GitHub-Mirror/CLF
Archived
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial import of CLF project for CSC

Browse source
This commit is contained in:
Fish 2004-09-10 11:31:11 +00:00
commit 46e1d76089
341 changed files with 52823 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

341
.gitattributes vendored Normal file
View file

@ -0,0 +1,341 @@
* text=auto !eol
html/.htaccess -text
html/1stalertview.php -text
html/1stcustomer.php -text
html/1stequiptype.php -text
html/1stfilter.php -text
html/1sthost.php -text
html/1stlaunch.php -text
html/1stmaint.php -text
html/1stprocessor.php -text
html/1streports.php -text
html/1strule.php -text
html/1stsaves.php -text
html/1stview.php -text
html/2ndreports.php -text
html/ChangeLog.txt -text
html/admin/.htaccess -text
html/admin/ChangeLog.txt -text
html/admin/app.php -text
html/admin/data/commands -text
html/admin/data/convertpw.php -text
html/admin/data/install.txt -text
html/admin/data/pgsql.secframe -text
html/admin/faq.txt -text
html/admin/group.php -text
html/admin/images/background.gif -text
html/admin/images/tile.gif -text
html/admin/images/title.gif -text
html/admin/index.php -text
html/admin/license.txt -text
html/admin/scripts/php/queue.php -text
html/admin/secversion -text
html/admin/user.php -text
html/alert.php -text
html/background.html -text
html/background.php -text
html/calendar.php -text
html/config.php -text
html/customer.php -text
html/data/install -text
html/data/pgsql.msyslog -text
html/data/pgsql.secframe -text
html/equiptype.php -text
html/faq.txt -text
html/filter.php -text
html/header.php -text
html/host.php -text
html/images/Exclamation.gif -text
html/images/IEWin.css -text
html/images/Px_Clear.gif -text
html/images/background.gif -text
html/images/bg2.gif -text
html/images/bg3.gif -text
html/images/blue.gif -text
html/images/csc_name.gif -text
html/images/no.gif -text
html/images/ok.gif -text
html/images/over_nav_qing.gif -text
html/images/tile.gif -text
html/images/title.png -text
html/include_main.css -text
html/index.php -text
html/launch.php -text
html/license.txt -text
html/logout.php -text
html/logwatch.php -text
html/maintenance.php -text
html/menu.php -text
html/old1stview.php -text
html/processor.php -text
html/reports/cisco-pix-bandwidthbreakdown.php -text
html/reports/severity-facility.php -text
html/reports/vpnuserusage.php -text
html/rule.php -text
html/runlog.txt -text
html/scripts/bin/analyzetsyslog -text
html/scripts/bin/archivelogs -text
html/scripts/bin/autovac -text
html/scripts/bin/convertlogtosyslog -text
html/scripts/bin/createtmpoutputfiles -text
html/scripts/bin/expirelogs -text
html/scripts/bin/logbreakout -text
html/scripts/bin/nightlyroguecheck -text
html/scripts/bin/pgsqlhealth -text
html/scripts/bin/pgsqllogin -text
html/scripts/bin/processlogs -text
html/scripts/bin/rebuild.php -text
html/scripts/bin/vacuumdb -text
html/scripts/bin/vacuumtsyslog -text
html/scripts/bin/weeklyindexrebuild -text
html/scripts/crontab/root -text
html/scripts/php/analyzetsyslog.php -text
html/scripts/php/archive.php -text
html/scripts/php/autovac.php -text
html/scripts/php/expire.php -text
html/scripts/php/nightlyroguecheck.php -text
html/scripts/php/processlogs.php -text
html/scripts/php/vacuumdb.php -text
html/scripts/php/vacuumtsyslog.php -text
html/scripts/php/weeklyindexrebuild.php -text
html/smtversion -text
html/template.php -text
html/view.php -text
html/viewsaves.php -text
lib/generalweb.php -text
lib/pgsql.php -text
lib/pix.php -text
lib/secframe.php -text
log.d/.db.conf.swo -text
log.d/.db.conf.swp -text
log.d/CENTRAL_LOGSERVER -text
log.d/bin/dumplog.pl -text
log.d/bin/getconfig -text
log.d/bin/listconfigs -text
log.d/bin/logwatch.pl -text
log.d/bin/parselog.sh -text
log.d/bin/storelog.pl -text
log.d/configs/linux.tar.gz -text
log.d/configs/linux/conf/logfiles/messages.conf -text
log.d/configs/linux/conf/logwatch.conf -text
log.d/configs/linux/conf/services/arpwatch.conf -text
log.d/configs/linux/conf/services/automount.conf -text
log.d/configs/linux/conf/services/cisco.conf -text
log.d/configs/linux/conf/services/clam-update.conf -text
log.d/configs/linux/conf/services/courier.conf -text
log.d/configs/linux/conf/services/cron.conf -text
log.d/configs/linux/conf/services/dhcpd.conf -text
log.d/configs/linux/conf/services/exim.conf -text
log.d/configs/linux/conf/services/ftpd-messages.conf -text
log.d/configs/linux/conf/services/identd.conf -text
log.d/configs/linux/conf/services/imapd.conf -text
log.d/configs/linux/conf/services/in.qpopper.conf -text
log.d/configs/linux/conf/services/init.conf -text
log.d/configs/linux/conf/services/ipop3d.conf -text
log.d/configs/linux/conf/services/kernel.conf -text
log.d/configs/linux/conf/services/mailscanner.conf -text
log.d/configs/linux/conf/services/modprobe.conf -text
log.d/configs/linux/conf/services/mountd.conf -text
log.d/configs/linux/conf/services/named.conf -text
