function server_get_servers($server_list)
{
$active_servers = 0;
$total_servers = 0;
if ($server_list) {
$total_servers = count($server_list);
foreach ($server_list as $server) {
$ip = $server->get_ip();
$port = $server->get_port();
try {
$output = Util::execute_command("echo 'connect id=\"1\" type=\"web\"' | nc ? ? -w1", array($ip, $port), 'array');
if (strncmp('ok id="1"', $output[0], 9) == FALSE) {
$active_servers++;
}
} catch (Exception $e) {
}
}
}
return array($total_servers, $active_servers);
}
function execute_sql($path_file_log, $sql_file, $upgrade)
{
if (preg_match("/\\.gz\$/", $sql_file)) {
// Gzipped .sql.gz
$cmd = "zcat ? | ossim-db > ? 2>&1";
} else {
// Normal .sql
$cmd = "ossim-db < ? > ? 2>&1";
}
try {
Util::execute_command($cmd, array($sql_file, $path_file_log), 'array');
// Array mode to catch errors
$php_file = str_replace("_mysql.sql", ".php", $sql_file);
$php_file = preg_replace("/\\.gz\$/", "", $php_file);
// Clean .gz
if (file_exists($php_file)) {
echo "\t Done\nExecuting: " . $sql_file . "...";
return execute_php($php_file, $upgrade, $path_file_log);
}
return 0;
} catch (Exception $e) {
return 1;
}
}
* You should have received a copy of the GNU General Public License
* along with this package; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
* MA 02110-1301 USA
*
*
* On Debian GNU/Linux systems, the complete text of the GNU General
* Public License can be found in `/usr/share/common-licenses/GPL-2'.
*
* Otherwise you can read it here: http://www.gnu.org/licenses/gpl-2.0.txt
*
*/
set_include_path('/usr/share/ossim/include');
require_once 'av_init.php';
$user = $argv[1];
$file = $argv[2];
$db = new ossim_db();
$conn = $db->connect();
$config = new User_config($conn);
if (!preg_match("/^\\/var\\/tmp\\//", $file) && !preg_match("/^\\/tmp\\//", $file)) {
echo "Error: 'file' parameter must be a valid /tmp file\n";
exit;
}
if (!file_exists($file)) {
echo "Error: '{$file}' file does not exist\n";
exit;
}
$cmd = "(cat ? | ossim-db; rm -f ?; echo 'flush_all' | /bin/nc -q 2 127.0.0.1 11211; sleep 3) > /var/tmp/alarm_bg_result 2>&1 & echo \$!";
$pid = Util::execute_command($cmd, array($file, $file), 'string');
$config->set($user, 'background_task', $pid, 'simple', 'alarm');
$db->close($conn);
// generate PDF
$query = ossim_query("SELECT scantime, report_key FROM vuln_nessus_reports WHERE report_id={$report_id}");
$rs = $dbconn->Execute($query);
if (!$rs) {
print $dbconn->ErrorMsg();
} else {
if (!$rs->EOF) {
$scan_END = $rs->fields['scantime'];
$report_key = $rs->fields['report_key'];
}
}
$file_path = "/usr/share/ossim/www/tmp/" . $result->fields["name"] . "_" . $scan_END . ".pdf";
$file_path = str_replace(" ", "", $file_path);
$file_name = $result->fields["name"] . "_" . $scan_END . ".pdf";
$params = array($report_id, $file_path);
Util::execute_command("/usr/bin/php /usr/share/ossim/scripts/vulnmeter/respdf.php ? > ?", $params);
if (file_exists($file_path) && filesize($file_path) <= 5242880) {
$attachments[] = array("path" => $file_path, "name" => $file_name);
}
}
if (!valid_hex32($username)) {
$body = get_timestamps($dbconn, $username, $result->fields['scan_START'], $result->fields['scan_SUBMIT'], $body);
$email = get_email($dbconn, $username);
Util::send_email($dbconn, $email, $subject, $body, $attachments);
} else {
// username is a entity
$entity_data = Acl::get_entity($dbconn, $username, FALSE, FALSE);
if ($entity_data["admin_user"] != "") {
$body = get_timestamps($dbconn, $entity_data["admin_user"], $result->fields['scan_START'], $result->fields['scan_SUBMIT'], $body);
$email = get_email($dbconn, $entity_data["admin_user"]);
Util::send_email($dbconn, $email, $subject, $body, $attachments);
function newFolder($name)
{
if (file_exists($name)) {
return false;
} else {
@mkdir($name, 0755, true);
Util::execute_command("chown www-data:www-data ?", array(dirname($name)));
Util::execute_command("chown www-data:www-data ?", array($name));
return true;
}
}
$result_server = $dbconn->Execute("SELECT meth_Wcheck FROM vuln_jobs WHERE id = ?", array($job_id));
preg_match("/.*\\s(\\d+\\.\\d+\\.\\d+\\.\\d+)<.*/", $result_server->fields['meth_Wcheck'], $found);
$sensor_id = Av_sensor::get_id_by_ip($dbconn, $found[1]);
$sensor_object = new Av_sensor($sensor_id);
$sensor_object->load_from_db($dbconn);
$ov_credentials = $sensor_object->get_vs_credentials($dbconn);
$port = $ov_credentials['port'];
$user = $ov_credentials['user'];
$password = $ov_credentials['password'];
$omp = new Omp($sensor_object->get_ip(), $port, $user, $password);
}
switch ($disp) {
case "kill":
$schedid = intval($schedid);
if ($schedid > 0) {
Util::execute_command("sudo /usr/share/ossim/scripts/vulnmeter/cancel_scan.pl ?", array($schedid));
}
break;
case "playTask":
$omp->play_task($job_id);
break;
case "pauseTask":
$omp->pause_task($job_id);
break;
case "stopTask":
$omp->stop_task($job_id);
break;
case "resumeTask":
$omp->resume_task($job_id);
break;
case "deleteTask":
/**
* Second method how to lookup the country corresponding to an ip address:
* Makes use of the perl module IP::Country
* http://search.cpan.org/dist/IP-Country/
* The web server needs permission to execute "ip2cc".
* Quoting from the php manual:
* "Note: When safe mode is enabled, you can only execute executables within the safe_mode_exec_dir. For practical reasons it is currently not allowed to have .. components in the path to the executable."
*
* $IP2CC must contain the absolute path to this executable.
