<html>
<head>
<title>Snort IDS logs for Securetty.com</title>
<base target="_self">
</head>
<?php
include ("myfunctions.php");
# If the includes are not working for the db settings then populate them locally:
include ("dbconn_out.php");
## mysql snort database
# $db_host = ""; # mysql database server.
# $db_user = ""; # mysql user with SELECT, UPDATE, INSERT priveleges.
# $db_passwd = ""; # password for mysql user.
# $db_database = ""; # database name where snort logs to.
## mysql snort database for ticketing system
# $tix_db_host = ""; # IP of mysql server containing ticketing database.
# $tix_db_user = ""; # mysql user with SELECT, INSERT, UPDATE, DELETE priveleges.
# $tix_db_passwd = ""; # password for mysql user.
# $tix_db_database = ""; # name of the ticketing database.
# This is for initialization:
if ($OnRun == "INIT")
{
$PagePosition = "ON_START";
$RunOnce = "TRUE";
$RowNum = 100; # Number of records per page
}
$db_connection = mysql_connect($db_host, $db_user, $db_passwd);
mysql_select_db($db_database);
#if ($PagePosition != "middle")
if ($RunOnce == "TRUE")
{
$fromyearP=str_pad($fromyear,4, "0", STR_PAD_LEFT);
$frommonthP=str_pad($frommonth,2, "0", STR_PAD_LEFT);
$fromdayP=str_pad($fromday,2, "0", STR_PAD_LEFT);
$fromhourP=str_pad($fromhour,2, "0", STR_PAD_LEFT);
$fromminuteP=str_pad($fromminute,2, "0", STR_PAD_LEFT);
$fromsecondP=str_pad($fromsecond,2, "0", STR_PAD_LEFT);
$toyearP=str_pad($toyear,4, "0", STR_PAD_LEFT);
$tomonthP=str_pad($tomonth,2, "0", STR_PAD_LEFT);
$todayP=str_pad($today,2, "0", STR_PAD_LEFT);
$tohourP=str_pad($tohour,2, "0", STR_PAD_LEFT);
$tominuteP=str_pad($tominute,2, "0", STR_PAD_LEFT);
$tosecondP=str_pad($tosecond,2, "0", STR_PAD_LEFT);
$FromTime = $fromhourP.$fromminuteP.$fromsecondP;
$FromDate = $fromyearP.$frommonthP.$fromdayP;
$ToTime = $tohourP.$tominuteP.$tosecondP;
$ToDate = $toyearP.$tomonthP.$todayP;
$FromDateTime = $FromDate.$FromTime;
$ToDateTime = $ToDate.$ToTime;
$FromDateTime = doubleval($FromDateTime);
$ToDateTime = doubleval($ToDateTime);
#-------------------------------------------------------------
# Handle source ip
if ( $source_ip[0] != 'any' )
{
for ($X=0; $X < count($source_ip); $X++)
{
$criteriaSrcIP = $criteriaSrcIP." and iphdr.ip_src=".$source_ip[$X]." ";
}
} elseif ( $source_ip[0] == 'any' )
{
$criteriaSrcIP = "";
}
# Handle destination ip
if ( $destination_ip[0] != 'any' )
{
# print "adding the dest ips.<br>";
for ($X=0; $X < count($destination_ip); $X++)
{
$criteriaDstIP = $criteriaDstIP." and iphdr.ip_dst=".$destination_ip[$X]." ";
}
} elseif ( $destination_ip[0] == 'any' )
{
$criteriaDstIP = "";
}
#-------------------------------------------------------------
if ($sourceport == "")
{
$BoolSourcePortEMPTY = "good";
}
elseif (ereg("^[0-9]{1,5}$", $sourceport, $sportmatch))
{
#print "if on sp single<br>";
intval($sportmatch[0]);
$BoolSourcePort = "good";
}
elseif (ereg("^[0-9]{1,5}-[0-9]{1,5}$", $sourceport) AND (!ereg("^[0].*$", $sourceport)))
{
#print "elseif into sp range<br>";
$BoolSourcePort = "bad";
ereg("^[0-9]{1,5}", $sourceport, $lower_sport);
ereg("[0-9]{1,5}$", $sourceport, $higher_sport);
intval($lower_sport[0]);
intval($higher_sport[0]);
$BoolSourcePortRANGE = "good";
}
else
{
#print "else into sp single & range bad<br>";
$lower_sport[0] = "";
$higher_sport[0] = "";
$BoolSourcePortRANGE = "bad";
$BoolSourcePort = "bad";
}
#-------------------------------------------------------------
if ($destinationport == "")