log.d/configs/linux/conf/services/oidentd.conf -text
log.d/configs/linux/conf/services/pam.conf -text
log.d/configs/linux/conf/services/pam_pwdb.conf -text
log.d/configs/linux/conf/services/pam_unix.conf -text
log.d/configs/linux/conf/services/pluto.conf -text
log.d/configs/linux/conf/services/pop3.conf -text
log.d/configs/linux/conf/services/portsentry.conf -text
log.d/configs/linux/conf/services/postfix.conf -text
log.d/configs/linux/conf/services/pound.conf -text
log.d/configs/linux/conf/services/proftpd-messages.conf -text
log.d/configs/linux/conf/services/pureftpd.conf -text
log.d/configs/linux/conf/services/qmail.conf -text
log.d/configs/linux/conf/services/raid.conf -text
log.d/configs/linux/conf/services/rt314.conf -text
log.d/configs/linux/conf/services/samba.conf -text
log.d/configs/linux/conf/services/secure.conf -text
log.d/configs/linux/conf/services/sendmail-largeboxes.conf -text
log.d/configs/linux/conf/services/sendmail.conf -text
log.d/configs/linux/conf/services/shaperd.conf -text
log.d/configs/linux/conf/services/smartd.conf -text
log.d/configs/linux/conf/services/sshd.conf -text
log.d/configs/linux/conf/services/sshd2.conf -text
log.d/configs/linux/conf/services/stunnel.conf -text
log.d/configs/linux/conf/services/sudo.conf -text
log.d/configs/linux/conf/services/syslogd.conf -text
log.d/configs/linux/conf/services/up2date.conf -text
log.d/configs/linux/conf/services/vpopmail.conf -text
log.d/configs/linux/conf/services/vsftpd.conf -text
log.d/configs/linux/conf/services/yum.conf -text
log.d/configs/linux/conf/services/zz-disk_space.conf -text
log.d/configs/linux/conf/services/zz-fortune.conf -text
log.d/configs/linux/scripts/logfiles/autorpm/applydate -text
log.d/configs/linux/scripts/logfiles/cron/applydate -text
log.d/configs/linux/scripts/logfiles/samba/applydate -text
log.d/configs/linux/scripts/logfiles/samba/removeheaders -text
log.d/configs/linux/scripts/logfiles/up2date/applydate -text
log.d/configs/linux/scripts/logfiles/up2date/removeheaders -text
log.d/configs/linux/scripts/logfiles/xferlog/applydate -text
log.d/configs/linux/scripts/logfiles/xferlog/removeheaders -text
log.d/configs/linux/scripts/logwatch.pl -text
log.d/configs/linux/scripts/services/arpwatch -text
log.d/configs/linux/scripts/services/automount -text
log.d/configs/linux/scripts/services/cisco -text
log.d/configs/linux/scripts/services/clam-update -text
log.d/configs/linux/scripts/services/clamav -text
log.d/configs/linux/scripts/services/clamav-milter -text
log.d/configs/linux/scripts/services/courier -text
log.d/configs/linux/scripts/services/cron -text
log.d/configs/linux/scripts/services/dhcpd -text
log.d/configs/linux/scripts/services/disk_space -text
log.d/configs/linux/scripts/services/exim -text
log.d/configs/linux/scripts/services/ftpd-messages -text
log.d/configs/linux/scripts/services/ftpd-xferlog -text
log.d/configs/linux/scripts/services/http -text
log.d/configs/linux/scripts/services/identd -text
log.d/configs/linux/scripts/services/imapd -text
log.d/configs/linux/scripts/services/in.qpopper -text
log.d/configs/linux/scripts/services/init -text
log.d/configs/linux/scripts/services/ipop3d -text
log.d/configs/linux/scripts/services/kernel -text
log.d/configs/linux/scripts/services/mailscanner -text
log.d/configs/linux/scripts/services/modprobe -text
log.d/configs/linux/scripts/services/mountd -text
log.d/configs/linux/scripts/services/named -text
log.d/configs/linux/scripts/services/oidentd -text
log.d/configs/linux/scripts/services/pam -text
log.d/configs/linux/scripts/services/pam_pwdb -text
log.d/configs/linux/scripts/services/pam_unix -text
log.d/configs/linux/scripts/services/pluto -text
log.d/configs/linux/scripts/services/pop3 -text
log.d/configs/linux/scripts/services/portsentry -text
log.d/configs/linux/scripts/services/postfix -text
log.d/configs/linux/scripts/services/pound -text
log.d/configs/linux/scripts/services/proftpd-messages -text
log.d/configs/linux/scripts/services/pureftpd -text
log.d/configs/linux/scripts/services/qmail -text
log.d/configs/linux/scripts/services/raid -text
log.d/configs/linux/scripts/services/rt314 -text
log.d/configs/linux/scripts/services/samba -text
log.d/configs/linux/scripts/services/secure -text
log.d/configs/linux/scripts/services/sendmail -text
log.d/configs/linux/scripts/services/sendmail-largeboxes -text
log.d/configs/linux/scripts/services/shaperd -text
log.d/configs/linux/scripts/services/smartd -text
log.d/configs/linux/scripts/services/sshd -text
log.d/configs/linux/scripts/services/sshd2 -text
log.d/configs/linux/scripts/services/stunnel -text
log.d/configs/linux/scripts/services/sudo -text
log.d/configs/linux/scripts/services/syslogd -text
log.d/configs/linux/scripts/services/tac_acc -text
log.d/configs/linux/scripts/services/up2date -text
log.d/configs/linux/scripts/services/vpopmail -text
log.d/configs/linux/scripts/services/vsftpd -text
