Location: PHPKode > projects > Snort Log Monitor and Ticketing System > snortlogmonitor/snortlogdata.php
<html>
<head>
<title>Snort IDS logs for Securetty.com</title>
<base target="_self">
</head>
<?php

include ("myfunctions.php");

# If the includes are not working for the db settings then populate them locally:
include ("dbconn_out.php");

##  mysql snort database
#  $db_host       = "";  # mysql database server.
#  $db_user       = "";  # mysql user with SELECT, UPDATE, INSERT priveleges.
#  $db_passwd     = "";  # password for mysql user.
#  $db_database   = "";  # database name where snort logs to.
##  mysql snort database for ticketing system
#  $tix_db_host       = "";  # IP of mysql server containing ticketing database.
#  $tix_db_user       = "";  # mysql user with SELECT, INSERT, UPDATE, DELETE priveleges.
#  $tix_db_passwd     = "";  # password for mysql user.
#  $tix_db_database   = "";  # name of the ticketing database.

# This is for initialization:
if ($OnRun == "INIT")
{
  $PagePosition = "ON_START";
  $RunOnce = "TRUE";
  $RowNum = 100;      # Number of records per page
}

  $db_connection = mysql_connect($db_host, $db_user, $db_passwd);
  mysql_select_db($db_database);

#if ($PagePosition != "middle")
if ($RunOnce == "TRUE")
{
$fromyearP=str_pad($fromyear,4, "0", STR_PAD_LEFT);
$frommonthP=str_pad($frommonth,2, "0", STR_PAD_LEFT);
$fromdayP=str_pad($fromday,2, "0", STR_PAD_LEFT);
$fromhourP=str_pad($fromhour,2, "0", STR_PAD_LEFT);
$fromminuteP=str_pad($fromminute,2, "0", STR_PAD_LEFT);
$fromsecondP=str_pad($fromsecond,2, "0", STR_PAD_LEFT);
$toyearP=str_pad($toyear,4, "0", STR_PAD_LEFT);
$tomonthP=str_pad($tomonth,2, "0", STR_PAD_LEFT);
$todayP=str_pad($today,2, "0", STR_PAD_LEFT);
$tohourP=str_pad($tohour,2, "0", STR_PAD_LEFT);
$tominuteP=str_pad($tominute,2, "0", STR_PAD_LEFT);
$tosecondP=str_pad($tosecond,2, "0", STR_PAD_LEFT);

$FromTime = $fromhourP.$fromminuteP.$fromsecondP;
$FromDate = $fromyearP.$frommonthP.$fromdayP;
$ToTime =  $tohourP.$tominuteP.$tosecondP;
$ToDate =  $toyearP.$tomonthP.$todayP;

$FromDateTime = $FromDate.$FromTime;
$ToDateTime = $ToDate.$ToTime;

$FromDateTime = doubleval($FromDateTime);
$ToDateTime = doubleval($ToDateTime);


#-------------------------------------------------------------
# Handle source ip
  if ( $source_ip[0] != 'any' )
  {
    for ($X=0; $X < count($source_ip); $X++)
    {
      $criteriaSrcIP = $criteriaSrcIP." and iphdr.ip_src=".$source_ip[$X]." ";
    }
  } elseif ( $source_ip[0] == 'any' )
  {
    $criteriaSrcIP = "";
  }

# Handle destination ip
  if ( $destination_ip[0] != 'any' )
  {
#    print "adding the dest ips.<br>";
    for ($X=0; $X < count($destination_ip); $X++)
    {
      $criteriaDstIP = $criteriaDstIP." and iphdr.ip_dst=".$destination_ip[$X]." ";
    }
  } elseif ( $destination_ip[0] == 'any' )
  {
    $criteriaDstIP = "";
  }


#-------------------------------------------------------------

  if ($sourceport == "")
  {
    $BoolSourcePortEMPTY = "good";
  } 
  elseif (ereg("^[0-9]{1,5}$", $sourceport, $sportmatch))   
  {
             #print "if on sp single<br>";
    intval($sportmatch[0]);
    $BoolSourcePort = "good";
  } 
  elseif (ereg("^[0-9]{1,5}-[0-9]{1,5}$", $sourceport) AND (!ereg("^[0].*$", $sourceport)))
  {
             #print "elseif into sp range<br>";
    $BoolSourcePort = "bad";