*
*
*/
function run_ip2cc($address_with_dots, &$country)
{
global $db, $debug_mode, $IP2CC, $iso_3166;
if (empty($address_with_dots)) {
ErrorMessage("ERROR: \$address_with_dots is empty<BR>\n");
return 0;
}
if (!is_file($IP2CC) || !is_executable($IP2CC)) {
ErrorMessage("ERROR: with \$IP2CC = \"" . $IP2CC . "\"<BR>\n");
return 0;
}
$cmd = $IP2CC . " ?";
unset($output);
try {
$output = Util::execute_command($cmd, array($address_with_dots), 'array');
} catch (Exception $e) {
ErrorMessage("ERROR with " . $cmd . "<BR>\n");
print_r($output);
return 0;
}
$result = explode(" ", $output[6]);
$max = count($result);
$country = "";
for ($i = 3; $i < $max; $i++) {
$country .= $result[$i] . " ";
}
// if ($debug_mode > 0) {
// print "Found: " . $address_with_dots . " belongs to " . $country . "<BR>\n";
// }
return 1;
}
$conn->Execute("BEGIN");
$conn->Execute("TRUNCATE acid_event");
$conn->Execute("TRUNCATE ac_acid_event");
$conn->Execute("TRUNCATE po_acid_event");
$conn->Execute("TRUNCATE device");
$conn->Execute("REPLACE INTO device (id, device_ip, interface, sensor_id) VALUES (999999, 0x0, '', 0x0)");
$conn->Execute("UPDATE device SET id = 0 WHERE id = 999999");
$conn->Execute("TRUNCATE extra_data");
$conn->Execute("TRUNCATE reputation_data");
$conn->Execute("TRUNCATE idm_data");
$conn->Execute("TRUNCATE otx_data");
$conn->Execute("COMMIT");
$conn->Execute("SET AUTOCOMMIT=1");
Util::memcacheFlush();
session_write_close();
Util::execute_command('sudo /etc/init.d/ossim-server restart > /dev/null 2>&1 &');
}
}
$run_data = Backup::is_running($conn_ossim);
$run = $run_data[0];
$db->close($conn);
$db->close($conn_ossim);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title><?php
echo _('Backup');
?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
*/
require_once 'av_init.php';
Session::logcheck("analysis-menu", "EventsForensics");
require_once 'classes/Util.inc';
$id = GET('id');
ossim_valid($id, OSS_HEX, 'illegal:' . _("id"));
if (ossim_error()) {
die(ossim_error());
}
//Labels
$tl_error = utf8_encode(_("Error in pcap format!"));
$pcapfile = "/var/tmp/base_packet_" . $id . ".pcap";
$pdmlfile = "/var/tmp/base_packet_" . $id . ".pdml";
// TSAHRK: show packet in web page
$cmd = "tshark -V -r ? -T pdml > ?";
Util::execute_command($cmd, array($pcapfile, $pdmlfile));
?>
<ul style="display:none"><li id="key1" data="isFolder:true, icon:'../../images/any.png'">
<?php
if (file_exists($pdmlfile) && filesize($pdmlfile) > 0) {
$i = 1;
if ($xml = @simplexml_load_file($pdmlfile)) {
foreach ($xml->packet->proto as $key => $xml_entry) {
$atr_tit = $xml_entry->attributes();
if ($atr_tit['name'] == "geninfo") {
$img = "information.png";
} elseif ($atr_tit['name'] == "tcp" || $atr_tit['name'] == "udp") {
$img = "proto.png";
} elseif ($atr_tit['name'] == "ip") {
$img = "flow_chart.png";
} elseif ($atr_tit['name'] == "frame") {
function check_bg_tasks($conn)
{
$user = Session::get_session_user();
$config = new User_config($conn);
//Getting the pid of the operation running in background
$pid = $config->get($user, 'background_task', 'simple', "alarm");
$bg = FALSE;
//If the pid is not empty, then we check if the process is still running
if ($pid != '') {
//Launching a ps with the pid stored
$process_state = Util::execute_command('ps ?', array(intval($pid)), 'array');
$bg = count($process_state) >= 2;
//If the count is >= 2 then there is a process running
//If the process is not running any longer, then we delete the pid from db
if (!$bg) {
$config->set($user, 'background_task', '', 'simple', 'alarm');
}
}
$return['error'] = FALSE;
$return['msg'] = '';
$return['bg'] = $bg;
Util::memcacheFlush(FALSE);
return $return;
}
if (!Ossec_utilities::is_sensor_allowed($conn, $sensor_id)) {
ossim_set_error(_('Error! Sensor not allowed'));
}
$db->close();
}
if (ossim_error()) {
echo '2###' . _('We found the followings errors') . ": <div style='padding-left: 15px; text-align:left;'>" . ossim_get_error_clean() . '</div>';
exit;
}
//Current sensor
$_SESSION['ossec_sensor'] = $sensor_id;
if ($tab == '#tab1') {
try {
$conf_data = Ossec::get_configuration_file($sensor_id);
$command = 'egrep "<[[:space:]]*include[[:space:]]*>.*xml<[[:space:]]*/[[:space:]]*include[[:space:]]*>" ?';
$output = Util::execute_command($command, array($conf_data['path']), 'array');
$rules_enabled = array();
foreach ($output as $k => $v) {
if (preg_match("/^<\\s*include\\s*>(.*)<\\s*\\/include\\s*>/", trim($v), $match)) {
$rules_enabled[] = $match[1];
}
}
sort($rules_enabled);
$all_rules = Ossec::get_rule_files($sensor_id);
$no_added_rules = array_diff($all_rules, $rules_enabled);
echo "1###";
?>
<div id='cnf_rules_cont'>
<table class='cnf_rules_table'>
<tr>
<td style='padding: 8px 0px 6px 0px;'><?php
for ($i = 1; $i < $total; $i++) {
$l = $lines[$i];
$l = str_replace("host=", "<b><font color = \"red\">host=</font></b>", $l);
$l = str_replace("port=", "<b><font color = \"red\">port=</font></b>", $l);
foreach ($types as $t) {
$l = str_replace($t, "<b><font color = \"blue\">" . $t . "</font></b>", $l);
}
print $l . "<br>";
}
if ($total == $maxlines) {
print "[...]<br>";
}
print "</pre></div></p>";
$output_file = '/tmp/shellcode.png';
$tmp2 = tempnam("/tmp", "dot");
@unlink($output_file);
Util::execute_command('sctest -Sgs 1000000 -G ? < ?', array($tmp2, $tmp));
Util::execute_command('dot -Tpng -Gcharset=latin1 -Gsize="400,300" ? -o ?', array($tmp2, $output_file));
if (file_exists($output_file)) {
$img = 'data:image/png;base64,' . base64_encode(file_get_contents($output_file));
echo '<img src="' . $img . '" style="border: 1px solid #333333; padding:5px;width:99%"/>';
}
@unlink($tmp2);
@unlink($output_file);
}
@unlink($tmp);
@unlink($tmpout);
?>
</body>
</html>
* $Id: nfsen.php 22 2007-11-20 12:27:38Z phaag $
*
* $LastChangedRevision: 22 $
*
*/
// The very first function to call
require_once 'av_init.php';
Session::logcheck("environment-menu", "MonitorsNetflows");
require 'conf.php';
require 'nfsenutil.php';
require 'navigator.php';
/*
We need to use the timezone of the box in orther to keep synchronized the PHP and the NfSen.