log.d/configs/linux/scripts/services/yum -text
log.d/configs/linux/scripts/services/zz-disk_space -text
log.d/configs/linux/scripts/services/zz-fortune -text
log.d/configs/linux/scripts/shared/applyhttpdate -text
log.d/configs/linux/scripts/shared/applystddate -text
log.d/configs/linux/scripts/shared/applyusdate -text
log.d/configs/linux/scripts/shared/expandrepeats -text
log.d/configs/linux/scripts/shared/hostlist -text
log.d/configs/linux/scripts/shared/multiservice -text
log.d/configs/linux/scripts/shared/onlycontains -text
log.d/configs/linux/scripts/shared/onlyhost -text
log.d/configs/linux/scripts/shared/onlyservice -text
log.d/configs/linux/scripts/shared/remove -text
log.d/configs/linux/scripts/shared/removeheaders -text
log.d/configs/linux/scripts/shared/removeservice -text
log.d/db.conf -text
log.d/lib/Logwatch.pm -text
msyslog-v1.08a+smac/AUTHORS -text
msyslog-v1.08a+smac/COPYING -text
msyslog-v1.08a+smac/ChangeLog -text
msyslog-v1.08a+smac/INSTALL -text
msyslog-v1.08a+smac/Makefile -text
msyslog-v1.08a+smac/Makefile.in -text
msyslog-v1.08a+smac/NEWS -text
msyslog-v1.08a+smac/QUICK_INSTALL -text
msyslog-v1.08a+smac/README -text
msyslog-v1.08a+smac/config.log -text
msyslog-v1.08a+smac/config.status -text
msyslog-v1.08a+smac/configure -text
msyslog-v1.08a+smac/configure.in -text
msyslog-v1.08a+smac/doc/HOW-TO-UPGRADE -text
msyslog-v1.08a+smac/doc/HOW_TO_WRITE_A_MODULE -text
msyslog-v1.08a+smac/doc/README.mysql -text
msyslog-v1.08a+smac/doc/copyright -text
msyslog-v1.08a+smac/install-sh -text
msyslog-v1.08a+smac/src/Makefile -text
msyslog-v1.08a+smac/src/Makefile.in -text
msyslog-v1.08a+smac/src/TODO -text
msyslog-v1.08a+smac/src/config.h -text
msyslog-v1.08a+smac/src/config.h.in -text
msyslog-v1.08a+smac/src/examples/im_mymodule.c -text
msyslog-v1.08a+smac/src/examples/om_mymodule.c -text
msyslog-v1.08a+smac/src/examples/syslog.conf.classic -text
msyslog-v1.08a+smac/src/examples/syslog.conf.mysql -text
msyslog-v1.08a+smac/src/examples/syslog.conf.peo -text
msyslog-v1.08a+smac/src/examples/syslog.conf.pgsql -text
msyslog-v1.08a+smac/src/examples/syslog.conf.regex -text
msyslog-v1.08a+smac/src/man/BSDmakefile -text
msyslog-v1.08a+smac/src/man/BSDmakefile.in -text
msyslog-v1.08a+smac/src/man/GNUmakefile -text
msyslog-v1.08a+smac/src/man/GNUmakefile.in -text
msyslog-v1.08a+smac/src/man/Makefile -text
msyslog-v1.08a+smac/src/man/Makefile.in -text
msyslog-v1.08a+smac/src/man/im_bsd.8 -text
msyslog-v1.08a+smac/src/man/im_doors.8 -text
msyslog-v1.08a+smac/src/man/im_file.8 -text
msyslog-v1.08a+smac/src/man/im_linux.8 -text
msyslog-v1.08a+smac/src/man/im_streams.8 -text
msyslog-v1.08a+smac/src/man/im_tcp.8 -text
msyslog-v1.08a+smac/src/man/im_udp.8 -text
msyslog-v1.08a+smac/src/man/im_unix.8 -text
msyslog-v1.08a+smac/src/man/om_classic.8 -text
msyslog-v1.08a+smac/src/man/om_mysql.8 -text
msyslog-v1.08a+smac/src/man/om_peo.8 -text
msyslog-v1.08a+smac/src/man/om_pgsql.8 -text
msyslog-v1.08a+smac/src/man/om_regex.8 -text
msyslog-v1.08a+smac/src/man/om_tcp.8 -text
msyslog-v1.08a+smac/src/man/om_udp.8 -text
msyslog-v1.08a+smac/src/man/peochk.8 -text
msyslog-v1.08a+smac/src/man/syslog.conf.5 -text
msyslog-v1.08a+smac/src/man/syslogd.8 -text
msyslog-v1.08a+smac/src/modules.c -text
msyslog-v1.08a+smac/src/modules.h -text
msyslog-v1.08a+smac/src/modules/Makefile -text
msyslog-v1.08a+smac/src/modules/Makefile.in -text
msyslog-v1.08a+smac/src/modules/im_bsd.c -text
msyslog-v1.08a+smac/src/modules/im_doors.c -text
msyslog-v1.08a+smac/src/modules/im_file.c -text
msyslog-v1.08a+smac/src/modules/im_linux.c -text
msyslog-v1.08a+smac/src/modules/im_streams.c -text
msyslog-v1.08a+smac/src/modules/im_tcp.c -text
msyslog-v1.08a+smac/src/modules/im_udp.c -text
msyslog-v1.08a+smac/src/modules/im_unix.c -text
msyslog-v1.08a+smac/src/modules/ip_misc.c -text
msyslog-v1.08a+smac/src/modules/om_classic.c -text
msyslog-v1.08a+smac/src/modules/om_mysql.c -text
msyslog-v1.08a+smac/src/modules/om_peo.c -text
msyslog-v1.08a+smac/src/modules/om_pgsql.c -text
msyslog-v1.08a+smac/src/modules/om_regex.c -text
msyslog-v1.08a+smac/src/modules/om_tcp.c -text
msyslog-v1.08a+smac/src/modules/om_udp.c -text
msyslog-v1.08a+smac/src/modules/sql_misc.c -text
msyslog-v1.08a+smac/src/modules/sql_misc.h -text
msyslog-v1.08a+smac/src/modules/ttymsg.c -text
msyslog-v1.08a+smac/src/peo/Makefile -text
msyslog-v1.08a+smac/src/peo/Makefile.in -text
msyslog-v1.08a+smac/src/peo/TODO -text
msyslog-v1.08a+smac/src/peo/hash.c -text
msyslog-v1.08a+smac/src/peo/hash.h -text
msyslog-v1.08a+smac/src/peo/md5.h -text
msyslog-v1.08a+smac/src/peo/md5c.c -text
msyslog-v1.08a+smac/src/peo/peochk.c -text
msyslog-v1.08a+smac/src/peo/rmd160.c -text
msyslog-v1.08a+smac/src/peo/rmd160.h -text
msyslog-v1.08a+smac/src/peo/sha1.c -text
msyslog-v1.08a+smac/src/peo/sha1.h -text
msyslog-v1.08a+smac/src/peo/typedefs.h -text
msyslog-v1.08a+smac/src/syslogd.c -text
msyslog-v1.08a+smac/src/syslogd.h -text

