Location: PHPKode > projects > Snort Log Monitor and Ticketing System > snortlogmonitor/detail.php
<html>
<head>
<title>Snort IDS logs for Securetty.com</title>
<base target="_self">
</head>
<body bgcolor="gray">
<form action="tixedit.php" target="logdata" method="post">

<?php

include ("myfunctions.php");

# If the includes are not working for the db settings then populate them locally:
include ("dbconn_out.php");
include ("tixdbconn_in.php");

##  mysql snort database
#  $db_host       = "";  # mysql database server.
#  $db_user       = "";  # mysql user with SELECT, UPDATE, INSERT priveleges.
#  $db_passwd     = "";  # password for mysql user.
#  $db_database   = "";  # database name where snort logs to.
##  mysql snort database for ticketing system
#  $tix_db_host       = "";  # IP of mysql server containing ticketing database.
#  $tix_db_user       = "";  # mysql user with SELECT, INSERT, UPDATE, DELETE priveleges.
#  $tix_db_passwd     = "";  # password for mysql user.
#  $tix_db_database   = "";  # name of the ticketing database.

  $db_connection = mysql_connect($db_host, $db_user, $db_passwd);
  mysql_select_db($db_database);

    
$intcidIndex =0 + $cidIndex;

#-----------------------------------------------------------------------------------------
#  Do the the following if the 'View Details' button was clicked
#-----------------------------------------------------------------------------------------
if (($details=="View Details") AND ($cidIndex != ""))
{
#-----------------------------------------------------------------------------------------
#  Do the IP header stuff
#-----------------------------------------------------------------------------------------

   $SelstrIP = "SELECT iphdr.sid, iphdr.cid, iphdr.ip_src, iphdr.ip_dst, iphdr.ip_ver, ";
   $SelstrIP .= "iphdr.ip_hlen, iphdr.ip_tos, iphdr.ip_len, iphdr.ip_id, iphdr.ip_flags, ";
   $SelstrIP .= "iphdr.ip_off, iphdr.ip_ttl, iphdr.ip_proto, iphdr.ip_csum ";
   $SelstrIP .= "FROM iphdr where iphdr.cid=$intcidIndex";

    $Result = mysql_query($SelstrIP, $db_connection);

    print "<table border=\"0\" cellspacing=\"5\">";
    print "<tr><th colspan=\"8\" bgcolor=\"orange\" align=\"left\">IP Header Details</th></tr>";

    if (mysql_num_rows($Result) != 0)
    {
      $row = mysql_fetch_row($Result);
      $IP_source = 0 + $row[2];
      $IP_dest = 0 + $row[3];
      mysql_free_result($Result);

#----------------- NOW present IP screen ----------------------------------------------------
      print "<tr><td align=\"right\" width=\"110\"><b>Source IP: </b></td>";
      print "<td width=\"150\">".IntToIPaddress($IP_source)."</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\" width=\"110\"><b>TOS: </b></td><td width=\"150\">$row[6]</td><td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Offset: </b></td><td width=\"150\">$row[10]</td></tr>";
      print "<tr><td align=\"right\" width=\"110\"><b>Destination IP: </b></td>";
      print "<td width=\"150\">".IntToIPaddress($IP_dest)."</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\" width=\"110\"><b>Packet Length: </b></td><td width=\"150\">$row[7]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\"><b>TTL: </b></td><td width=\"150\">$row[11]</td></tr>";
      print "<tr><td align=\"right\" width=\"110\"><b>Version: </b></td><td width=\"150\">$row[4]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\"><b>ID: </b></td><td width=\"150\">$row[8]</td><td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Protocol: </b></td><td width=\"150\">$row[12]</td></tr>";
      print "<tr><td align=\"right\" width=\"110\"><b>Header Length: </b></td>";
      print "<td width=\"150\">$row[5]</td><td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Flags: </b></td><td width=\"150\">$row[9]</td><td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Check Sum: </b></td><td width=\"150\">$row[13]</td></tr>";
      print "</table><hr>";

    } else
    {
      print "<tr><th colspan=\"8\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
    }
#    mysql_free_result($Result);