This is needed after upgrading to PHP 5.4 (The PHP timezone is UTC by default and it might not match with the machine's timezone)
*/
$machine_tz = Util::execute_command("head -1 /etc/timezone | tr -d '\n'", FALSE, 'string');
if ($machine_tz != '') {
date_default_timezone_set($machine_tz);
}
$expected_version = "1.3.6p1";
if ($_REQUEST["login"] != "") {
$_POST["process"] = "Process";
}
// Session check
if (!array_key_exists('backend_version', $_SESSION) || $_SESSION['backend_version'] != $expected_version) {
//session_destroy();
//session_start();
$_SESSION['version'] = $expected_version;
//print "<h1>Frontend - Backend version missmatch!</h1>\n";
}
$TabList = array('Home', 'Graphs', 'Details');
$xml_rules[] = "<include>{$rule}</include>";
} else {
$xml_rules[] = "<!--<include>{$rule}</include>-->";
}
} else {
if (array_key_exists($rule, $rules_enabled)) {
$xml_rules[$rule_order[$rule]] = "<include>{$rule}</include>";
} else {
$xml_rules[$rule_order[$rule]] = "<!--<include>{$rule}</include>-->";
}
}
}
$rule_xml = Util::execute_command("egrep \"<[[:space:]]*rule[[:space:]]*>.*<[[:space:]]*/[[:space:]]*rule[[:space:]]*>\" ?", array($conf_data['path']), 'array');
$rule_dir_xml = Util::execute_command("egrep \"<[[:space:]]*rule_dir[[:space:]]*>.*<[[:space:]]*/[[:space:]]*rule_dir[[:space:]]*>\" ?", array($conf_data['path']), 'array');
$decode_xml = Util::execute_command("egrep \"<[[:space:]]*decode[[:space:]]*>.*<[[:space:]]*/[[:space:]]*decode[[:space:]]*>\" ?", array($conf_data['path']), 'array');
$decode_dir_xml = Util::execute_command("egrep \"<[[:space:]]*decode_dir[[:space:]]*>.*<[[:space:]]*/[[:space:]]*decode_dir[[:space:]]*>\" ?", array($conf_data['path']), 'array');
if (is_array($rule_xml) && !empty($rule_xml)) {
foreach ($rule_xml as $k => $v) {
$xml_rules[] = trim($v);
}
}
if (is_array($rule_dir_xml) && !empty($rule_dir_xml)) {
foreach ($rule_dir_xml as $k => $v) {
$xml_rules[] = trim($v);
}
}
if (is_array($decode_xml) && !empty($decode_xml)) {
foreach ($decode_xml as $k => $v) {
$xml_rules[] = trim($v);
}
}
$fsearch = Util::execute_command("sudo ps ax |grep 'fetch_all'| grep -v grep", FALSE, 'array');
} else {
$exit = true;
}
}
// to alienvault_search process
$exit = false;
$fsearch = Util::execute_command("sudo ps ax |grep 'alienvault_search'| grep -v grep", FALSE, 'array');
while (count($fsearch) > 0 && !$exit) {
$pids_to_kill = array();
foreach ($fsearch as $result) {
if ($debug) {
echo $result . "\n";
}
if (preg_match("/^\\s*(\\d+)\\s.*/", $result, $match)) {
$pids_to_kill[] = $match[1];
}
}
$fsearch = array();
if (count($pids_to_kill) > 0) {
$all_pids = implode(" ", $pids_to_kill);
if ($debug) {
echo "sudo kill -9 {$all_pids}\n";
}
Util::execute_command("sudo kill -9 ?", array($all_pids));
sleep(2);
$fsearch = Util::execute_command("sudo ps ax |grep 'alienvault_search'| grep -v grep", FALSE, 'array');
} else {
$exit = true;
}
}
function ProcessSelectedAlerts($action, &$action_op, $action_arg, $action_param, $context, $action_lst, &$num_alert, $action_sql, $db, $limit_start = -1, $limit_offset = -1)
{
global $debug_mode;
$action_cnt = 0;
$dup_cnt = 0;
$action_desc = "";
if ($action == "ag_by_id") {
$action_desc = gettext("ADD to AG (by ID)");
} else {
if ($action == "ag_by_name") {
$action_desc = gettext("ADD to AG (by Name)");
} else {
if ($action == "del_alert") {
$action_desc = gettext("Delete event(s)");
} else {
if ($action == "email_alert") {
$action_desc = gettext("Email event(s) (full)");
} else {
if ($action == "email_alert2") {
$action_desc = gettext("Email event(s) (summary)");
} else {
if ($action == "csv_alert") {
$action_desc = gettext("Email event(s) (csv)");
} else {
if ($action == "clear_alert") {
$action_desc = gettext("Clear from AG");
} else {
if ($action == "archive_alert") {
$action_desc = gettext("Archive event(s) (copy)");
} else {
if ($action == "archive_alert2") {
$action_desc = gettext("Archive event(s) (move)");
} else {
if ($action == "add_new_ag") {
$action_desc = gettext("ADD-New-AG");
}
}
}
}
}
}
}
}
}
}
if ($action == "") {
return;
}
// if ($debug_mode > 0) {
// echo "<BR>==== $action_desc Alerts ========<BR>
// num_alert = $num_alert<BR>
// action_sql = $action_sql<BR>
// action_op = $action_op<BR>
// action_arg = $action_arg<BR>
// action_param = $action_param<BR>
// context = $context<BR>
// limit_start = $limit_start<BR>
// limit_offset = $limit_offset<BR>";
// }
/* Depending from which page/listing the action was spawned,
* the entities selected may not necessarily be specific
* alerts. For example, sensors or alert names may be
* selected. Thus, each one of these entities referred to as
* alert_blobs, the specific alerts associated with them must
* be explicitly extracted. This blob structures SQL must be
* used to extract the list, where the passed selected keyed
* will be the criteria in this SQL.