{
$BoolDestinationPortEMPTY = "good";
}
elseif (ereg("^[0-9]{1,5}$", $destinationport, $dportmatch))
{
#print "if on dp single<br>";
intval($dportmatch[0]);
$BoolDestinationPort = "good";
}
elseif (ereg("^[0-9]{1,5}-[0-9]{1,5}$", $destinationport))
{
#print "elseif into dp range<br>";
$BoolDestinationPort = "bad";
ereg("^[0-9]{1,5}", $destinationport, $lower_dport);
ereg("[0-9]{1,5}$", $destinationport, $higher_dport);
intval($lower_dport[0]);
intval($higher_dport[0]);
$BoolDestinationPortRANGE = "good";
}
else
{
#print "else into dp single & range bad<br>";
$lower_dport[0] = "";
$higher_dport[0] = "";
$BoolDestinationPortRANGE = "bad";
$BoolDestinationPort = "good";
}
#-------------------------------------------------------------
# Determine which changable protocol table to use
if ($protocol == "tcp") # AND $BoolDestinationPort = "good" AND $BoolSourcePort = "good")
{
$use_table_tcphdr = ", tcphdr ";
$use_join_event_tcphdr = " and event.cid=tcphdr.cid ";
}
elseif ($protocol == "udp") # AND $BoolDestinationPort = "good" AND $BoolSourcePort = "good")
{
$use_table_udphdr = ", udphdr ";
$use_join_event_udphdr = " and event.cid=udphdr.cid ";
}
elseif ($protocol == "icmp")
{
$use_icmphdr_type = " , icmphdr.icmp_type, icmphdr.icmp_code ";
$use_table_icmphdr = ", icmphdr ";
$use_join_event_icmphdr = " and event.cid=icmphdr.cid ";
}
#-------------------------------------------------------------
# Populate source fields when sourceport is empty
if ($protocol == "tcp" AND $sourceport == "")
{
$use_tcphdr_sport = ", tcphdr.tcp_sport ";
# $use_table_tcphdr = ", tcphdr ";
}
elseif ($protocol == "udp" AND $sourceport == "")
{
$use_udphdr_sport = ", udphdr.udp_sport ";
# $use_table_udphdr = ", udphdr ";
}
elseif ($protocol == "icmp" AND $sourceport == "")
{
# $use_table_icmphdr = ", icmphdr ";
$criteriaSrcPORT = "";
}
# Populate destination fields when destinationport is empty
if ($protocol == "tcp" AND $destinationport == "")
{
$use_tcphdr_dport = ", tcphdr.tcp_dport ";
# $use_table_tcphdr = ", tcphdr ";
}
elseif ($protocol == "udp" AND $destinationport == "")
{
$use_udphdr_dport = ", udphdr.udp_dport ";
# $use_table_udphdr = ", udphdr ";
}
elseif ($protocol == "icmp" AND $destinationport == "")
{
# $use_table_icmphdr = ", icmphdr ";
$criteriaDstPORT = "";
}
#-------------------------------------------------------------
# Populate source fields and criteria while only a single port
if ($protocol == "tcp" AND $BoolSourcePort == "good")
{
$use_tcphdr_sport = ", tcphdr.tcp_sport ";
# $use_table_tcphdr = ", tcphdr ";
$criteriaSrcPORT = " AND tcphdr.tcp_sport = ".$sportmatch[0]." ";
}
elseif ($protocol == "udp" AND $BoolSourcePort == "good")
{
$use_udphdr_sport = ", udphdr.udp_sport ";
# $use_table_udphdr = ", udphdr ";
$criteriaSrcPORT = " AND udphdr.udp_sport = ".$sportmatch[0]." ";
}
elseif ($protocol == 'icmp')
{
$criteriaSrcPORT = "";
}
# Populate destination fields and criteria while only a single port
if ($protocol == "tcp" AND $BoolDestinationPort == "good")
{
$use_tcphdr_dport = ", tcphdr.tcp_dport ";
# $use_table_tcphdr = ", tcphdr ";
$criteriaDstPORT = " AND tcphdr.tcp_dport = ".$dportmatch[0]." ";
}
elseif ($protocol == "udp" AND $BoolDestinationPort == "good")
{
$use_udphdr_dport = ", udphdr.udp_dport ";
# $use_table_udphdr = ", udphdr ";
$criteriaDstPORT = " AND udphdr.udp_dport = ".$dportmatch[0]." ";
}
elseif ($protocol == 'icmp')
{
$criteriaDstPORT = "";
}