    ereg("^[0-9]{1,5}", $sourceport, $lower_sport);
    ereg("[0-9]{1,5}$", $sourceport, $higher_sport);
    intval($lower_sport[0]);
    intval($higher_sport[0]);
    $BoolSourcePortRANGE = "good";
  } 
  else
  {
             #print "else into sp single & range bad<br>";
    $lower_sport[0] = "";
    $higher_sport[0] = "";
    $BoolSourcePortRANGE = "bad";
    $BoolSourcePort = "bad";
  }
#-------------------------------------------------------------

  if ($destinationport == "")
  {
    $BoolDestinationPortEMPTY = "good";
  } 
  elseif (ereg("^[0-9]{1,5}$", $destinationport, $dportmatch))
  {
               #print "if on dp single<br>";
    intval($dportmatch[0]);
    $BoolDestinationPort = "good";
  } 
  elseif (ereg("^[0-9]{1,5}-[0-9]{1,5}$", $destinationport))
  {
              #print "elseif into dp range<br>";
    $BoolDestinationPort = "bad";

    ereg("^[0-9]{1,5}", $destinationport, $lower_dport);
    ereg("[0-9]{1,5}$", $destinationport, $higher_dport);
    intval($lower_dport[0]);
    intval($higher_dport[0]);
    $BoolDestinationPortRANGE = "good";
  } 
  else
  {
                #print "else into dp single & range bad<br>";
    $lower_dport[0] = "";
    $higher_dport[0] = "";
    $BoolDestinationPortRANGE = "bad";
    $BoolDestinationPort = "good";
  }

#-------------------------------------------------------------
# Determine which changable protocol table to use
  if ($protocol == "tcp")  # AND $BoolDestinationPort = "good" AND $BoolSourcePort = "good")
  {
    $use_table_tcphdr = ", tcphdr ";
    $use_join_event_tcphdr = " and event.cid=tcphdr.cid ";
  }
  elseif ($protocol == "udp")  # AND $BoolDestinationPort = "good" AND $BoolSourcePort = "good")
  {
    $use_table_udphdr = ", udphdr ";
    $use_join_event_udphdr = " and event.cid=udphdr.cid ";
  }
  elseif ($protocol == "icmp")
  {
    $use_icmphdr_type = " , icmphdr.icmp_type, icmphdr.icmp_code ";
    $use_table_icmphdr = ", icmphdr ";
    $use_join_event_icmphdr = " and event.cid=icmphdr.cid ";
  }

#-------------------------------------------------------------
# Populate source fields when sourceport is empty
  if ($protocol == "tcp" AND $sourceport == "")
  {
    $use_tcphdr_sport = ", tcphdr.tcp_sport ";
#    $use_table_tcphdr = ", tcphdr ";
  }
  elseif ($protocol == "udp" AND $sourceport == "")
  {
    $use_udphdr_sport = ", udphdr.udp_sport ";
#    $use_table_udphdr = ", udphdr ";
  }
  elseif ($protocol == "icmp" AND $sourceport == "")
  {
#    $use_table_icmphdr = ", icmphdr ";
    $criteriaSrcPORT = "";
  }

# Populate destination fields when destinationport is empty
  if ($protocol == "tcp" AND $destinationport == "")
  {
    $use_tcphdr_dport = ", tcphdr.tcp_dport ";
#    $use_table_tcphdr = ", tcphdr ";
  }
  elseif ($protocol == "udp" AND $destinationport == "")
  {
    $use_udphdr_dport = ", udphdr.udp_dport ";
#    $use_table_udphdr = ", udphdr ";
  }
  elseif ($protocol == "icmp" AND $destinationport == "")
  {
#    $use_table_icmphdr = ", icmphdr ";
    $criteriaDstPORT = "";
  }


#-------------------------------------------------------------
# Populate source fields and criteria while only a single port
  if ($protocol == "tcp" AND $BoolSourcePort == "good")
  { 
    $use_tcphdr_sport = ", tcphdr.tcp_sport ";
#    $use_table_tcphdr = ", tcphdr ";
    $criteriaSrcPORT = " AND tcphdr.tcp_sport = ".$sportmatch[0]." ";
  } 
  elseif ($protocol == "udp" AND $BoolSourcePort == "good")
  {
    $use_udphdr_sport = ", udphdr.udp_sport ";
#    $use_table_udphdr = ", udphdr ";
    $criteriaSrcPORT = " AND udphdr.udp_sport = ".$sportmatch[0]." ";
  }
  elseif ($protocol == 'icmp')
  {
    $criteriaSrcPORT = "";
  }

