$content['fields'][$mycolkey]['cssclassfont'] = "line1";
} else {
$content['fields'][$mycolkey]['cssclass'] = "line2";
$content['fields'][$mycolkey]['cssclassfont'] = "line2";
}
if ($mycolkey == SYSLOG_MESSAGE) {
$content['fields'][$mycolkey]['menucssclass'] = "cellmenu1_naked";
} else {
$content['fields'][$mycolkey]['menucssclass'] = "cellmenu1";
}
// ---
// Set defaults
$content['fields'][$mycolkey]['fieldbgcolor'] = "";
$content['fields'][$mycolkey]['hasdetails'] = "false";
if ($content['fields'][$mycolkey]['FieldType'] == FILTER_TYPE_DATE) {
$content['fields'][$mycolkey]['fieldvalue'] = GetFormatedDate($logArray[$mycolkey]);
// TODO: Show more!
} else {
if ($content['fields'][$mycolkey]['FieldType'] == FILTER_TYPE_NUMBER) {
$content['fields'][$mycolkey]['fieldvalue'] = $logArray[$mycolkey];
// Special style classes and colours for SYSLOG_FACILITY
if ($mycolkey == SYSLOG_FACILITY) {
// if ( isset($logArray[$mycolkey][SYSLOG_FACILITY]) && strlen($logArray[$mycolkey][SYSLOG_FACILITY]) > 0)
if (isset($logArray[$mycolkey]) && is_numeric($logArray[$mycolkey])) {
$content['fields'][$mycolkey]['fieldbgcolor'] = 'bgcolor="' . $facility_colors[$logArray[SYSLOG_FACILITY]] . '" ';
$content['fields'][$mycolkey]['cssclass'] = "lineColouredBlack";
// Set Human readable Facility!
$content['fields'][$mycolkey]['fieldvalue'] = GetFacilityDisplayName($logArray[$mycolkey]);
} else {
// Use default colour!
$content['fields'][$mycolkey]['fieldbgcolor'] = 'bgcolor="' . $facility_colors[SYSLOG_LOCAL0] . '" ';
/**
* Helper function to consolidate events
*/
private function ConsolidateEventsPerHost($arrHosts)
{
global $content, $gl_starttime, $fields;
// Now open the stream for data processing
$res = $this->_streamObj->Open($this->_arrProperties, true);
if ($res == SUCCESS) {
// --- New Method to consolidate data!
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// Update all Checksums first!
$this->_streamObj->UpdateAllMessageChecksum();
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
foreach ($arrHosts as $myHost) {
// Set custom filters
$this->_streamObj->ResetFilters();
$this->_streamObj->SetFilter($this->_filterString . " " . $fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_NT_EventReport . ",=" . IUT_WEVTMONV2);
$this->_streamObj->RemoveFilters(SYSLOG_HOST);
$this->_streamObj->AppendFilter($fields[SYSLOG_HOST]['SearchField'] . ":=" . $myHost);
// Set Host Item Basics if not set yet
$content["report_consdata"][$myHost][SYSLOG_HOST] = $myHost;
// Get Data for single host
$content["report_consdata"][$myHost]['cons_events'] = $this->_streamObj->ConsolidateDataByField(MISC_CHECKSUM, $this->_maxEventsPerHost, MISC_CHECKSUM, SORTING_ORDER_DESC, null, true, true);
//print_r ($fields[SYSLOG_MESSAGE]);
foreach ($content["report_consdata"][$myHost]['cons_events'] as &$myConsData) {
// Set Basic data entries
if (!isset($content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]])) {
$myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE;
}
// Set default in this case
}
}
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// ---
/* OLD CODE
// Init uid helper
$uID = UID_UNKNOWN;
// Set position to BEGIN of FILE
$this->_streamObj->Sseek($uID, EnumSeek::BOS, 0);
// Start reading data
$ret = $this->_streamObj->Read($uID, $logArray);
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// Found first data record
if ( $ret == SUCCESS )
{
do
{
// Check if Event from host is in our hosts array
if ( in_array($logArray[SYSLOG_HOST], $arrHosts) )
{
// Set Host Item Basics if not set yet
if ( !isset($content["report_consdata"][ $logArray[SYSLOG_HOST] ][SYSLOG_HOST]) )
{
$content["report_consdata"][ $logArray[SYSLOG_HOST] ][SYSLOG_HOST] = $logArray[SYSLOG_HOST];
}
// Calc checksum
if ( !isset($logArray[MISC_CHECKSUM]) || $logArray[MISC_CHECKSUM] == 0 )
{
// Calc crc32 from message, we use this as index
$logArray[MISC_CHECKSUM] = crc32( $logArray[SYSLOG_MESSAGE] ); // Maybe useful somewhere else: sprintf( "%u", crc32 ( $logArray[SYSLOG_MESSAGE] ));
$strChecksum = $logArray[MISC_CHECKSUM];
// Save calculated Checksum into DB!
