Location: PHPKode > projects > IPTables log analyzer > iptablelog/from_host.php
<?php
/////////////////////////////////////////////////////////////////////////////////////
// IPTable log analyzer
// Copyright (C) 2002 Gerald GARCIA
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Plac<B2>e - Suite 330, Boston, MA  02111-1307, USA.
//
// Contact author : hide@address.com
/////////////////////////////////////////////////////////////////////////////////////

// $Id: from_host.php,v 1.6 2007/03/30 22:39:18 tarbuck Exp $


require_once("conf/config.php");
require_once("utils/Tabulator.php");
require_once("utils/Misc.php");


$tabulator = new Tabulator();

pageHeader();

$ip=$_REQUEST['ip'];

#$query = "SELECT host as name_src FROM host_cache where ip=INET_ATON('$ip')";
#$result = db_query ($query);
#if ($res=db_nextvalue($result)) {
#  $host_name=$res;
#}
$host_name = getHostnameFromCache($ip);
?>

<b>Filtered packets from <?php print "$host_name ($ip)" ; ?> for chain <?php print $chain; ?> younger than <?php print $dateToString[$date]; ?> :</b><br><br>
Whois for <?php print "<a href=whois.php?host=$ip>"; ?><?php print "$ip"; ?></a>
<br><br>


<table cellspacing="0" cellpadding="0" width="100%"><tr bgcolor="#DDDDDD"><td>
<table cellspacing="1" cellpadding="2" width="100%">
<tr><td><center>Chain</center></td><td><center>Date</center></td>
<?php if ($display_netfilter_host) { ?><td><center>Host&nbsp;<a href="?_display_netfilter_host=0&ip=<?php print $ip; ?>" class="DelButton">[X]</a></center></td><?php } ?>
<?php if ($display_netfilter_interface) { ?><td><center>Interf.&nbsp;<a href="?_display_netfilter_interface=0&ip=<?php print $ip; ?>" class="DelButton">[X]</a></center></td><?php } ?>
<td><center>Proto</center></td>
<?php if ($display_netfilter_srcport) { ?><td nowrap><center>S. port <a href="?_display_netfilter_srcport=0" class="DelButton"
>[X]</a></center></td><?php } ?>
<td><center>Dest. port</center></td>
<?php if ($display_netfilter_destination) { ?><td><center>Dest. IP&nbsp;<a href="?_display_netfilter_destination=0&ip=<?php print $ip; ?>" class="DelButton">[X]</a></center></td><?php } ?>
</tr>

<?php
if ($chain != 'ALL') {
    $chain_where = " AND u.oob_prefix='$chain'";
}
if ($date < 1000) {
    $date_where = "AND u.local_time > UNIX_TIMESTAMP(ADDDATE(CURDATE(),INTERVAL -$date DAY))";
}

$query = "SELECT count(id) FROM ulog u WHERE ip_saddr=INET_ATON('$ip') $date_where $chain_where";
$result = db_query ($query) or db_handleError("Unable to query log table");
$nb_records=db_nextvalue($result);

if ($first > ($nb_records - $number)) { $first = ($nb_records - $number); }
if ($first < 0) { $first = 0; }

$query = "SELECT FROM_UNIXTIME(u.local_time) as date,local_hostname AS host,u.oob_prefix AS chain,u.oob_in AS interface_in,u.oob_out AS interface_out,p.name AS proto,IFNULL(u.tcp_sport,IFNULL(u.udp_sport,0)) AS port_src,IFNULL(u.tcp_dport,IFNULL(u.udp_dport,0)) AS port_dest,IFNULL(dhc.host,'Unresolved') AS name_dest,INET_NTOA(u.ip_daddr) AS ip_dest FROM ulog u LEFT OUTER JOIN host_cache dhc ON u.ip_daddr = dhc.ip LEFT OUTER JOIN protos p ON u.ip_protocol = p.num WHERE ip_saddr=INET_ATON('$ip') $date_where $chain_where ORDER BY date DESC LIMIT $first,$number";
$result = db_query ($query);

if ( db_numrows($result) == 0 ) {
  print "<tr bgcolor=\"#FFFFFF\"><td colspan=6>No packets match the request</td></tr>";
} else {

while($line = db_nextobject($result)){
   print "<tr bgcolor=\"#FFFFFF\">";
   print "<td>$line->chain</td>"; 
   print "<td>$line->date</td>"; 
   if ($display_netfilter_host) { print "<td>$line->host</td>"; }
   if ($display_netfilter_interface) {
	if ($line->interface_in) {
                print "<td>$line->interface_in&lt;-</td>";
        } else {
                print "<td>$line->interface_out-&gt;</td>";
        }
   }
   print "<td>$line->proto</td>"; 

   if ($display_netfilter_srcport) {
	if (strcmp($line->proto,"ICMP")) { print "<td>$line->port_src</td>"; } else { echo "<td>&nbsp;</td>"; }
   }
 
   if (strcmp($line->proto,"ICMP")!=0) {
     print "<td><a href=\"to_port.php?port=$line->port_dest\">$line->port_dest ";
#     $query2 = "SELECT name FROM ports where port=$line->port_dest ORDER BY custom DESC limit 1";
#     $result2 = db_query ($query2);
#     if ($port_desc=db_nextobject($result2)) {
     if ($port_desc=findPortNameFromNumber($line->port_dest)) {
       print "($port_desc)";
     }
     print "</a></td>";
   } else {
     print "<td><center>-</center></td>";
   }

   if ($display_netfilter_destination) {
     print "<td><a href=\"to_host.php?ip=$line->ip_dest\">";
     if ($line->name_dest=="Unresolved") { print "$line->ip_dest"; } else { print "$line->name_dest"; }
     print "</a></td>";
   }


   print "</tr>";   
   
}
?>

    <?php } // nb packet != 0 ?>

</table>
</td></tr></table>

<?php
$tabulator->display($nb_records); 
?>

<?php if (!$display_netfilter_host) { ?><a href="?_display_netfilter_host=1&ip=<?php print $ip; ?>" class="AddButton">Show Host</a><br> <?php } ?>
<?php if (!$display_netfilter_interface) { ?><a href="?_display_netfilter_interface=1&ip=<?php print $ip; ?>" class="AddButton">Show Interface</a><br> <?php } ?>
<?php if (!$display_netfilter_srcport) { ?><a href="?_display_netfilter_srcport=1" class="AddButton">Show Source Port</a><br><?php } ?>
<?php if (!$display_netfilter_destination) { ?><a href="?_display_netfilter_destination=1&ip=<?php print $ip; ?>" class="AddButton">Show Destination IP</a><br><?php } ?>

<?php pageFooter(); ?>
Return current item: IPTables log analyzer