diff options
author | Scott Dale <sdale@pfsense.org> | 2007-05-07 02:21:35 +0000 |
---|---|---|
committer | Scott Dale <sdale@pfsense.org> | 2007-05-07 02:21:35 +0000 |
commit | 1db766dfbeaee353cbafbce8926d359454994415 (patch) | |
tree | 0b8e7d6cd608966dddf8167998ecda3a32daa9d1 /usr/local/www/widgets/include | |
parent | aacd6b3dcc8bc76c3d7f54945a8092121d2cdd1c (diff) | |
download | pfsense-1db766dfbeaee353cbafbce8926d359454994415.zip pfsense-1db766dfbeaee353cbafbce8926d359454994415.tar.gz |
Widget base. Note: changes to widgets are not saved yet.
Diffstat (limited to 'usr/local/www/widgets/include')
-rw-r--r-- | usr/local/www/widgets/include/log.inc | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/usr/local/www/widgets/include/log.inc b/usr/local/www/widgets/include/log.inc new file mode 100644 index 0000000..8c26603 --- /dev/null +++ b/usr/local/www/widgets/include/log.inc @@ -0,0 +1,166 @@ +<?php + +//set variables for log +$filter_logfile = "{$g['varlog_path']}/filter.log"; +$nentries = 5; +$filterlog = conv_clog_filter($filter_logfile, $nentries); + +/* AJAX related routines */ + handle_ajax(); + + +/* format filter logs */ +function conv_clog_filter($logfile, $tail = 50) { + global $config, $nentries, $logfile; + + $logfile = "/var/log/filter.log"; + + /* make interface/port table */ + $iftable = array(); + $iftable[$config['interfaces']['lan']['if']] = "LAN"; + $iftable[get_real_wan_interface()] = "WAN"; + for ($i = 1; isset($config['interfaces']['opt' . $i]); $i++) + $iftable[$config['interfaces']['opt' . $i]['if']] = $config['interfaces']['opt' . $i]['descr']; + + $sor = isset($config['syslog']['reverse']) ? "-r" : ""; + + $logarr = ""; + exec("/usr/sbin/clog {$logfile} | /usr/bin/tail {$sor} -n {$tail}", $logarr); + + $filterlog = array(); + + $counter = 0; + + foreach ($logarr as $logent) { + + if($counter > $nentries) + break; + + $log_split = ""; + + preg_match("/(\b(?:\d{1,3}\.){3}\d{1,3}(\.\w+)?)\s.*\s(\b(?:\d{1,3}\.){3}\d{1,3}(\.\w+)?)/", $logent, $log_split); + + $flent['src'] = convert_port_period_to_colon($log_split[1]); + $flent['dst'] = convert_port_period_to_colon($log_split[3]); + + preg_match("/(.*)\s.*\spf:\s.*\srule\s(.*)\(match\)\:\s(.*)\s\w+\son\s(\w+)\:\s(.*)\s>\s(.*)\:\s.*/", $logent, $log_split); + + $logent = strtoupper($logent); + + $do_not_display = false; + + if(stristr(strtoupper($logent), "UDP") == true) + $flent['proto'] = "UDP"; + else if(stristr(strtoupper($logent), "TCP") == true) + $flent['proto'] = "TCP"; + else if(stristr(strtoupper($logent), "ICMP") == true) + $flent['proto'] = "ICMP"; + else if(stristr(strtoupper($logent), "HSRP") == true) + $flent['proto'] = "HSRP"; + else if(stristr(strtoupper($logent), "ESP") == true) + $flent['proto'] = "ESP"; + else if(stristr(strtoupper($logent), "AH") == true) + $flent['proto'] = "AH"; + else if(stristr(strtoupper($logent), "GRE") == true) + $flent['proto'] = "GRE"; + else if(stristr(strtoupper($logent), "IGMP") == true) + $flent['proto'] = "IGMP"; + else if(stristr(strtoupper($logent), "CARP") == true) + $flent['proto'] = "CARP"; + else if(stristr(strtoupper($logent), "PFSYNC") == true) + $flent['proto'] = "PFSYNC"; + else + $flent['proto'] = "TCP"; + + $time_regex = ""; + preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9])/", $log_split[1], $time_regex); + $row_time = strtotime($time_regex[1]); + + $flent['time'] = $row_time; + $flent['act'] = $log_split[3]; + + $friendly_int = convert_real_interface_to_friendly_interface_name($log_split[4]); + + $flent['interface'] = strtoupper($friendly_int); + + if($config['interfaces'][$friendly_int]['descr'] <> "") + $flent['interface'] = "{$config['interfaces'][$friendly_int]['descr']}"; + + $flent['src'] = convert_port_period_to_colon($log_split[5]); + $flent['dst'] = convert_port_period_to_colon($log_split[6]); + + $flent['dst'] = str_replace(": NBT UDP PACKET(137)", "", $flent['dst']); + + $tmp = split("/", $log_split[2]); + $flent['rulenum'] = $tmp[0]; + + $counter++; + $filterlog[] = $flent; + + } + + return $filterlog; +} + +function convert_port_period_to_colon($addr) { + $addr_split = split("\.", $addr); + if($addr_split[4] == "") + $newvar = $addr_split[0] . "." . $addr_split[1] . "." . $addr_split[2] . "." . $addr_split[3]; + else + $newvar = $addr_split[0] . "." . $addr_split[1] . "." . $addr_split[2] . "." . $addr_split[3] . ":" . $addr_split[4]; + if($newvar == "...") + return $addr; + return $newvar; +} + +function format_ipf_ip($ipfip) { + list($ip,$port) = explode(",", $ipfip); + if (!$port) + return $ip; + + return $ip . ", port " . $port; +} + +/* AJAX specific handlers */ +function handle_ajax() { + if($_GET['getrulenum'] or $_POST['getrulenum']) { + if($_GET['getrulenum']) + $rulenum = $_GET['getrulenum']; + if($_POST['getrulenum']) + $rulenum = $_POST['getrulenum']; + $rule = `pfctl -vvsr | grep @{$rulenum}`; + echo "The rule that triggered this action is:\n\n{$rule}"; + exit; + } + + if($_GET['lastsawtime'] or $_POST['lastsawtime']) { + global $filter_logfile,$filterent; + if($_GET['lastsawtime']) + $lastsawtime = $_GET['lastsawtime']; + if($_POST['lastsawtime']) + $lastsawtime = $_POST['lastsawtime']; + /* compare lastsawrule's time stamp to filter logs. + * afterwards return the newer records so that client + * can update AJAX interface screen. + */ + $new_rules = ""; + $filterlog = conv_clog_filter($filter_logfile, 50); + foreach($filterlog as $log_row) { + $time_regex = ""; + preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9])/", $log_row['time'], $time_regex); + $row_time = strtotime($time_regex[1]); + if (strstr(strtolower($log_row['act']), "p")) + $img = "<img border='0' src='/themes/metallic/images/icons/icon_pass.gif'>"; + else if(strstr(strtolower($filterent['act']), "r")) + $img = "<img border='0' src='/themes/metallic/images/icons/icon_reject.gif'>"; + else + $img = "<img border='0' src='/themes/metallic/images/icons/icon_block.gif'>"; + //echo "{$time_regex[1]} - $row_time > $lastsawtime<p>"; + if($row_time > $lastsawtime) + $new_rules .= "{$img}||{$log_row['time']}||{$log_row['interface']}||{$log_row['src']}||{$log_row['dst']}||{$log_row['proto']}||" . time() . "||\n"; + } + echo $new_rules; + exit; + } +} +?>
\ No newline at end of file |