18
html/.htaccess Normal file
View file

@ -0,0 +1,18 @@
AuthName "CLF Login"
AuthType basic
Auth_PG_host 127.0.0.1
Auth_PG_port 5432
Auth_PG_user secframe
Auth_PG_pwd voQ3jV1x
#Auth_PG_encrypted off
Auth_PG_encrypted on
Auth_PG_hash_type MD5
Auth_PG_nopasswd off
Auth_PG_database securityframework
Auth_PG_pwd_table SecFrame_TLogin
Auth_PG_uid_field TLogin_Username
Auth_PG_pwd_field TLogin_Password
<LIMIT GET POST>
require valid-user
</LIMIT>

110
html/1stalertview.php Normal file
View file

@ -0,0 +1,110 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group == 0 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
do_header("View Alerts", '1stalerts');
$month=date("M",time());
$day=date("d",time());
$year=date("Y",time());
echo $HeaderText;
echo "<TABLE width=100%><TR><TD>";
openform("alert.php","post",2,1,0);
formfield("viewtype","Hidden",3,1,0,10,10,2);
echo "<B>View Alerts for Specific Hosts</B><BR>\n";
echo "1. Select View Type:<BR>\n ";
echo "<TABLE COLS=2 BORDER=1><TR><TD ><input type=radio name=datatype value=1 checked></TD><TD>Host: ";
hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group);
crbr(1,0);
echo "</TD></TR>";
if ( $group >= 2 ) {
echo "<TR><TD ><input type=radio name=datatype value=4></TD><TD>By Customer User and By Host Type</TD></TR>\n";
}
echo "<TR><TD ><input type=radio name=datatype value=2></TD><TD>Host Type: ";
premadetypedropdown ($dbsocket, "typeid",0,0,1,1,$typeid);
echo "</TD><TR>";
if ( $group >= 2 ) {
echo "</TD><TD><input type=radio name=datatype value=3></TD><TD>Customer User: ";
$groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
userdropdownbox ($sec_dbsocket,"userid",2,1,0,1,"",$groupid);
echo "</TD><TR>\n";
}
echo "</TABLE>\n2. Date: ";
monthdropdown ("month",0,0,0,1,$month);
echo "/";
daydropdown("day",0,0,0,1,$day);
echo "/";
yeardropdown("year",0,0,0,1,$year);
crbr(1,1);
echo "3. Aggregate Results: <input type=radio name=aggregate value=1>Yes <input type=radio name=aggregate value=0 checked>No<BR>\n";
formsubmit("View",3,1,0);
closeform();
echo "</TD><TD VALIGN=top>";
if ( $group >= 2 ) {
echo "<B>View All Alerts for a Given Day</B><BR>\n";
openform("alert.php","post",2,1,0);
formfield("viewtype","Hidden",3,1,0,10,10,1);
echo "1. Date: ";
monthdropdown ("month",0,0,0,1,$month);
echo "/";
daydropdown("day",0,0,0,1,$day);
echo "/";
yeardropdown("year",0,1,1,1,$year);
echo "2. Aggregate Results: <input type=radio name=aggregate value=1 checked>Yes <input type=radio name=aggregate value=0>No<BR>\n";
formsubmit("View",3,1,0);
closeform();
}
echo "</TR></TD></TABLE>\n";
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

