinfo\n"; print_r($alertinfo); ReportLog(ob_get_contents()); ob_clean(); if ($ModifyOrNew == 'new') { $cmd_out = nfsend_query("add-alert", $alertinfo, 0); if (!is_array($cmd_out)) { $_SESSION['action'] = 'new'; $_SESSION['alertinfo'] = $form_values; return; } // Update alert list UpdateAlertList(); } else { $cmd_out = nfsend_query("modify-alert", $alertinfo, 0); if (!is_array($cmd_out)) { $_SESSION['action'] = 'details'; $_SESSION['refresh'] = 0; return; } } // prepare details view of new alert UpdateAlert($alertinfo['alert']); return; } // status change $status = 'none'; if (array_key_exists('status', $_POST) && !array_key_exists('status_hidden', $_POST)) { // status set to enabled $status = 'enabled'; } if (!array_key_exists('status', $_POST) && array_key_exists('status_hidden', $_POST)) { // status set to disabled $status = 'disabled'; } if ($status != 'none') { // redisplay alert $_SESSION['action'] = 'details'; $_SESSION['refresh'] = 0; $cmd_out = nfsend_query("modify-alert", array('alert' => $_SESSION['alertinfo']['name'], 'status' => $status), 0); if (!is_array($cmd_out)) { return; } UpdateAlert($_SESSION['alertinfo']['name']); return; } if (array_key_exists('view_alert_x', $_POST)) { $parse_opts = array("alert" => array("required" => 1, "default" => NULL, "allow_null" => 0, "match" => $_SESSION['alertlist'], "validate" => null, "must_exist" => 1)); list($form_data, $has_errors) = ParseForm($parse_opts); if ($has_errors) { return; } $_SESSION['refresh'] = 0; UpdateAlert($form_data['alert']); return; } if (array_key_exists('edit_alert_cancel', $_POST)) { // redisplay current alert $_SESSION['action'] = 'details'; $_SESSION['refresh'] = 0; return; } // everything else - show alert list UpdateAlertList(); return; }
function DisplayProcessing() { global $self; global $ListNOption; global $TopNOption; global $OutputFormatOption; global $IPStatOption; global $IPStatOrder; global $LimitScale; $detail_opts = $_SESSION['detail_opts']; $process_form = $_SESSION['process_form']; ?> <a name="processing"></a> <h3 class="NfProcessing">Netflow Processing</h3> <form action="<?php echo $self; ?> " onSubmit="return ValidateProcessForm()" id="FlowProcessingForm" method="POST"> <TABLE border="0" cellspacing="3" cellpadding="3" style='font-size:14px;font-weight:bold'> <tr> <TD>Source:</TD> <TD>Filter:</TD> <TD>Options:</TD> </tr> <TR> <TD style='vertical-align:top;'> <SELECT name="srcselector[]" id=SourceSelector size="6" style="width: 100%" multiple> <?php foreach ($process_form['srcselector'] as $selected_channel) { $_tmp[$selected_channel] = 1; } $i = 0; foreach (array_keys($_SESSION['profileinfo']['channel']) as $channel) { $checked = array_key_exists($channel, $_tmp) ? 'selected' : ''; print "<OPTION value='{$channel}' {$checked}>{$channel}</OPTION>\n"; } ?> </SELECT><br> <INPUT TYPE="button" NAME="JSbutton2" Value="All Sources" onClick="SelectAllSources()"> </TD> <td style="vertical-align:top;"> <textarea name="filter" id="filter" multiline="true" wrap="phisical" rows="6" cols="50" maxlength="10240"><?php $display_filter = array_key_exists('editfilter', $process_form) ? $process_form['editfilter'] : $process_form['filter']; foreach ($display_filter as $line) { print htmlspecialchars(stripslashes($line)) . "\n"; } ?> </textarea><br> <?php $deletefilter_display_style = array_key_exists('editfilter', $process_form) ? '' : 'style="display:none;"'; ?> <input type="image" name="filter_delete" id="filter_delete" title="Delete filter" align="right" onClick="HandleFilter(3)" value="" src="icons/trash.png" <?php echo $deletefilter_display_style; ?> > <input type="image" name="filter_save" id="filter_save" title="Save filter" align="right" onClick="HandleFilter(2)" value="" src="icons/save.png"> <input type="hidden" name="filter_name" id="filter_name" value="none"> <span id="filter_span">and <select name="DefaultFilter" id="DefaultFilter" onChange="HandleFilter(0)" size="1"> <?php print "<option value='-1' label='none'><none></option>\n"; foreach ($_SESSION['DefaultFilters'] as $name) { $checked = $process_form['DefaultFilter'] == $name ? 