*
* Note: When acting on any page where gettext("Delete Entire Query") is
* selected this is also a blob.
*/
// Main blobs/elements to process (Single events, Unique events, Sensors, Ports...)
$process_list = array();
if ($action_op == _('Delete Entire Query')) {
$process_list[] = 1;
$action_cnt = $num_alert;
} else {
// Compact action_lst into process_list
foreach ($action_lst as $_key => $_value) {
$process_list[] = $_value;
}
}
/* if only manipulating specific alerts --
* (in the Query results or AG contents list)
*/
if ($context == PAGE_QRY_ALERTS || $context == PAGE_QRY_AG || $context == PAGE_ALERT_DISPLAY) {
$num_alert_blobs = 1;
$using_blobs = $action_op == gettext("Delete Entire Query") ? TRUE : FALSE;
} else {
$num_alert_blobs = $num_alert;
$using_blobs = TRUE;
}
$blob_alert_cnt = $num_alert;
if (file_exists('/tmp/debug_siem')) {
file_put_contents("/tmp/siem", "ProcessSelectedAlerts [action={$action} action_op={$action_op} context={$context} num_alert={$num_alert} action_sql={$action_sql} using_blobs={$using_blobs} process_list=" . json_encode($process_list) . "]\n", FILE_APPEND);
}
/* ******* SOME PRE ACTION ********* */
$function_pre = "Action_" . $action . "_Pre";
$action_ctx = $function_pre($action_arg, $action_param, $db);
// Background Delete: Create delete temporary file delsql_<TIME>
if ($action == "del_alert") {
$block = 50000;
$del_total = count($process_list);
$del_total = $del_total > 0 ? $del_total : 1;
$interval = 100 / $del_total;
$db_name = $_SESSION["server"][4] != "" ? $_SESSION["server"][4] : "alienvault_siem";
$rnd = time();
$_SESSION["deletetask"] = $rnd;
$deltmp = "/var/tmp/del_{$rnd}";
$f = fopen($deltmp, "w");
fputs($f, "/* ****************Background Purge Execution*************** */\n");
if ($_SESSION["server"][4] != "") {
fputs($f, "USE " . $db_name . ";\n");
}
fputs($f, "CREATE TABLE IF NOT EXISTS `deletetmp` (`id` int(11) NOT NULL,`perc` int(11) NOT NULL, PRIMARY KEY (`id`));\n");
fputs($f, "INSERT INTO deletetmp (id,perc) VALUES ({$rnd},1) ON DUPLICATE KEY UPDATE perc=1;\n");
fputs($f, "CREATE TABLE IF NOT EXISTS del_{$rnd} ( id binary(16) NOT NULL,timestamp DATETIME NOT NULL, PRIMARY KEY ( id ) );\n");
}
// Loop through all the alert blobs
for ($j = 0; $j < count($process_list); $j++) {
$perc = round($j * 100 / count($process_list), 0);
if ($perc > 99) {
$perc = 99;
}
/* If acting on a blob construct, or on the_ENTIREQUERY
* of a non-blob structure (which is equivalent to 1-blob)
* run a query to get the results.
*
* For each unique blob construct two SQL statement are
* generated: one to retrieve the alerts ($sql), and another
* to count the number of actual alerts in this blob
*/
if ($using_blobs) {
$sql = $action_sql;
/* Unique Signature listing */
if ($context == PAGE_STAT_ALERTS) {
$tmp = !isset($process_list[$j]) ? array(0, 0) : preg_split("/[\\s;]+/", $process_list[$j]);
$sql = "SELECT hex(acid_event.id) as id " . $action_sql . " \n AND acid_event.plugin_id='" . $tmp[0] . "' AND acid_event.plugin_sid='" . $tmp[1] . "'";
$sql2 = "SELECT count(acid_event.id) " . $action_sql . " \n AND acid_event.plugin_id='" . $tmp[0] . "' AND acid_event.plugin_sid='" . $tmp[1] . "'";
} else {
if ($context == PAGE_STAT_SENSOR) {
$tmp = !isset($process_list[$j]) ? -1 : $process_list[$j];
$sql = "SELECT hex(acid_event.id) as id " . $action_sql . " AND device_id='{$tmp}'";
$sql2 = "SELECT count(acid_event.id) " . $action_sql . " AND device_id='{$tmp}'";
} else {
if ($context == PAGE_STAT_CLASS) {
$sql = $sql2 = "";
} else {
if ($context == PAGE_STAT_IPLINK) {
$sql = $sql2 = "";
} else {
if ($context == PAGE_STAT_UADDR) {
if (!isset($process_list[$j])) {
$tmp = " AND ip_src=NULL AND ip_dst=NULL";
} else {
$aux = explode("_", $process_list[$j]);
$tmp = "";
if (preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $aux[0])) {
$tmp .= " AND ip_src=unhex('" . bin2hex(@inet_pton($aux[0])) . "')";
}
if (preg_match("/\\d+\\.\\d+\\.\\d+\\.\\d+/", $aux[1])) {
$tmp .= " AND ip_dst=unhex('" . bin2hex(@inet_pton($aux[1])) . "')";
}
if (preg_match("/[0-9a-fA-F]+/", $aux[2])) {
$tmp .= " AND ctx=unhex('" . $aux[2] . "')";
}
}
$sql = "SELECT hex(acid_event.id) as id " . preg_replace("/.._acid_event (as)?/", '', $action_sql) . $tmp;
$cnt = preg_match("/.._acid_event/", $action_sql) ? "sum(acid_event.cnt) " : "count(acid_event.id) ";
$sql2 = "SELECT " . $cnt . $action_sql . $tmp;
} else {
if ($context == PAGE_STAT_PORTS) {
if (!isset($process_list[$j])) {
$tmp = "ip_proto='-1'";
} else {
$tmp = $process_list[$j];
$tmp_proto = strtok($tmp, "_");
$tmp_porttype = strtok("_");
$tmp_ip = strtok("_");
$ctx = strtok("_");
if ($tmp_proto == TCP) {
$tmp = "ip_proto='" . TCP . "'";
} else {
if ($tmp_proto == UDP) {
$tmp = "ip_proto='" . UDP . "'";
} else {
$tmp = "ip_proto IN (" . TCP . ", " . UDP . ")";
}
}
$tmp .= $tmp_porttype == SOURCE_PORT ? " AND layer4_sport='" . $tmp_ip . "'" : " AND layer4_dport='" . $tmp_ip . "'";
$tmp .= " AND ctx=unhex('{$ctx}')";
}
$sql = "SELECT hex(acid_event.id) as id FROM acid_event WHERE " . $tmp;
$sql2 = "SELECT count(acid_event.id) FROM acid_event WHERE " . $tmp;
}
}
}
}
}
}
if (file_exists('/tmp/debug_siem')) {
file_put_contents("/tmp/siem", "Delete: {$sql}\n{$sql2}\n", FILE_APPEND);
}
// If acting on alerts by signature or sensor, count the number of alerts
if ($context == PAGE_STAT_ALERTS || $context == PAGE_STAT_SENSOR || $context == PAGE_STAT_CLASS || $context == PAGE_STAT_IPLINK || $context == PAGE_STAT_UADDR || $context == PAGE_STAT_PORTS) {
$result_blob = $db->baseExecute($sql2);
$myrow_blob = $result_blob->baseFetchRow();
$blob_alert_cnt = $myrow_blob[0];
$action_cnt += $blob_alert_cnt;
$result_blob->baseFreeRows();
}
/* Limit the number of alerts acted on if in "top x alerts" */
if ($limit_start != -1) {
$blob_alert_cnt = $limit_offset;
}
// Call background purge if using blobs (Delete Entire Query, Grouped by...)
