コード例 #1
0
    $where .= " AND eid IN (";
    $searchArr['eids'] = array_unique($searchArr['eids']);
    foreach ($searchArr['eids'] as $eid) {
        $qstring .= "&eids[]=$eid";
        $where.= "'$eid',";
    }
    $where = rtrim($where, ",");
    $where .= ")";
}

if(is_array($searchArr['programs'])) {
    $where .= " AND program IN (";
    $searchArr['programs'] = array_unique($searchArr['programs']);
    foreach ($searchArr['programs'] as $program) {
        $qstring .= "&programs[]=" . rawurlencode($program);
        $where.= "'".prg2crc($program)."',";
    }
    $where = rtrim($where, ",");
    $where .= ")";
}
$tail_where = $where;

//------------------------------------------------------------
// Run the search query to get results from Sphinx
//------------------------------------------------------------
if ($page == "Graph") {
    $json_o = search_graph(json_encode($searchArr), $spx_max, "distributed", $spx_ip, $spx_port);
} else {
    $json_o = search(json_encode($searchArr), $spx_max, "distributed", $spx_ip, $spx_port);
}
コード例 #2
0
function search_graph($json_o, $spx_max, $index = "idx_logs idx_delta_logs", $spx_ip, $spx_port)
{
    $basePath = dirname(__FILE__);
    // require_once ($basePath . "/SPHINX.class.php");
    // Grab the settings from the database if not as parameter
    if ($spx_max == '') {
        $spx_max = $_SESSION[SPX_MAX_MATCHES];
    }
    if ($spx_ip == '') {
        $spx_ip = $_SESSION[SPX_SRV];
    }
    if ($spx_port == '') {
        $spx_port = $_SESSION[SPX_PORT];
    }
    // let us try to invoke sphinxql here instead...
    $scl = new mysqli(SPHINXHOST, '', '', '', SPHINXPORT);
    if (mysqli_connect_errno()) {
        return sprintf("Sphinxql error in connect: %d %s\n", mysqli_connect_errno(), mysqli_connect_error() . "<br>The Sphinx daemon may not be running.");
    }
    //$cl = new SphinxClient ();
    //$cl->SetServer ( $spx_ip, $spx_port );
    // Decode json object into an array:
    $json_a = json_decode($json_o, true);
    //die(print_r($json_a));
    // Set All Defaults in case they aren't sent via the json object
    $dupop = !empty($json_a['dupop']) ? $json_a['dupop'] : ">=";
    $dupcount = !empty($json_a['dupcount']) ? $json_a['dupcount'] : 0;
    $orderby = !empty($json_a['orderby']) ? $json_a['orderby'] : "id";
    $order = !empty($json_a['order']) ? $json_a['order'] : "ASC";
    $limit = !empty($json_a['limit']) ? $json_a['limit'] : $spx_max;
    $show_suppressed = !empty($json_a['show_suppressed']) ? $json_a['show_suppressed'] : "all";
    $q_type = !empty($json_a['q_type']) ? $json_a['q_type'] : "boolean";
    $search_op = !empty($json_a['search_op']) ? $json_a['search_op'] : "|";
    // loop through array to get the fields that the user wants to search on:
    // Note: Only certain values need to be looped here for modification before presenting to sphinx.