'selected' : ''; print "<option value='{$name}' {$checked}>{$name}</option>\n"; } $editfilter_display_style = 'style="display:none;"'; foreach ($_SESSION['DefaultFilters'] as $name) { if ($process_form['DefaultFilter'] == $name) { $editfilter_display_style = ''; } } ?> </select></span> <input type="image" name="filter_edit" id="filter_edit" title="Edit filter" <?php echo $editfilter_display_style; ?> onClick="HandleFilter(1)" value="" src="icons/edit.png"> <script language="Javascript" type="text/javascript"> var DefaultFilters = new Array(); <?php foreach ($_SESSION['DefaultFilters'] as $name) { print "DefaultFilters.push('{$name}');\n"; } if (array_key_exists('editfilter', $process_form)) { print "edit_filter = '" . $process_form['DefaultFilter'] . "';\n"; } ?> </script> </td> <!-- Options start here --> <td style='padding: 0px;vertical-align:top;'> <table border="0"id="ProcessOptionTable" style="font-size:14px;font-weight:bold;"> <tr><td colspan="2"> <?php $i = 0; foreach (array('List Flows', 'Stat TopN') as $s) { $checked = $process_form['modeselect'] == $i ? 'checked' : ''; print "<input type='radio' onClick='SwitchOptionTable({$i})' name='modeselect' id='modeselect{$i}' value='{$i}' {$checked}>{$s} "; $i++; } $list_display_style = $process_form['modeselect'] == 0 ? '' : 'style="display:none;"'; $stat_display_style = $process_form['modeselect'] == 0 ? 'style="display:none;"' : ''; $formatselect_display_opts = $process_form['modeselect'] == 1 && $process_form['stattype'] != 0 ? 'style="display:none;"' : ''; ?> </td></tr> <tr id="listNRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'>Limit to:</td> <td class='TDnfprocControl'> <select name="listN" id="listN" style="margin-left:1" size="1"> <?php for ($i = 0; $i < count($ListNOption); $i++) { $checked = $process_form['listN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $ListNOption[$i] . "</OPTION>\n"; } ?> </select> Flows<br> </td> </tr> <tr id="topNRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'>Top:</td> <td class='TDnfprocControl'> <select name="topN" id="TopN" size="1"> <?php for ($i = 0; $i < count($TopNOption); $i++) { $checked = $process_form['topN'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $TopNOption[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="stattypeRow" <?php echo $stat_display_style; ?> > <td class="TDnfprocLabel">Stat:</td> <td class="TDnfprocControl"> <select name="stattype" id="StatTypeSelector" onChange="ShowHideOptions()" size="1"> <?php for ($i = 0; $i < count($IPStatOption); $i++) { $checked = $process_form['stattype'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOption[$i] . "</OPTION>\n"; } ?> </select> order by <select name='statorder' id="statorder" size='1'> <?php for ($i = 0; $i < count($IPStatOrder); $i++) { $checked = $process_form['statorder'] == $i ? 'selected' : ''; print "<OPTION value='{$i}' {$checked}>" . $IPStatOrder[$i] . "</OPTION>\n"; } ?> </select> </td> </tr> <tr id="AggregateRow" <?php echo $formatselect_display_opts; ?> > <td class='TDnfprocLabel'>Aggregate</td> <td class='TDnfprocControl'> <input type="checkbox" name="aggr_bidir" id="aggr_bidir" value="checked" onClick="ToggleAggregate();" style="margin-left:1" <?php echo $process_form['aggr_bidir']; ?> > bi-directional<br> <input type="checkbox" name="aggr_proto" id="aggr_proto" value="checked" style="margin-left:1" <?php echo $process_form['aggr_proto']; ?> > proto<br> <input type="checkbox" name="aggr_srcport" id="aggr_srcport" value="checked" style="margin-left:1" <?php echo $process_form['aggr_srcport']; ?> > srcPort <input type="checkbox" name="aggr_srcip" id="aggr_srcip" value="checked" style="margin-left:1" <?php echo $process_form['aggr_srcip']; ?