$this->_streamObj->SaveMessageChecksum($logArray);
}
else // Get checksum
$strChecksum = $logArray[MISC_CHECKSUM];
// Check if entry exists in result array
if ( isset($content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]) )
{
// Increment counter and set First/Last Event date
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]['itemcount']++;
// Set FirstEvent date if necessary!
if ( $logArray[SYSLOG_DATE][EVTIME_TIMESTAMP] < $content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]['FirstEvent_Date'][EVTIME_TIMESTAMP] )
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]['FirstEvent_Date'] = $logArray[SYSLOG_DATE];
// Set LastEvent date if necessary!
if ( $logArray[SYSLOG_DATE][EVTIME_TIMESTAMP] > $content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]['LastEvent_Date'][EVTIME_TIMESTAMP] )
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]['LastEvent_Date'] = $logArray[SYSLOG_DATE];
}
else
{
// Set Basic data entries
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ][SYSLOG_SEVERITY] = $logArray[SYSLOG_SEVERITY];
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ][SYSLOG_EVENT_ID] = $logArray[SYSLOG_EVENT_ID];
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ][SYSLOG_EVENT_SOURCE] = $logArray[SYSLOG_EVENT_SOURCE];
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ][SYSLOG_MESSAGE] = $logArray[SYSLOG_MESSAGE];
// Set Counter and First/Last Event date
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]['itemcount'] = 1;
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]['FirstEvent_Date'] = $logArray[SYSLOG_DATE];
$content["report_consdata"][ $logArray[SYSLOG_HOST] ]['cons_events'][ $strChecksum ]['LastEvent_Date'] = $logArray[SYSLOG_DATE];
}
}
// Get next data record
$ret = $this->_streamObj->ReadNext($uID, $logArray);
} while ( $ret == SUCCESS );
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
}
*/
// Start Postprocessing
foreach ($content["report_consdata"] as &$tmpConsolidatedComputer) {
// First use callback function to sort array
uasort($tmpConsolidatedComputer['cons_events'], "MultiSortArrayByItemCountDesc");
// Remove entries according to _maxEventsPerHost
if (count($tmpConsolidatedComputer['cons_events']) > $this->_maxEventsPerHost) {
$iDropCount = 0;
do {
array_pop($tmpConsolidatedComputer['cons_events']);
$iDropCount++;
} while (count($tmpConsolidatedComputer['cons_events']) > $this->_maxEventsPerHost);
// Append a dummy entry which shows count of all other events
if ($iDropCount > 0) {
$lastEntry[SYSLOG_SEVERITY] = SYSLOG_NOTICE;
$lastEntry[SYSLOG_EVENT_ID] = "-";
$lastEntry[SYSLOG_EVENT_SOURCE] = $content['LN_GEN_ALL_OTHER_EVENTS'];
$lastEntry[SYSLOG_MESSAGE] = $content['LN_GEN_ALL_OTHER_EVENTS'];
$lastEntry['itemcount'] = $iDropCount;
$lastEntry['FirstEvent_Date'] = "-";
$lastEntry['LastEvent_Date'] = "-";
$tmpConsolidatedComputer['cons_events'][] = $lastEntry;
}
}
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// PostProcess Events!
foreach ($tmpConsolidatedComputer["cons_events"] as &$tmpMyEvent) {
$tmpMyEvent['FirstEvent_Date_Formatted'] = GetFormatedDate($tmpMyEvent['firstoccurrence_date']);
$tmpMyEvent['LastEvent_Date_Formatted'] = GetFormatedDate($tmpMyEvent['lastoccurrence_date']);
$tmpMyEvent['syslogseverity_text'] = $content['filter_severity_list'][$tmpMyEvent['syslogseverity']]["DisplayName"];
$tmpMyEvent['syslogseverity_bgcolor'] = $this->GetSeverityBGColor($tmpMyEvent['syslogseverity']);
}
}
// ---
}
// Work done!
return SUCCESS;
}
/**
* Helper function to consolidate events
*/
private function Consolidateauditsummarys()
{
global $content, $gl_starttime, $fields;
// Now open the stream for data processing
$res = $this->_streamObj->Open($this->_arrProperties, true);
if ($res == SUCCESS) {
// --- New Method to consolidate data!
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// Update all Checksums first!
