<html>
<head>
<title>Snort IDS logs for Securetty.com</title>
<base target="_self">
</head>
<body bgcolor="gray">
<form action="tixedit.php" target="logdata" method="post">
<?php
include ("myfunctions.php");
# If the includes are not working for the db settings then populate them locally:
include ("dbconn_out.php");
include ("tixdbconn_in.php");
## mysql snort database
# $db_host = ""; # mysql database server.
# $db_user = ""; # mysql user with SELECT, UPDATE, INSERT priveleges.
# $db_passwd = ""; # password for mysql user.
# $db_database = ""; # database name where snort logs to.
## mysql snort database for ticketing system
# $tix_db_host = ""; # IP of mysql server containing ticketing database.
# $tix_db_user = ""; # mysql user with SELECT, INSERT, UPDATE, DELETE priveleges.
# $tix_db_passwd = ""; # password for mysql user.
# $tix_db_database = ""; # name of the ticketing database.
$db_connection = mysql_connect($db_host, $db_user, $db_passwd);
mysql_select_db($db_database);
$intcidIndex =0 + $cidIndex;
#-----------------------------------------------------------------------------------------
# Do the the following if the 'View Details' button was clicked
#-----------------------------------------------------------------------------------------
if (($details=="View Details") AND ($cidIndex != ""))
{
#-----------------------------------------------------------------------------------------
# Do the IP header stuff
#-----------------------------------------------------------------------------------------
$SelstrIP = "SELECT iphdr.sid, iphdr.cid, iphdr.ip_src, iphdr.ip_dst, iphdr.ip_ver, ";
$SelstrIP .= "iphdr.ip_hlen, iphdr.ip_tos, iphdr.ip_len, iphdr.ip_id, iphdr.ip_flags, ";
$SelstrIP .= "iphdr.ip_off, iphdr.ip_ttl, iphdr.ip_proto, iphdr.ip_csum ";
$SelstrIP .= "FROM iphdr where iphdr.cid=$intcidIndex";
$Result = mysql_query($SelstrIP, $db_connection);
print "<table border=\"0\" cellspacing=\"5\">";
print "<tr><th colspan=\"8\" bgcolor=\"orange\" align=\"left\">IP Header Details</th></tr>";
if (mysql_num_rows($Result) != 0)
{
$row = mysql_fetch_row($Result);
$IP_source = 0 + $row[2];
$IP_dest = 0 + $row[3];
mysql_free_result($Result);
#----------------- NOW present IP screen ----------------------------------------------------
print "<tr><td align=\"right\" width=\"110\"><b>Source IP: </b></td>";
print "<td width=\"150\">".IntToIPaddress($IP_source)."</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\" width=\"110\"><b>TOS: </b></td><td width=\"150\">$row[6]</td><td width=\"5%\"></td>";
print "<td align=\"right\"><b>Offset: </b></td><td width=\"150\">$row[10]</td></tr>";
print "<tr><td align=\"right\" width=\"110\"><b>Destination IP: </b></td>";
print "<td width=\"150\">".IntToIPaddress($IP_dest)."</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\" width=\"110\"><b>Packet Length: </b></td><td width=\"150\">$row[7]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\"><b>TTL: </b></td><td width=\"150\">$row[11]</td></tr>";
print "<tr><td align=\"right\" width=\"110\"><b>Version: </b></td><td width=\"150\">$row[4]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\"><b>ID: </b></td><td width=\"150\">$row[8]</td><td width=\"5%\"></td>";
print "<td align=\"right\"><b>Protocol: </b></td><td width=\"150\">$row[12]</td></tr>";
print "<tr><td align=\"right\" width=\"110\"><b>Header Length: </b></td>";
print "<td width=\"150\">$row[5]</td><td width=\"5%\"></td>";
