$max = 7; for ($i = $max - 1; $i >= 0; $i--) { $d = gmdate("j M", $timetz - 86400 * $i); $hours[] = $d; $trend[] = $data[$d] != "" ? $data[$d] : 0; } /*foreach ($data as $h => $v) { $hours[] = $h; $trend[] = ($v!="") ? $v : 0; } $max = count($hours);*/ $siem_url = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=day&time[0][0]=+&time[0][1]=>%3D&time[0][2]=MM&time[0][3]=DD&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=MM&time[1][3]=DD&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics&plugin=" . $plugins; } else { $js = "analytics_duo"; $data = SIEM_trends(); $data2 = Logger_trends(); for ($i = $max - 1; $i >= 0; $i--) { $h = gmdate("j G", $timetz - 3600 * $i) . "h"; $hours[] = preg_replace("/^\\d+ /", "", $h); $trend[] = $data[$h] != "" ? $data[$h] : 0; $trend2[] = $data2[$h] != "" ? $data2[$h] : 0; } $siem_url = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=day&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz) . "&time[0][3]=" . gmdate("d", $timetz) . "&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=HH&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $timetz) . "&time[1][3]=" . gmdate("d", $timetz) . "&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=HH&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics"; $siem_url_y = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=day&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz - 86400) . "&time[0][3]=" . gmdate("d", $timetz - 86400) . "&time[0][4]=" . gmdate("Y", $timetz - 86400) . "&time[0][5]=HH&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $timetz - 86400) . "&time[1][3]=" . gmdate("d", $timetz - 86400) . "&time[1][4]=" . gmdate("Y", $timetz - 86400) . "&time[1][5]=HH&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics"; } // $empty = true; ?> <body scroll="no" style="overflow:hidden;font-family:arial;font-size:11px"> <table id="data" style="display:none"> <tfoot>
} $f_url = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=MM&time[0][3]=ZZ&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=MM&time[1][3]=ZZ&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&plugin=" . $plugins; } elseif (GET('type') == 'honeypotweek') { $js = 'analytics'; $data = SIEM_trends_week('taxonomy=honeypot'); $max = 7; for ($i = $max - 1; $i >= 0; $i--) { $d = gmdate('j M', $timetz - 86400 * $i); $hours[] = $d; $trend[] = $data[$d] != "" ? $data[$d] : 0; } $f_url = "../forensics/base_qry_main.php?clear_allcriteria=1&category%5B0%5D=19&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=MM&time[0][3]=ZZ&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=00&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=MM&time[1][3]=ZZ&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=23&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d"; } else { $js = 'analytics_duo'; $data = SIEM_trends(); $data2 = $prodemo ? Logger_trends() : array(); for ($i = $max - 1; $i >= 0; $i--) { $h = gmdate('j G', $timetz - 3600 * $i) . 'h'; $hours[] = preg_replace("/^\\d+ /", '', $h); $trend[] = $data[$h] != '' ? $data[$h] : 0; $trend2[] = $data2[$h] != '' ? $data2[$h] : 0; } $f_url = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz) . "&time[0][3]=" . gmdate("d", $timetz) . "&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=HH&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $timetz) . "&time[1][3]=" . gmdate("d", $timetz) . "&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=HH&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d"; $f_url_y = "../forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz - 86400) . "&time[0][3]=" . gmdate("d", $timetz - 86400) . "&time[0][4]=" . gmdate("Y", $timetz - 86400) . "&time[0][5]=HH&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $timetz - 86400) . "&time[1][3]=" . gmdate("d", $timetz - 86400) . "&time[1][4]=" . gmdate("Y", $timetz - 86400) . "&time[1][5]=HH&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d"; } $empty = TRUE; ?> <body scroll="no" style="overflow:hidden;font-family:arial;font-size:11px"> <table id="data" style="display:none"> <tfoot> <tr>
