diff options
Diffstat (limited to 'usr/local/www/diag_logs_filter.php')
-rwxr-xr-x | usr/local/www/diag_logs_filter.php | 202 |
1 files changed, 24 insertions, 178 deletions
diff --git a/usr/local/www/diag_logs_filter.php b/usr/local/www/diag_logs_filter.php index 2e4045f..960956f 100755 --- a/usr/local/www/diag_logs_filter.php +++ b/usr/local/www/diag_logs_filter.php @@ -38,13 +38,15 @@ ##|-PRIV require("guiconfig.inc"); +require_once("filter_log.inc"); if($_GET['getrulenum'] or $_POST['getrulenum']) { if($_GET['getrulenum']) - $rulenum = escapeshellarg($_GET['getrulenum']); + $rulenum = $_GET['getrulenum']; if($_POST['getrulenum']) - $rulenum = escapeshellarg($_POST['getrulenum']); - $rule = `pfctl -vvsr | grep '@{$rulenum} '`; + $rulenum = $_POST['getrulenum']; + list($rulenum, $type) = explode(',', $rulenum); + $rule = find_rule_by_number($rulenum, $type); echo "The rule that triggered this action is:\n\n{$rule}"; exit; } @@ -58,126 +60,12 @@ if (!$nentries) if ($_POST['clear']) clear_log_file($filter_logfile); -/* format filter logs */ -function conv_clog($logfile, $tail = 50) { - global $config, $nentries, $g; - $logarr = ""; - /* make interface/port table */ - $iftable = array(); - $iflist = get_configured_interface_with_descr(); - foreach ($iflist as $if => $ifdesc) - $iftable[get_real_interface($if)] = $ifdesc; - - $sor = isset($config['syslog']['reverse']) ? "-r" : ""; - - if(isset($config['system']['usefifolog'])) - exec("/usr/sbin/fifolog_reader {$logfile} | /usr/bin/tail {$sor} -n 500", $logarr); - else - exec("/usr/sbin/clog {$logfile} | grep -v \"CLOG\" | grep -v \"\033\" | /usr/bin/tail {$sor} -n 500", $logarr); - - $filterlog = array(); - - $counter = 1; - - foreach ($logarr as $logent) { - - if($counter > $nentries) - break; - - $log_split = ""; - - - preg_match("/(\b(?:\d{1,3}\.){3}\d{1,3}(\.\w+)?)\s.*\s(\b(?:\d{1,3}\.){3}\d{1,3}(\.\w+)?)/", $logent, $log_split); - - $flent['src'] = convert_port_period_to_colon($log_split[1]); - $flent['dst'] = convert_port_period_to_colon($log_split[3]); - - preg_match("/(.*)\s.*\spf:\s.*\srule\s(.*)\(match\)\:\s(.*)\s\w+\son\s(\w+)\:\s(.*)\s>\s(.*)\:\s.*/", $logent, $log_split); - - $beforeupper = $logent; - $logent = strtoupper($logent); - - if(stristr(strtoupper($logent), "UDP") == true) - $flent['proto'] = "UDP"; - else if(stristr(strtoupper($logent), "TCP") == true) - $flent['proto'] = "TCP"; - else if(stristr(strtoupper($logent), "ICMP") == true) - $flent['proto'] = "ICMP"; - else if(stristr(strtoupper($logent), "HSRP") == true) - $flent['proto'] = "HSRP"; - else if(stristr(strtoupper($logent), "ESP") == true) - $flent['proto'] = "ESP"; - else if(stristr(strtoupper($logent), "AH") == true) - $flent['proto'] = "AH"; - else if(stristr(strtoupper($logent), "GRE") == true) - $flent['proto'] = "GRE"; - else if(stristr(strtoupper($logent), "IGMP") == true) - $flent['proto'] = "IGMP"; - else if(stristr(strtoupper($logent), "CARP") == true) - $flent['proto'] = "CARP"; - else if(stristr(strtoupper($logent), "VRRP") == true) - $flent['proto'] = "VRRP"; - else if(stristr(strtoupper($logent), "PFSYNC") == true) - $flent['proto'] = "PFSYNC"; - else if(stristr($logent, "sack") == true) - $flent['proto'] = "TCP"; - else - $flent['proto'] = "TCP"; - - $flent['time'] = $log_split[1]; - $flent['act'] = $log_split[3]; - $flent['interface'] = empty($iftable[$log_split[4]]) ? $log_split[4] : $iftable[$log_split[4]]; - - $tmp = split("/", $log_split[2]); - $flent['rulenum'] = $tmp[0]; - - $shouldadd = true; - - if(trim($flent['src']) == "") - $shouldadd = false; - if(trim($flent['dst']) == "") - $shouldadd = false; - if(trim($flent['time']) == "") - $shouldadd = false; - - if($shouldadd == true) { - $counter++; - $filterlog[] = $flent; - } else { - if($g['debug']) { - log_error("There was a error parsing rule: $beforeupper . Please report to mailing list or forum."); - } - } - - } - - return $filterlog; -} - -function convert_port_period_to_colon($addr) { - $addr_split = split("\.", $addr); - if($addr_split[4] == "") - $newvar = $addr_split[0] . "." . $addr_split[1] . "." . $addr_split[2] . "." . $addr_split[3]; - else - $newvar = $addr_split[0] . "." . $addr_split[1] . "." . $addr_split[2] . "." . $addr_split[3] . ":" . $addr_split[4]; - if($newvar == "...") - return $addr; - return $newvar; -} - -function format_ipf_ip($ipfip) { - list($ip,$port) = explode(",", $ipfip); - if (!