//not needed $this->_streamObj->UpdateAllMessageChecksum();
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// --- Process Logons
if ($this->_events_logon == 1) {
$content["report_consdata"]["logon"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("528,4624", "ln_report_logonevents");
$content["report_consdata"]["logon"]['DataCaption'] = $content["ln_report_logonevents"];
$content["report_consdata"]["logon"]['cons_count'] = count($content["report_consdata"]["logon"]['cons_events']);
}
// ---
// --- Process Logoffs
if ($this->_events_logoff == 1) {
$content["report_consdata"]["logoff"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("538,4634", "ln_report_logoffevents");
$content["report_consdata"]["logoff"]['DataCaption'] = $content["ln_report_logoffevents"];
$content["report_consdata"]["logoff"]['cons_count'] = count($content["report_consdata"]["logoff"]['cons_events']);
}
// ---
// --- Process Logon failures
if ($this->_events_logonfail == 1) {
$content["report_consdata"]["logonfail"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("529,530,531,532,533,534,535,536,537,4625,4626,4627,4628,4629,4630,4631,4632,4633", "ln_report_logonfailevents");
$content["report_consdata"]["logonfail"]['DataCaption'] = $content["ln_report_logonfailevents"];
$content["report_consdata"]["logonfail"]['cons_count'] = count($content["report_consdata"]["logonfail"]['cons_events']);
}
// ---
// --- Process Audigpolicy changes
if ($this->_events_policychangeevents == 1) {
$content["report_consdata"]["auditpolchanged"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("617,618,619,643,4713,4714,4715,4719,4739", "ln_report_policychangeevents");
$content["report_consdata"]["auditpolchanged"]['DataCaption'] = $content["ln_report_policychangeevents"];
$content["report_consdata"]["auditpolchanged"]['cons_count'] = count($content["report_consdata"]["auditpolchanged"]['cons_events']);
}
// ---
// --- Process Objectaccess
if ($this->_events_objectaccess == 1) {
$content["report_consdata"]["objectaccess"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("567,4663", "ln_report_objectaccessevents");
$content["report_consdata"]["objectaccess"]['DataCaption'] = $content["ln_report_objectaccessevents"];
$content["report_consdata"]["objectaccess"]['cons_count'] = count($content["report_consdata"]["objectaccess"]['cons_events']);
}
// ---
// --- Process System events
if ($this->_events_systemevents == 1) {
$content["report_consdata"]["systemevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("512,513,520,4108,4109,4616,4697", "ln_report_systemevents");
$content["report_consdata"]["systemevents"]['DataCaption'] = $content["ln_report_systemevents"];
$content["report_consdata"]["systemevents"]['cons_count'] = count($content["report_consdata"]["systemevents"]['cons_events']);
}
// ---
// --- Process Host Session events
if ($this->_events_hostsessionevents == 1) {
$content["report_consdata"]["hostsessionevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("682,683,4778,4779", "ln_report_hostsessionevents");
$content["report_consdata"]["hostsessionevents"]['DataCaption'] = $content["ln_report_hostsessionevents"];
$content["report_consdata"]["hostsessionevents"]['cons_count'] = count($content["report_consdata"]["hostsessionevents"]['cons_events']);
}
// ---
// --- Process User Account Changes events
if ($this->_events_useraccchangeevents == 1) {
$content["report_consdata"]["useraccchangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("642", "ln_report_useraccchangeevents");
$content["report_consdata"]["useraccchangeevents"]['DataCaption'] = $content["ln_report_useraccchangeevents"];
$content["report_consdata"]["useraccchangeevents"]['cons_count'] = count($content["report_consdata"]["useraccchangeevents"]['cons_events']);
}
// ---
// --- Process Audit policy changes events
if ($this->_events_auditpolicychangesevents == 1) {
$content["report_consdata"]["auditpolicychangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("612, 807, 4719, 4912", "ln_report_auditpolicychangeevents");
$content["report_consdata"]["auditpolicychangeevents"]['DataCaption'] = $content["ln_report_auditpolicychangeevents"];
$content["report_consdata"]["auditpolicychangeevents"]['cons_count'] = count($content["report_consdata"]["auditpolicychangeevents"]['cons_events']);
}
// ---
// --- Individual User Actions
if ($this->_events_useractions == 1) {
$content["report_detaildata_users"] = $this->ConsolidateAuditSummaryByField(SYSLOG_EVENT_USER, "ln_report_individualuseractions");
$content["report_detaildata_users_caption"] = $content["ln_report_individualuseractions"];
$content["report_detaildata_users_cons_count"] = count($content["report_detaildata_users"]);
}
// ---
// --- Individual Host Actions
if ($this->_events_hostactions == 1) {
$content["report_detaildata_hosts"] = $this->ConsolidateAuditSummaryByField(SYSLOG_HOST, "ln_report_individualhostactions");
$content["report_detaildata_hosts_caption"] = $content["ln_report_individualhostactions"];
$content["report_detaildata_hosts_cons_count"] = count($content["report_detaildata_hosts"]);
}
// ---
// Start Postprocessing
foreach ($content["report_consdata"] as &$tmpConsolidatedData) {
// Only process events if there are some
if (is_array($tmpConsolidatedData['cons_events']) && count($tmpConsolidatedData['cons_events']) > 0) {
// First use callback function to sort array
uasort($tmpConsolidatedData['cons_events'], "MultiSortArrayByItemCountDesc");
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// PostProcess Events!