#-----------------------------------------------------------------------------------------
#  Do the TCP header stuff
#-----------------------------------------------------------------------------------------
  if ($protocol=="tcp")
  {
    $SelstrTCP = "SELECT tcphdr.sid, tcphdr.cid, tcphdr.tcp_sport, tcphdr.tcp_dport, ";
    $SelstrTCP .= "tcphdr.tcp_seq, tcphdr.tcp_ack, tcphdr.tcp_off, tcphdr.tcp_res, ";
    $SelstrTCP .= "tcphdr.tcp_flags, tcphdr.tcp_win, tcphdr.tcp_csum, tcphdr.tcp_urp ";
    $SelstrTCP .= "from tcphdr where tcphdr.cid=$intcidIndex";


    $Result = mysql_query($SelstrTCP, $db_connection);

    print "<table border=\"0\" cellspacing=\"5\">";
    print "<tr><th colspan=\"10\" bgcolor=\"orange\" align=\"left\">TCP Header Details</th></tr>";

    if (mysql_num_rows($Result) != 0)
    {
      $row = mysql_fetch_row($Result);

#------------------------------ Determine the flags -------------------------------------
      $flagindex = 0+$row[8];
      $sql = "SELECT number, RES1, RES2, URG, ACK, PSH, RST, SYN, FIN, valid, description ";
      $sql .= " FROM flags WHERE number=".$flagindex;

      $flag = mysql_query($sql, $db_connection);
      if (mysql_num_rows($flag) != 0)
      {
        $F_row = mysql_fetch_row($flag);
        if ($F_row[0] == "0")
        {
          $FlagDesc = "NULL Packet";
        }
        else
        {
          if ($F_row[1] == "1")
          {
            $Flags .= ",R1";
          }
          if ($F_row[2] == "1")
          {
            $Flags .= ",R2";
          }
          if ($F_row[3] == "1")
          {
            $Flags .= ",U";
          }
          if ($F_row[4] == "1")
          {
            $Flags .= ",A";
          }
          if ($F_row[5] == "1")
          {
            $Flags .= ",P";
          }
          if ($F_row[6] == "1")
          {
            $Flags .= ",R";
          }
          if ($F_row[7] == "1")
          {
            $Flags .= ",S";
          }
          if ($F_row[8] == "1")
          {
            $Flags .= ",F";
          }
        }
        if(substr($Flags,0,1) == ",")
        {
          $Flags = substr($Flags, 1, strlen($Flags));
        }
        $FlagDesc = $F_row[10];
      } else {
        $FlagDesc = "Error Determining Flag information.";
      }
#------------------------ END Flag stuff -------------------------------------------------

#---------------- Present TCP screen ---------------------------------------------------------

      print "<tr><td align=\"right\" width=\"120\"><b>Source Port: </b></td>";
      print "<td width=\"150\">$row[2]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\" width=\"120\"><b>Offset:</b></td><td width=\"150\">$row[6]</td><td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Check Sum: </b></td><td width=\"150\">$row[10]</td></tr>";
      print "<tr><td align=\"right\" width=\"120\"><b>Destination Port: </b></td>";
      print "<td width=\"150\">$row[3]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\" width=\"120\"><b>Res: </b></td><td width=\"150\">$row[7]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Urp: </b></td><td width=\"150\">$row[11]</td></tr>";
      print "<tr><td align=\"right\" width=\"120\"><b>Sequence: </b></td><td width=\"150\">$row[4]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Flags: </b></td><td width=\"150\">$Flags</td><td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Window: </b></td><td width=\"150\">$row[9]</td><td width=\"5%\"></td></tr>";
      print "<tr><td align=\"right\" width=\"120\"><b>Acknowledge: </b></td>";
      print "<td width=\"150\">$row[5]</td><td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Flag Desc:</b></td><td colspan=\"4\">";
      print "<table border=\"1\"><tr><td>$FlagDesc</td></tr></table></td></tr>";
      print "</table><hr>";

    } else
    {
      print "<tr><th colspan=\"10\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
    }
    mysql_free_result($Result);

  } elseif ($protocol=="udp") 
  {
#-----------------------------------------------------------------------------------------
#  Do the UDP header stuff
#-----------------------------------------------------------------------------------------

