function SIEM_trends($h = 24)
{
global $tz;
$tzc = Util::get_tzc($tz);
$data = array();
require_once 'ossim_db.inc';
$db = new ossim_db();
$dbconn = $db->snort_connect();
$sensor_where = make_sensor_filter($dbconn);
$sqlgraph = "SELECT COUNT(acid_event.sid) as num_events, hour(convert_tz(timestamp,'+00:00','{$tzc}')) as intervalo, day(convert_tz(timestamp,'+00:00','{$tzc}')) as suf FROM acid_event WHERE timestamp BETWEEN '" . gmdate("Y-m-d H:i:s", gmdate("U") - 3600 * $h) . "' AND '" . gmdate("Y-m-d H:i:s") . "' {$sensor_where} GROUP BY suf,intervalo";
//print_r($sqlgraph);
if (!($rg =& $dbconn->Execute($sqlgraph))) {
print $dbconn->ErrorMsg();
} else {
while (!$rg->EOF) {
//$tzhour = $rg->fields["intervalo"] + $tz;
//if ($tzhour<0) $tzhour+=24;
//elseif ($tzhour>23) $tzhour-=24;
//$data[$tzhour."h"] = $rg->fields["num_events"];
$data[$rg->fields["suf"] . " " . $rg->fields["intervalo"] . "h"] = $rg->fields["num_events"];
$rg->MoveNext();
}
}
$db->close($dbconn);
return $data;
}
function SIEM_trends($h = 24)
{
global $tz;
$tzc = Util::get_tzc($tz);
$data = array();
$db = new ossim_db(TRUE);
$dbconn = $db->snort_connect();
$_asset_where = make_asset_filter();
$asset_where = $_asset_where[1];
$sensor_where = make_ctx_filter() . $asset_where;
$sqlgraph = "SELECT COUNT(acid_event.id) AS num_events, hour(convert_tz(timestamp,'+00:00','{$tzc}')) AS intervalo, \n\t day(convert_tz(timestamp,'+00:00','{$tzc}')) as suf \n\t FROM acid_event \n\t WHERE timestamp BETWEEN '" . gmdate("Y-m-d H:i:s", gmdate("U") - 3600 * $h) . "' AND '" . gmdate("Y-m-d H:i:s") . "' {$sensor_where} \n\t GROUP BY suf, intervalo";
if (!($rg =& $dbconn->CacheExecute($sqlgraph))) {
Av_exception::write_log(Av_exception::DB_ERROR, $dbconn->ErrorMsg());
} else {
while (!$rg->EOF) {
$data[$rg->fields['suf'] . ' ' . $rg->fields['intervalo'] . 'h'] = $rg->fields['num_events'];
$rg->MoveNext();
}
}
$db->close();
return $data;
}
* Classes list:
*/
require_once 'classes/Session.inc';
require_once 'classes/Security.inc';
Session::logcheck("MenuConfiguration", "ToolsBackup");
require_once 'classes/Util.inc';
require_once 'ossim_db.inc';
require_once 'classes/Backup.inc';
$conf = $GLOBALS["CONF"];
$data_dir = $conf->get_conf("data_dir");
$backup_dir = $conf->get_conf("backup_dir");
$version = $conf->get_conf("ossim_server_version", FALSE);
$pro = preg_match("/pro|demo/i", $version) ? true : false;
//$backup_dir = "/root/pruebas_backup";
$db = new ossim_db();
$conn = $db->snort_connect();
$conn_ossim = $db->connect();
$insert = array();
$delete = array();
if (!is_dir($backup_dir)) {
die(ossim_error(_("Could not access backup dir") . ": <b>{$backup_dir}</b>"));
}
$dir = dir($backup_dir);
$query = OssimQuery("SELECT DISTINCT DATE_FORMAT(timestamp, '%Y%m%d') as day FROM acid_event ORDER BY timestamp DESC");
if (!($rs = $conn->Execute($query))) {
print 'error: ' . $conn->ErrorMsg() . '<BR>';
exit;
}
// Delete
while (!$rs->EOF) {
if (file_exists($backup_dir . "/delete-" . $rs->fields["day"] . ".sql.gz")) {
?>
";
parent.$("#ptext").html(n_msg + "<?php
echo ' <strong>' . $net['name'] . '</strong>';
?>
");
</script>
<?php
$cidrs = explode(',', $net['ips']);
$net_ctx = $net['ctx'];
$query = "SELECT DISTINCT INET6_NTOP(ip_src) AS ip, HEX(ctx) AS ctx, HEX(device.sensor_id) AS sensor_id\n FROM acid_event, device \n WHERE acid_event.device_id = device.id AND acid_event.device_id > 0 \n AND ip_src >= INET6_PTON(?) AND ip_src <= INET6_PTON(?) AND ctx = UNHEX(?) AND src_host is NULL\n UNION\n SELECT DISTINCT INET6_NTOP(ip_dst) AS ip, HEX(ctx) AS ctx, HEX(device.sensor_id) AS sensor_id \n FROM acid_event, device\n WHERE acid_event.device_id = device.id AND acid_event.device_id > 0 \n AND ip_dst >= INET6_PTON(?) AND ip_dst <= INET6_PTON(?) AND ctx = UNHEX(?) AND dst_host is NULL";
foreach ($cidrs as $cidr) {
$range = Asset_net::expand_cidr($cidr, 'SHORT', 'IP');
$conn_snort = $db->snort_connect();
$params = array($range[$cidr][0], $range[$cidr][1], $net_ctx, $range[$cidr][0], $range[$cidr][1], $net_ctx);
//error_log($cidr."\n".$rs->sql."\n\n", 3, '/tmp/siem_host.txt');
$rs = $conn_snort->Execute($query, $params);
if (!$rs) {
?>
<script type="text/javascript">
parent.show_error("<?php
echo $conn_snort->ErrorMsg();
?>
");
</script>
<?php
exit;
}
