function SIEM_trends($h = 24) { global $tz; $tzc = Util::get_tzc($tz); $data = array(); require_once 'ossim_db.inc'; $db = new ossim_db(); $dbconn = $db->snort_connect(); $sensor_where = make_sensor_filter($dbconn); $sqlgraph = "SELECT COUNT(acid_event.sid) as num_events, hour(convert_tz(timestamp,'+00:00','{$tzc}')) as intervalo, day(convert_tz(timestamp,'+00:00','{$tzc}')) as suf FROM acid_event WHERE timestamp BETWEEN '" . gmdate("Y-m-d H:i:s", gmdate("U") - 3600 * $h) . "' AND '" . gmdate("Y-m-d H:i:s") . "' {$sensor_where} GROUP BY suf,intervalo"; //print_r($sqlgraph); if (!($rg =& $dbconn->Execute($sqlgraph))) { print $dbconn->ErrorMsg(); } else { while (!$rg->EOF) { //$tzhour = $rg->fields["intervalo"] + $tz; //if ($tzhour<0) $tzhour+=24; //elseif ($tzhour>23) $tzhour-=24; //$data[$tzhour."h"] = $rg->fields["num_events"]; $data[$rg->fields["suf"] . " " . $rg->fields["intervalo"] . "h"] = $rg->fields["num_events"]; $rg->MoveNext(); } } $db->close($dbconn); return $data; }
function SIEM_trends($h = 24) { global $tz; $tzc = Util::get_tzc($tz); $data = array(); $db = new ossim_db(TRUE); $dbconn = $db->snort_connect(); $_asset_where = make_asset_filter(); $asset_where = $_asset_where[1]; $sensor_where = make_ctx_filter() . $asset_where; $sqlgraph = "SELECT COUNT(acid_event.id) AS num_events, hour(convert_tz(timestamp,'+00:00','{$tzc}')) AS intervalo, \n\t day(convert_tz(timestamp,'+00:00','{$tzc}')) as suf \n\t FROM acid_event \n\t WHERE timestamp BETWEEN '" . gmdate("Y-m-d H:i:s", gmdate("U") - 3600 * $h) . "' AND '" . gmdate("Y-m-d H:i:s") . "' {$sensor_where} \n\t GROUP BY suf, intervalo"; if (!($rg =& $dbconn->CacheExecute($sqlgraph))) { Av_exception::write_log(Av_exception::DB_ERROR, $dbconn->ErrorMsg()); } else { while (!$rg->EOF) { $data[$rg->fields['suf'] . ' ' . $rg->fields['intervalo'] . 'h'] = $rg->fields['num_events']; $rg->MoveNext(); } } $db->close(); return $data; }
* Classes list: */ require_once 'classes/Session.inc'; require_once 'classes/Security.inc'; Session::logcheck("MenuConfiguration", "ToolsBackup"); require_once 'classes/Util.inc'; require_once 'ossim_db.inc'; require_once 'classes/Backup.inc'; $conf = $GLOBALS["CONF"]; $data_dir = $conf->get_conf("data_dir"); $backup_dir = $conf->get_conf("backup_dir"); $version = $conf->get_conf("ossim_server_version", FALSE); $pro = preg_match("/pro|demo/i", $version) ? true : false; //$backup_dir = "/root/pruebas_backup"; $db = new ossim_db(); $conn = $db->snort_connect(); $conn_ossim = $db->connect(); $insert = array(); $delete = array(); if (!is_dir($backup_dir)) { die(ossim_error(_("Could not access backup dir") . ": <b>{$backup_dir}</b>")); } $dir = dir($backup_dir); $query = OssimQuery("SELECT DISTINCT DATE_FORMAT(timestamp, '%Y%m%d') as day FROM acid_event ORDER BY timestamp DESC"); if (!($rs = $conn->Execute($query))) { print 'error: ' . $conn->ErrorMsg() . '<BR>'; exit; } // Delete while (!$rs->EOF) { if (file_exists($backup_dir . "/delete-" . $rs->fields["day"] . ".sql.gz")) {
?> "; parent.$("#ptext").html(n_msg + "<?php echo ' <strong>' . $net['name'] . '</strong>'; ?> "); </script> <?php $cidrs = explode(',', $net['ips']); $net_ctx = $net['ctx']; $query = "SELECT DISTINCT INET6_NTOP(ip_src) AS ip, HEX(ctx) AS ctx, HEX(device.sensor_id) AS sensor_id\n FROM acid_event, device \n WHERE acid_event.device_id = device.id AND acid_event.device_id > 0 \n AND ip_src >= INET6_PTON(?) AND ip_src <= INET6_PTON(?) AND ctx = UNHEX(?) AND src_host is NULL\n UNION\n SELECT DISTINCT INET6_NTOP(ip_dst) AS ip, HEX(ctx) AS ctx, HEX(device.sensor_id) AS sensor_id \n FROM acid_event, device\n WHERE acid_event.device_id = device.id AND acid_event.device_id > 0 \n AND ip_dst >= INET6_PTON(?) AND ip_dst <= INET6_PTON(?) AND ctx = UNHEX(?) AND dst_host is NULL"; foreach ($cidrs as $cidr) { $range = Asset_net::expand_cidr($cidr, 'SHORT', 'IP'); $conn_snort = $db->snort_connect(); $params = array($range[$cidr][0], $range[$cidr][1], $net_ctx, $range[$cidr][0], $range[$cidr][1], $net_ctx); //error_log($cidr."\n".$rs->sql."\n\n", 3, '/tmp/siem_host.txt'); $rs = $conn_snort->Execute($query, $params); if (!$rs) { ?> <script type="text/javascript"> parent.show_error("<?php echo $conn_snort->ErrorMsg(); ?> "); </script> <?php exit; }