> > <select name="aggr_srcselect" id="aggr_srcselect" onChange="NetbitEntry('src')" size="1"> <?php $i = 0; foreach (array('srcIP', 'srcIPv4/', 'srcIPv6/') as $s) { $checked = $process_form['aggr_srcselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_srcselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_srcnetbits" id="aggr_srcnetbits" value="<?php echo $process_form['aggr_srcnetbits']; ?> " <?php echo $_style; ?> ><br> <input type="checkbox" name="aggr_dstport" id="aggr_dstport" value="checked" style="margin-left:1" <?php echo $process_form['aggr_dstport']; ?> > dstPort <input type="checkbox" name="aggr_dstip" id="aggr_dstip" value="checked" style="margin-left:1" <?php echo $process_form['aggr_dstip']; ?> > <select name="aggr_dstselect" id="aggr_dstselect" onChange="NetbitEntry('dst')" size="1"> <?php $i = 0; foreach (array('dstIP', 'dstIPv4/', 'dstIPv6/') as $s) { $checked = $process_form['aggr_dstselect'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } $_style = $process_form['aggr_dstselect'] == 0 ? 'style="display:none"' : ''; ?> </select> <input size="3" type="text" name="aggr_dstnetbits" id="aggr_dstnetbits" value="<?php echo $process_form['aggr_dstnetbits']; ?> " <?php echo $_style; ?> ><br> </td> </tr> <tr id="timesortedRow" <?php echo $list_display_style; ?> > <td class='TDnfprocLabel'>Sort:</td> <td class='TDnfprocControl'> <input type="checkbox" name="timesorted" id="timesorted" value="checked" style="margin-left:1" <?php echo $process_form['timesorted']; ?> > start time of flows</td> </tr> <tr id="limitoutputRow" <?php echo $stat_display_style; ?> > <td class='TDnfprocLabel'>Limit:</td> <td class='TDnfprocControl'> <input type="checkbox" name="limitoutput" id="limitoutput" value="checked" style="margin-left:1" size="1" <?php echo $process_form['limitoutput']; ?> > <select name="limitwhat" id="limitwhat" size="1"> <?php $i = 0; foreach (array('Packets', 'Traffic') as $s) { $checked = $process_form['limitwhat'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <select name="limithow" id="limithow" size="1"> <?php $i = 0; foreach (array('>', '<') as $s) { $checked = $process_form['limithow'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> <input type="text" name="limitsize" id="limitsize" value="<?php echo $process_form['limitsize']; ?> " SIZE="6" MAXLENGTH="8"> <select name="limitscale" id="limitscale" size="1" style="margin-left:1"> <?php $i = 0; foreach ($LimitScale as $s) { $checked = $process_form['limitscale'] == $i ? 'selected' : ''; print "<option value='{$i}' {$checked}>{$s}</option>\n"; $i++; } ?> </select> </td> </tr> <tr id="outputRow"> <td class='TDnfprocLabel'>Output:</td> <td class='TDnfprocControl'> <span id="FormatSelect" <?php echo $formatselect_display_opts; ?> > <select name="output" id="output" onChange="CustomOutputFormat()" style="margin-left:1" size="1"> <?php foreach ($_SESSION['formatlist'] as $key => $value) { $checked = $process_form['output'] == $key ? 'selected' : ''; print "<OPTION value='{$key}' {$checked}>{$key}</OPTION>\n"; } $fmt = $_SESSION['formatlist'][$process_form['output']]; if ($process_form['output'] == $fmt) { // built in format $space_display_style = ''; $edit_display_style = 'style="display:none"'; } else { $space_display_style = 'style="display:none"'; $edit_display_style = ''; } ?> </select> <script language="Javascript" type="text/javascript"> var fmts = new Hash(); <?php foreach ($_SESSION['formatlist'] as $key => $value) { print "fmts.setItem('{$key}', '{$value}');\n"; } ?> </script> <img src="icons/space.png" border="0" alt='space' id='space' <?php echo $space_display_style; ?> ></img> <a href="#null" onClick="EditCustomFormat()" title="Edit format" ><IMG SRC="icons/edit.png" name="fmt_doedit" id="fmt_doedit" border="0" <?php echo $edit_display_style; ?