    // many of the items not looped below can be called directly using $json_a['name'];
    foreach ($json_a as $key => $val) {
        // echo "Key = $key, Val = $val\n";
        switch ($key) {
            // Strings
            case 'msg_mask':
                //                $val = real_escape_string( $cl->EscapeString ($val);
                $val = $scl->real_escape_string($val);
                $val = EscapeSphinxQL($val);
                $msg_mask .= $val . " {$search_op} ";
                break;
            case 'notes_mask':
                foreach ($val as $subkey => $subval) {
                    // echo "SubKey = $subkey, SubVal = $subval\n";
                    //                    $subval = $cl->EscapeString ($subval);
                    $subval = mysql_real_escape_string($subval, $scl);
                    $notes_mask .= $subval . " {$search_op} ";
                }
                break;
                /*            case 'hosts':
                                            foreach ($val as $subkey=>$subval) {
                              // echo "SubKey = $subkey, SubVal = $subval\n";
                              //                    $subval = $cl->EscapeString ($subval);
                              $subval = $scl->real_escape_string($subval);
                              $hosts .= $subval . " $search_op ";
                              }
                              break;
                               */
            /*            case 'hosts':
                                        foreach ($val as $subkey=>$subval) {
                          // echo "SubKey = $subkey, SubVal = $subval\n";
                          //                    $subval = $cl->EscapeString ($subval);
                          $subval = $scl->real_escape_string($subval);
                          $hosts .= $subval . " $search_op ";
                          }
                          break;
                           */
            case 'mnemonics':
                foreach ($val as $subkey => $subval) {
                    // echo "SubKey = $subkey, SubVal = $subval\n";
                    if (!preg_match('/^\\d+$/', $subval)) {
                        $mnes[] .= mne2crc($subval);
                    } else {
                        $mnes[] .= $subval;
                    }
                }
                break;
            case 'eids':
                foreach ($val as $subkey => $subval) {
                    // echo "SubKey = $subkey, SubVal = $subval\n";
                    $eids[] .= $subval;
                }
                break;
            case 'programs':
                foreach ($val as $subkey => $subval) {
                    // echo "SubKey = $subkey, SubVal = $subval\n";
                    if (!preg_match('/^\\d+$/', $subval)) {
                        $prgs[] .= prg2crc($subval);
                    } else {
                        $prgs[] .= $subval;
                    }
                }
                break;
        }
    }
    // die(print_r($json_a));
    $msg_mask = rtrim($msg_mask, " {$search_op} ");
    //    $hosts = rtrim($hosts, " $search_op ");
    $notes_mask = rtrim($notes_mask, " {$search_op} ");
    // Add DB column to strings
    if (!preg_match('/any|all|phrase/', $q_type)) {
        if ($msg_mask) {
            $msg_mask = "@MSG " . $msg_mask . " ";
        }
        /*        if ($hosts) {
                          $hosts = "@HOST " . $hosts . " ";
                          }
                 */
        if ($notes_mask) {
            $notes_mask = "@NOTES " . $notes_mask;
        }
    }
    $sphinxfilters = array();
    // SetFilter used on integer fields - takes an array
    if ($json_a['severities']) {
        //        $cl->SetFilter( 'severity', $json_a['severities'] );
        $sphinxfilters[] = "severity in (" . implode($json_a[severities], ',') . ")";
    }
    if ($json_a['facilities']) {
        //        $cl->SetFilter( 'facility', $json_a['facilities'] );
        $sphinxfilters[] = "facility in (" . implode($json_a[facilities], ',') . ")";
    }
    if (is_array($eids)) {
        //        $cl->SetFilter( 'eid', $eids );
        $sphinxfilters[] = "eid in (" . implode($eids, ',') . ")";
    }
    if ($json_a['mnemonics']) {
        //        $cl->SetFilter( 'mne', $mnes );
        $sphinxfilters[] = "mne in (" . implode($mnes, ',') . ")";
    }
    if ($json_a['programs']) {
        //        $cl->SetFilter( 'program', $prgs );
        $sphinxfilters[] = "program in (" . implode($prgs, ',') . ")";
    }
    // this is not supported by sphinxql proto - due to the old code.
    // for now is only 'extended2' is the active, and the rest could be
    // simulated (and actually do internally) by extended2.