foreach ($tmpConsolidatedData["cons_events"] as &$tmpMyEvent) {
$tmpMyEvent['FirstEvent_Date_Formatted'] = GetFormatedDate($tmpMyEvent['firstoccurrence_date']);
$tmpMyEvent['LastEvent_Date_Formatted'] = GetFormatedDate($tmpMyEvent['lastoccurrence_date']);
$tmpMyEvent['syslogseverity_text'] = $content['filter_severity_list'][$tmpMyEvent['syslogseverity']]["DisplayName"];
$tmpMyEvent['syslogseverity_bgcolor'] = $this->GetSeverityBGColor($tmpMyEvent['syslogseverity']);
}
}
}
// Only process events if there are some
if (is_array($content["report_detaildata_users"]) && count($content["report_detaildata_users"]) > 0) {
// First use callback function to sort array
uasort($content["report_detaildata_users"], "MultiSortArrayByItemCountDesc");
}
// ---
}
// Work done!
return SUCCESS;
}
/**
* Read the next line from the file depending on the current
* read direction.
*
* Hint: If the current stream becomes unavailable an error
* stated is retuned. A typical case is if a log rotation
* changed the original data source.
*
* @param uID integer out: uID is the offset of data row
* @param arrProperitesOut array out: properties
* @return integer Error state
* @see ReadNext
*/
public function ReadNext(&$uID, &$arrProperitesOut, $bParseMessage = true)
{
// Helpers needed for DB Mapping
global $content, $gl_starttime;
global $dbmapping, $fields;
$szTableType = $this->_logStreamConfigObj->DBTableType;
// define $ret
$ret = SUCCESS;
do {
// No buffer? then read from DB!
if ($this->bufferedRecords == null) {
$ret = $this->ReadNextRecordsFromDB($uID);
} else {
if (!isset($this->bufferedRecords[$this->_currentRecordNum])) {
// We need to load new records, so clear the old ones first!
$this->ResetBufferedRecords();
// Set new Record start, will be used in the SQL Statement!
$this->_currentRecordStart = $this->_currentRecordNum;
// + 1;
// Now read new ones
$ret = $this->ReadNextRecordsFromDB($uID);
// Check if we found more records
if (!isset($this->bufferedRecords[$this->_currentRecordNum])) {
$ret = ERROR_NOMORERECORDS;
}
}
}
if ($ret == SUCCESS && $this->_arrProperties != null) {
// Init and set variables
foreach ($this->_arrProperties as $property) {
// Check if mapping exists
if (isset($dbmapping[$szTableType]['DBMAPPINGS'][$property])) {
// Copy property if available!
$dbfieldname = $dbmapping[$szTableType]['DBMAPPINGS'][$property];
if (isset($this->bufferedRecords[$this->_currentRecordNum][$dbfieldname])) {
if (isset($fields[$property]['FieldType']) && $fields[$property]['FieldType'] == FILTER_TYPE_DATE) {
$myDateField = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
if (gettype($myDateField) == "object" && get_class($myDateField) == "MongoDate") {
$arrProperitesOut[$property][EVTIME_TIMESTAMP] = $myDateField->sec;
$arrProperitesOut[$property][EVTIME_TIMEZONE] = date('O');
// Get default Offset
$arrProperitesOut[$property][EVTIME_MICROSECONDS] = $myDateField->usec;
} else {
// Try to parse Date!
$arrProperitesOut[$property] = GetEventTime($myDateField);
}
} else {
$arrProperitesOut[$property] = $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
}
} else {
$arrProperitesOut[$property] = '';
}
} else {
$arrProperitesOut[$property] = '';
// echo $property . "=" . $this->bufferedRecords[$this->_currentRecordNum][$dbfieldname];
}
}
// --- Add dynamic fields into record!
foreach ($this->bufferedRecords[$this->_currentRecordNum] as $propName => $propValue) {
if (!isset($arrProperitesOut[$propName]) && !$this->CheckFieldnameInMapping($szTableType, $propName) && (isset($propValue) && strlen($propValue) > 0)) {
// Add dynamic Property!
if (gettype($propValue) == "object" && get_class($propValue) == "MongoDate") {
// Handle Date fields
$arrProperitesOut[$propName] = GetFormatedDate($propValue->sec);
} else {
// Default handling
$arrProperitesOut[$propName] = $propValue;
}
}
}
// ---
// Run optional Message Parsers now
if (isset($arrProperitesOut[SYSLOG_MESSAGE])) {
$retParser = $this->_logStreamConfigObj->ProcessMsgParsers($arrProperitesOut[SYSLOG_MESSAGE], $arrProperitesOut);
// Check if we have to skip the message!
if ($retParser == ERROR_MSG_SKIPMESSAGE) {
$ret = $retParser;
}
}
// Set uID to the PropertiesOut! //DEBUG -> $this->_currentRecordNum;
$uID = $arrProperitesOut[SYSLOG_UID] = $this->bufferedRecords[$this->_currentRecordNum][$dbmapping[$szTableType]['DBMAPPINGS'][SYSLOG_UID]];
// Increment $_currentRecordNum
$this->_currentRecordNum++;
}
// Check how long we are running. If only two seconds of execution time are left, we abort further reading!
