public function discard($days)
{
$discardedEventCount = ProcessorEventMatchstate::discardOld($this->tDbh, $days);
Log::notice(sprintf("%u old event(s) discarded", $discardedEventCount));
QueryLoghost::discardUnused($this->tDbh);
QueryUser::discardUnused($this->tDbh);
QueryHostipNetwork::discardUnused($this->tDbh);
QueryHostip::discardUnused($this->tDbh);
QueryHostmac::discardUnused($this->tDbh);
QueryService::discardUnused($this->tDbh);
}
private static function safeGetGeoipRecord($hostip)
{
$record = false;
if ($hostip != "") {
if (GEOIP2_CITY_DATABASE_FILE != false) {
if (is_null(self::$geoip2Reader)) {
if (!extension_loaded("bcmath")) {
Log::warning("Missing required extension 'bcmath' for GeoIP2");
}
self::$geoip2Reader = new GeoIp2\Database\Reader(GEOIP2_CITY_DATABASE_FILE);
}
try {
$found = self::$geoip2Reader->city($hostip);
$record = array("continent_code" => utf8_encode($found->continent->code), "country_code" => utf8_encode($found->country->isoCode), "country_name" => utf8_encode($found->country->name), "region" => utf8_encode($found->mostSpecificSubdivision->isoCode), "city" => utf8_encode($found->city->name), "postal_code" => utf8_encode($found->postal->code), "latitude" => $found->location->latitude, "longitude" => $found->location->longitude);
} catch (GeoIp2\Exception\AddressNotFoundException $e) {
}
} elseif (function_exists("geoip_record_by_name")) {
$found = @geoip_record_by_name($hostip);
if ($found !== false) {
$record = array("continent_code" => utf8_encode($found["continent_code"]), "country_code" => utf8_encode($found["country_code"]), "country_name" => utf8_encode($found["country_name"]), "region" => utf8_encode($found["region"]), "city" => utf8_encode($found["city"]), "postal_code" => utf8_encode($found["postal_code"]), "latitude" => $found["latitude"], "longitude" => $found["longitude"]);
}
}
}
if ($record === false) {
$record = array("continent_code" => "", "country_code" => "", "country_name" => "", "region" => "", "city" => "", "postal_code" => "", "latitude" => 0.0, "longitude" => 0.0);
}
return $record;
}
private function update()
{
$loghostId = QueryLoghost::getLoghostId($this->tDbh, $this->tMatchedLoghost);
$serviceId = QueryService::getServiceId($this->tDbh, $this->tMatchedService);
$networkId = QueryHostipNetwork::getNetworkId($this->tDbh, $this->tNetworkmap, $this->tMatchedHostip);
$hostipId = QueryHostip::getHostipId($this->tDbh, $this->tMatchedHostip);
$hostmacId = QueryHostmac::getHostmacId($this->tDbh, $this->tMatchedHostmac);
$userId = QueryUser::getUserId($this->tDbh, $this->tUserdb, $this->tMatchedUser);
if (!Options::pretend()) {
$select = $this->tDbh->prepare("SELECT a.id, a.count, a.first, a.last FROM event a WHERE a.loghostid = ? AND a.serviceid = ? AND a.typeid = ? AND a.networkid = ? AND a.hostipid = ? AND a.hostmacid = ? AND a.userid = ?");
$select->bindValue(1, $loghostId, PDO::PARAM_STR);
$select->bindValue(2, $serviceId, PDO::PARAM_STR);
$select->bindValue(3, $this->tEvent->getTypeid(), PDO::PARAM_STR);
$select->bindValue(4, $networkId, PDO::PARAM_STR);
$select->bindValue(5, $hostipId, PDO::PARAM_STR);
$select->bindValue(6, $hostmacId, PDO::PARAM_STR);
$select->bindValue(7, $userId, PDO::PARAM_STR);
$select->execute();
$select->bindColumn(1, $id, PDO::PARAM_STR);
$select->bindColumn(2, $count, PDO::PARAM_INT);
$select->bindColumn(3, $first, PDO::PARAM_INT);
$select->bindColumn(4, $last, PDO::PARAM_INT);
if ($select->fetch(PDO::FETCH_BOUND) !== false) {
$count++;
$first = min($first, $this->tMatchedTimestamp);
$last = max($last, $this->tMatchedTimestamp);
$update = $this->tDbh->prepare("UPDATE event SET count = ?, first = ?, last = ? WHERE id = ?");
$update->bindValue(1, $count, PDO::PARAM_INT);
$update->bindValue(2, $first, PDO::PARAM_INT);
$update->bindValue(3, $last, PDO::PARAM_INT);
$update->bindValue(4, $id, PDO::PARAM_STR);
$update->execute();
} else {
$insert = $this->tDbh->prepare("INSERT INTO event (loghostid, serviceid, typeid, networkid, hostipid, hostmacid, userid, count, first, last) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$insert->bindValue(1, $loghostId, PDO::PARAM_STR);
$insert->bindValue(2, $serviceId, PDO::PARAM_STR);
$insert->bindValue(3, $this->tEvent->getTypeid(), PDO::PARAM_STR);
$insert->bindValue(4, $networkId, PDO::PARAM_STR);
$insert->bindValue(5, $hostipId, PDO::PARAM_STR);
$insert->bindValue(6, $hostmacId, PDO::PARAM_STR);
$insert->bindValue(7, $userId, PDO::PARAM_STR);
$insert->bindValue(8, 1, PDO::PARAM_INT);
$insert->bindValue(9, $this->tMatchedTimestamp, PDO::PARAM_INT);
$insert->bindValue(10, $this->tMatchedTimestamp, PDO::PARAM_INT);
$insert->execute();
$id = $this->tDbh->lastInsertId();
}
$insert = $this->tDbh->prepare("INSERT INTO log (eventid, time, line) VALUES(?, ?, ?)");
foreach ($this->tMatchedLines as $line) {
$insert->bindValue(1, $id, PDO::PARAM_STR);
$insert->bindValue(2, $this->tMatchedTimestamp, PDO::PARAM_STR);
$insert->bindValue(3, $line, PDO::PARAM_STR);
$insert->execute();
}
}
}
public function apply($dbh, $matches, $term)
{
return QueryHostipMac::getHostmac($dbh, QueryHostip::normalizeHostip($this->bindParam($matches, $term)));
}