    //    switch ($q_type) {
    //        case "any":
    //            $cl->SetMatchMode ( SPH_MATCH_ANY );
    //        break;
    //        case "all":
    //            $cl->SetMatchMode ( SPH_MATCH_ALL );
    //        break;
    //        case "phrase":
    //            $cl->SetMatchMode ( SPH_MATCH_PHRASE );
    //        break;
    //        case "boolean":
    //            $cl->SetMatchMode ( SPH_MATCH_BOOLEAN );
    //        break;
    //        case "extended":
    //            $cl->SetMatchMode ( SPH_MATCH_EXTENDED2 );
    //        break;
    //    }
    //    if ($orderby == "id") { $orderby = "@id"; }
    if ($json_a['tail'] !== "off") {
        $order = "DESC";
    }
    // Datetime filtering
    $fo_checkbox = $json_a['fo_checkbox'];
    $fo_date = $json_a['fo_date'];
    $fo_time_start = $json_a['fo_time_start'];
    $fo_time_end = $json_a['fo_time_end'];
    $lo_checkbox = $json_a['lo_checkbox'];
    $lo_date = $json_a['lo_date'];
    $lo_time_start = $json_a['lo_time_start'];
    $lo_time_end = $json_a['lo_time_end'];
    if ($fo_checkbox == "on") {
        if ($fo_date != '') {
            list($start, $end) = explode(' to ', $fo_date);
            if ($end == '') {
                $end = "{$start}";
            }
            if ($start == $end and $fo_time_start > $fo_time_end) {
                $endx = strtotime($end);
                $endx = $endx + 24 * 3600;
                $end = date('Y-m-d', mktime(0, 0, 0, date('m', $endx), date('d', $endx), date('Y', $endx)));
            }
            $start .= " {$fo_time_start}";
            $end .= " {$fo_time_end}";
            $fo_start = "{$start}";
            $fo_end = "{$end}";
        }
    }
    if ($lo_checkbox == "on") {
        if ($lo_date != '') {
            list($start, $end) = explode(' to ', $lo_date);
            if ($end == '') {
                $end = "{$start}";
            }
            if ($start == $end and $lo_time_start > $lo_time_end) {
                $endx = strtotime($end);
                $endx = $endx + 24 * 3600;
                $end = date('Y-m-d', mktime(0, 0, 0, date('m', $endx), date('d', $endx), date('Y', $endx)));
            }
            $start .= " {$lo_time_start}";
            $end .= " {$lo_time_end}";
            $lo_start = "{$start}";
            $lo_end = "{$end}";
        }
    }
    if ($json_a['fo_checkbox'] == "on" and $fo_start and $fo_end) {
        $sphinxfilters[] = "fo>=" . strtotime("{$fo_start}") . " AND fo<=" . strtotime("{$fo_end}");
    }
    if ($json_a['lo_checkbox'] == "on" and $lo_start and $lo_end) {
        $sphinxfilters[] = "lo>=" . strtotime("{$lo_start}") . " AND lo<=" . strtotime("{$lo_end}");
    }
    // Duplicates filtering
    $min = "0";
    $max = "9999999999";
    if ($dupop && $dupop !== 'undefined') {
        switch ($dupop) {
            case "gt":
                $dupop = ">";
                $min = $dupcount + 1;
                break;
            case "lt":
                $dupop = "<";
                $max = $dupcount - 1;
                break;
            case "eq":
                $dupop = "=";
                $min = $dupcount;
                $max = $dupcount;
                break;
            case "gte":
                $dupop = ">=";
                $min = $dupcount;
                break;
                $min = $dupcount;
            case "lte":
                $dupop = "<=";
                break;
        }
    }
    // echo "$min - $max\n";
    //    $cl->SetFilterRange ( 'counter', intval($min), intval($max) );
    $sphinxfilters[] = "counter>={$min} AND counter<={$max}";
    $sphinxlimit = "LIMIT 0,{$limit}";
    $sphinxoptions = "OPTION max_matches={$spx_max} ";
    //    $cl->setLimits(0,intval($limit), $spx_max);
    $countfield = "";
    if ($json_a['groupby']) {
        $groupby = $json_a['groupby'];
        switch ($groupby) {
            case "mne":
                $val = mne2crc('None');
                $sphinxfilters[] = "mne!={$val}";
                //                $cl->SetFilter( 'mne', array($val), true );
                break;
            case "eid":
                //                $cl->SetFilter( 'eid', array(0), true );
                $sphinxfilters[] = "eid!=0";
                break;
        }
        // always use top n records count in charts
        $sphinxgroupby = "GROUP BY " . $json_a['groupby'] . " ORDER BY scount desc";
        $countfield = ", count(*) as count";
        //        $cl->setGroupBy($json_a['groupby'],SPH_GROUPBY_ATTR,"$orderby $order");
    } else {