$scriptruntime = intval(microtime_float() - $gl_starttime);
if ($content['MaxExecutionTime'] > 0 && $scriptruntime > $content['MaxExecutionTime'] - 2) {
// This may display a warning message, so the user knows we stopped reading records because of the script timeout.
$content['logstream_warning'] = "false";
$content['logstream_warning_details'] = $content['LN_WARNING_LOGSTREAMDISK_TIMEOUT'];
$content['logstream_warning_code'] = ERROR_FILE_NOMORETIME;
// Return error code
return ERROR_FILE_NOMORETIME;
}
// This additional filter check will take care on dynamic fields from the message parser!
} while ($this->ApplyFilters($ret, $arrProperitesOut) != SUCCESS && $ret == SUCCESS);
// reached here means return result!
return $ret;
}
foreach ($content['Columns'] as $mycolkey) {
if (isset($fields[$mycolkey]) && isset($logArray[$mycolkey])) {
// Set defaults
$content['syslogmessages'][$counter]['values'][$mycolkey]['FieldColumn'] = $mycolkey;
$content['syslogmessages'][$counter]['values'][$mycolkey]['uid'] = $uID;
$content['syslogmessages'][$counter]['values'][$mycolkey]['FieldAlign'] = $fields[$mycolkey]['FieldAlign'];
$content['syslogmessages'][$counter]['values'][$mycolkey]['fieldcssclass'] = $content['syslogmessages'][$counter]['cssclass'];
$content['syslogmessages'][$counter]['values'][$mycolkey]['fieldbgcolor'] = "";
$content['syslogmessages'][$counter]['values'][$mycolkey]['isnowrap'] = "nowrap";
$content['syslogmessages'][$counter]['values'][$mycolkey]['hasdetails'] = "false";
$content['syslogmessages'][$counter]['values'][$mycolkey]['detailimagealign'] = "TOP";
// Set default link
$content['syslogmessages'][$counter]['values'][$mycolkey]['detaillink'] = "#";
// Now handle fields types differently
if ($content['fields'][$mycolkey]['FieldType'] == FILTER_TYPE_DATE) {
$content['syslogmessages'][$counter]['values'][$mycolkey]['fieldvalue'] = GetFormatedDate($logArray[$mycolkey]);
} else {
if ($content['fields'][$mycolkey]['FieldType'] == FILTER_TYPE_NUMBER) {
$content['syslogmessages'][$counter]['values'][$mycolkey]['fieldvalue'] = $logArray[$mycolkey];
// Special style classes and colours for SYSLOG_FACILITY
if ($mycolkey == SYSLOG_FACILITY) {
// if ( isset($logArray[$mycolkey][SYSLOG_FACILITY]) && strlen($logArray[$mycolkey][SYSLOG_FACILITY]) > 0)
if (isset($logArray[$mycolkey]) && is_numeric($logArray[$mycolkey])) {
$content['syslogmessages'][$counter]['values'][$mycolkey]['fieldbgcolor'] = 'bgcolor="' . $facility_colors[$logArray[SYSLOG_FACILITY]] . '" ';
$content['syslogmessages'][$counter]['values'][$mycolkey]['fieldcssclass'] = "lineColouredBlack";
// Set Human readable Facility!
$content['syslogmessages'][$counter]['values'][$mycolkey]['fieldvalue'] = GetFacilityDisplayName($logArray[$mycolkey]);
} else {
// Use default colour!
$content['syslogmessages'][$counter]['values'][$mycolkey]['fieldbgcolor'] = 'bgcolor="' . $facility_colors[SYSLOG_LOCAL0] . '" ';
}
/**
* Helper function to consolidate syslogmessages
*/
private function ConsolidateSyslogmessagesPerHost($arrHosts)
{
global $content, $gl_starttime, $fields;
// Now open the stream for data processing
$res = $this->_streamObj->Open($this->_arrProperties, true);
if ($res == SUCCESS) {
// --- New Method to consolidate data!
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// Update all Checksums first!
$this->_streamObj->UpdateAllMessageChecksum();
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
foreach ($arrHosts as $myHost) {
// Set custom filters
$this->_streamObj->ResetFilters();
$this->_streamObj->SetFilter($this->_filterString . " " . $fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_Syslog);
$this->_streamObj->RemoveFilters(SYSLOG_HOST);
$this->_streamObj->AppendFilter($fields[SYSLOG_HOST]['SearchField'] . ":=" . $myHost);
// Set Host Item Basics if not set yet
$content["report_consdata"][$myHost][SYSLOG_HOST] = $myHost;
// Get Data for single host
$content["report_consdata"][$myHost]['cons_msgs'] = $this->_streamObj->ConsolidateDataByField(MISC_CHECKSUM, $this->_maxMsgsPerHost, MISC_CHECKSUM, SORTING_ORDER_DESC, null, true, true);
// Only process results if valid!