# Populate destination fields and criteria while only a single port
  if ($protocol == "tcp" AND $BoolDestinationPort == "good")
  { 
    $use_tcphdr_dport = ", tcphdr.tcp_dport ";
#    $use_table_tcphdr = ", tcphdr ";
    $criteriaDstPORT = " AND tcphdr.tcp_dport = ".$dportmatch[0]." ";
  } 
  elseif ($protocol == "udp" AND $BoolDestinationPort == "good")
  {
    $use_udphdr_dport = ", udphdr.udp_dport ";
#    $use_table_udphdr = ", udphdr ";
    $criteriaDstPORT = " AND udphdr.udp_dport = ".$dportmatch[0]." ";
  }
  elseif ($protocol == 'icmp')
  {
    $criteriaDstPORT = "";
  }


#-------------------------------------------------------------
# Populate source fields and criteria while using a range of ports
  if ($protocol == "tcp" AND $BoolSourcePortRANGE == "good")
  { 
    $use_tcphdr_sport = ", tcphdr.tcp_sport ";
    $criteriaSrcPORT = " AND tcphdr.tcp_sport >= ".$lower_sport[0]." AND tcphdr.tcp_sport <= ".$higher_sport[0]." ";
#    $use_table_tcphdr = ", tcphdr ";
  } 
  elseif ($protocol == "udp" AND $BoolSourcePortRANGE == "good")
  {
    $use_udphdr_sport = ", udphdr.udp_sport ";
    $criteriaSrcPORT = " AND udphdr.udp_sport >= ".$lower_sport[0]." AND udphdr.udp_sport <= ".$higher_sport[0]." ";
#    $use_table_udphdr = ", udphdr ";
  }
  elseif ($protocol == 'icmp')
  {
    $criteriaSrcPORT = "";
  }

# Populate destination fields and criteria while using a range of ports
  if ($protocol == "tcp" AND $BoolDestinationPortRANGE == "good")
  { 
    $use_tcphdr_dport = ", tcphdr.tcp_dport ";
    $criteriaDstPORT = " AND tcphdr.tcp_dport >= ".$lower_dport[0]." AND tcphdr.tcp_dport <= ".$higher_dport[0]." ";
#    $use_table_tcphdr = ", tcphdr ";
  } 
  elseif ($protocol == "udp" AND $BoolDestinationPortRANGE == "good")
  {
    $use_udphdr_dport = ", udphdr.udp_dport ";
    $criteriaDstPORT = " AND udphdr.udp_dport >= ".$lower_dport[0]." AND udphdr.udp_dport <= ".$higher_dport[0]." ";
#    $use_table_udphdr = ", udphdr ";
  }
  elseif ($protocol == 'icmp')
  {
    $criteriaDstPORT = "";
  }


#-------------------------------------------------------------
# Populate siganture name selected  
  if ($signatureID[0] != "any")
  {
    if ($signature[0] == "")
    {
      $crit_signature_ID = "";
    } 
    else
    {
      $crit_signature_ID = " AND signature.sig_id = ".$signatureID[0]." ";
      for ($X=1; $X < count($signatureID); $X++)
      {
        $crit_signature_ID .= " OR signature.sig_id = ".$signatureID[$X]." ";
      }
#      $use_join_event_signature = "";
      $use_join_event_signature = " AND event.signature=signature.sig_id ";
    }
  }
  elseif ($signatureID[0] == "any")
  {
    $crit_signature_ID = "";
    $use_join_event_signature = " AND event.signature=signature.sig_id ";
  } 

}

#-------------------------------------------------------------
#----    Begin building QSL statement string here    ---------
#-------------------------------------------------------------

  $LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";

  $theConditions = " and event.timestamp >= $FromDateTime and ";
  $theConditions .= " event.timestamp <= $ToDateTime ";

  $theConditions .= $crit_signature_ID.$criteriaSrcIP.$criteriaSrcPORT;
  $theConditions .= $criteriaDstIP.$criteriaDstPORT;
  if ($PagePosition == "OFF_START")
  {
    $theConditions .= $SQLpaging;
  }
  $theKeyJoins = " WHERE event.cid=iphdr.cid ";
  $theKeyJoins .= $use_join_event_tcphdr.$use_join_event_udphdr.$use_join_event_icmphdr;
  $theKeyJoins .= $use_join_event_signature.$theConditions;