        //      $cl->SetSortMode ( SPH_SORT_EXTENDED , "$orderby $order" );
        // always use top n records count in charts
        $sphinxgroupby = "ORDER BY scount desc";
    }
    // make the querys
    $counter = 0;
    $hosts = "";
    $ids = array();
    // fetch the hosts
    if (is_array($json_a['hosts'])) {
        foreach ($json_a['hosts'] as $key => $h) {
            if ($h !== '') {
                // [[ticket:304]]
                // #407 - make sure all hosts are crc32
                if (!is_numeric($h)) {
                    $h = crc32($h);
                }
                $hosts = $hosts . $h . ",";
                $counter = $counter + 1;
            }
            // split query in max 100 hosts
            // cdukes - [[ticket:426]] - changed to 15000
            if ($counter >= 15000) {
                $hosts = rtrim($hosts, ",");
                $shosts = $scl->real_escape_string($hosts);
                $search_string = $msg_mask . $notes_mask;
                if ($lo_start < date('Y-m-d') . " 00:00:00") {
                    $query = " AND MATCH ('@dummy dummy {$search_string}')";
                } else {
                    if ($search_string) {
                        $query = " AND MATCH ('@dummy dummy {$search_string}')";
                    }
                }
                // Test for empty search and remove whitespaces
                $search_string = preg_replace('/^\\s+$/', '', $search_string);
                $search_string = preg_replace('/\\s+$/', '', $search_string);
                // get the columns we are sorting
                // speedup: when use use today only idx_last_24h is used
                if ($lo_start < date('Y-m-d') . " 00:00:00") {
                    $sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from distributed where ";
                } else {
                    $sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from idx_last_24h where ";
                }
                if (sizeof($sphinxfilters) > 0) {
                    $sphinxstatement .= implode($sphinxfilters, ' AND ');
                }
                $sphinxstatement .= " {$query} and host_crc in ({$hosts}) {$sphinxgroupby} {$sphinxlimit} {$sphinxoptions}";
                action("GRAPH: Searching using sphinx " . $sphinxstatement);
                $result = $scl->query($sphinxstatement);
                if ($result) {
                    while (list($name, $value) = $result->fetch_row()) {
                        $ids[$name] += $value;
                    }
                }
                $counter = 0;
                $hosts = "";
            }
        }
    }
    // catch the last few hosts
    if ($hosts != "") {
        $hosts = rtrim($hosts, ",");
        $hosts = $scl->real_escape_string($hosts);
        $search_string = $msg_mask . $notes_mask;
        if ($lo_start < date('Y-m-d') . " 00:00:00") {
            $query = " AND MATCH ('@dummy dummy {$search_string}')";
        } else {
            if ($search_string) {
                $query = " AND MATCH ('@dummy dummy {$search_string}')";
            }
        }
        // Test for empty search and remove whitespaces
        $search_string = preg_replace('/^\\s+$/', '', $search_string);
        $search_string = preg_replace('/\\s+$/', '', $search_string);
        // get the columns we are sorting
        // speedup: when use use today only idx_last_24h is used
        if ($lo_start < date('Y-m-d') . " 00:00:00") {
            $sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from distributed where ";
        } else {
            $sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from idx_last_24h where ";
        }
        if (sizeof($sphinxfilters) > 0) {
            $sphinxstatement .= implode($sphinxfilters, ' AND ');
        }
        $sphinxstatement .= " {$query} and host_crc in ({$hosts}) {$sphinxgroupby} {$sphinxlimit} {$sphinxoptions}";
        action("GRAPH2: Searching using sphinx " . $sphinxstatement);
        $result = $scl->query($sphinxstatement);
        if ($result) {
            while (list($name, $value) = $result->fetch_row()) {
                $ids[$name] += $value;
            }
        }
    }
    // sort the results array
    arsort($ids);
    $keys = array_keys($ids);
    $values = array_values($ids);
    // limit to query to 100
    if ($limit > count($values)) {
        $limit = count($values);
    }
    for ($i = 0; $i < $limit; $i++) {
        $found_ids[$i][$json_a['groupby']] = $keys[$i];
        $found_ids[$i]['scount'] = $values[$i];
    }
    return json_encode($found_ids);
}