#-------------------------------------------------------------
# Populate source fields and criteria while using a range of ports
if ($protocol == "tcp" AND $BoolSourcePortRANGE == "good")
{
$use_tcphdr_sport = ", tcphdr.tcp_sport ";
$criteriaSrcPORT = " AND tcphdr.tcp_sport >= ".$lower_sport[0]." AND tcphdr.tcp_sport <= ".$higher_sport[0]." ";
# $use_table_tcphdr = ", tcphdr ";
}
elseif ($protocol == "udp" AND $BoolSourcePortRANGE == "good")
{
$use_udphdr_sport = ", udphdr.udp_sport ";
$criteriaSrcPORT = " AND udphdr.udp_sport >= ".$lower_sport[0]." AND udphdr.udp_sport <= ".$higher_sport[0]." ";
# $use_table_udphdr = ", udphdr ";
}
elseif ($protocol == 'icmp')
{
$criteriaSrcPORT = "";
}
# Populate destination fields and criteria while using a range of ports
if ($protocol == "tcp" AND $BoolDestinationPortRANGE == "good")
{
$use_tcphdr_dport = ", tcphdr.tcp_dport ";
$criteriaDstPORT = " AND tcphdr.tcp_dport >= ".$lower_dport[0]." AND tcphdr.tcp_dport <= ".$higher_dport[0]." ";
# $use_table_tcphdr = ", tcphdr ";
}
elseif ($protocol == "udp" AND $BoolDestinationPortRANGE == "good")
{
$use_udphdr_dport = ", udphdr.udp_dport ";
$criteriaDstPORT = " AND udphdr.udp_dport >= ".$lower_dport[0]." AND udphdr.udp_dport <= ".$higher_dport[0]." ";
# $use_table_udphdr = ", udphdr ";
}
elseif ($protocol == 'icmp')
{
$criteriaDstPORT = "";
}
#-------------------------------------------------------------
# Populate siganture name selected
if ($signatureID[0] != "any")
{
if ($signature[0] == "")
{
$crit_signature_ID = "";
}
else
{
$crit_signature_ID = " AND signature.sig_id = ".$signatureID[0]." ";
for ($X=1; $X < count($signatureID); $X++)
{
$crit_signature_ID .= " OR signature.sig_id = ".$signatureID[$X]." ";
}
# $use_join_event_signature = "";
$use_join_event_signature = " AND event.signature=signature.sig_id ";
}
}
elseif ($signatureID[0] == "any")
{
$crit_signature_ID = "";
$use_join_event_signature = " AND event.signature=signature.sig_id ";
}
}
#-------------------------------------------------------------
#---- Begin building QSL statement string here ---------
#-------------------------------------------------------------
$LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
$theConditions = " and event.timestamp >= $FromDateTime and ";
$theConditions .= " event.timestamp <= $ToDateTime ";
$theConditions .= $crit_signature_ID.$criteriaSrcIP.$criteriaSrcPORT;
$theConditions .= $criteriaDstIP.$criteriaDstPORT;
if ($PagePosition == "OFF_START")
{
$theConditions .= $SQLpaging;
}
$theKeyJoins = " WHERE event.cid=iphdr.cid ";
$theKeyJoins .= $use_join_event_tcphdr.$use_join_event_udphdr.$use_join_event_icmphdr;
$theKeyJoins .= $use_join_event_signature.$theConditions;
$theTables = " iphdr, event $use_table_tcphdr $use_table_udphdr ";
$theTables .= " $use_table_icmphdr, signature ";
$theTblFields = "event.cid, event.tix_id, event.timestamp, iphdr.ip_src $use_tcphdr_sport ";
$theTblFields .= " $use_udphdr_sport, iphdr.ip_dst $use_icmphdr_type $use_tcphdr_dport ";
$theTblFields .= " $use_udphdr_dport, signature.sig_name ";
$Selstr = "SELECT ".$theTblFields." FROM ".$theTables.$theKeyJoins.$LastStuff;
#---------- Handle Paging SQL --------------------------------------------
$SELpage = "SELECT event.cid FROM ".$theTables.$theKeyJoins." ORDER BY event.cid DESC";
#-------------------------------------------------------------------------
#------------------- Run this only on the first page rendering -----------
