ossim_valid($date_to, OSS_DIGIT, OSS_SCORE, OSS_NULLABLE, 'illegal:' . _("to date")); $runorder = intval(GET('runorder')); if ($runorder == 0) { $runorder = ""; } if (ossim_error()) { die(ossim_error()); } /* hosts to show */ if (empty($limit) || $limit <= 0 || $limit > 10) { $limit = 10; } if (empty($type)) { $type = "event"; } $security_report = new SecurityReport(); $shared = new DBA_shared(GET('shared')); $SS_TopEvents = $shared->get("SS_TopEvents{$runorder}"); $SA_TopAlarms = $shared->get("SA_TopAlarms{$runorder}"); if ($type == "event" && is_array($SS_TopEvents) && count($SS_TopEvents) > 0) { $list = $SS_TopEvents; } elseif ($type == "alarm" && is_array($SA_TopAlarms) && count($SA_TopAlarms) > 0) { $list = $SA_TopAlarms; } else { $list = $security_report->Events($limit, $type, $date_from, $date_to); } $data_pie = array(); $legend = $data = array(); foreach ($list as $key => $l) { if ($key >= 10) { // ponemos un límite de resultados para la gráfica
function event_max_occurrences($date_from, $date_to) { global $NUM_HOSTS; global $security_report; global $report_type; /* ossim framework conf */ $conf = $GLOBALS["CONF"]; $acid_link = $conf->get_conf("acid_link"); $ossim_link = $conf->get_conf("ossim_link"); $acid_prefix = $conf->get_conf("event_viewer"); $report_graph_type = $conf->get_conf("report_graph_type"); ?> <table align="center" width="100%" cellpadding="0" cellspacing="0" class="noborder"> <tr><td class="headerpr"> <?php if ($report_type == "alarm") { ?> <?php echo _("Top"); ?> <?php echo "{$NUM_HOSTS} " . _("Alarms"); ?> <?php } else { ?> <?php echo _("Top"); ?> <?php echo "{$NUM_HOSTS} " . _("Events"); ?> <?php } ?> </td></tr> </table> <table align="center" width="100%"> <tr> <?php if ($report_type == "alarm") { ?> <th> <?php echo gettext("Alarm"); ?> </th> <?php } else { ?> <th> <?php echo gettext("Event"); ?> </th> <?php } ?> <th> <?php echo gettext("Occurrences"); ?> </th> </tr> <?php $list = $security_report->Events($NUM_HOSTS, $report_type, $date_from, $date_to); foreach ($list as $l) { $event = $l[0]; $short_event = SecurityReport::Truncate($event, 60); $occurrences = number_format($l[1], 0, ",", "."); ?> <tr> <?php if ($report_type == "alarm") { $link = "{$ossim_link}/control_panel/alarm_console.php"; } else { $link = "{$acid_link}/" . $acid_prefix . "_qry_main.php?new=1&" . "sig[0]==&" . "sig[1]=" . urlencode($event) . "&" . "sig[2]==&" . "submit=Query+DB&" . "num_result_rows=-1&" . "sort_order=time_d"; } ?> <td style="text-align:left;"><a href="<?php echo $link; ?> "><?php echo Util::signaturefilter($short_event); ?> </a></td> <td><?php echo $occurrences; ?> </td> </tr> <?php } ?> <tr> <td colspan="2" class="nobborder" height="348" valign="top"><center> <br/> <?php if ($report_graph_type == "applets") { jgraph_nbevents_graph(); } else { ?> <iframe src="graphs/events_received_graph.php?hosts=<?php echo $NUM_HOSTS; ?> &type=<?php echo $report_type; ?> &date_from=<?php echo urlencode($date_from); ?> &date_to=<?php echo urlencode($date_to); ?> " alt="<?php echo _("events graph"); ?> " frameborder="0" style="margin:0px;padding:0px;width:430px;height:430px;border: 0px solid rgb(170, 170, 170);text-align:center"> </iframe><?php /* ?> <img src="graphs/events_received_graph.php?hosts=<?php echo $NUM_HOSTS ?>&type=<?php echo $report_type ?>&date_from=<?=urlencode($date_from)?>&date_to=<?=urlencode($date_to)?>" alt="events graph"/> <?php*/ } ?> </center></td> <tr/> </table> <?php }
}); }); </script> </table> </td> </tr> </table> </td> </tr> </table> <?php } elseif ($screen == "alarms" && Session::menu_perms("MenuIncidents", "ReportsAlarmReport")) { // Alarms report $report_type = "alarm"; $security_report = new SecurityReport(); $interval = 60 * 60 * 24 * $range; # 1 month $date_from = GET('date_from') != "" ? GET('date_from') : strftime("%Y-%m-%d", time() - $interval); $date_to = GET('date_to') != "" ? GET('date_to') : strftime("%Y-%m-%d", time()); // Attacked host $list1 = $security_report->AttackHost($conn, "ip_dst", $NUM_HOSTS, $report_type, $date_from, $date_to); // Attacker host $list2 = $security_report->AttackHost($conn, "ip_src", $NUM_HOSTS, $report_type, $date_from, $date_to); // Ports $list3 = $security_report->Ports($NUM_HOSTS, $report_type, $date_from, $date_to); // Events $list4 = $security_report->Events($NUM_HOSTS, $report_type, $date_from, $date_to); ?> <table cellpadding='0' cellspacing='0' border='0' align="center" width='99%'> <tr>
/* hosts to show */ if (empty($limit)) { $limit = 11; } if (empty($type)) { $type = "event"; } if (!$type == "event") { if ($target == "ip_dst") { $target = "dst_ip"; } if ($target == "ip_src") { $target = "src_ip"; } } $security_report = new SecurityReport(); if (!strcmp($target, "ip_src") || !strcmp($target, "src_ip")) { $title = _("TOP ATTACKER"); $sufix = "er"; $color = "#D6302C"; $color2 = "#0000CD"; //$color = "navy"; //$color2 = "lightsteelblue"; $titlecolor = "darkblue"; } elseif (!strcmp($target, "ip_dst") || !strcmp($target, "dst_ip")) { $title = _("TOP ATTACKED"); $sufix = "ed"; $color = "#3933FC"; $color2 = "#FF4500"; //$color = "darkred"; //$color2 = "lightred";
?> <option <?php if (!$interface && $s_int->get_main() == 1) { echo "SELECTED"; } elseif ($interface == $s_int->get_interface()) { echo "SELECTED"; } ?> value="<?php echo $s_int->get_interface(); ?> "> <?php $interface_name = $s_int->get_name() != "" ? $s_int->get_name() : $s_int->get_interface(); echo SecurityReport::Truncate($interface_name, 30, "..."); ?> </option> <?php } } else { echo "<option value=''>- " . _("No interfaces found") . " -"; } } } if (!$sflag) { echo "<option value=''>- " . _("No interfaces found") . " -"; } } else { echo "<option value=''>- " . _("No interfaces found") . " -"; }