80
html/1stcustomer.php Normal file
View file

@ -0,0 +1,80 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, '1stcustomer');
echo "<TABLE WIDTH=100%><TR><TD WIDTH=50% valign=top>";
echo "<B>Customer Accounts</B><BR>\n";
openform("customer.php","post",2,1,0);
echo "1. Select Customer: ";
$groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
userdropdownbox ($sec_dbsocket,"userid",2,1,1,1,"",$groupid);
formsubmit("Modify",3,1,0);
echo "</TD><TD WIDTH=50% valign=top>";
echo "<B>Clone Accounts</B><BR>\n";
echo "<TABLE ><TR><TD>";
closeform();
openform("customer.php","post",2,1,0);
echo "1. Source Customer: ";
$groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
userdropdownbox ($sec_dbsocket,"userid",2,1,1,1,"",$groupid);
echo "</TD></TR><TR><TD>2. Destination Customer: ";
userdropdownbox ($sec_dbsocket,"duserid",2,1,1,1,"",$groupid);
echo "</TD></TR>";
formfield("clone","hidden",3,1,0,200,200,"1");
echo "<TR><TD>";
formsubmit("Clone",3,1,0);
closeform();
echo "</TD></TR></TABLE>\n";
echo "</TD></TR></TABLE>\n";
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

62
html/1stequiptype.php Normal file
View file

@ -0,0 +1,62 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, '1stequiptype');
openform("equiptype.php","post",2,1,0);
echo "<B>Equipment Type</B><BR>\n";
echo "1. Choose Type: ";
premadetypedropdown ($dbsocket, "typeid",0,1,1,1,$typeid);
formsubmit("Add",3,1,0);
formsubmit("Modify",3,1,0);
formsubmit("Delete",3,1,0);
closeform();
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

77
html/1stfilter.php Normal file
View file

@ -0,0 +1,77 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group < 1 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Edit Filters";
do_header($PageTitle, '1stfilter');
echo "<TABLE width=100?><TR><TD>";
openform("filter.php","post",2,1,0);
echo "<B>Filter Entries</B><BR>\n";
echo "1. Choose Filter: ";
filterdropdown ($dbsocket,"filterid",$REMOTE_ID,3,1,1,1,"",1);
formsubmit("Add",3,1,0);
formsubmit("Modify",3,1,0);
formsubmit("Delete",3,1,0);
formfield("filtermain","Hidden",3,1,0,10,10,1);
closeform();
if ( $group >= 3 ) {
echo "</TD><TD>";
openform("filter.php","post",2,1,0);
echo "<B>Delete User Filters</B><BR>\n";
echo "1. Select User: ";
userdropdownbox ($sec_dbsocket,"userid",2,1,1,1);
formfield("filtermain","Hidden",3,1,0,10,10,1);
formsubmit("Delete User Filters",3,1,0);
closeform();
}
echo "</TD></TR></TABLE>\n";
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
?>

59
html/1sthost.php Normal file
View file

@ -0,0 +1,59 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, '1sthost');
openform("host.php","post",2,1,0);
echo "<B>Host Entries</B><BR>\n";
echo "1. Choose Host: ";
hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group);
crbr(1,1);
formsubmit("Add",3,1,0);
formsubmit("Modify",3,1,0);
formsubmit("Delete",3,1,0);
closeform();
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

62
html/1stlaunch.php Normal file
View file

@ -0,0 +1,62 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, '1stlaunch');
openform("launch.php","post",2,1,0);
echo "<B>Launch Programs</B><BR>\n";
echo "1. Choose Program: ";
launchdropdown ($dbsocket, "launchid",0,1,1,1,$launchid,0);
formsubmit("Add",3,1,0);
formsubmit("Modify",3,1,0);
formsubmit("Delete",3,1,0);
closeform();
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

