#$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $et = new EventTiming($debug_time_mode); // The below three lines were moved from line 87 because of the odd errors some users were having /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); $cs = new CriteriaState("base_stat_country.php", "&addr_type=1"); $cs->ReadState(); /* Dump some debugging information on the shared state */ // if ($debug_mode > 0) { // PrintCriteriaState(); // } $qs = new QueryState(); $qs->AddCannedQuery("most_frequent", $freq_num_uaddr, gettext("Most Frequent IP addresses"), "occur_d"); $qs->MoveView($submit); /* increment the view if necessary */ if ($addr_type == SOURCE_IP) { $page_title = gettext("Unique Source Address(es)"); $results_title = gettext("Src IP address"); $addr_type_name = "ip_src"; } else { if ($addr_type != DEST_IP) ErrorMessage(gettext("CRITERIA ERROR: unknown address type -- assuming Dst address")); $page_title = gettext("Unique Destination Address(es)"); $results_title = gettext("Dst IP address"); $addr_type_name = "ip_dst"; } if ($event_cache_auto_update == 1) UpdateAlertCache($db); $criteria_clauses = ProcessCriteria(); // Include base_header.php
include_once "{$BASE_path}/base_ag_common.php"; include_once "geoip.inc"; $_SESSION["siem_default_group"] = "base_stat_sensor.php?sort_order=occur_d"; $geoloc = new Geolocation("/usr/share/geoip/GeoLiteCity.dat"); $et = new EventTiming($debug_time_mode); $cs = new CriteriaState("base_stat_sensor.php"); $cs->ReadState(); $qs = new QueryState(); // Check role out and redirect if needed -- Kevin $roleneeded = 10000; #$BUser = new BaseUser(); #if (($BUser->hasRole($roleneeded) == 0) && ($Use_Auth_System == 1)) base_header("Location: " . $BASE_urlpath . "/index.php"); $submit = ImportHTTPVar("submit", VAR_ALPHA | VAR_SPACE, array(gettext("Delete Selected"), gettext("Delete ALL on Screen"), _ENTIREQUERY)); $export = intval(ImportHTTPVar("complete", VAR_DIGIT)); // Called from report_launcher.php $qs->MoveView($submit); /* increment the view if necessary */ $page_title = gettext("Sensor Listing"); /* Connect to the Alert database */ $db = NewBASEDBConnection($DBlib_path, $DBtype); $db->baseDBConnect($db_connect_method, $alert_dbname, $alert_host, $alert_port, $alert_user, $alert_password, 0, 1); if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } $criteria_clauses = ProcessCriteria(); // Include base_header.php PrintBASESubHeader($page_title, $page_title, $cs->GetBackLink(), 1); $mssp = Session::show_entities(); //intval($conf->get_conf("alienvault_mssp", FALSE)); // Use accumulate tables only when timestamp criteria is not hour sensitive $use_ac = $criteria_clauses[3];
if ($event_cache_auto_update == 1) { UpdateAlertCache($db); } ?> <FORM METHOD="POST" name="PacketForm" id="PacketForm" ACTION="base_qry_main.php" style="margin:0 auto"> <input type='hidden' name="search" value="1" /> <input type="hidden" name="sort_order" value="<?php echo $_GET['sort_order'] != "" ? Util::htmlentities($_GET['sort_order']) : Util::htmlentities($_POST['sort_order']); ?> "> <?php /* Dump some debugging information on the shared state */ /* a browsing button was clicked -> increment view */ if (is_numeric($submit) || $pag != '') { $pagn = is_numeric($submit) ? $submit : $pag; $qs->MoveView($pagn); $submit = gettext("Query DB"); } //echo $submit." ".$qs->isCannedQuery()." ".$qs->GetCurrentSort()." ".$_SERVER["QUERY_STRING"]; /* Run the SQL Query and get results */ //print_r($criteria_clauses); $from = "FROM acid_event " . $criteria_clauses[0]; $where = ""; if ($criteria_clauses[1] != "") { $where = "WHERE " . $criteria_clauses[1]; } $where = str_replace("::%", ":%:%", $where); if (preg_match("/^(.*)AND\\s+\\(\\s+timestamp\\s+[^']+'([^']+)'\\s+\\)\\s+AND\\s+\\(\\s+timestamp\\s+[^']+'([^']+)'\\s+\\)(.*)\$/", $where, $matches)) { if ($matches[2] != $matches[3]) { //print "A"; $where = $matches[1] . " AND timestamp BETWEEN('" . $matches[2] . "') AND ('" . $matches[3] . "') " . $matches[4];