  $theTables = " iphdr, event $use_table_tcphdr $use_table_udphdr ";
  $theTables .= " $use_table_icmphdr, signature ";

  $theTblFields = "event.cid, event.tix_id, event.timestamp, iphdr.ip_src $use_tcphdr_sport ";
  $theTblFields .= " $use_udphdr_sport, iphdr.ip_dst $use_icmphdr_type $use_tcphdr_dport ";
  $theTblFields .= " $use_udphdr_dport, signature.sig_name ";


  $Selstr = "SELECT ".$theTblFields." FROM ".$theTables.$theKeyJoins.$LastStuff;

#---------- Handle Paging SQL --------------------------------------------
  $SELpage = "SELECT event.cid FROM ".$theTables.$theKeyJoins." ORDER BY event.cid DESC";
#-------------------------------------------------------------------------

#------------------- Run this only on the first page rendering -----------
#if ($PagePosition == "ON_START")
#{
if ($OnRun == "INIT")
{
#-----------Determine how many pages are in the search results -----------

  $Z = 0;
  $Y = 0;
  $CIDresult = mysql_query($SELpage, $db_connection);

  $sqlcid = mysql_fetch_row($CIDresult);
  $paging[$Z] = $sqlcid[0];
  $Z++;
  $Y++;

  for ($X = 1; $X < mysql_num_rows($CIDresult); $X++)
  {
    $sqlcid = mysql_fetch_row($CIDresult);
    if($Y == $RowNum)
    {
      $paging[$Z] = $sqlcid[0];
      $Y = 0;
      $Z++;
    } else
    {
      $Y++;
    }
  }
  $strpage = implode($paging, ",");

#---------- END Determine how many pages are in search ---------------------------------
}

#print "strpage: ".$strpage."<br>";

#------------ Populate paging array from next page loadup ------------------------------
if (strlen($strpage) > 0)
{
  $paging = explode(",", $strpage);

}
#print"paging out of bounds ".$paging[80]."<br>";

#print "Selpage: ".$Selpage."<br>";
#print "FromDateTime ".$FromDateTime."<br>";
#print "ToDateTime ".$ToDateTime."<br>";
#print "SQLSelA: ".$SQLSelA."<br>";
#print "Selstr: ".$Selstr."<br>";

#----------- Present the screen ----------------------------------------------------------
#  if ($BoolSourcePortRANGE == "good" OR $BoolSourcePort == "good" OR $BoolSourcePortEMPTY == "good" OR $BoolDestinationPortRANGE == "good" OR $BoolDestinationPort == "good" OR $BoolDestinationPortEMPTY == "good")
#  {
    $Result = mysql_query($Selstr, $db_connection);
    $DoPrint = "yes";
#  } else
#  {
#    $DoPrint = "no";
#  }


print "<body bgcolor=\"gray\">\n";
print "<form action=\"detail.php\" target\"logdata\" method=\"post\">\n";

print "<table width=\"100%\">\n";
print "  <tr><td width=\"130\"><input type=\"reset\"   value=\"Clear Selection\"></td>\n";
print "      <td width=\"130\"><input type=\"submit\"  value=\"View Details\" name=\"details\"></td>\n";
print "      <td width=\"130\"><input type=\"submit\"  value=\"New Ticket\" name=\"new_tix\"></td>\n";
print "      <td><a href=\"tixviewall.php\">View Tickets</a></td></tr>\n";
#print "      <td><a href=\"tixview.php?status=all\">View All Tickets</a><br>\n";
#print "          <a href=\"tixview.php?status=new\">View New Tickets</a></td>\n";
#print "      <td><a href=\"tixview.php?status=assigned\">View Assigned Tickets</a><br>\n";
#print "          <a href=\"tixview.php?status=pending\">View Pending Tickets</a></td>\n";
#print "      <td><a href=\"tixview.php?status=resolved\">View Resolved Tickets</a><br>\n";
#print "          <a href=\"tixview.php?status=dismissed\">View Dismissed Tickets</a></td></tr>\n";
print "</table>\n";

