diff options
author | jim-p <jim@pingle.org> | 2009-06-06 17:59:08 -0400 |
---|---|---|
committer | jim-p <jim@pingle.org> | 2009-06-06 18:02:54 -0400 |
commit | c0b6fddeecb352cd95134d2c82e769f73edb18e7 (patch) | |
tree | 256b121ddbb52bdd5e95931b593b0eff57303783 /usr/local/www/filter_log.inc | |
parent | a87afa7cb85608cd5e341a25a7311d9132e8ce33 (diff) | |
download | pfsense-c0b6fddeecb352cd95134d2c82e769f73edb18e7.zip pfsense-c0b6fddeecb352cd95134d2c82e769f73edb18e7.tar.gz |
Sync my recent stuff to HEAD. Easy Rule, Log parsing tweaks, Firewall Log filter, Firewall Log Summary graphs. Also add ProtoChart.
Diffstat (limited to 'usr/local/www/filter_log.inc')
-rw-r--r-- | usr/local/www/filter_log.inc | 82 |
1 files changed, 62 insertions, 20 deletions
diff --git a/usr/local/www/filter_log.inc b/usr/local/www/filter_log.inc index f7b6c32..5c54dbd 100644 --- a/usr/local/www/filter_log.inc +++ b/usr/local/www/filter_log.inc @@ -1,7 +1,7 @@ <?php /* $Id$ */ /* - log.inc.php + filter_log.inc part of pfSesne by Scott Ullrich originally based on m0n0wall (http://m0n0.ch/wall) @@ -31,13 +31,16 @@ */ /* format filter logs */ -function conv_log_filter($logfile, $nentries, $tail = 50) { +function conv_log_filter($logfile, $nentries, $tail = 50, $filtertext = "") { global $config, $g; /* Make sure this is a number before using it in a system call */ if (!(is_numeric($tail))) return; + if ($filtertext) + $tail = 5000; + /* FreeBSD 8 splits pf log lines into two lines, so we need to at least * tail twice as many, plus some extra to account for unparseable lines */ $tail = $tail * 2 + 50; @@ -45,7 +48,7 @@ function conv_log_filter($logfile, $nentries, $tail = 50) { /* Always do a reverse tail, to be sure we're grabbing the 'end' of the log. */ $logarr = ""; - if(isset($config['system']['usefifolog'])) + if(isset($config['system']['usefifolog'])) exec("/usr/sbin/fifolog_reader {$logfile} | /usr/bin/tail -r -n {$tail}", $logarr); else exec("/usr/sbin/clog {$logfile} | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail -r -n {$tail}", $logarr); @@ -60,7 +63,7 @@ function conv_log_filter($logfile, $nentries, $tail = 50) { break; $flent = parse_filter_line($logent); - if ($flent != "") { + if (($flent != "") && (match_filter_line($flent, $filtertext))) { $counter++; $filterlog[] = $flent; } @@ -69,6 +72,13 @@ function conv_log_filter($logfile, $nentries, $tail = 50) { return isset($config['syslog']['reverse']) ? $filterlog : array_reverse($filterlog); } +function match_filter_line($flent, $filtertext = "") { + if (!$filtertext) + return true; + $filtertext = str_replace(' ', '\s+', $filtertext); + return preg_match("/{$filtertext}/i", implode(" ", array_values($flent))); +} + function collapse_filter_lines($logarr) { $lastline = ""; $collapsed = array(); @@ -95,8 +105,17 @@ function parse_filter_line($line) { list($all, $flent['time'], $host, $rule, $flent['act'], $flent['realint'], $details, $src, $dst, $leftovers) = $log_split; - $flent['src'] = convert_port_period_to_colon($src); - $flent['dst'] = convert_port_period_to_colon($dst); + list($flent['srcip'], $flent['srcport']) = parse_ipport($src); + list($flent['dstip'], $flent['dstport']) = parse_ipport($dst); + + $flent['src'] = $flent['srcip']; + $flent['dst'] = $flent['dstip']; + + if ($flent['srcport']) + $flent['src'] .= ':' . $flent['srcport']; + if ($flent['dstport']) + $flent['dst'] .= ':' . $flent['dstport']; + $flent['interface'] = convert_log_interface_to_friendly_interface_name($flent['realint']); $tmp = split("/", $rule); @@ -104,7 +123,7 @@ function parse_filter_line($line) { $proto = array(" ", "(?)"); /* Attempt to determine the protocol, based on several possible patterns. - * The value returned by strpos() must be strictly checkeded against the + * The value returned by strpos() must be strictly checkeded against the * boolean FALSE because it could return a valid answer of 0 upon success. */ if (!(strpos($details, 'proto ') === FALSE)) { preg_match("/.*\sproto\s(.*)\s\(/", $details, $proto); @@ -152,26 +171,49 @@ function convert_log_interface_to_friendly_interface_name($int) { return $int; } -function convert_port_period_to_colon($addr) { +function parse_ipport($addr) { + $addr = rtrim($addr, ":"); + $port = ''; if (substr_count($addr, '.') > 1) { - /* IPv4 - Change the port delimiter to : */ + /* IPv4 */ $addr_split = split("\.", $addr); - if($addr_split[4] == "") { - $newvar = "{$addr_split[0]}.{$addr_split[1]}.{$addr_split[2]}.{$addr_split[3]}"; - $newvar = rtrim($newvar, ":"); - } else { + $ip = "{$addr_split[0]}.{$addr_split[1]}.{$addr_split[2]}.{$addr_split[3]}"; + + if ($ip == "...") + return array($addr, ''); + + if($addr_split[4] != "") { $port_split = split("\:", $addr_split[4]); - $newvar = "{$addr_split[0]}.{$addr_split[1]}.{$addr_split[2]}.{$addr_split[3]}:{$port_split[0]}"; - $newvar = rtrim($newvar, ":"); + $port = $port_split[0]; } - if($newvar == "...") - return $addr; - return $newvar; } else { - /* IPv6 - Leave it alone */ + /* IPv6 */ $addr = split(" ", $addr); - return rtrim($addr[0], ":"); + $addr = rtrim($addr[0], ":"); + $addr_split = split("\.", $addr); + if (count($addr_split) > 1) { + $ip = $addr_split[0]; + $port = $addr_split[1]; + } else { + $ip = $addr; + } + } + + return array($ip, $port); +} + +function get_port_with_service($port, $proto) { + if (!$port) + return ''; + + $service = getservbyport($port, $proto); + $portstr = ""; + if ($service) { + $portstr = "<span title=\"Service {$port}/{$proto}: {$service}\">" . htmlspecialchars($port) . "</span>"; + } else { + $portstr = htmlspecialchars($port); } + return ':' . $portstr; } function find_rule_by_number($rulenum, $type="rules") { |