print "<td align=\"right\"><b>Flags: </b></td><td width=\"150\">$row[9]</td><td width=\"5%\"></td>";
print "<td align=\"right\"><b>Check Sum: </b></td><td width=\"150\">$row[13]</td></tr>";
print "</table><hr>";
} else
{
print "<tr><th colspan=\"8\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
}
# mysql_free_result($Result);
#-----------------------------------------------------------------------------------------
# Do the TCP header stuff
#-----------------------------------------------------------------------------------------
if ($protocol=="tcp")
{
$SelstrTCP = "SELECT tcphdr.sid, tcphdr.cid, tcphdr.tcp_sport, tcphdr.tcp_dport, ";
$SelstrTCP .= "tcphdr.tcp_seq, tcphdr.tcp_ack, tcphdr.tcp_off, tcphdr.tcp_res, ";
$SelstrTCP .= "tcphdr.tcp_flags, tcphdr.tcp_win, tcphdr.tcp_csum, tcphdr.tcp_urp ";
$SelstrTCP .= "from tcphdr where tcphdr.cid=$intcidIndex";
$Result = mysql_query($SelstrTCP, $db_connection);
print "<table border=\"0\" cellspacing=\"5\">";
print "<tr><th colspan=\"10\" bgcolor=\"orange\" align=\"left\">TCP Header Details</th></tr>";
if (mysql_num_rows($Result) != 0)
{
$row = mysql_fetch_row($Result);
#------------------------------ Determine the flags -------------------------------------
$flagindex = 0+$row[8];
$sql = "SELECT number, RES1, RES2, URG, ACK, PSH, RST, SYN, FIN, valid, description ";
$sql .= " FROM flags WHERE number=".$flagindex;
$flag = mysql_query($sql, $db_connection);
if (mysql_num_rows($flag) != 0)
{
$F_row = mysql_fetch_row($flag);
if ($F_row[0] == "0")
{
$FlagDesc = "NULL Packet";
}
else
{
if ($F_row[1] == "1")
{
$Flags .= ",R1";
}
if ($F_row[2] == "1")
{
$Flags .= ",R2";
}
if ($F_row[3] == "1")
{
$Flags .= ",U";
}
if ($F_row[4] == "1")
{
$Flags .= ",A";
}
if ($F_row[5] == "1")
{
$Flags .= ",P";
}
if ($F_row[6] == "1")
{
$Flags .= ",R";
}
if ($F_row[7] == "1")
{
$Flags .= ",S";
}
if ($F_row[8] == "1")
{
$Flags .= ",F";
}
}
if(substr($Flags,0,1) == ",")
{
$Flags = substr($Flags, 1, strlen($Flags));
}
$FlagDesc = $F_row[10];
} else {
$FlagDesc = "Error Determining Flag information.";
}
#------------------------ END Flag stuff -------------------------------------------------
#---------------- Present TCP screen ---------------------------------------------------------
print "<tr><td align=\"right\" width=\"120\"><b>Source Port: </b></td>";
print "<td width=\"150\">$row[2]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\" width=\"120\"><b>Offset:</b></td><td width=\"150\">$row[6]</td><td width=\"5%\"></td>";
print "<td align=\"right\"><b>Check Sum: </b></td><td width=\"150\">$row[10]</td></tr>";
print "<tr><td align=\"right\" width=\"120\"><b>Destination Port: </b></td>";
print "<td width=\"150\">$row[3]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\" width=\"120\"><b>Res: </b></td><td width=\"150\">$row[7]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\"><b>Urp: </b></td><td width=\"150\">$row[11]</td></tr>";
print "<tr><td align=\"right\" width=\"120\"><b>Sequence: </b></td><td width=\"150\">$row[4]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\"><b>Flags: </b></td><td width=\"150\">$Flags</td><td width=\"5%\"></td>";
print "<td align=\"right\"><b>Window: </b></td><td width=\"150\">$row[9]</td><td width=\"5%\"></td></tr>";
print "<tr><td align=\"right\" width=\"120\"><b>Acknowledge: </b></td>";
print "<td width=\"150\">$row[5]</td><td width=\"5%\"></td>";