if ($action == 'del_alert') {
$total_aux = $blob_alert_cnt > 0 ? $blob_alert_cnt : 1;
$f = fopen($deltmp, "a");
fputs($f, "INSERT IGNORE INTO del_{$rnd} " . str_replace("hex(acid_event.id) as id", "acid_event.id,DATE_FORMAT(acid_event.timestamp, '%Y-%m-%d %H:00:00')", $sql) . ";\n");
fputs($f, "SELECT min(timestamp),max(timestamp) FROM del_{$rnd} INTO @date_from,@date_to;\n");
fputs($f, "CREATE TEMPORARY TABLE tmp_delete (id binary(16) NOT NULL, PRIMARY KEY (`id`)) ENGINE=MEMORY;\n");
fputs($f, "SET AUTOCOMMIT=0;\n");
for ($k = 0; $k < $total_aux; $k += $block) {
// Increase percent progress in subintervals
if ($total_aux > $block) {
$sub_perc = round(($k + $block) * 100 / $total_aux, 0);
$sub_perc = $perc + $sub_perc * $interval / 100;
if ($sub_perc > 99) {
$sub_perc = 99;
}
}
fputs($f, "UPDATE deletetmp SET perc='{$sub_perc}' WHERE id='{$rnd}';COMMIT;\n");
fputs($f, "INSERT INTO tmp_delete SELECT id FROM del_{$rnd} LIMIT {$block};\n");
fputs($f, "DELETE aux FROM acid_event aux LEFT JOIN tmp_delete t ON aux.id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE aux FROM idm_data aux LEFT JOIN tmp_delete t ON aux.event_id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE aux FROM reputation_data aux LEFT JOIN tmp_delete t ON aux.event_id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE aux FROM otx_data aux LEFT JOIN tmp_delete t ON aux.event_id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE aux FROM extra_data aux LEFT JOIN tmp_delete t ON aux.event_id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE d FROM del_{$rnd} d, tmp_delete t WHERE t.id=d.id;TRUNCATE TABLE tmp_delete;\n\n");
fputs($f, "COMMIT;\n");
}
fputs($f, "DELETE aux FROM acid_event aux LEFT JOIN del_{$rnd} t ON aux.id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE aux FROM idm_data aux LEFT JOIN del_{$rnd} t ON aux.event_id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE aux FROM reputation_data aux LEFT JOIN del_{$rnd} t ON aux.event_id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE aux FROM otx_data aux LEFT JOIN del_{$rnd} t ON aux.event_id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "DELETE aux FROM extra_data aux LEFT JOIN del_{$rnd} t ON aux.event_id=t.id WHERE t.id IS NOT NULL;\n");
fputs($f, "CALL fill_tables(DATE_FORMAT(@date_from, '%Y-%m-%d %H:00:00'),DATE_FORMAT(@date_to, '%Y-%m-%d %H:59:59'));\n");
fputs($f, "TRUNCATE TABLE del_{$rnd};\nDROP TABLE tmp_delete;\n");
fputs($f, "COMMIT;\n");
} else {
/* Execute the SQL to get the alert listing */
if ($limit_start == -1) {
$result = $db->baseExecute($sql, -1, -1, FALSE);
} else {
$result = $db->baseExecute($sql, $limit_start, $limit_offset, FALSE);
}
if ($db->baseErrorMessage() != "") {
ErrorMessage("Error retrieving alert list to {$action_desc} " . $db->baseErrorMessage());
return -1;
}
for ($i = 0; $i < $blob_alert_cnt; $i++) {
/* Verify that have a selected alert */
if (is_object($result)) {
$myrow = $result->baseFetchRow();
$id = $myrow[0];
if ($id != "") {
/* **** SOME ACTION on Event ID ********** */
if (file_exists('/tmp/debug_siem')) {
file_put_contents("/tmp/siem", "Action [{$action}] on specific event in particular blob ID:{$id}\n", FILE_APPEND);
}
$function_op = "Action_" . $action . "_op";
$action_ctx =& $action_ctx;
$tmp = $function_op($id, $db, $action_arg, $action_ctx);
if ($tmp == 0) {
++$dup_cnt;
} else {
if ($tmp == 1) {
++$action_cnt;
}
}
}
}
}
/* If acting on a blob, free the result set used to get alert list */
if (is_object($result)) {
$result->baseFreeRows();
}
}
} else {
GetNewResultID($process_list[$j], $seq, $id);
if ($id != "") {
/* **** SOME ACTION on Event ID ********** */
if (file_exists('/tmp/debug_siem')) {
file_put_contents("/tmp/siem", "Action [{$action}] on single event ID:{$id}\n", FILE_APPEND);
}
$function_op = "Action_" . $action . "_op";
$action_ctx =& $action_ctx;
if ($action == "del_alert") {
$tmp = $function_op($id, $db, $deltmp, $action_cnt, $perc, $f);
} else {
$tmp = $function_op($id, $db, $action_arg, $action_ctx);
}
if ($tmp == 0) {
++$dup_cnt;
} else {
if ($tmp == 1) {
++$action_cnt;
}
}
}
}
}
// POST ACTION AND FLUSH MEMCACHE
if ($action == 'del_alert') {
fputs($f, "DROP TABLE del_{$rnd};\n");
fputs($f, "UPDATE deletetmp SET perc='100' WHERE id='{$rnd}';\nCOMMIT;\n");
fclose($f);
$cmd = "/usr/share/ossim/scripts/forensics/bg_purge_from_siem.sh ? > /var/tmp/latest_siem_events_purge.log 2>&1 &";
if (file_exists('/tmp/debug_siem')) {
file_put_contents("/tmp/siem", "Action [{$action}] background delete ({$action_cnt} events):{$cmd}\n", FILE_APPEND);
}
Util::execute_command($cmd, array("del_{$rnd}"));
echo "<script>bgtask();</script>\n";
}
/* **** SOME POST-ACTION ******* */
$function_post = "Action_" . $action . "_post";
if ($action == "del_alert") {
$function_post($action_arg, $action_ctx, $db, $num_alert, $action_cnt, $context, $deltmp);
} else {
$function_post($action_arg, $action_ctx, $db, $num_alert, $action_cnt);
}
if ($dup_cnt > 0) {
ErrorMessage(gettext("Ignored ") . $dup_cnt . gettext(" duplicate event(s)"));
}
if ($action_cnt > 0) {