} $colors = get_widget_colors(count($data)); break; case 'siemlogger': //Amount of hours to show in the widget. //$max = ($chart_info['range'] == '')? 16 : $chart_info['range']; $max = 16; //By now it will be always 24 hours //Type of graph. In this case is the simple raphael. $js = "analytics_duo"; //Retrieving the data of the widget $trend1 = Session::menu_perms("analysis-menu", "EventsForensics") ? SIEM_trends($max, $assets_filters) : array(); //Empty logger if any user perms over ctx, host, net $trend2 = array(); if (Session::is_pro() && Session::menu_perms("analysis-menu", "ControlPanelSEM")) { $trend2 = Logger_trends(); } for ($i = $max - 1; $i >= 0; $i--) { $h = gmdate("j G", $timetz - 3600 * $i) . "h"; $label[] = preg_replace("/^\\d+ /", "", $h); $data1[] = $trend1[$h] != "" ? $trend1[$h] : 0; $data2[] = $trend2[$h] != "" ? $trend2[$h] : 0; } $data[] = $data1; $data[] = $data2; $siem_url = "'" . Menu::get_menu_url("/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz) . "&time[0][3]=" . gmdate("d", $timetz) . "&time[0][4]=" . gmdate("Y", $timetz) . "&time[0][5]=HH&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $timetz) . "&time[1][3]=" . gmdate("d", $timetz) . "&time[1][4]=" . gmdate("Y", $timetz) . "&time[1][5]=HH&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics", 'analysis', 'security_events') . "'"; $siem_url_y = "'" . Menu::get_menu_url("/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz - 86400) . "&time[0][3]=" . gmdate("d", $timetz - 86400) . "&time[0][4]=" . gmdate("Y", $timetz - 86400) . "&time[0][5]=HH&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $timetz - 86400) . "&time[1][3]=" . gmdate("d", $timetz - 86400) . "&time[1][4]=" . gmdate("Y", $timetz - 86400) . "&time[1][5]=HH&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics", 'analysis', 'security_events') . "'"; if (Session::is_pro()) { $logger_url = "'" . Menu::get_menu_url('/ossim/sem/index.php?start=' . urlencode(gmdate("Y-m-d", $timetz) . " HH:00:00") . '&end=' . urlencode(gmdate("Y-m-d", $timetz) . " HH:59:59"), 'analysis', 'raw_logs') . "'"; $logger_url_y = "'" . Menu::get_menu_url('/ossim/sem/index.php?start=' . urlencode(gmdate("Y-m-d", $timetz - 86400) . " HH:00:00") . '&end=' . urlencode(gmdate("Y-m-d", $timetz - 86400) . " HH:59:59"), 'analysis', 'raw_logs') . "'"; } else {
//$max = ($chart_info['range'] == '')? 16 : $chart_info['range']; $max = 16; //By now it will be always 24 hours //Type of graph. In this case is the simple raphael. $js = "analytics_duo"; $fdate = gmdate("Y-m-d H", $timetz - 3600 * ($max - 1)); //Retrieving the data of the widget $trend1 = array(); if (Session::menu_perms("analysis-menu", "EventsForensics")) { $trend1 = SIEM_trends($max, $assets_filters, $fdate); } //Empty logger if any user perms over ctx, host, net $trend2 = array(); $logger_last_date = gmdate("YmdHis", $timetz); if (Session::is_pro() && Session::menu_perms("analysis-menu", "ControlPanelSEM")) { list($trend2, $logger_last_date) = Logger_trends(); } for ($i = $max - 1; $i >= 0; $i--) { $tref = $timetz - 3600 * $i; $h = gmdate("j G", $tref) . "h"; $lbl = preg_replace("/^\\d+ /", "", $h); $label[] = $lbl; $data1[] = $trend1[$h] != "" ? $trend1[$h] : 0; $data2[] = $trend2[$h] != "" ? $trend2[$h] : 0; $dates[] = gmdate("YmdHis", $tref); $siem_link = Menu::get_menu_url("/ossim/forensics/base_qry_main.php?clear_allcriteria=1&time_range=range&time[0][0]=+&time[0][1]=>%3D&time[0][2]=" . gmdate("m", $timetz) . "&time[0][3]=" . gmdate("d", $tref) . "&time[0][4]=" . gmdate("Y", $tref) . "&time[0][5]=" . gmdate("H", $tref) . "&time[0][6]=00&time[0][7]=00&time[0][8]=+&time[0][9]=AND&time[1][0]=+&time[1][1]=<%3D&time[1][2]=" . gmdate("m", $tref) . "&time[1][3]=" . gmdate("d", $tref) . "&time[1][4]=" . gmdate("Y", $tref) . "&time[1][5]=" . gmdate("H", $tref) . "&time[1][6]=59&time[1][7]=59&time[1][8]=+&time[1][9]=+&submit=Query+DB&num_result_rows=-1&time_cnt=2&sort_order=time_d&hmenu=Forensics&smenu=Forensics", 'analysis', 'security_events'); if (Session::is_pro()) { $logger_link = Menu::get_menu_url('/ossim/sem/index.php?start=' . urlencode(gmdate("Y-m-d H", $tref) . ":00:00") . '&end=' . urlencode(gmdate("Y-m-d H", $tref) . ":59:59"), 'analysis', 'raw_logs'); } else { $logger_link = Menu::get_menu_url('/ossim/ossem/index.php', 'analysis', 'raw_logs'); }