print "<td align=\"right\"><b>Flag Desc:</b></td><td colspan=\"4\">";
print "<table border=\"1\"><tr><td>$FlagDesc</td></tr></table></td></tr>";
print "</table><hr>";
} else
{
print "<tr><th colspan=\"10\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
}
mysql_free_result($Result);
} elseif ($protocol=="udp")
{
#-----------------------------------------------------------------------------------------
# Do the UDP header stuff
#-----------------------------------------------------------------------------------------
$SelstrUDP = "SELECT udphdr.sid, udphdr.cid, udphdr.udp_sport, udphdr.udp_dport, ";
$SelstrUDP .= "udphdr.udp_len, udphdr.udp_csum from udphdr where udphdr.cid=$intcidIndex";
$Result = mysql_query($SelstrUDP, $db_connection);
print "<table border=\"0\" cellspacing=\"2\">";
print "<tr><th colspan=\"4\" bgcolor=\"orange\" align=\"left\">UDP Header Details</th></tr>";
if (mysql_num_rows($Result) != 0)
{
$row = mysql_fetch_row($Result);
print "<tr><td align=\"right\" width=\"120\"><b>Source Port: </b></td>";
print "<td width=\"150\">$row[2]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\" width=\"120\"><b>Length: </b></td><td width=\"150\">$row[4]</td></tr>";
print "<tr><td align=\"right\" width=\"120\"><b>Destination Port: </b></td>";
print "<td width=\"150\">$row[3]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\" width=\"120\"><b>Check Sum: </b></td><td width=\"150\">$row[5]</td></tr>";
print "</table><hr>";
} else
{
print "<tr><th colspan=\"4\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
}
mysql_free_result($Result);
} elseif ($protocol=="icmp")
{
#-----------------------------------------------------------------------------------------
# Do the ICMP header stuff
#-----------------------------------------------------------------------------------------
$SelstrICMP = "SELECT icmphdr.sid, icmphdr.cid, icmphdr.icmp_type, icmphdr.icmp_code, ";
$SelstrICMP .= "icmphdr.icmp_csum, icmphdr.icmp_id, icmphdr.icmp_seq ";
$SelstrICMP .= "from icmphdr where icmphdr.cid=$intcidIndex";
$Result = mysql_query($SelstrICMP, $db_connection);
print "<table border=\"0\" cellspacing=\"2\">";
print "<tr><th colspan=\"8\" bgcolor=\"orange\" align=\"left\">ICMP Header Details</th></tr>";
if (mysql_num_rows($Result) != 0)
{
$row = mysql_fetch_row($Result);
print "<tr><td align=\"right\" width=\"120\"><b>Type: </b></td>";
print "<td width=\"150\">$row[2]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\"width=\"120\"><b>Check Sum: </b></td>";
print "<td width=\"150\">$row[4]</td><td width=\"5%\"></td>";
print "<td align=\"right\"><b>Sequence: </b></td><td width=\"150\">$row[6]</td></tr>";
print "<tr><td align=\"right\" width=\"120\"><b>Code: </b></td>";
print "<td width=\"150\">$row[3]</td>";
print "<td width=\"5%\"></td>";
print "<td align=\"right\" width=\"120\"><b>ID: </b></td><td width=\"150\">$row[5]</td></tr>";
print "</table><hr>";
} else
{
print "<tr><th colspan=\"8\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
}
mysql_free_result($Result);
}
#-----------------------------------------------------------------------------------------
# Do the Packet Data Payload stuff
#-----------------------------------------------------------------------------------------
$SelstrDATA = "SELECT data.sid, data.cid, data.data_payload from data where data.cid=$intcidIndex";
$Result = mysql_query($SelstrDATA, $db_connection);