    $SelstrUDP = "SELECT udphdr.sid, udphdr.cid, udphdr.udp_sport, udphdr.udp_dport, ";
    $SelstrUDP .= "udphdr.udp_len, udphdr.udp_csum from udphdr where udphdr.cid=$intcidIndex";
  
    $Result = mysql_query($SelstrUDP, $db_connection);
  
    print "<table border=\"0\" cellspacing=\"2\">";
    print "<tr><th colspan=\"4\" bgcolor=\"orange\" align=\"left\">UDP Header Details</th></tr>";
  
    if (mysql_num_rows($Result) != 0)
    {
      $row = mysql_fetch_row($Result);
  
      print "<tr><td align=\"right\" width=\"120\"><b>Source Port: </b></td>";
      print "<td width=\"150\">$row[2]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\" width=\"120\"><b>Length: </b></td><td width=\"150\">$row[4]</td></tr>";
      print "<tr><td align=\"right\" width=\"120\"><b>Destination Port: </b></td>";
      print "<td width=\"150\">$row[3]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\" width=\"120\"><b>Check Sum: </b></td><td width=\"150\">$row[5]</td></tr>";
      print "</table><hr>";
   
    } else
    {
      print "<tr><th colspan=\"4\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
    }
    mysql_free_result($Result);

  } elseif ($protocol=="icmp")
  {
#-----------------------------------------------------------------------------------------
#  Do the ICMP header stuff
#-----------------------------------------------------------------------------------------


    $SelstrICMP = "SELECT icmphdr.sid, icmphdr.cid, icmphdr.icmp_type, icmphdr.icmp_code, ";
    $SelstrICMP .= "icmphdr.icmp_csum, icmphdr.icmp_id, icmphdr.icmp_seq ";
    $SelstrICMP .= "from icmphdr where icmphdr.cid=$intcidIndex";

    $Result = mysql_query($SelstrICMP, $db_connection);

    print "<table border=\"0\" cellspacing=\"2\">";
    print "<tr><th colspan=\"8\" bgcolor=\"orange\" align=\"left\">ICMP Header Details</th></tr>";

    if (mysql_num_rows($Result) != 0)
    {
      $row = mysql_fetch_row($Result);
  
      print "<tr><td align=\"right\" width=\"120\"><b>Type: </b></td>";
      print "<td width=\"150\">$row[2]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\"width=\"120\"><b>Check Sum: </b></td>";
      print "<td width=\"150\">$row[4]</td><td width=\"5%\"></td>";
      print "<td align=\"right\"><b>Sequence: </b></td><td width=\"150\">$row[6]</td></tr>";
      print "<tr><td align=\"right\" width=\"120\"><b>Code: </b></td>";
      print "<td width=\"150\">$row[3]</td>";
      print "<td width=\"5%\"></td>";
      print "<td align=\"right\" width=\"120\"><b>ID: </b></td><td width=\"150\">$row[5]</td></tr>";
      print "</table><hr>";
 
    } else
    {
      print "<tr><th colspan=\"8\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
    }
    mysql_free_result($Result);
  }
#-----------------------------------------------------------------------------------------
#  Do the Packet Data Payload stuff
#-----------------------------------------------------------------------------------------

    $SelstrDATA = "SELECT data.sid, data.cid, data.data_payload from data where data.cid=$intcidIndex";

    $Result = mysql_query($SelstrDATA, $db_connection);

    print "<table border=\"0\" cellspacing=\"2\">";
    print "<tr><th colspan=\"2\" bgcolor=\"orange\" align=\"left\">Packet Data Payload Details</th></tr>";

    if (mysql_num_rows($Result) != 0)
    {
      $row = mysql_fetch_row($Result);
      $packetData = $row[2];
      
      for ($X=0; $X<strlen($packetData); $X=$X+2)
      {
        $intChr=0+hexdec(substr($packetData, $X, 2));
        $Ascii.=chr($intChr);
      }
      print "<tr><td align=\"left\"><b>Data Payload: ASCII </b></td></tr>";
      print "<tr><td width=\"95%\">";
      print "<textarea name=\"data\" rows=\"20\" cols=\"100\">$Ascii</textarea>";
      print "</td></tr>";
      for ($X=0; $X<strlen($packetData); $X=$X+2)
      {
        $HEXdata .= substr($packetData, $X, 2)." ";
      }
      print "<tr><td align=\"left\"><b>Data Payload: HEX </b></td></tr>";
      print "<tr><td width=\"95%\">";
      print "<textarea name=\"data\" rows=\"20\" cols=\"100\">$HEXdata</textarea>";
      print "</td></tr>";

