$url = 'http://' . $graylog_sec . ':12900/search/universal/relative/terms?field=source_ip&query=' . $e_query . '&range=' . $range; echo "# " . $url; $curl = curl_init(); $opt = array(CURLOPT_URL => $url, CURLOPT_USERAGENT => "Mozilla", CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => false, CURLOPT_CONNECTTIMEOUT => 10, CURLOPT_USERPWD => "{$graylog_api_user}:{$graylog_api_pass}", CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt_array($curl, $opt); $output = curl_exec($curl); $http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE); curl_close($curl); return $output; } $gl_json = json_decode(getGraylogMessages($TIME_PERIOD), true); $list = $gl_json['terms']; arsort($list); $output .= "\n"; foreach ($list as $ip => $hits) { if (valid_ipv4_host($ip)) { if ($hits > $MIN_HITS) { $output .= "{$hits} {$ip}\n"; } } if (valid_ipv6_host($ip)) { $ip = compress($ip); if ($hits > $MIN_HITS) { $output .= "{$hits} {$ip}\n"; } } } if (php_sapi_name() == "cli") { echo $output; } else { echo "<pre>{$output}<pre>";
function type($ip) { if (!$ip) { return false; } if (valid_ipv4_host($ip)) { return "ipv4"; } if (valid_ipv6_host($ip)) { return "ipv6"; } return "unknown"; }