  # Hidden Variables:
  print "<input type=\"hidden\" name=\"protocol\" value=$protocol>";

  if ($protocol != "icmp")
  {

        # The header for tcp & udp protocols
    print "  <table border=\"0\" width=\"100%\">";
    print "    <tr align=\"center\" bgcolor=\"orange\" cellspacing=\"0\" cellpadding=\"0\">";
    print "      <th rowspan=\"2\" width=\"30\" align=\"center\">Det</th>";
    print "      <th rowspan=\"2\" width=\"20\" align=\"center\">Sel<br>Tix</th>";
    print "      <th rowspan=\"2\" width=\"65\" align=\"center\">Ticket<br>Number</th>";
    print "      <th rowspan=\"2\">Timestamp</th><th colspan=\"2\">Source</th><th colspan=\"2\">Destination</th>";
    print "      <th rowspan=\"2\">Signature</th></tr>";
    print "    <tr align=\"center\" bgcolor=\"orange\" cellspacing=\"1\" cellpadding=\"1\">";
    print "      <td><b>IP</b></td><td><b>Port</b></td><td><b>IP</b></td>";
    print "     <td><b>Port</b></td></tr>";


    if ($DoPrint == "yes")
    {
      if (mysql_num_rows($Result) != 0) 
      {
        for ($i = 0; $i < mysql_num_rows($Result); $i++ ) 
        {
          $row = mysql_fetch_row($Result);
          $rowQTY= mysql_num_rows($Result);
          $IP_source=0+$row[3];
          $IP_dest=0+$row[5];

          print "<input type=\"hidden\" name=\"rowCount\" value=$rowQTY>";

          print "<tr bgcolor=\"gray\">";
          print "<td><font size=\"2PT\"><input type=\"radio\" name=\"cidIndex\" value=$row[0]></font></td>";#select 1 row
          print "<td><font size=\"2PT\">";
          if ($row[1]=="")
          {
             print "   <input type=\"checkbox\" name=\"rowIndex[$i]\" value=$row[0]>";
          }
          print "                                                         </font></td>";# rows
          print "<td><font size=\"2PT\">$row[1]</font></td>";                           # event.tix_id
          print "<td><font size=\"2PT\">$row[2]</font></td>";                           # event.timestamp
          print "<td><font size=\"2PT\">".IntToIPaddress($IP_source)."</font></td>";    # iphdr.ip_src
          print "<td><font size=\"2PT\">$row[4]</font></td>";                           # tcphdr.sport
          print "<td><font size=\"2PT\">".IntToIPaddress($IP_dest)."</font></td>";      # iphdr.ip_dst
          print "<td><font size=\"2PT\">$row[6]</font></td>";                           # tcphdr.dport
          print "<td><font size=\"2PT\">$row[7]</font></td>";                           # signature.sig_name
          print "</tr>";
        }
        print "<tr bgcolor=\"orange\">";
        print "<td colspan=\"9\">$rowQTY Rows</td></tr>";
        print "<tr bgcolor=\"orange\"><td colspan=\"9\" align=\"center\">\n";


#----------- BEGIN 'PREVIOUS PAGE/NEXT PAGE' when we are not on the first page -------------------------
        if ($PagePosition == "OFF_START")
        {
          $LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
          $PageNum--;
          if ($paging[$PageNum] == $FirstPageCID)
          {
            $PagePosition = "ON_START";
          }
          $SQLpaging = " AND event.cid <= ".$paging[$PageNum];
          print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Previous Page</a>\n";
          $PageNum++;
          if ($paging[$PageNum] != $LastPageCID)
          {
            $PageNum++;
            $PagePosition = "OFF_START";
            $SQLpaging = " AND event.cid <= ".$paging[$PageNum];
            print "||";
            print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Next Page</a>\n";
          }
        }

#-------------- BEGIN 'NEXT PAGE' when we are on the first page -----------------------------------------
        if($PagePosition == "ON_START") #------ This is the first page ---------------
        {
          reset($paging);
          if (next($paging))   # -------- If there's more logs to show... ----------
          {
            $LastPageCID = end($paging);
            $FirstPageCID = reset($paging);
            $PageCID = next($paging);
            $PageNum = 1;
            $PagePosition = "OFF_START";                                #  We're now leaving first page
            $LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
            $SQLpaging = " AND event.cid <= $PageCID ";
            print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Next Page</a>\n";

            print "</td></tr>\n";
          }
        }
#-------------- END 'NEXT PAGE' when we are on the first page -----------------------------------------