/*
* Print different message if alert action units (e.g. sensor
* or signature) are not individual alerts
*/
//if (($context == PAGE_STAT_ALERTS) || ($context == PAGE_STAT_SENSOR) || ($context == PAGE_STAT_CLASS) || ($context == PAGE_STAT_IPLINK) || ($context == PAGE_STAT_UADDR) || ($context == PAGE_STAT_PORTS)) {
// if ($action == "del_alert") ErrorMessage(_("Deleting") . " " . $action_cnt . gettext(" event(s)"));
// else ErrorMessage(gettext("Successful") . " $action_desc - " . gettext("on") . " $action_cnt " . gettext(" event(s)") . " (" . gettext("in") . " $num_alert_blobs blobs)");
//} else {
// if ($action == "del_alert") ErrorMessage(_("Deleting") . " " . $action_cnt . gettext(" event(s)"));
// else ErrorMessage(gettext("Successful") . " $action_desc - " . $action_cnt . gettext(" event(s)"));
//}
} else {
if ($action_cnt == 0) {
ErrorMessage(gettext("No events were selected or the") . " {$action_desc} " . gettext("was not successful"));
}
}
$db->baseCacheFlush();
// if ($debug_mode > 0) {
// echo "-------------------------------------<BR>
// action_cnt = $action_cnt<BR>
// dup_cnt = $dup_cnt<BR>
// num_alert = $num_alert<BR>
// ==== $action_desc Alerts END ========<BR>";
// }
}
/* Alert DB connection parameters
* - $alert_dbname : MySQL database name of Snort alert DB
* - $alert_host : host on which the DB is stored
* - $alert_port : port on which to access the DB
* - $alert_user : login to the database with this user
* - $alert_password : password of the DB user
*
* This information can be gleaned from the Snort database
* output plugin configuration.
*/
//##### Begin of variables configured through dbconfig-common
$alert_user = trim(Util::execute_command('grep ^ossim_user /etc/ossim/framework/ossim.conf | cut -f 2 -d "="', FALSE, 'string'));
$alert_password = trim(Util::execute_command('grep ^ossim_pass /etc/ossim/framework/ossim.conf | cut -f 2 -d "="', FALSE, 'string'));
$basepath = '';
$alert_dbname = 'alienvault_siem';
$alert_host = trim(Util::execute_command('grep ^ossim_host /etc/ossim/framework/ossim.conf | cut -f 2 -d "="', FALSE, 'string'));
$alert_port = '';
$DBtype = 'mysqli';
// Adjust dbconfig-common names
if ($DBtype == 'pgsql') {
$DBtype = 'postgres';
}
//##### End of variables configured through dbconfig-common
/* Archive DB connection parameters */
$archive_exists = 0;
// Set this to 1 if you have an archive DB
$archive_dbname = 'alienvault_siem';
$archive_host = 'localhost';
$archive_port = '';
$archive_user = '******';
// Fortify alert on empty password
return false;
});
});
</script>
</head>
<body class='ne1' oncontextmenu="return true;">
<?php
require '../host_report_menu.php';
?>
<table class='noborder' border='0' cellpadding='0' cellspacing='0'>
<?php
$maps = Util::execute_command("ls -1 'maps'", FALSE, 'array');
$i = 0;
$n = 0;
$linkmaps = '';
foreach ($maps as $ico) {
$ico = mb_convert_encoding($ico, 'UTF-8', 'ISO-8859-1');
if (trim($ico) == '' || is_dir("maps/" . $ico) || !getimagesize("maps/" . $ico)) {
continue;
}
$n = str_replace("map", '', str_replace(".jpg", '', $ico));
//Getting the permissions and the name of the map to show as tittle
$query = "SELECT name, perm FROM risk_maps WHERE map = ?";
$result = $conn->Execute($query, array($n));
$map_name = $ico;
$map_perm = array();
if (!$result->EOF) {
function ClearDataTables($db)
{
Util::execute_command('/usr/bin/ossim-db alienvault_siem < /usr/share/ossim/scripts/forensics/truncate.sql > /dev/null 2>&1');
$db->baseCacheFlush();
session_write_close();
Util::execute_command('sudo /etc/init.d/ossim-server restart > /dev/null 2>&1 &');
}
/*********************************************************************
************************ COMMON VARIABLES ************************
*********************************************************************/
<?php
//Database connection
$db = new ossim_db();
$conn = $db->connect();
$ports = array();
$port_list = Port::get_list($conn);
foreach ($port_list as $port) {
$ports[$port->get_port_number() . " - " . $port->get_protocol_name()] = $port->get_service();
}
$lines = Util::execute_command("egrep 'tcp|udp' /etc/services | awk '{print \$1 \$2 }'", FALSE, 'array');
foreach ($lines as $line) {
preg_match('/(\\D+)(\\d+)\\/(.+)/', $line, $regs);
if ($ports[$regs[2] . ' - ' . $regs[3]] == '') {
$ports[$regs[2] . ' - ' . $regs[3]] = $regs[1];
}
}
?>
var ports = new Array();
<?php
foreach ($ports as $p_id => $p_name) {
?>
ports['<?php
echo $p_id;
?>
<?php
}
?>
</select>
</td>
</tr>
<!-- Timezone -->
<tr>
<th><label for="tzone"><?php
echo _('Timezone') . required();
?>
</label></th>
<td class="nobborder">
<?php
$tzone = preg_match("/Localtime/", $tzone) ? trim(Util::execute_command('head -1 /etc/timezone', FALSE, 'string')) : $tzone;
?>
<select name="tzone" id="tzone" class='vfield'>
<?php
foreach ($tzlist as $tz) {
if ($tz == 'localtime') {
continue;
}
$selected = $tz == $tzone ? "selected='selected'" : '';
?>
<option value='<?php
echo $tz;
?>
' <?php
echo $selected;
?>
break;
}
$f_api = fopen($file_log_api, "r");
$f_frm = fopen($file_log_frm, "r");