if (is_array($content["report_consdata"][$myHost]['cons_msgs'])) {
foreach ($content["report_consdata"][$myHost]['cons_msgs'] as &$myConsData) {
// Set Basic data entries
if (!isset($content['filter_facility_list'][$myConsData[SYSLOG_FACILITY]])) {
$myConsData[SYSLOG_FACILITY] = SYSLOG_LOCAL0;
}
// Set default in this case
if (!isset($content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]])) {
$myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE;
}
// Set default in this case
}
} else {
// Write to debuglog
OutputDebugMessage("Failed consolidating data for '" . $myHost . "' with error " . $content["report_consdata"][$myHost]['cons_msgs'], DEBUG_ERROR);
// Set to empty array
$content["report_consdata"][$myHost]['cons_msgs'] = array();
}
}
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// ---
// --- Start Postprocessing
foreach ($content["report_consdata"] as &$tmpConsolidatedComputer) {
// First use callback function to sort array
uasort($tmpConsolidatedComputer['cons_msgs'], "MultiSortArrayByItemCountDesc");
// Remove entries according to _maxMsgsPerHost
if (count($tmpConsolidatedComputer['cons_msgs']) > $this->_maxMsgsPerHost) {
$iDropCount = 0;
do {
array_pop($tmpConsolidatedComputer['cons_msgs']);
$iDropCount++;
} while (count($tmpConsolidatedComputer['cons_msgs']) > $this->_maxMsgsPerHost);
// Append a dummy entry which shows count of all other events
if ($iDropCount > 0) {
$lastEntry[SYSLOG_SEVERITY] = SYSLOG_NOTICE;
$lastEntry[SYSLOG_FACILITY] = SYSLOG_LOCAL0;
$lastEntry[SYSLOG_SYSLOGTAG] = $content['LN_GEN_ALL_OTHER_EVENTS'];
$lastEntry[SYSLOG_MESSAGE] = $content['LN_GEN_ALL_OTHER_EVENTS'];
$lastEntry['itemcount'] = $iDropCount;
$lastEntry['firstoccurrence_date'] = "-";
$lastEntry['lastoccurrence_date'] = "-";
$tmpConsolidatedComputer['cons_msgs'][] = $lastEntry;
}
}
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// PostProcess Events!
foreach ($tmpConsolidatedComputer["cons_msgs"] as &$tmpMyEvent) {
$tmpMyEvent['FirstOccurrence_Date_Formatted'] = GetFormatedDate($tmpMyEvent['firstoccurrence_date']);
$tmpMyEvent['LastOccurrence_Date_Formatted'] = GetFormatedDate($tmpMyEvent['lastoccurrence_date']);
$tmpMyEvent['syslogseverity_text'] = $this->GetSeverityDisplayName($tmpMyEvent['syslogseverity']);
//$content['filter_severity_list'][ $tmpMyEvent['syslogseverity'] ]["DisplayName"];
$tmpMyEvent['syslogfacility_text'] = $this->GetFacilityDisplayName($tmpMyEvent['syslogfacility']);
//$content['filter_facility_list'][ $tmpMyEvent['syslogfacility'] ]["DisplayName"];
$tmpMyEvent['syslogseverity_bgcolor'] = $this->GetSeverityBGColor($tmpMyEvent['syslogseverity']);
$tmpMyEvent['syslogfacility_bgcolor'] = $this->GetSeverityBGColor($tmpMyEvent['syslogfacility']);
$tmpMyEvent['htmlmsg'] = htmlspecialchars($tmpMyEvent[SYSLOG_MESSAGE]);
}
}
// ---
}
// Work done!
return SUCCESS;
}
/**
* Helper function to consolidate events
*/
private function ConsolidateLogonLogoffs()
{
global $content, $gl_starttime, $fields;
// Now open the stream for data processing
$res = $this->_streamObj->Open($this->_arrProperties, true);
if ($res == SUCCESS) {
// --- New Method to consolidate data!
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// Update all Checksums first!