102
html/1stmaint.php Normal file
View file

@ -0,0 +1,102 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, '1stmaint');
echo "<B>Maintenance Options</B><BR><BR>\n";
echo "<TABLE COLS=2 BORDER=1><TR><TD colspan=2><B>DB Table Analyzing</B></TD></TR><TR><TD width=3% align=center>";
openform("maintenance.php","post",2,1,0);
formsubmit("Analyze TSyslog Table",3,0,0);
echo "</TD><TD>Analyze TSyslog to re-optimize index.</TD></TR><TR><TD align=center>";
formsubmit("Analyze Syslog_TArchive Table",3,0,0);
echo "</TD><TD>Analyze Syslog_TArchive to re-optimize index.</TD></TR><TR><TD colspan=2><B>DB Table Vacuuming</B></TD></TR><TR><TD align=center>";
formsubmit("Vacuum Entire Database",3,0,0);
echo "</TD><TD>Vacuum entire database to re-optimize index and re-use deleted record space</TD></TR><TR><TD align=center>";
formsubmit("FULL Vacuum Entire Database",3,0,0);
echo "</TD><TD><font color=#FF0000>This is a last resort vacuum that releases unused disk space. This can take hours!</FONT></TD></TR>";
echo "<TR><TD colspan=2><B>Basic Table Stats</B></TD></TR><TR><TD align=center>";
formsubmit("View Archive Log Breakdown",3,0,0);
echo "</TD><TD>Display hosts and their relavent log counts that are archived in the database. <B><font color=#FF0000>RUN WITH CARE!</FONT></B></TD></TR><TR><TD align=center>";
formsubmit("View Unprocessed Log Breakdown",3,0,0);
echo "</TD><TD>Display hosts and their relavent log counts that are waiting to be processed</TD></TR>";
echo "<TR><TD colspan=2><B>Reindexing Tables</B></TD></TR><TR><TD align=center>";
formsubmit("Reindex TSyslog",3,0,0);
echo "</TD><TD>Reindex the TSyslog table</TD></TR><TR><TD align=center>";
formsubmit("Reindex Syslog_TArchive",3,0,0);
echo "</TD><TD>Reindex the Syslog_TArchive table</TD></TR><TR><TD align=center>";
formsubmit("Reindex SMT Instance",3,0,0);
echo "</TD><TD>Reindex the entire SMT database instance</TD></TR>";
closeform();
openform("maintenance.php","post",2,1,0);
formfield("skip","hidden",3,1,0,200,200,1);
echo "<TR><TD colspan=2><B>Basic Table Disk Usage</B></TD></TR><TR><TD align=center>";
formsubmit("Display Index Usage",3,0,0);
echo "</TD><TD>Show how much disk space indexes are taking up</TD></TR><TR><TD align=center>";
formsubmit("Display SMT Table Usage",3,0,0);
echo "</TD><TD>Show how much disk space SMT Tables are taking up</TD></TR><TR><TD align=center>";
formsubmit("Display Relavent Table Usage",3,0,0);
echo "</TD><TD>Show how much disk space the Postgresql SMT Instance is taking up</TD></TR>";
closeform();
openform("maintenance.php","post",2,1,0);
echo "<TR><TD colspan=2><B>Configuration Performance Management</B></TD></TR><TR><TD align=center>";
formfield("skip","hidden",3,1,0,200,200,1);
formsubmit("Display Current Locks",3,0,0);
echo "</TD><TD>Provide detailed view of current locks on database.</TD></TR><TR><TD align=center>";
formsubmit("Display Database Confguration",3,0,0);
echo "</TD><TD>View all of the configuration settings for the database.</TD></TR>";
echo "</TABLE>";
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

59
html/1stprocessor.php Normal file
View file

@ -0,0 +1,59 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, '1stprocessor');
openform("processor.php","post",2,1,0);
echo "<B>Modify Processor</B><BR>\n";
echo "1. Select Processor Account: ";
$groupid=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
userdropdownbox ($sec_dbsocket,"userid",2,1,1,1,"",$groupid);
formsubmit("Modify",3,1,0);
formsubmit("Clear Stale Processor",3,1,0);
echo "<BR>\n";
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

69
html/1streports.php Normal file
View file

@ -0,0 +1,69 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$HeaderText="<font size=+1><B>Reports</B></font><BR><BR>\n";
$FooterText="<font face='Arial, Helvetica, sans-serif' size='-2'><BR>Version " . SMTVER . "<BR>&copy; Jeremy M. Guthrie All rights reserved.</font>\n";
$PageTitle="Syslog Management Tool";
php?>
<HTML>
<HEAD>
<TITLE>
<?php echo $PageTitle; php?>
</TITLE>
</HEAD>
<?php
startbody();
echo $HeaderText;
echo "<B>Available Reports:</B><BR>\n";
openform("2ndreports.php","post",2,1,0);
reporttypedropdown("reporttype",1,1,1,1);
formsubmit("Next",3,1,0);
closeform();
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
echo $FooterText;
php?>
</BODY>
</HTML>
<?php
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

103
html/1strule.php Normal file
View file

@ -0,0 +1,103 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket = dbconnect(SMACDB,"msyslog",SMACPASS);
if ( ( $group != 3 ) && ( ! userhasruleaccess ($dbsocket,$REMOTE_ID) ) ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($pageTitle, '1strule');
if ( $group == 3 ) {
echo "<TABLE width=100%><TR><TD WIDTH=50%><B>Pre-made rules</B></TD><TD WIDTH=50%><B>Host Rules</B></TD></TR>\n";
echo "<TR><TD valign=top>";
openform("rule.php","post",2,1,0);
echo "1. Choose Rule: ";
pixruledropdown ($dbsocket, "id",2,1,0,1);
crbr(1,1);
formfield("ruletype","Hidden",3,1,0,10,10,1);
formsubmit("Add",3,1,0);
formsubmit("Modify",3,1,0);
formsubmit("Delete",3,1,0);
closeform();
echo "</TD><TD>";
openform("rule.php","post",2,1,0);
formfield("ruletype","Hidden",3,1,0,10,10,2);
echo "1. Modify Host Rules: ";
hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group);
crbr(1,1);
formsubmit("Modify",3,1,0);
closeform();
echo "</TD></TR><TR><TD><BR>";
if ( numberofrecords($dbsocket,"THost_ID","syslog_thost") > 1 ) {
echo "<B>Clone Rules</B>\n";
openform("rule.php","post",2,1,0);
formfield("ruletype","Hidden",3,1,0,10,10,3);
echo "1. Clone Source:\n";
hostdropdown ($dbsocket, $sec_dbsocket, "source", $REMOTE_ID,$group);
echo "<BR>2. Clone Destination:\n";
hostdropdown ($dbsocket, $sec_dbsocket, "destination", $REMOTE_ID,$group);
crbr(1,1);
formsubmit("Clone",3,1,0);
}
echo "</TD></TR>";
echo "</TD></TR>\n";
echo "</TABLE>\n";
} else {
openform("rule.php","post",2,1,0);
formfield("ruletype","Hidden",3,1,0,10,10,2);
echo "1. Modify Host Rules: ";
hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group);
crbr(1,1);
formsubmit("Modify",3,1,0);
closeform();
}
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