#if ($PagePosition == "ON_START")
#{
if ($OnRun == "INIT")
{
#-----------Determine how many pages are in the search results -----------
$Z = 0;
$Y = 0;
$CIDresult = mysql_query($SELpage, $db_connection);
$sqlcid = mysql_fetch_row($CIDresult);
$paging[$Z] = $sqlcid[0];
$Z++;
$Y++;
for ($X = 1; $X < mysql_num_rows($CIDresult); $X++)
{
$sqlcid = mysql_fetch_row($CIDresult);
if($Y == $RowNum)
{
$paging[$Z] = $sqlcid[0];
$Y = 0;
$Z++;
} else
{
$Y++;
}
}
$strpage = implode($paging, ",");
#---------- END Determine how many pages are in search ---------------------------------
}
#print "strpage: ".$strpage."<br>";
#------------ Populate paging array from next page loadup ------------------------------
if (strlen($strpage) > 0)
{
$paging = explode(",", $strpage);
}
#print"paging out of bounds ".$paging[80]."<br>";
#print "Selpage: ".$Selpage."<br>";
#print "FromDateTime ".$FromDateTime."<br>";
#print "ToDateTime ".$ToDateTime."<br>";
#print "SQLSelA: ".$SQLSelA."<br>";
#print "Selstr: ".$Selstr."<br>";
#----------- Present the screen ----------------------------------------------------------
# if ($BoolSourcePortRANGE == "good" OR $BoolSourcePort == "good" OR $BoolSourcePortEMPTY == "good" OR $BoolDestinationPortRANGE == "good" OR $BoolDestinationPort == "good" OR $BoolDestinationPortEMPTY == "good")
# {
$Result = mysql_query($Selstr, $db_connection);
$DoPrint = "yes";
# } else
# {
# $DoPrint = "no";
# }
print "<body bgcolor=\"gray\">\n";
print "<form action=\"detail.php\" target\"logdata\" method=\"post\">\n";
print "<table width=\"100%\">\n";
print " <tr><td width=\"130\"><input type=\"reset\" value=\"Clear Selection\"></td>\n";
print " <td width=\"130\"><input type=\"submit\" value=\"View Details\" name=\"details\"></td>\n";
print " <td width=\"130\"><input type=\"submit\" value=\"New Ticket\" name=\"new_tix\"></td>\n";
print " <td><a href=\"tixviewall.php\">View Tickets</a></td></tr>\n";
#print " <td><a href=\"tixview.php?status=all\">View All Tickets</a><br>\n";
#print " <a href=\"tixview.php?status=new\">View New Tickets</a></td>\n";
#print " <td><a href=\"tixview.php?status=assigned\">View Assigned Tickets</a><br>\n";
#print " <a href=\"tixview.php?status=pending\">View Pending Tickets</a></td>\n";
#print " <td><a href=\"tixview.php?status=resolved\">View Resolved Tickets</a><br>\n";
#print " <a href=\"tixview.php?status=dismissed\">View Dismissed Tickets</a></td></tr>\n";
print "</table>\n";
# Hidden Variables:
print "<input type=\"hidden\" name=\"protocol\" value=$protocol>";
if ($protocol != "icmp")
{
# The header for tcp & udp protocols
print " <table border=\"0\" width=\"100%\">";
print " <tr align=\"center\" bgcolor=\"orange\" cellspacing=\"0\" cellpadding=\"0\">";
print " <th rowspan=\"2\" width=\"30\" align=\"center\">Det</th>";
print " <th rowspan=\"2\" width=\"20\" align=\"center\">Sel<br>Tix</th>";
print " <th rowspan=\"2\" width=\"65\" align=\"center\">Ticket<br>Number</th>";
print " <th rowspan=\"2\">Timestamp</th><th colspan=\"2\">Source</th><th colspan=\"2\">Destination</th>";
print " <th rowspan=\"2\">Signature</th></tr>";
print " <tr align=\"center\" bgcolor=\"orange\" cellspacing=\"1\" cellpadding=\"1\">";
print " <td><b>IP</b></td><td><b>Port</b></td><td><b>IP</b></td>";
print " <td><b>Port</b></td></tr>";
if ($DoPrint == "yes")
{
if (mysql_num_rows($Result) != 0)
{
for ($i = 0; $i < mysql_num_rows($Result); $i++ )
{
$row = mysql_fetch_row($Result);