      print "</table><hr>";
    } else
    {
      print "<tr><th colspan=\"2\" align=\"center\">Nothing there!<br> $ERROR_Message</th></tr></table>\n";
    }
    mysql_free_result($Result);


}
#-----------------------------------------------------------------------------------------
#  Do the the following if the 'New Ticket' button was clicked
#-----------------------------------------------------------------------------------------
elseif ($new_tix=="New Ticket")
{
#----- Connect to Ticketing database ---------------------------------------
  $tix_db_connection = mysql_connect($tix_db_host, $tix_db_user, $tix_db_passwd);
  mysql_select_db($tix_db_database);
#----- Query Tix Database for Engineer data --------------------------------
  $Selstr = "SELECT engineer.engineer_id, eng_rank.rank_name, engineer.eng_name ";
  $Selstr .= "FROM engineer, eng_rank ";
  $Selstr .= "WHERE engineer.engineer_id=eng_rank.rank_id ";

  $Result = mysql_query($Selstr, $tix_db_connection);

#----- cidList is an array of cid numbers associated with this ticket-------
  $I = 0;
#  for ($X=0; $X<$rowCount; $X++)
  if ($rowCount == "")
  {
    $rowCount = 0;
  }
  for ($X=$rowCount; $X>=0; $X--)
  {
    if ($rowIndex[$X] != "")
    {
      $cidList[$I]=0+$rowIndex[$X];
      $I++;
    }
  }

#-- Populate str_cid_list string ---
  if (count($cidList) > 0)
  {
    $str_cid_list = implode($cidList, ",");
  }
#  $str_cid_list = $cidList[0];
#  for ($Z=1; $Z<count($cidList); $Z++)
#  {
#    $str_cid_list .= ", ".$cidList[$Z];
#  }

#-- Get the Current Date & Time ----
  $now=getdate(time());
  $year=str_pad($now["year"], 4, "0", STR_PAD_LEFT);
  $month=str_pad($now["mon"], 2, "0", STR_PAD_LEFT);
  $day=str_pad($now["mday"], 2, "0", STR_PAD_LEFT);
  $hour=str_pad($now["hours"], 2, "0", STR_PAD_LEFT);
  $minute=str_pad($now["minutes"], 2, "0", STR_PAD_LEFT);
  $second=str_pad($now["seconds"], 2, "0", STR_PAD_LEFT);
  $CurrentDate=$year."-".$month."-".$day;
  $CurrentTime=$hour.":".$minute.":".$second;
  $CurrentDateTime=$CurrentDate.$CurrentTime;
  $intCurrentDateTime=$year.$month.$day.$hour.$minute.$second;

#---- Use Hidden text to pass variables to next page----------------------------
  print "<input type=\"hidden\" name=\"str_cid_list\" value=\"$str_cid_list\">";
  print "<input type=\"hidden\" name=\"CurrentDateTime\" value=\"$CurrentDateTime\">";
  print "<input type=\"hidden\" name=\"intCurrentDateTime\" value=\"$intCurrentDateTime\">";

#--------- Present New Ticket Screen -----------------------------------------------------------