$port) - return $ip; - - return $ip . ", port " . $port; -} - $pgtitle = array("Status","System logs","Firewall"); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<script src="/javascript/filter_log.js" type="text/javascript"></script> <?php include("fbegin.inc"); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> @@ -201,11 +89,11 @@ include("head.inc"); <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <?php if (!isset($config['syslog']['rawfilter'])): - $filterlog = conv_clog($filter_logfile, $nentries); + $filterlog = conv_log_filter($filter_logfile, $nentries, $nentries + 100); ?> <tr> <td colspan="6" class="listtopic"> - Last <?=$nentries;?> firewall log entries (<a href='/diag_logs_filter_dynamic.php'>switch</a> to dynamic view)</td> + Last <?php echo $nentries;?> firewall log entries (<a href='/diag_logs_filter_dynamic.php'>switch</a> to dynamic view)</td> </tr> <tr> <td width="10%" class="listhdrr">Act</td> @@ -218,79 +106,37 @@ include("head.inc"); <tr> <td class="listlr" nowrap align="middle"> <center> - <a href="#" onClick="javascript:getURL('diag_logs_filter.php?getrulenum=<?php echo $filterent['rulenum']; ?>', outputrule);"> - <?php if (strstr(strtolower($filterent['act']), "p")) - $img = "/themes/{$g['theme']}/images/icons/icon_pass.gif"; - else if(strstr(strtolower($filterent['act']), "r")) - $img = "/themes/{$g['theme']}/images/icons/icon_reject.gif"; - else - $img = "/themes/{$g['theme']}/images/icons/icon_block.gif"; - ?> - <img border="0" src="<?=$img;?>" width="11" height="11" align="absmiddle"> + <a href="#" onClick="javascript:getURL('diag_logs_filter.php?getrulenum=<?php echo "{$filterent['rulenum']},{$filterent['act']}"; ?>', outputrule);"> + <img border="0" src="<?php echo find_action_image($filterent['act']);?>" width="11" height="11" align="absmiddle" alt="<?php echo $filterent['act'];?>" title="<?php echo $filterent['act'];?>" /> <?php if ($filterent['count']) echo $filterent['count'];?></td> - <td class="listr" nowrap><?=htmlspecialchars($filterent['time']);?></td> - <td class="listr" nowrap><?=htmlspecialchars($filterent['interface']);?></td> - <td class="listr" nowrap><?=htmlspecialchars($filterent['src']);?></td> - <td class="listr" nowrap><?=htmlspecialchars($filterent['dst']);?></td> - <td class="listr" nowrap><?=htmlspecialchars($filterent['proto']);?></td> + <td class="listr" nowrap><?php echo htmlspecialchars($filterent['time']);?></td> + <td class="listr" nowrap><?php echo htmlspecialchars($filterent['interface']);?></td> + <td class="listr" nowrap><?php echo htmlspecialchars($filterent['src']);?></td> + <td class="listr" nowrap><?php echo htmlspecialchars($filterent['dst']);?></td> + <?php + if ($filterent['proto'] == "TCP") + $filterent['proto'] .= ":{$filterent['tcpflags']}"; + ?> + <td class="listr" nowrap><?php echo htmlspecialchars($filterent['proto']);?></td> </tr><?php endforeach; ?> <?php else: ?> <tr> <td colspan="2" class="listtopic"> - Last <?=$nentries;?> firewall log entries</td> + Last <?php echo $nentries;?> firewall log entries</td> </tr> <?php dump_clog($filter_logfile, $nentries); ?> <?php endif; ?> - <tr><td><br><form action="diag_logs_filter.php" method="post"> -<input name="clear" type="submit" class="formbtn" value="Clear log"></td></tr> + <tr><td><br /><form action="diag_logs_filter.php" method="post"> +<input name="clear" type="submit" class="formbtn" value="Clear log" /></td></tr> </form> </table> </div> </td> </tr> </table> -<script language="javascript"> -if (typeof getURL == 'undefined') { - getURL = function(url, callback) { - if (!url) - throw 'No URL for getURL'; - try { - if (typeof callback.operationComplete == 'function') - callback = callback.operationComplete; - } catch (e) {} - if (typeof callback != 'function') - throw 'No callback function for getURL'; - var http_request = null; - if (typeof XMLHttpRequest != 'undefined') { - http_request = new XMLHttpRequest(); - } - else if (typeof ActiveXObject != 'undefined') { - try { - http_request = new ActiveXObject('Msxml2.XMLHTTP'); - } catch (e) { - try { - http_request = new ActiveXObject('Microsoft.XMLHTTP'); - } catch (e) {} - } - } - if (!http_request) - throw 'Both getURL and XMLHttpRequest are undefined'; - http_request.onreadystatechange = function() { - if (http_request.readyState == 4) { - callback( { success : true, - content : http_request.responseText, - contentType : http_request.getResponseHeader("Content-Type") } ); - } - } - http_request.open('GET', url, true); - http_request.send(null); - } -} -function outputrule(req) { - alert(req.content); -} -</script> +<p><span class="vexpl"><a href="http://doc.pfsense.org/index.php/What_are_TCP_Flags%3F">TCP Flags</a>: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, C - CWR</span></p> + <?php include("fend.inc"); ?> </body> </html> |