$rowQTY= mysql_num_rows($Result);
$IP_source=0+$row[3];
$IP_dest=0+$row[5];
print "<input type=\"hidden\" name=\"rowCount\" value=$rowQTY>";
print "<tr bgcolor=\"gray\">";
print "<td><font size=\"2PT\"><input type=\"radio\" name=\"cidIndex\" value=$row[0]></font></td>";#select 1 row
print "<td><font size=\"2PT\">";
if ($row[1]=="")
{
print " <input type=\"checkbox\" name=\"rowIndex[$i]\" value=$row[0]>";
}
print " </font></td>";# rows
print "<td><font size=\"2PT\">$row[1]</font></td>"; # event.tix_id
print "<td><font size=\"2PT\">$row[2]</font></td>"; # event.timestamp
print "<td><font size=\"2PT\">".IntToIPaddress($IP_source)."</font></td>"; # iphdr.ip_src
print "<td><font size=\"2PT\">$row[4]</font></td>"; # tcphdr.sport
print "<td><font size=\"2PT\">".IntToIPaddress($IP_dest)."</font></td>"; # iphdr.ip_dst
print "<td><font size=\"2PT\">$row[6]</font></td>"; # tcphdr.dport
print "<td><font size=\"2PT\">$row[7]</font></td>"; # signature.sig_name
print "</tr>";
}
print "<tr bgcolor=\"orange\">";
print "<td colspan=\"9\">$rowQTY Rows</td></tr>";
print "<tr bgcolor=\"orange\"><td colspan=\"9\" align=\"center\">\n";
#----------- BEGIN 'PREVIOUS PAGE/NEXT PAGE' when we are not on the first page -------------------------
if ($PagePosition == "OFF_START")
{
$LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
$PageNum--;
if ($paging[$PageNum] == $FirstPageCID)
{
$PagePosition = "ON_START";
}
$SQLpaging = " AND event.cid <= ".$paging[$PageNum];
print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Previous Page</a>\n";
$PageNum++;
if ($paging[$PageNum] != $LastPageCID)
{
$PageNum++;
$PagePosition = "OFF_START";
$SQLpaging = " AND event.cid <= ".$paging[$PageNum];
print "||";
print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Next Page</a>\n";
}
}
#-------------- BEGIN 'NEXT PAGE' when we are on the first page -----------------------------------------
if($PagePosition == "ON_START") #------ This is the first page ---------------
{
reset($paging);
if (next($paging)) # -------- If there's more logs to show... ----------
{
$LastPageCID = end($paging);
$FirstPageCID = reset($paging);
$PageCID = next($paging);
$PageNum = 1;
$PagePosition = "OFF_START"; # We're now leaving first page
$LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
$SQLpaging = " AND event.cid <= $PageCID ";
print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Next Page</a>\n";
print "</td></tr>\n";
}
}
#-------------- END 'NEXT PAGE' when we are on the first page -----------------------------------------
}
else
{
print "<tr><th colspan=6 align=center>Nothing there!<br> $ERROR_Message</th></tr></table>\n";
}
mysql_free_result($Result);
}
else
{
print "<tr><th colspan=6 align=center>Nothing there!...<br> $ERROR_Message</th></tr></table>\n";
}
}
else
{ # Header for icmp protocol
print "<table border=\"0\" width=\"100%\">";
print " <tr align=\"center\" bgcolor=\"orange\" cellspacing=\"1\" cellpadding=\"1\">";
print " <th width=\"20\"align=\"center\">Det</th><th align=\"center\">Sel<br>Tix</th>";
print " <th width=\"65\" align=\"center\">Ticket<br>Number</th>";
print " <th align=\"center\">Timestamp</th><th align=\"center\">Source<br>IP</th>";
print " <th align=\"center\">Destination<br>IP</th><th>ICMP<br>Type</th><th>ICMP<br>Code</th>";
print " <th>Signature</th></tr>";
if ($DoPrint == "yes")
{
if (mysql_num_rows($Result) != 0) {
for ($i = 0; $i < mysql_num_rows($Result); $i++ ) {
$row = mysql_fetch_row($Result);