> alt="Edit format"></a> </span> <input type="checkbox" name="IPv6_long" id="IPv6_long" style="margin-left:1" value="checked" <?php echo $process_form['IPv6_long']; ?> > / IPv6 long <?php $fmt_edit_display_style = $process_form['output'] == 'custom ...' ? '' : 'style="display:none"'; ?> <span id="fmt_edit" <?php echo $fmt_edit_display_style; ?> > <br>Enter custom output format:<br> <input size="30" type="text" name="customfmt" id="customfmt" value="<?php echo htmlspecialchars(stripslashes($process_form['customfmt'])); ?> " > <input type="image" name="fmt_save" id="fmt_save" title="Save format" onClick="SaveOutputFormat()" value="" src="icons/save.png"> <input type="image" name="fmt_delete" id="fmt_delete" title="Delete format" onClick="DeleteOutputFormat()" value="" src="icons/trash.png" <?php echo $edit_display_style; ?> > </span> </td> </tr> </table> </td> </tr> <tr> <td></td><td></td> <td align="right"> <input type="button" name="JSbutton1" value="Clear Form" onClick="ResetProcessingForm()"> <input type="submit" name="process" value="process" onClick="form_ok=true;" size="1"> </td> </tr> </TABLE> </form> <div id="lookupbox"> <div id="lookupbar" align="right" style="background-color:olivedrab"><img src="icons/close.png" onmouseover="this.style.cursor='pointer';" onClick="hidelookup()" title="Close lookup box"></div> <iframe id="cframe" src="" frameborder="0" scrolling="auto" width="100%" height="166"></iframe> </div> <?php if (!array_key_exists('run', $_SESSION)) { return; } //print var_dump($_SESSION); print "<div class='flowlist'>\n"; $run = $_SESSION['run']; if ($run != null) { $filter = $process_form['filter']; if ($process_form['DefaultFilter'] != -1) { $cmd_opts['and_filter'] = $process_form['DefaultFilter']; } $cmd_opts['type'] = ($_SESSION['profileinfo']['type'] & 4) > 0 ? 'shadow' : 'real'; $cmd_opts['profile'] = $_SESSION['profileswitch']; $cmd_opts['srcselector'] = implode(':', $process_form['srcselector']); print "<pre>\n"; $patterns = array(); $replacements = array(); $patterns[0] = '/(\\s*)([^\\s]+)/'; $replacements[0] = "\$1<a href='#null' onClick='lookup(\"\$2\", this, event)' title='lookup \$2'>\$2</a>"; // gets HAP4NfSens plugin id. returns -1 if HAP4NfSen is not installed. function getHAP4NfSenId() { $plugins = GetPlugins(); for ($i = 0; $i < count($plugins); $i++) { $plugin = $plugins[$i]; if ($plugin == "HAP4NfSen") { return $i; } } return -1; } ClearMessages(); $cmd_opts['args'] = "-T {$run}"; $cmd_opts['filter'] = $filter; $cmd_out = nfsend_query("run-nfdump", $cmd_opts); if (!is_array($cmd_out)) { ShowMessages(); } else { $hap4nfsen_id = getHAP4NfSenId(); if ($hap4nfsen_id >= 0) { // ICMP "port" filter are no currently supported by the HAP4NfSen plugin function isChecked(&$form, $name) { // helper function used to find out, if an option is checked return $form[$name] == "checked"; } $ip_and_port_columns = preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && (isChecked($process_form, 'aggr_srcip') && isChecked($process_form, 'aggr_srcport') || isChecked($process_form, 'aggr_dstip') && isChecked($process_form, 'aggr_dstport')); $ip_contains_port = $_SESSION["process_form"]["modeselect"] == '0' || !preg_match('/[ip|flow_records]/i', $IPStatOption[$process_form['stattype']]) || preg_match('/(flow records)/i', $IPStatOption[$process_form['stattype']]) && !(isChecked($process_form, 'aggr_srcip') || isChecked($process_form, 'aggr_srcport') || isChecked($process_form, 'aggr_dstip') || isChecked($process_form, 'aggr_dstport')); $_SESSION["plugin"][$hap4nfsen_id]["cmd_opts"] = $cmd_opts; $hap_pic = "<img src=\"plugins/HAP4NfSen/graphviz.png\" valign=\"middle\" border=\"0\" alt=\"HAP\" />"; $default_pattern = array_pop($patterns); $default_replacement = array_pop($replacements); if ($ip_contains_port) { // matches cases like ip:port $max_prot_length = 5; // max. port length = 5 chars(highest port number = 65535) for ($i = $max_prot_length; $i >= 1; $i--) { $diff = $max_prot_length - $i; // difference between actual and max port length $ip_port_pattern_icmp = "/(\\s*)([^\\s|^:]+)(:)(0\\s{4}|\\d\\.