print "<table border=\"0\" cellspacing=\"2\">";
print "<tr><th colspan=\"2\" bgcolor=\"orange\" align=\"left\">Packet Data Payload Details</th></tr>";
if (mysql_num_rows($Result) != 0)
{
$row = mysql_fetch_row($Result);
$packetData = $row[2];
for ($X=0; $X<strlen($packetData); $X=$X+2)
{
$intChr=0+hexdec(substr($packetData, $X, 2));
$Ascii.=chr($intChr);
}
print "<tr><td align=\"left\"><b>Data Payload: ASCII </b></td></tr>";
print "<tr><td width=\"95%\">";
print "<textarea name=\"data\" rows=\"20\" cols=\"100\">$Ascii</textarea>";
print "</td></tr>";
for ($X=0; $X<strlen($packetData); $X=$X+2)
{
$HEXdata .= substr($packetData, $X, 2)." ";
}
print "<tr><td align=\"left\"><b>Data Payload: HEX </b></td></tr>";
print "<tr><td width=\"95%\">";
print "<textarea name=\"data\" rows=\"20\" cols=\"100\">$HEXdata</textarea>";
print "</td></tr>";
print "</table><hr>";
} else
{
print "<tr><th colspan=\"2\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
}
mysql_free_result($Result);
}
#-----------------------------------------------------------------------------------------
# Do the the following if the 'New Ticket' button was clicked
#-----------------------------------------------------------------------------------------
elseif ($new_tix=="New Ticket")
{
#----- Connect to Ticketing database ---------------------------------------
$tix_db_connection = mysql_connect($tix_db_host, $tix_db_user, $tix_db_passwd);
mysql_select_db($tix_db_database);
#----- Query Tix Database for Engineer data --------------------------------
$Selstr = "SELECT engineer.engineer_id, eng_rank.rank_name, engineer.eng_name ";
$Selstr .= "FROM engineer, eng_rank ";
$Selstr .= "WHERE engineer.engineer_id=eng_rank.rank_id ";
$Result = mysql_query($Selstr, $tix_db_connection);
#----- cidList is an array of cid numbers associated with this ticket-------
$I = 0;
# for ($X=0; $X<$rowCount; $X++)
if ($rowCount == "")
{
$rowCount = 0;
}
for ($X=$rowCount; $X>=0; $X--)
{
if ($rowIndex[$X] != "")
{
$cidList[$I]=0+$rowIndex[$X];
$I++;
}
}
#-- Populate str_cid_list string ---
if (count($cidList) > 0)
{
$str_cid_list = implode($cidList, ",");
}
# $str_cid_list = $cidList[0];
# for ($Z=1; $Z<count($cidList); $Z++)
# {
# $str_cid_list .= ", ".$cidList[$Z];
# }
#-- Get the Current Date & Time ----
$now=getdate(time());
$year=str_pad($now["year"], 4, "0", STR_PAD_LEFT);
$month=str_pad($now["mon"], 2, "0", STR_PAD_LEFT);
$day=str_pad($now["mday"], 2, "0", STR_PAD_LEFT);
$hour=str_pad($now["hours"], 2, "0", STR_PAD_LEFT);
$minute=str_pad($now["minutes"], 2, "0", STR_PAD_LEFT);
$second=str_pad($now["seconds"], 2, "0", STR_PAD_LEFT);
$CurrentDate=$year."-".$month."-".$day;
$CurrentTime=$hour.":".$minute.":".$second;
$CurrentDateTime=$CurrentDate.$CurrentTime;
$intCurrentDateTime=$year.$month.$day.$hour.$minute.$second;
#---- Use Hidden text to pass variables to next page----------------------------
print "<input type=\"hidden\" name=\"str_cid_list\" value=\"$str_cid_list\">";
print "<input type=\"hidden\" name=\"CurrentDateTime\" value=\"$CurrentDateTime\">";
print "<input type=\"hidden\" name=\"intCurrentDateTime\" value=\"$intCurrentDateTime\">";
#--------- Present New Ticket Screen -----------------------------------------------------------
print "<table width=\"100%\" bgcolor=\"#334678\" border=\"0\">\n";
print "<tr><th colspan=\"2\" bgcolor=\"orange\" align=\"left\">Create a New Ticket:</th><tr>\n";