70
html/1stsaves.php Normal file
View file

@ -0,0 +1,70 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group <= 1 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
do_header("Saved Logfile Entries", '1stsaves');
if ( $group >= 1 ) {
if ( numberofrecords($dbsocket,"TSave_ID","syslog_tsave","$REMOTE_ID") >= 1 ) {
echo "<TABLE width=100% ?><TR><TD width=50% ?>";
openform("viewsaves.php","post",2,1,0);
echo "Select Saved Logs: ";
savesdropdown ($dbsocket,"saveid",$REMOTE_ID);
crbr(1,1);
formsubmit("View",3,1,1);
closeform();
echo "</TD></TR></TABLE>\n";
} else {
echo "<BR><B>You have no saved results in database</B><BR>\n";
}
}
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

149
html/1stview.php Normal file
View file

@ -0,0 +1,149 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group == 0 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="View Syslog Data";
do_header($PageTitle, '1stview');
$month=date("M",time());
$day=date("d",time());
$year=date("Y",time());
$hour=date("G",time());
$minute=date("i",time());
if ( $group >= 1 ) {
openform("view.php","post",2,1,0);
echo "<B>View Specific Time Frame</B><BR><BR>\n";
echo "1. Select View Type: ";
echo "<TABLE COLS=2 BORDER=1><TR><TD><input type=radio name=datatype value=1 checked></TD><TD>Host: ";
hostdropdown1 ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group);
crbr(1,0);
echo "</TD></TR>";
if ( $group >= 2 ) {
echo "<TR><TD width=20><input type=radio name=datatype value=4></TD><TD>By Group and By Host Type (Select Below)</TD></TR>\n";
}
echo "<TR><TD width=20><input type=radio name=datatype value=2></TD><TD>Host Type: ";
if (! isset($typeid)) {
$typeid = '';
}
premadetypedropdown ($dbsocket, "typeid",0,0,1,1,$typeid);
echo "</TD><TR>";
if ( $group >= 2 ) {
echo "</TD><TD width=20><input type=radio name=datatype value=3></TD><TD>Group: ";
$groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
userdropdownbox ($sec_dbsocket,"userid",2,1,0,1,"",$groupid);
echo "</TD></TR>\n";
}
echo "</table>2. Select Time Range:<br><table border=1><TR><TD>";
echo "Start Date:</TD><TD>";
monthdropdown ("month",0,0,0,1,$month);
echo "/";
daydropdown("day",0,0,0,1,$day);
echo "/";
yeardropdown("year",0,0,0,1,$year);
echo " Time: ";
hourdropdown("hour", 0, 0, 0, 1, $hour);
echo ":";
minutedropdown("minute", 0, 1, 1, $lines=1, $minute);
echo "</TD></TR><tr><td><input type=radio name=durtype value=1 checked>Duration:</td><td>";
durationdropdown("duration");
echo "</td></tr><tr><td><input type=radio name=durtype value=2>";
echo "End Date:</TD><TD>";
monthdropdown ("emonth",0,0,0,1,$month);
echo "/";
daydropdown("eday",0,0,0,1,$day);
echo "/";
yeardropdown("eyear",0,0,0,1,$year);
echo " Time: ";
hourdropdown("ehour", 0, 0, 0, 1, $hour);
echo ":";
minutedropdown("eminute", 0, 1, 1, $lines=1, $minute);
echo "</td></tr><tr><td colspan=2><input type=radio name=durtype value=3>";
echo "RealTime View</TD";
echo "</TD></TR></table>";
echo "3. Format Options:<br>";
echo "<table border = 1><TR><TD>Page Breaks:</TD><TD>Yes<input type='radio' name='pagebreak' value='1' checked>";
echo " No<input type='radio' name='pagebreak' value='0'></TD></TR>";
echo "<TR><TD>Lines/Page:</TD><TD>";
pagesize("pagesize",2,1);
echo "</TD></TR></TABLE>";
formfield("viewtype","Hidden",3,1,0,10,10,2);
echo "Choose Filter Type(Optional)<BR><TABLE BORDER=1><TR><TD>";
echo "<input type=radio name=regexpinclude[] value=0 checked>Exclude ";
echo "<input type=radio name=regexpinclude[] value=1>Include<BR>\n";
echo "Regular Expression Filter: ";
formfield("regexp[]","text",3,1,1,20,40);
echo "</TD></TR><TR><TD>\n";
echo "<input type='checkbox' name='filter' value='1'>Use Premade Filter: ";
filterdropdown ($dbsocket,"filterid",$REMOTE_ID);
echo "</TR><TR><TD>Filter Type: <input type=radio name=filterorlevel[] value=1 checked>Expression ";
echo "<input type=radio name=filterorlevel[] value=3>Facility & Severity ";
echo "<input type=radio name=filterorlevel[] value=2>Expression w/ Facility & Severity";
echo "</TD></TR><TR><TD>";
echo "Facility Range: ";
facilitydropdown("startfacility[]",1,0,0,1,0);
echo " to ";
facilitydropdown("stopfacility[]",1,0,0,1,23);
echo "</TD></TR><TR><TD>Severity Range: ";
severitydropdown("startseverity[]",1,0,0,1,0);
echo " to ";
severitydropdown("stopseverity[]",1,0,0,1,7);
echo "</TD></TR></TABLE>\n";
formsubmit("View",3,1,1);
closeform();
crbr(1,1);
}
$endtime=time();
echo "Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
?>
</BODY>
</HTML>
<?php
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
?>

