Location: PHPKode > projects > IPTables log analyzer > iptablelog/index.php
<?php
/////////////////////////////////////////////////////////////////////////////////////
// IPTable log analyzer
// Copyright (C) 2002 Gerald GARCIA
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Plac<B2>e - Suite 330, Boston, MA  02111-1307, USA.
//
// Contact author : hide@address.com
/////////////////////////////////////////////////////////////////////////////////////

// $Id: index.php,v 1.7 2007/03/30 22:39:18 tarbuck Exp $


require_once("conf/config.php");
require_once("utils/Tabulator.php");
require_once("utils/Misc.php");
?>

<?php 


  $tabulator = new Tabulator();

  pageHeader(); 
  if ($chain != 'ALL') {
  	$chain_where = " AND u.oob_prefix='$chain'";
  }
  if ($date < 1000) {
        $date_where = " AND u.local_time > UNIX_TIMESTAMP(ADDDATE(CURDATE(),INTERVAL -$date DAY))";
	$date_displayString = ", younger than " . $dateToString[$date];
  }
  if ($srcsubnet != "0.0.0.0/0") {
        list($net,$mask) = parsesubnet($srcsubnet,1);
        $subnet_where  .= " AND (u.ip_saddr & $mask) = $net";
	$subnet_displayString = ", matching source " . $srcsubnet;
  } 

  if ($destsubnet != "0.0.0.0/0") {
      list($net,$mask) = parsesubnet($destsubnet,1);
      $subnet_where  .= " AND (u.ip_daddr & $mask) = $net";
      if (!isset($subnet_displayString)) { 
          $subnet_displayString = ", matching destination $destsubnet"; 
      } else { 
          $subnet_displayString .= " and destination " . $destsubnet; 
      }
  }

  $query = "SELECT COUNT(id) FROM ulog u WHERE 1=1 $date_where $chain_where $subnet_where";
  $result = db_query ($query);
  $nb_records=db_nextvalue($result);
  if ($first > ($nb_records - $number)) { $first = ($nb_records - $number); }
  if ($first < 0) { $first = 0; }

  $query = "SELECT FROM_UNIXTIME(u.local_time) as date,local_hostname AS host,u.oob_prefix AS chain,u.oob_in AS interface_in,u.oob_out AS interface_out,INET_NTOA(u.ip_saddr) AS ip_src,p.name AS proto,IFNULL(shc.host,'Unresolved') AS name_src,IFNULL(u.tcp_dport,IFNULL(u.udp_dport,0)) AS port_dest,IFNULL(u.tcp_sport,IFNULL(u.udp_sport,0)) AS port_src,IFNULL(dhc.host,'Unresolved') AS name_dest,INET_NTOA(u.ip_daddr) AS ip_dest FROM ulog u LEFT OUTER JOIN host_cache shc ON u.ip_saddr = shc.ip LEFT OUTER JOIN host_cache dhc ON u.ip_daddr = dhc.ip LEFT OUTER JOIN protos p ON u.ip_protocol = p.num WHERE 1=1 $date_where $chain_where $subnet_where ORDER BY date DESC LIMIT $first,$number";

$result = db_query ($query);

echo "<b>Last packets filtered by tag " . $chain . 
		$date_displayString . $subnet_displayString . ":</b><br>\n";
$tabulator->display($nb_records);

$display_cols = 5;
?>

<table cellspacing="1" cellpadding="1" width="100%">
  <tr bgcolor="#DDDDDD"><td>
<table cellspacing="1" cellpadding="1" width="100%">
<tr>
  <td nowrap><center>Tag</center></td>
<td nowrap><center>Date</center></td>
<?php 
if ($display_netfilter_host) { 
        echo "<td nowrap><center>Host&nbsp;<a href='?_display_netfilter_host=0&domain=$domain' class='DelButton'>[X] </a></center></td>"; 
        $display_cols++; 
}
if ($display_netfilter_interface) { 
        echo "<td nowrap><center>Int. <a href='?_display_netfilter_interface=0&domain=$domain' class='DelButton'>[X]</a></center></td>"; 
        $display_cols++; 
} 
echo "<td nowrap><center>Proto.</center></td><td nowrap><center>Src IP</center></td>\n";
if ($display_netfilter_srcport) { 
        echo "<td nowrap><center>S. port <a href='?_display_netfilter_srcport=0&domain=$domain' class='DelButton'>[X]</a></center></td>"; 
        $display_cols++;  
}
if ($display_netfilter_destination) { 
        echo "<td nowrap><center>Dest. IP <a href='?_display_netfilter_destination=0&domain=$domain' class='DelButton'>[X]</a></center></td>"; 
        $display_cols++; 
} 
?>
<td><center>Dest. port</center></td></tr>

<?php
if ($debug) {
    echo "<tr><td colspan=$display_cols>$query</td></tr>";
}
while($line = db_nextobject($result)){
    print "<tr bgcolor=\"#FFFFFF\">";

    print "<td><center>$line->chain</center></td>";
    print "<td><font size=-1>$line->date</font></td>";
    if ($display_netfilter_host) { print "<td>$line->host</td>"; }
    if ($display_netfilter_interface) { 
    if ($line->interface_in) {
                print "<td>$line->interface_in&lt;-</td>";
        } else {
                print "<td>$line->interface_out-&gt;</td>";
        }
    }
    print "<td>$line->proto</td>";
    print "<td><a href=\"from_host.php?ip=$line->ip_src\">";
    if ($line->name_src=="Unresolved") { print "$line->ip_src"; } else { print "$line->name_src"; }
    print "</a></td>";

    if ($display_netfilter_srcport) { 
        if (strcmp($line->proto,"ICMP")) { print "<td>$line->port_src</td>"; } else { echo "<td>&nbsp;</td>"; }
    }

    if ($display_netfilter_destination) {
      print "<td><a href=\"to_host.php?ip=$line->ip_dest\">";
      if ($line->name_dest=="Unresolved") { print "$line->ip_dest"; } else { print "$line->name_dest"; }
      print "</a>";
      if ($line->port_dest == 80) {
        print "<font size=-2> [<a href=\"http://$line->ip_dest\" target=\"WWW\">Go</a>]</font>";
      }
      print "</td>";
    }

  
    if (strcmp($line->proto,"ICMP")!=0) {
      print "<td><a href=\"to_port.php?port=$line->port_dest\">$line->port_dest";
      $port_name=findPortNameFromNumber($line->port_dest);
      if (strlen($port_name)!=0) {
	print " ($port_name)";
      }
      print "</a><font size=-2> [<a href=\"http://isc.sans.org/port_details.php?port=$line->port_dest\" target=\"SANS\">Check</a>]</font>";
      print "</td>";
    } else {
      print "<td><center>-</center></td>";
    }
    
    print "</tr>\n";
  }

?>
</td></tr></table>
</td></tr></table>

<?php $tabulator->display($nb_records); ?>

<?php if (!$display_netfilter_host) { ?><a href="?_display_netfilter_host=1" class="AddButton">Show Host</a><br> <?php } ?>
<?php if (!$display_netfilter_interface) { ?><a href="?_display_netfilter_interface=1" class="AddButton">Show Interface</a><br> <?php } ?>
<?php if (!$display_netfilter_srcport) { ?><a href="?_display_netfilter_srcport=1" class="AddButton">Show Source Port</a><br><?php } ?>
<?php if (!$display_netfilter_destination) { ?><a href="?_display_netfilter_destination=1" class="AddButton">Show Destination IP</a><?php } ?>


<?php pageFooter(); ?>

Return current item: IPTables log analyzer