try {
$cmd = "cat ? | grep ? | tail -n ?";
$params = array($file_log_api, $status_grep_api, $maxrows);
$array_result_api = Util::execute_command($cmd, $params, 'array');
$flag_error_api = FALSE;
} catch (Exception $e) {
$flag_error_api = TRUE;
}
try {
$cmd = "cat ? | grep ? | grep -v 'password' | grep -v 'Checking' | grep -v 'Reloading Backup Configuration' | tail -n ?";
$params = array($file_log_frm, $status_grep_frm, $maxrows);
$array_result_frm = Util::execute_command($cmd, $params, 'array');
$flag_error_frm = FALSE;
} catch (Exception $e) {
$flag_error_frm = TRUE;
}
$array_result_frm = array_reverse($array_result_frm);
$array_result_api = array_reverse($array_result_api);
$data = array();
if (!$flag_error_api && !$flag_error_frm && (!empty($array_result_api) || !empty($array_result_frm))) {
$i_api = 0;
$i_frm = 0;
$top = $maxrows * 2;
for ($i = 0; $i < $top; $i++) {
$contents_api = $array_result_api[$i_api] != '' ? $array_result_api[$i_api] : '';
$contents_frm = $array_result_frm[$i_frm] != '' ? $array_result_frm[$i_frm] : '';
if ($contents_api != '' || $contents_frm != '') {
** Copyright (C) 2000 Carnegie Mellon University
**
** (see the file 'base_main.php' for license details)
**
** Built upon work by Roman Danyliw <*****@*****.**>, <*****@*****.**>
** Built upon work by the BASE Project Team <*****@*****.**>
*/
include_once "base_conf.php";
include_once "{$BASE_path}/includes/base_constants.inc.php";
include_once "{$BASE_path}/includes/base_include.inc.php";
//
// Generate .pcap
$tmpfile = "/var/tmp/base_packet_" . $eid . ".pcap";
$cmd = "/usr/share/ossim/scripts/snortlogtopcap.py -u ? -p ?";
//file_put_contents("/tmp/pcaps", "$cmd\n", FILE_APPEND);
Util::execute_command("{$cmd} >> /dev/null 2>&1", array($binary, $tmpfile));
#
?>
<div class='siem_detail_subsection_payload'><?php
echo _("pcap File") . " " . PrintPcapDownload($db, $eid);
?>
</div>
<link rel="stylesheet" type="text/css" href="../style/tree.css" />
<script type="text/javascript" src="../js/jquery-ui.min.js"></script>
<script type="text/javascript" src="../js/jquery.tmpl.1.1.1.js"></script>
<script type="text/javascript" src="../js/jquery.dynatree.js"></script>
<script type="text/javascript">
var loading = '<br/><img src="../pixmaps/loading3.gif" border="0" align="absmiddle"><span style="margin-left:5px"><?php
echo _("Loading tree");
?>
...</span>';
/* if have fast detail level */
echo '<div class="siem_detail_dark">';
if ($detail == "0") {
echo '<BR>   <I>' . _("Fast logging used -i so payload was discarded") . '</I><BR>';
} else {
echo '<div class="siem_detail_payloadnone">' . _("none") . '</div>';
}
echo '</div>';
}
if ($is_snort) {
if ($plugin_id == 1001) {
//
// snort rule detection
//
echo '<div><div class="siem_detail_snorttitle">' . _("Rule Detection") . '</div>';
$result = Util::execute_command("grep -n ? /etc/suricata/rules/*.rules /etc/snort/rules/*.rules | head -n1", array("sid:{$plugin_sid};"), 'string');
// format: /etc/snort/rules/ddos.rules:53:alert tcp $EXTERNAL_NET any -> $HOME_NET 15104 (msg:"DDOS mstream client to handler"; flow:stateless; flags:S,12; reference:arachnids,111; reference:cve,2000-0138; classtype:attempted-dos; sid:249; rev:8;)
preg_match("/(.*?):\\d+:(.*?) \\((.*?);\\)/", $result, $found);
if (trim($result) == "" || count($found) <= 1) {
echo "<div class='siem_detail_snortattr'>" . _("No rules found for sid") . " <b>{$plugin_sid}</b></div>\n";
} else {
$file = basename($found[1]);
echo "<div class='siem_detail_snortattr'><b>File:</b> {$file}</div>\n";
$rule = $found[2];
echo "<div class='siem_detail_snortattr'><b>Rule:</b> " . Util::htmlentities(str_replace(",", ", ", $rule)) . "</div>\n";
$more = explode(";", $found[3]);
foreach ($more as $dat) {
$val = explode(":", $dat);
if ($val[0] != "") {
echo "<div class='siem_detail_snortattr siem_detail_snorttab'><b>" . Util::htmlentities(trim($val[0])) . ":</b> " . Util::htmlentities($val[1]) . "</div>\n";
}
* - jgraph_riskevents_graph()
* Classes list:
*/
require_once 'av_init.php';
$pathtoxml = dirname($_SERVER['REQUEST_URI']);
define("MAX_HOSTNAME_LEN", 30);
define("MAX_ALERTNAME_LEN", 30);
$proto = "http";
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
$proto = "https";
}
require_once "ossim_conf.inc";
$ossim_conf = $GLOBALS["CONF"];
$datapath = $ossim_conf->get_conf("ossim_link") . "/tmp/";
$base_dir = $ossim_conf->get_conf("base_dir");
$port = Util::execute_command("grep 'Listen' /etc/apache2/ports.conf | awk '{print \$2}'", FALSE, 'array');
$_SERVER["APACHE_PORT"] = is_array($port) && intval($port[0]) > 0 ? intval($port[0]) : 80;
$datapath = "{$proto}://" . Util::get_default_admin_ip() . ":{$_SERVER['APACHE_PORT']}/{$datapath}/";
function jgraph_attack_graph($target, $hosts, $type = "Bar3D", $width = 450, $height = 250)
{
global $security_report;
global $datapath;
global $base_dir;
global $date_from, $date_to;
if (!strcmp($target, "ip_src")) {
if (!($fp = @fopen("{$base_dir}/tmp/ip_src.xml", "w"))) {
print "Error: <b>{$datapath}</b> directory must exists and be <br/>\n";