\\d\\s{2}|\\d{2}\\.\\d\\|\\d\\.\\d{2}\\s|\\d{2}\\.\\d{2})/"; $ip_port_pattern_normal = "/(\\s*)([^\\s|^:]+)(:)([\\d|\\.]{{$i}})(\\s{{$diff}})/"; $spaces = ''; for ($k = 0; $k < $diff; $k++) { $spaces = $spaces . ' '; } // spaces required to align hap viewer icons array_push($patterns, $ip_port_pattern_icmp); array_push($replacements, $default_replacement . "\$3\$4 <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&mode=new\" title='HAP graphlet for \$2'>{$hap_pic}</a> "); array_push($patterns, $ip_port_pattern_normal); array_push($replacements, $default_replacement . "\$3\$4{$spaces} <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&port=\$4&mode=new\" title='HAP graphlet for \$2 on port \$4'>{$hap_pic}</a> "); } array_push($patterns, '/(\\sIP\\sAddr:Port)/i'); array_push($replacements, "\$1 {$hap_pic}"); } else { if ($ip_and_port_columns) { // matches cases when both ip and port are available but are located in separate columns // ICMP verion $ip_and_port_pattern = "/(\\s*)([^\\s]+)(\\s+)(0|\\d\\.\\d)/"; $ip_and_port_replacement = "\$1\$2\$3\$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&mode=new\" title='HAP graphlet for \$2'>{$hap_pic}</a>"; array_push($patterns, $ip_and_port_pattern); array_push($replacements, $ip_and_port_replacement); // non-ICMP version with port filter $ip_and_port_pattern = "/(\\s*)([^\\s]+)(\\s*)([\\d|.]+)/"; $ip_and_port_replacement = "\$1\$2\$3\$4 " . "<a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&port=\$4&mode=new\" title='HAP graphlet for \$2 on port \$4'>{$hap_pic}</a>"; array_push($patterns, $ip_and_port_pattern); array_push($replacements, $ip_and_port_replacement); array_push($patterns, '/(\\s\\s(Src\\sIP\\sAddr\\s*Src\\sPt|Dst\\sIP\\sAddr\\s*Dst\\sPt))/i'); array_push($replacements, "\$1 {$hap_pic}"); } else { // matches all other cases array_push($patterns, $default_pattern); array_push($replacements, $default_replacement . " <a href=\"nfsen.php?tab=5&sub_tab=" . $hap4nfsen_id . "&ip=\$2&mode=new\" title='HAP graphlet for \$2'>{$hap_pic}</a>"); array_push($patterns, '/(\\s(|\\s(Src|Dst))\\sIP\\sAddr)/i'); array_push($replacements, "\$1 {$hap_pic}"); } } } if (array_key_exists('arg', $cmd_out)) { print "** nfdump " . $cmd_out['arg'] . "\n"; } if (array_key_exists('filter', $cmd_out)) { print "nfdump filter:\n"; foreach ($cmd_out['filter'] as $line) { print "{$line}\n"; } } foreach ($cmd_out['nfdump'] as $line) { print preg_replace($patterns, $replacements, $line) . "\n"; } } print "</pre>\n"; } print "</div>\n"; return; }
$hourFile = $hourFile[0] . '0'; } else { if ($hourFile[0] <= '6' && $hourFile[0] > '1') { $hourFile[0] = (string) ($hourFile[0] - 1); } else { $hourFile[0] = '1'; } $hourFile = $hourFile[0] . '5'; } $hourFrom = date('H', strtotime('-1 hour')) . $hourFile; $hourTo = date('H', time()) . $hourFile; $cmd_opts['args'] = '-T -R ' . $date_from . '/nfcapd.' . $date_from_format . $hourFrom . ':' . $date_to . '/nfcapd.' . $date_to_format . $hourTo . ' -o extended -m'; if ($maxrows > 0) { $cmd_opts['args'] .= " -c {$maxrows}"; } $cmd_out = nfsend_query('run-nfdump', $cmd_opts); //Very important to disconnect!! nfsend_disconnect(); } else { Av_exception::throw_error(Av_exception::USER_ERROR, _('Error retrieving information')); } } catch (Exception $e) { $db->close(); Util::response_bad_request($e->getMessage()); } $list = preg_match("/ extended /", $cmd_out['args']) ? 1 : 0; $regex = $list ? "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+->\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMG]?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*)/" : "/(\\d\\d\\d\\d\\-.*?\\s.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?)\\s+(.*?\\s*[KMGT]?)\\s+(.*?)\\s+(.*?)\\s+(.*)/"; $data = array(); $total = 0; $error = ''; // Error