  print "<table width=\"100%\" bgcolor=\"#334678\" border=\"0\">\n";
  print "<tr><th colspan=\"2\" bgcolor=\"orange\" align=\"left\">Create a New Ticket:</th><tr>\n";
  print "   <td align=\"left\" valign=\"top\"><table bgcolor=\"purple\" border=\"1\">\n";
  print "         <tr><td width=\"110\" align=\"right\"><b>Ticket Number:</b></td>\n";
  print "             <td width=\"300\" align=\"left\">Still To Be Generated...</td></tr>\n";
  print "         <tr><td rowspan=\"3\" width=\"110\" align=\"center\"><b>Referenced<br>Log Numbers:</b></td>\n";
  print "             <td rowspan=\"3\" width=\"300\" align=\"left\">\n";
  print "               <textarea readonly rows=\"2\" cols=\"35\">$str_cid_list</textarea>\n";
  print "             </td></tr>\n";
  print "       </table>\n";
  print "   </td>\n";
  print "    <td align=\"left\" valign=\"top\"><table bgcolor=\"purple\" border=\"1\">\n";
  print "         <tr><td width=\"110\" align=\"right\"><b>Description:</b></td>\n";
  print "             <td width=\"300\" align=\"left\">\n";
  print "                <input type=\"text\" name=\"tixdesc\" size=\"45\" maxlength=\"100\"></td>\n";
  print "         </tr>\n";
  print "         <tr><td rowspan=\"3\" width=\"110\" align=\"center\"><b>Creation Date:</b></td>\n";
  print "             <td rowspan=\"3\" width=\"300\" align=\"left\">$CurrentDateTime</td></tr>\n";
  print "       </table>\n";
  print "   </td>\n";
  print "</tr>\n";
  print "<tr><td colspan=\"2\"><hr></td></tr>\n";
  print "<tr><td colspan=\"2\" align=\"left\">\n";
  print "     <b>Notes:</b><br>\n";
  print "     <textarea rows=\"8\" cols=\"90\" name=\"tixnotes\"></textarea>\n";
  print "   </td></tr>\n";
  print "<tr>\n";
  print "  <td colspan=\"2\">\n";
  print "    <table border=\"0\">\n";
  print "    <tr>\n";
  print "      <td width=\"200\"><b>Engineer:</b><select name=\"tix_engineer_id\" size=\"1\">\n";
  print "                                       <option selected value=\"none\">Assign an Engineer</option>\n";
  if (mysql_num_rows($Result) != 0)
  {
    for ($i=0; $i < mysql_num_rows($Result); $i++)
    {
      $row = mysql_fetch_row($Result);
      print "<option value=$row[0]>".$row[1]."-".$row[2]."</option>\n";
    }
  }
  print "                                       </select>\n";
  print "      </td><td>\n";
  print "           <table border=\"0\">\n";
  print "              <tr><th colspan=\"5\" bgcolor=\"orange\"><b>Ticket Status:</b></th></tr>\n";
  print "              <tr><td><b>NEW</b><input type=\"radio\" name=\"tix_status_id\" checked value=\"0\"></td>\n";
  print "                  <td><b>ASSIGNED</b> [ ] </td>\n";
  print "                  <td><b>PENDING</b> [ ]</td>\n";
  print "                  <td><b>RESOLVED</b> [ ]</td>\n";
  print "                  <td><b>DISMISSED</b> [ ]</td></tr>\n";
  print "           </table>\n";
  print "      </td>\n";
  print "    </tr><tr>\n";
  print "      <td></td>\n";
  print "      <td bgcolor=\"orange\">\n";
  print "           <input type=\"submit\" name=\"tix_database\" value=\"Create Ticket\">\n";
  print "           <a href=\"tixviewall.php\">Ticket Listing Menu</a>\n";
  print "      </td>\n";
  print "    </tr>\n";
  print "    </table>\n";
  print "  </td>\n";
  print "</tr>\n";
  print "</table>\n";
#---------------------- END New Ticket Screen -----------------------------------------


}
else
{
#------------------------------- Incorrect Parameters for Viewing Log Details ---------
  print "<table width=\"100%\">";
  print "<tr><th align=\"left\" bgcolor=\"orange\">No rows selected...</th></tr>";
  print "<tr><td width=\"550\" align=\"left\">";
  print "Please use your browsers back button and click on one of the radio ";
  print "buttons in the 'Det' column pertaining to the row you would like ";
  print "to view details on and then click on the 'View Details' button.";
  print "<br>Or,<br>";
  print "Click on your browsers back button and select any number of check boxes ";
  print "in the 'Sel Tix' column and then click on the 'New Ticket' button ";
  print "to create a new ticket.</td></tr></table>";
 
}

?>

  </body>
</html>
Return current item: Snort Log Monitor and Ticketing System