$rowQTY= mysql_num_rows($Result);
$IP_source=0+$row[3];
$IP_dest=0+$row[4];
print "<input type=\"hidden\" name=\"rowCount\" value=$rowQTY>";
print "<tr bgcolor=\"gray\">";
print "<td width=\"20\"><font size=\"2PT\">";
print " <input type=\"radio\" name=\"cidIndex\" value=$row[0]></font></td>";#select 1 row
print "<td width=\"20\"><font size=\"2PT\">";
if ($row[1]=="")
{
print " <input type=\"checkbox\" name=\"rowIndex[$i]\" value=$row[0]>";
}
print " </font></td>";# rows
print "<td><font size=\"2PT\">$row[1]</font></td>"; # event.tix_id
print "<td width=\"115\"><font size=\"2PT\">$row[2]</font></td>"; # event.timestamp
print "<td width=\"100\"><font size=\"2PT\">".IntToIPaddress($IP_source)."</font></td>"; # iphdr.ip_src
print "<td width=\"100\"><font size=\"2PT\">".IntToIPaddress($IP_dest)."</font></td>"; # iphdr.ip_dst
print "<td width=\"50\"><font size=\"2PT\">$row[5]</font></td>"; # icmp type
print "<td width=\"50\"><font size=\"2PT\">$row[6]</font></td>"; # icmp code
print "<td><font size=\"2PT\">$row[7]</font></td></tr>"; # signature.sig_name
}
print "<tr bgcolor=\"orange\">";
print "<td colspan=\"9\">$rowQTY Rows</td></tr>";
print "<tr bgcolor=\"orange\"><td colspan=\"9\" align=\"center\">\n";
if ($PagePosition == "OFF_START")
{
$LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
$PageNum--;
if ($paging[$PageNum] == $FirstPageCID)
{
$PagePosition = "ON_START";
}
$SQLpaging = " AND event.cid <= ".$paging[$PageNum];
print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Previous Page</a>\n";
$PageNum++;
if ($paging[$PageNum] != $LastPageCID)
{
$PageNum++;
$PagePosition = "OFF_START";
$SQLpaging = " AND event.cid <= ".$paging[$PageNum];
print "||";
print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Next Page</a>\n";
}
}
if($PagePosition == "ON_START") #------ This is the first page ---------------
{
reset($paging);
if (next($paging)) # -------- If there's more logs to show... ----------
{
$LastPageCID = end($paging);
$FirstPageCID = reset($paging);
$PageCID = next($paging);
$PageNum = 1;
$LastStuff = " ORDER BY event.cid DESC LIMIT $RowNum";
$PagePosition = "OFF_START"; # We're now leaving first page
$SQLpaging = " AND event.cid <= $PageCID ";
print "<a href=\"snortlogdata.php?SQLpaging=$SQLpaging&PageNum=$PageNum&FirstPageCID=$FirstPageCID&LastPageCID=$LastPageCID&strpage=$strpage&PagePosition=$PagePosition&RowNum=$RowNum&protocol=$protocol&use_udphdr_dport=$use_udphdr_dport&use_tcphdr_dport=$use_tcphdr_dport&use_icmphdr_type=$use_icmphdr_type&use_udphdr_sport=$use_udphdr_sport&use_tcphdr_sport=$use_tcphdr_sport&use_table_icmphdr=$use_table_icmphdr&use_table_udphdr=$use_table_udphdr&use_table_tcphdr=$use_table_tcphdr&use_join_event_signature=$use_join_event_signature&use_join_event_icmphdr=$use_join_event_icmphdr&use_join_event_udphdr=$use_join_event_udphdr&use_join_event_tcphdr=$use_join_event_tcphdr&criteriaDstPORT=$criteriaDstPORT&criteriaDstIP=$criteriaDstIP&criteriaSrcPORT=$criteriaSrcPORT&criteriaSrcIP=$criteriaSrcIP&crit_signature_ID=$crit_signature_ID&ToDateTime=$ToDateTime&FromDateTime=$FromDateTime&LastStuff=$LastStuff\">Next Page</a>\n";
print "</td></tr>\n";
}
}
print "</tr>\n";
}
else {
print "<tr><th colspan=\"9\" align=center>Nothing there!<br> $ERROR_Message</th></tr></table>\n";
}
mysql_free_result($Result);
}
else {
print "<tr><th colspan=\"9\" align=center>Nothing there!....<br> $ERROR_Message</th></tr></table>\n";
}
}
?>
</body>
</html>