print " <td align=\"left\" valign=\"top\"><table bgcolor=\"purple\" border=\"1\">\n";
print " <tr><td width=\"110\" align=\"right\"><b>Ticket Number:</b></td>\n";
print " <td width=\"300\" align=\"left\">Still To Be Generated...</td></tr>\n";
print " <tr><td rowspan=\"3\" width=\"110\" align=\"center\"><b>Referenced<br>Log Numbers:</b></td>\n";
print " <td rowspan=\"3\" width=\"300\" align=\"left\">\n";
print " <textarea readonly rows=\"2\" cols=\"35\">$str_cid_list</textarea>\n";
print " </td></tr>\n";
print " </table>\n";
print " </td>\n";
print " <td align=\"left\" valign=\"top\"><table bgcolor=\"purple\" border=\"1\">\n";
print " <tr><td width=\"110\" align=\"right\"><b>Description:</b></td>\n";
print " <td width=\"300\" align=\"left\">\n";
print " <input type=\"text\" name=\"tixdesc\" size=\"45\" maxlength=\"100\"></td>\n";
print " </tr>\n";
print " <tr><td rowspan=\"3\" width=\"110\" align=\"center\"><b>Creation Date:</b></td>\n";
print " <td rowspan=\"3\" width=\"300\" align=\"left\">$CurrentDateTime</td></tr>\n";
print " </table>\n";
print " </td>\n";
print "</tr>\n";
print "<tr><td colspan=\"2\"><hr></td></tr>\n";
print "<tr><td colspan=\"2\" align=\"left\">\n";
print " <b>Notes:</b><br>\n";
print " <textarea rows=\"8\" cols=\"90\" name=\"tixnotes\"></textarea>\n";
print " </td></tr>\n";
print "<tr>\n";
print " <td colspan=\"2\">\n";
print " <table border=\"0\">\n";
print " <tr>\n";
print " <td width=\"200\"><b>Engineer:</b><select name=\"tix_engineer_id\" size=\"1\">\n";
print " <option selected value=\"none\">Assign an Engineer</option>\n";
if (mysql_num_rows($Result) != 0)
{
for ($i=0; $i < mysql_num_rows($Result); $i++)
{
$row = mysql_fetch_row($Result);
print "<option value=$row[0]>".$row[1]."-".$row[2]."</option>\n";
}
}
print " </select>\n";
print " </td><td>\n";
print " <table border=\"0\">\n";
print " <tr><th colspan=\"5\" bgcolor=\"orange\"><b>Ticket Status:</b></th></tr>\n";
print " <tr><td><b>NEW</b><input type=\"radio\" name=\"tix_status_id\" checked value=\"0\"></td>\n";
print " <td><b>ASSIGNED</b> [ ] </td>\n";
print " <td><b>PENDING</b> [ ]</td>\n";
print " <td><b>RESOLVED</b> [ ]</td>\n";
print " <td><b>DISMISSED</b> [ ]</td></tr>\n";
print " </table>\n";
print " </td>\n";
print " </tr><tr>\n";
print " <td></td>\n";
print " <td bgcolor=\"orange\">\n";
print " <input type=\"submit\" name=\"tix_database\" value=\"Create Ticket\">\n";
print " <a href=\"tixviewall.php\">Ticket Listing Menu</a>\n";
print " </td>\n";
print " </tr>\n";
print " </table>\n";
print " </td>\n";
print "</tr>\n";
print "</table>\n";
#---------------------- END New Ticket Screen -----------------------------------------
}
else
{
#------------------------------- Incorrect Parameters for Viewing Log Details ---------
print "<table width=\"100%\">";
print "<tr><th align=\"left\" bgcolor=\"orange\">No rows selected...</th></tr>";
print "<tr><td width=\"550\" align=\"left\">";
print "Please use your browsers back button and click on one of the radio ";
print "buttons in the 'Det' column pertaining to the row you would like ";
print "to view details on and then click on the 'View Details' button.";
print "<br>Or,<br>";
print "Click on your browsers back button and select any number of check boxes ";
print "in the 'Sel Tix' column and then click on the 'New Ticket' button ";
print "to create a new ticket.</td></tr></table>";
}
?>
</body>
</html>