//not needed $this->_streamObj->UpdateAllMessageChecksum();
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// Get all LOGON Data
// Set custom filters
$this->_streamObj->ResetFilters();
$this->_streamObj->SetFilter($this->_filterString . " " . $fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_NT_EventReport . ",=" . IUT_WEVTMONV2 . " " . $fields[SYSLOG_EVENT_ID]['SearchField'] . ":=528,4624");
/* Include EventIDs for new and old Eventlog API*/
$content["report_consdata"]['logon']['cons_events'] = $this->_streamObj->ConsolidateDataByField(SYSLOG_EVENT_USER, $this->_maxLogOnLogOffsPerHost, SYSLOG_EVENT_USER, SORTING_ORDER_DESC, null, true, true);
foreach ($content["report_consdata"]['logon']['cons_events'] as &$myConsData) {
// Set Basic data entries
if (!isset($content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]])) {
$myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE;
}
// Set default in this case
}
// Set Basic properties
$content["report_consdata"]['logon']['DataCaption'] = "Logon Events";
// Get all LOGOFF Data
// Set custom filters
$this->_streamObj->ResetFilters();
$this->_streamObj->SetFilter($this->_filterString . " " . $fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_NT_EventReport . ",=" . IUT_WEVTMONV2 . " " . $fields[SYSLOG_EVENT_ID]['SearchField'] . ":=538,4634");
/* Include EventIDs for new and old Eventlog API*/
$content["report_consdata"]['logoff']['cons_events'] = $this->_streamObj->ConsolidateDataByField(SYSLOG_EVENT_USER, $this->_maxLogOnLogOffsPerHost, SYSLOG_EVENT_USER, SORTING_ORDER_DESC, null, true, true);
foreach ($content["report_consdata"]['logoff']['cons_events'] as &$myConsData) {
// Set Basic data entries
if (!isset($content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]])) {
$myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE;
}
// Set default in this case
}
// Set Basic properties
$content["report_consdata"]['logoff']['DataCaption'] = "Logoff Events";
/* foreach ( $arrHosts as $myHost )
{
// Set custom filters
$this->_streamObj->ResetFilters();
$this->_streamObj->SetFilter( $this->_filterString . " " . $fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_NT_EventReport . ",=" . IUT_WEVTMONV2 . " " . $fields[SYSLOG_HOST]['SearchField'] . ":=" . $myHost );
// Set Host Item Basics if not set yet
$content["report_consdata"][ $myHost ][SYSLOG_HOST] = $myHost;
// Get Data for single host
$content["report_consdata"][ $myHost ]['cons_events'] = $this->_streamObj->ConsolidateDataByField( SYSLOG_EVENT_ID, $this->_maxLogOnLogOffsPerHost, SYSLOG_EVENT_USER, SORTING_ORDER_DESC, null, true, true );
//print_r ($fields[SYSLOG_MESSAGE]);
foreach ( $content["report_consdata"][ $myHost ]['cons_events'] as &$myConsData )
{
// Set Basic data entries
if (!isset( $content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]] ))
$myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE; // Set default in this case
}
}
*/
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// ---
// Start Postprocessing
foreach ($content["report_consdata"] as &$tmpConsolidatedData) {
// First use callback function to sort array
uasort($tmpConsolidatedData['cons_events'], "MultiSortArrayByItemCountDesc");
/*
// Remove entries according to _maxLogOnLogOffsPerHost
if ( count($tmpConsolidatedComputer['cons_events']) > $this->_maxLogOnLogOffsPerHost )
{
$iDropCount = 0;
do
{
array_pop($tmpConsolidatedComputer['cons_events']);
$iDropCount++;
} while ( count($tmpConsolidatedComputer['cons_events']) > $this->_maxLogOnLogOffsPerHost );
// Append a dummy entry which shows count of all other events
if ( $iDropCount > 0 )
{
$lastEntry[SYSLOG_SEVERITY] = SYSLOG_NOTICE;
$lastEntry[SYSLOG_EVENT_ID] = "-";
$lastEntry[SYSLOG_EVENT_SOURCE] = $content['LN_GEN_ALL_OTHER_EVENTS'];
$lastEntry[SYSLOG_MESSAGE] = $content['LN_GEN_ALL_OTHER_EVENTS'];
$lastEntry['itemcount'] = $iDropCount;
$lastEntry['FirstEvent_Date'] = "-";
$lastEntry['LastEvent_Date'] = "-";
$tmpConsolidatedComputer['cons_events'][] = $lastEntry;
}
}
*/
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// PostProcess Events!
foreach ($tmpConsolidatedData["cons_events"] as &$tmpMyEvent) {
$tmpMyEvent['FirstEvent_Date_Formatted'] = GetFormatedDate($tmpMyEvent['firstoccurrence_date']);
$tmpMyEvent['LastEvent_Date_Formatted'] = GetFormatedDate($tmpMyEvent['lastoccurrence_date']);
$tmpMyEvent['syslogseverity_text'] = $content['filter_severity_list'][$tmpMyEvent['syslogseverity']]["DisplayName"];
$tmpMyEvent['syslogseverity_bgcolor'] = $this->GetSeverityBGColor($tmpMyEvent['syslogseverity']);
}
}
// ---
}
// Work done!
return SUCCESS;
}
public function SetCommonContentVariables()
{
global $content, $fields;
$content["report_title"] = $this->GetCustomTitle();
$content["report_comment"] = $this->GetCustomComment();
$content["report_version"] = $this->GetReportVersion();
$content["report_gentime"] = date(DATE_RFC822);
// Create array for readable filters display
$myFilters = $this->_streamObj->ReturnFiltersArray();
if ($myFilters != null) {
// Enable display of filters
$content["report_filters_enabled"] = true;
foreach ($myFilters as $myFieldID => $myFieldFilters) {
// Init Filterstring entry
$aNewDisplayFilter = array();
$aNewDisplayFilter['FilterDisplay'] = "";
$aNewDisplayFilter['FieldID'] = $myFieldID;
if (isset($fields[$myFieldID]['FieldCaption'])) {
$aNewDisplayFilter['FilterCaption'] = $fields[$myFieldID]['FieldCaption'];
} else {
$aNewDisplayFilter['FilterCaption'] = $myFieldID;
}
foreach ($myFieldFilters as $tmpFilter) {
// Date field means special handling!