print "writable by the user the webserver runs as";
exit;
}
} else {
<?php
ob_implicit_flush();
ini_set('include_path', '/usr/share/ossim/include');
require_once 'av_init.php';
$sched_id = intval($argv[1]);
$exceptions = array();
$db = new ossim_db();
$conn = $db->connect();
//Getting host information
$query = 'SELECT * FROM vuln_job_schedule WHERE id = ?';
$params = array($sched_id);
$rs = $conn->Execute($query, $params);
$targets = explode("\n", $rs->fields['meth_TARGET']);
foreach ($targets as $target) {
if (preg_match('/^!\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/', $target)) {
$exceptions[] = $target;
}
}
$exception_list = !empty($exceptions) ? ';' . implode(';', $exceptions) : '';
$output = Util::execute_command('/usr/bin/php /usr/share/ossim/www/vulnmeter/simulate.php ?', array($sched_id), 'array');
$data = @json_decode(implode('', $output), TRUE);
if (!empty($data)) {
foreach ($data as $sensor => $job_data) {
echo $sensor . '|' . implode(';', $job_data['ips']) . $exception_list . "\n";
}
} else {
echo "There is no data for the scheduled job\n";
}
$db->close($conn);
function server_get_name_byip($ip)
{
$ossim_conf = $GLOBALS['CONF'];
if (!$ossim_conf) {
$ossim_conf = new Ossim_conf();
$GLOBALS['CONF'] = $ossim_conf;
}
$sname = '';
$frameworkd_address = '127.0.0.1';
$cmd = 'echo "control action=\\"getconnectedagents\\"" | nc ' . $frameworkd_address . ' 40003 -w1';
$params = array($frameworkd_address);
$output = Util::execute_command($cmd, $params, 'array');
if (preg_match("/ names\\=\"([^\"]+)\"/", $output[0], $found)) {
$names = explode('|', $found[1]);
foreach ($names as $name) {
$aux = explode("=", $name);
if ($aux[1] == $ip) {
$sname = $aux[0];
}
}
}
return $sname;
}
}
// FIRST LOGIN
$cnd_1 = $first_login == 'yes' && $accepted == 'yes';
$cnd_2 = $pass != '' && $pass1 != '' && $pass == $pass1;
$cnd_3 = $email != '' && $fullname != '';
if ($cnd_1 && $cnd_2 && $cnd_3) {
ossim_valid($pass, OSS_PASSWORD, 'illegal:' . _('Password'));
ossim_valid($pass1, OSS_PASSWORD, 'illegal:' . _('Repeat Password'));
if (ossim_error()) {
die(ossim_error());
}
$config = new Config();
$first_login = '******';
//Update admin info
list($db, $conn) = Ossim_db::get_conn_db();
$local_tz = trim(Util::execute_command('head -1 /etc/timezone', FALSE, 'string'));
Session::update_user_light($conn, AV_DEFAULT_ADMIN, 'pass', $fullname, $email, $company, '', 'en_GB', 0, 1, $local_tz);
if ($company != '') {
Session::update_default_entity_name($conn, $company);
}
Session::change_pass($conn, AV_DEFAULT_ADMIN, $pass);
// Insert new location
if ($location != '' && $lat != '' && $lng != '') {
$default_ctx_id = str_replace('-', '', strtoupper($conf->get_conf('default_context_id')));
if (empty($default_ctx_id)) {
$default_ctx = '00000000000000000000000000000000';
}
$location_name = $company != '' ? $company . ' ' . _('Location') : $title . ' ' . _('Location');
$new_location_id = Locations::insert($conn, $default_ctx_id, $location_name, '', $location, $lat, $lng, $country);
$sensors = Av_sensor::get_basic_list($conn);
foreach ($sensors as $sensor) {
if (!is_file("{$rrdpath}/{$id}.rrd")) {
//mydie(sprintf(_("No RRD available for: '%s' at '%s'") , $ip, $rrdpath));
$norrdfile = "../../pixmaps/norrd.png";
if (!($fp = @fopen($norrdfile, 'r'))) {
mydie(_("Could not read {$norrdfile} file"));
}
header("Content-Type: image/png");
header("Content-Length: " . filesize($norrdfile));
fpassthru($fp);
fclose($fp);
exit;
}
$_cmd = '? graph ? -s ? -e ? -t ? --font ? --font ? -r --zoom ? --vertical-label=EPS --lower-limit=0 ? ? ?';
$_params = array($rrdtool_bin, $tmpfile, $start, $end, $hostname . ' ' . _('Metrics'), 'TITLE:12:' . $font, 'AXIS:7:' . $font, $zoom, "DEF:obs={$rrdpath}/{$id}.rrd:ds0:AVERAGE", "CDEF:bp=obs,obs,+,2,/", "AREA:bp{$color1}: {$hostname} ");
try {
$output = Util::execute_command($_cmd, $_params, 'array');
if (preg_match('/^ERROR/i', $output[0])) {
mydie(_("rrdtool cmd failed with error"));
}
} catch (Exception $e) {
mydie(_("rrdtool cmd failed with error"));
}
//
// Output generated image
//
if (!($fp = @fopen($tmpfile, 'r'))) {
mydie(sprintf(_("Could not read rrdtool created image: '%s'"), $tmpfile));
}
header("Content-Type: image/png");
header("Content-Length: " . filesize($tmpfile));
fpassthru($fp);
<table class="transparent" id='t_browse'>
<tr>
<td class="left" valign="top">
<form>
<?php
echo _("Browse available dates");
?>
:
<select name="date" id="combodates" onchange="browsexml('<?php
echo $sensor;
?>
',$('#combodates').val())">
<?php
$cmd = "find ? -name '*xml' -printf '%TY%Tm%Td\n' | sort -r | uniq";
$params = array($path);
$dates = explode("\n", Util::execute_command($cmd, $params, 'string'));
$c_dates = 0;
if (is_array($dates) && !empty($dates)) {
foreach ($dates as $now) {
if (trim($now) != '') {
$fnow = preg_replace("/(\\d\\d\\d\\d)(\\d\\d)(\\d\\d)/", "\\1-\\2-\\3", $now);
echo "<option value='{$now}'" . ($now == $date ? " selected='selected'" : "") . ">{$fnow}</option>";
$c_dates++;
}
}
}
if ($c_dates == 0) {
?>
<option value=""> -- <?php
echo _("No dates");
?>
