diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2005-06-28 21:27:21 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2005-06-28 21:27:21 +0000 |
commit | 80b5e9c6ab697bd654951245f756825d02f72a3c (patch) | |
tree | 140ba242d377add5e9e9bff74ece24ca9e674eb7 /usr/local/www | |
parent | f12181eefcc7110a17dbb7076ccef9b260f81eab (diff) | |
download | pfsense-80b5e9c6ab697bd654951245f756825d02f72a3c.zip pfsense-80b5e9c6ab697bd654951245f756825d02f72a3c.tar.gz |
Introduce a new diagnostics filter page which works! This one now uses regex for easy updating. There are a few outstounding issues such as the counter not working correctly due to some lines lacking a src and dest which needs some work but overall it works.
Diffstat (limited to 'usr/local/www')
-rwxr-xr-x | usr/local/www/diag_logs_filter.php | 57 |
1 files changed, 18 insertions, 39 deletions
diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php index 5076bd7..06bc015 100755 --- a/usr/local/www/diag_logs_filter.php +++ b/usr/local/www/diag_logs_filter.php @@ -68,48 +68,27 @@ function conv_clog($logfile, $tail) { $counter = 0; foreach ($logarr as $logent) { - $dontdisplay = 0; - - $master_split = preg_split("/rule/", $logent); - $first_split = preg_split("/\s+/", $master_split[0]); - $second_split = preg_split("/\s+/", $master_split[1]); - - $flent = array(); - - $flent['time'] = $first_split[0] . ", " . $first_split[1] . " " . $first_split[2]; - $flent['interface'] = $second_split[5]; - - $flent['proto'] = $second_split[10]; - $flent['act'] = $second_split[1]; - $flent['src'] = format_ipf_ip($second_split[7]); - $flent['dst'] = format_ipf_ip($second_split[9]); - - $flent['act'] = ereg_replace(":", "", $flent['act']); - $flent['dst'] = ereg_replace(":", "", $flent['dst']); - $int = ereg_replace(":", "", $flent['interface']); - $int = ereg_replace(" ", "", $int); - $flent['interface'] = $int . " - " . convert_real_interface_to_friendly_interface_name($int); - - if($second_split[11] == "udp" or $second_split[11] == "tcp" or $second_split[11] == "icmp" or $second_split[11] == "igmp") $flent['proto'] = $second_split[11]; - - $flent['proto'] = ereg_replace(":", "", $flent['proto']); - $flent['proto'] = ereg_replace(",", "", $flent['proto']); - - $flent['src'] = convert_port_period_to_colon($flent['src']); - $flent['dst'] = convert_port_period_to_colon($flent['dst']); - - if($flent['dst'] == "HBH...") $dontdisplay = 1; - - if($flent['proto'] == "S" or $flent['proto'] == "NBT" or $flent['proto'] == "." or $flent['proto'] == "R" or $flent['proto'] == ">") $dontdisplay = 1; - - if($dontdisplay == 0) { - $filterlog[] = $flent; - - if($counter > $nentries) - return $filterlog; + preg_match("/(.*)\s(\w+)\spf:.*rule.*\(match\):\s(\w+)\sin\son\s(\w+:)\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,7})\s([\<|\>])\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,7}):.*/",$logent,$log_split); + + $flent['proto'] = "TCP"; + if(stristr($logent, "UDP") == true) + $flent['proto'] = "UDP"; + + /* XXX: fetch time? */ + $flent['time'] = $log_split[1]; + $flent['act'] = $log_split[3]; + $flent['interface'] = $log_split[4]; + $flent['src'] = $log_split[5]; + $flent['dst'] = $log_split[7]; + + if($flent['src'] == "" or $flent['dst'] == "") { + /* do not display me! */ + } else { $counter++; + $filterlog[] = $flent; } + } return $filterlog; |