if ($myFieldID == SYSLOG_DATE) {
// Set Filtertype Display
$aNewDisplayFilter['FilterType'] = $content['LN_REPORT_FILTERTYPE_DATE'];
// Append Datefilter to Title
// $content["report_title"] .=
if ($tmpFilter[FILTER_DATEMODE] == DATEMODE_LASTX) {
$aNewDisplayFilter['FilterDisplay'] = $content['LN_FILTER_DATELASTX'] . " ";
switch ($tmpFilter[FILTER_VALUE]) {
case DATE_LASTX_HOUR:
$aNewDisplayFilter['FilterDisplay'] .= "'" . $content['LN_DATE_LASTX_HOUR'] . "'";
break;
case DATE_LASTX_12HOURS:
$aNewDisplayFilter['FilterDisplay'] .= "'" . $content['LN_DATE_LASTX_12HOURS'] . "'";
break;
case DATE_LASTX_24HOURS:
$aNewDisplayFilter['FilterDisplay'] .= "'" . $content['LN_DATE_LASTX_24HOURS'] . "'";
break;
case DATE_LASTX_7DAYS:
$aNewDisplayFilter['FilterDisplay'] .= "'" . $content['LN_DATE_LASTX_7DAYS'] . "'";
break;
case DATE_LASTX_31DAYS:
$aNewDisplayFilter['FilterDisplay'] .= "'" . $content['LN_DATE_LASTX_31DAYS'] . "'";
break;
}
} else {
if ($tmpFilter[FILTER_DATEMODE] == DATEMODE_RANGE_FROM) {
$aNewDisplayFilter['FilterDisplay'] = $content["LN_FILTER_DATEFROM"] . " " . GetFormatedDate($tmpFilter[FILTER_VALUE]);
} else {
if ($tmpFilter[FILTER_DATEMODE] == DATEMODE_RANGE_TO) {
$aNewDisplayFilter['FilterDisplay'] = $content["LN_FILTER_DATETO"] . " " . GetFormatedDate($tmpFilter[FILTER_VALUE]);
}
}
}
// Add to title!
$content["report_title"] .= " - " . $aNewDisplayFilter['FilterDisplay'];
} else {
if ($tmpFilter[FILTER_TYPE] == FILTER_TYPE_STRING) {
// Set Filtertype Display
$aNewDisplayFilter['FilterType'] = $content['LN_REPORT_FILTERTYPE_STRING'];
// Set Filterdisplay
$aNewDisplayFilter['FilterDisplay'] = $aNewDisplayFilter['FilterCaption'] . " ";
if ($tmpFilter[FILTER_MODE] & FILTER_MODE_INCLUDE) {
if ($tmpFilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL) {
$aNewDisplayFilter['FilterDisplay'] .= "equals '" . $tmpFilter[FILTER_VALUE] . "'";
} else {
$aNewDisplayFilter['FilterDisplay'] .= "contains '" . $tmpFilter[FILTER_VALUE] . "'";
}
} else {
if ($tmpFilter[FILTER_MODE] & FILTER_MODE_EXCLUDE) {
if ($tmpFilter[FILTER_MODE] & FILTER_MODE_SEARCHFULL) {
$aNewDisplayFilter['FilterDisplay'] .= "does not equal '" . $tmpFilter[FILTER_VALUE] . "'";
} else {
$aNewDisplayFilter['FilterDisplay'] .= "does not contain '" . $tmpFilter[FILTER_VALUE] . "'";
}
}
}
} else {
if ($tmpFilter[FILTER_TYPE] == FILTER_TYPE_NUMBER) {
// Set Filtertype Display
$aNewDisplayFilter['FilterType'] = $content['LN_REPORT_FILTERTYPE_NUMBER'];
// Set Filterdisplay
$aNewDisplayFilter['FilterDisplay'] = $aNewDisplayFilter['FilterCaption'] . " ";
if ($tmpFilter[FILTER_MODE] & FILTER_MODE_INCLUDE) {
$aNewDisplayFilter['FilterDisplay'] .= "== " . $tmpFilter[FILTER_VALUE];
} else {
if ($tmpFilter[FILTER_MODE] & FILTER_MODE_EXCLUDE) {
$aNewDisplayFilter['FilterDisplay'] .= "!= " . $tmpFilter[FILTER_VALUE];
}
}
}
}
}
// Add to display filter array
if (strlen($aNewDisplayFilter['FilterDisplay']) > 0) {
$content["report_filters"][] = $aNewDisplayFilter;
}
}
}
} else {
// Disable display of filters
$content["report_filters_enabled"] = false;
}
}