      }
      else 
      {
        print "<tr><th colspan=6 align=center>Nothing there!<br> $ERROR_Message</th></tr></table>\n";
      }
      mysql_free_result($Result);
    }
    else 
    {
      print "<tr><th colspan=6 align=center>Nothing there!...<br> $ERROR_Message</th></tr></table>\n";
    }
  }
  else
  {     # Header for icmp protocol
    print "<table border=\"0\" width=\"100%\">";
    print "  <tr align=\"center\" bgcolor=\"orange\" cellspacing=\"1\" cellpadding=\"1\">";
    print "    <th width=\"20\"align=\"center\">Det</th><th align=\"center\">Sel<br>Tix</th>";
    print "    <th width=\"65\" align=\"center\">Ticket<br>Number</th>";
    print "    <th align=\"center\">Timestamp</th><th align=\"center\">Source<br>IP</th>";
    print "    <th align=\"center\">Destination<br>IP</th><th>ICMP<br>Type</th><th>ICMP<br>Code</th>";
    print "    <th>Signature</th></tr>";

    if ($DoPrint == "yes")
    {
      if (mysql_num_rows($Result) != 0) {
        for ($i = 0; $i < mysql_num_rows($Result); $i++ ) {
          $row = mysql_fetch_row($Result);
          $rowQTY= mysql_num_rows($Result);
          $IP_source=0+$row[3];
          $IP_dest=0+$row[4];

          print "<input type=\"hidden\" name=\"rowCount\" value=$rowQTY>";
  
          print "<tr bgcolor=\"gray\">";
          print "<td width=\"20\"><font size=\"2PT\">";
          print "      <input type=\"radio\" name=\"cidIndex\" value=$row[0]></font></td>";#select 1 row
          print "<td width=\"20\"><font size=\"2PT\">";
          if ($row[1]=="")
          {
             print "   <input type=\"checkbox\" name=\"rowIndex[$i]\" value=$row[0]>";
          }
          print "                                                         </font></td>";# rows
          print "<td><font size=\"2PT\">$row[1]</font></td>";                           # event.tix_id
          print "<td width=\"115\"><font size=\"2PT\">$row[2]</font></td>";                           # event.timestamp
          print "<td width=\"100\"><font size=\"2PT\">".IntToIPaddress($IP_source)."</font></td>";    # iphdr.ip_src
          print "<td width=\"100\"><font size=\"2PT\">".IntToIPaddress($IP_dest)."</font></td>";      # iphdr.ip_dst
          print "<td width=\"50\"><font size=\"2PT\">$row[5]</font></td>";                           # icmp type
          print "<td width=\"50\"><font size=\"2PT\">$row[6]</font></td>";                           # icmp code
          print "<td><font size=\"2PT\">$row[7]</font></td></tr>";                      # signature.sig_name
        }
        print "<tr bgcolor=\"orange\">";
        print "<td colspan=\"9\">$rowQTY Rows</td></tr>"; 
        print "<tr bgcolor=\"orange\"><td colspan=\"9\" align=\"center\">\n";

        if ($PagePosition == "OFF_START")
        {
          $LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
          $PageNum--;
          if ($paging[$PageNum] == $FirstPageCID)
          {
            $PagePosition = "ON_START";
          }
          $SQLpaging = " AND event.cid <= ".$paging[$PageNum];
          print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Previous Page</a>\n";
          $PageNum++;
          if ($paging[$PageNum] != $LastPageCID)
          {
            $PageNum++;
            $PagePosition = "OFF_START";
            $SQLpaging = " AND event.cid <= ".$paging[$PageNum];
            print "||";
            print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Next Page</a>\n";
          }

        }
        if($PagePosition == "ON_START") #------ This is the first page ---------------
        {
          reset($paging);
          if (next($paging))   # -------- If there's more logs to show... ----------
          {
            $LastPageCID = end($paging);
            $FirstPageCID = reset($paging);
            $PageCID = next($paging);
            $PageNum = 1;
            $LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
            $PagePosition = "OFF_START";                                #  We're now leaving first page
            $SQLpaging = " AND event.cid <= $PageCID ";
            print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Next Page</a>\n";

            print "</td></tr>\n";
          }
        }
        print "</tr>\n";
      }
      else {
        print "<tr><th colspan=\"9\" align=center>Nothing there!<br> $ERROR_Message</th></tr></table>\n";
      }
      mysql_free_result($Result);
    }
    else {
      print "<tr><th colspan=\"9\" align=center>Nothing there!....<br> $ERROR_Message</th></tr></table>\n";
    }
  }


?>
  </body>
</html>
Return current item: Snort Log Monitor and Ticketing System