172
html/2ndreports.php Normal file
View file

@ -0,0 +1,172 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$HeaderText="<font size=+1><B>Reports</B></font><BR><BR>\n";
$FooterText="<font face='Arial, Helvetica, sans-serif' size='-2'><BR>Version " . SMTVER . "<BR>&copy; Jeremy M. Guthrie All rights reserved.</font>\n";
$PageTitle="Syslog Management Tool";
/* set what report options are available */
$hostselect=0; /* allow selecting the host */
$dateselect=0; /* allow selecting the date */
$timeselect=0; /* allow selecting the time */
$stopdateselect=0; /* allow selecting the stop date */
$stoptimeselect=0; /* allow selecting the stop time */
$timeintervalselect=0; /* allow selecting the time interval */
$severityselect=0;
$facilityselect=0;
$stopseverityselect=0;
$stopfacilityselect=0;
$steps=0; /* reset the number of steps in a process */
if ( ! isset($reporttype) ) { $reporttype == 1 ; }
if ( $reporttype <= 4 ) {
$hostselect=1;
$dateselect=1;
$timeselect=1;
$stopdateselect=1;
$stoptimeselect=1;
$timeintervalselect=1;
}
php?>
<HTML>
<HEAD>
<TITLE>
<?php echo $PageTitle; php?>
</TITLE>
</HEAD>
<?php
startbody();
echo $HeaderText;
switch ($reporttype) {
case 3:
openform("reports/cisco-pix-bandwidthbreakdown.php","post",2,1,0);
break;
case 4:
openform("reports/vpnuserusage.php","post",2,1,0);
break;
default:
openform("background.php","post",2,1,0);
break;
}
echo "<form size=+1><B>Report Type: " . reporttypename($reporttype) . "</B></FONT><BR><BR>\n";
formfield("reporttype","hidden",3,1,0,200,200,$reporttype);
if ( $hostselect ) {
$steps++;
echo "<B>Step #$steps: </B><BR>\n";
echo "<TABLE COLS=2 BORDER=1><TR><TD width=20><input type=radio name=datatype value=1 checked></TD><TD>Host: ";
hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group);
crbr(1,0);
echo "</TD></TR>";
if ( $group >= 2 ) {
echo "<TR><TD width=20><input type=radio name=datatype value=4></TD><TD>By User and By Host Type</TD></TR>\n";
}
echo "<TR><TD width=20><input type=radio name=datatype value=2></TD><TD>Host Type: ";
premadetypedropdown ($dbsocket, "typeid",0,0,1,1,$typeid);
echo "</TD><TR>";
if ( $group >= 2 ) {
echo "</TD><TD width=20><input type=radio name=datatype value=3></TD><TD>User: ";
userdropdownbox ($sec_dbsocket,"userid",2,1,0,1,"",$groupid);
echo "</TD><TR>\n";
}
echo "</TABLE>\n";
}
if ( $dateselect ) {
$steps++;
$month=date("M",time());
$day=date("d",time());
$year=date("Y",time());
echo "<B>Step #$steps:</B> Date: ";
monthdropdown ("month",0,0,0,1,$month);
daydropdown("day",0,0,0,1,$day);
yeardropdown("year",0,1,1,1,$year);
}
if ( $timeselect ) {
$steps++;
$hour=date("G",time());
$minute=date("i",time());
echo "<B>Step #$steps:</B> Time: ";
hourdropdown("hour",0,0,0,1,$hour);
echo ":";
minutedropdown("minute",0,1,1,1,$minute);
}
if ( $stopdateselect ) {
$steps++;
$month2=date("M",time());
$day2=date("d",time());
$year2=date("Y",time());
echo "<B>Step #$steps:</B> Stop Date: ";
monthdropdown ("month2",0,0,0,1,$month2);
daydropdown("day2",0,0,0,1,$day2);
yeardropdown("year2",0,1,1,1,$year2);
}
if ( $stoptimeselect ) {
$steps++;
$hour2=date("G",time());
$minute2=date("i",time());
echo "<B>Step #$steps:</B> Stop Time: ";
hourdropdown("hour2",0,0,0,1,$hour2);
echo ":";
minutedropdown("minute2",0,1,1,1,$minute2);
}
if ( $severityselect ) {
$steps++;
echo "<B>Step #$steps:</B> Severity: ";
severitydropdown("facility",1,1,1,1,0);
}
if ( $facilityselect ) {
$steps++;
echo "<B>Step #$steps:</B> Facility: ";
facilitydropdown("facility",1,1,1,1,0);
}
formsubmit("View Report",3,1,0);
closeform();
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
echo $FooterText;
php?>
</BODY>
</HTML>
<?php
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

445
html/ChangeLog.txt Normal file
View file

@ -0,0 +1,445 @@
$Id$
Feature Request:
Bugs:
1. Change code to allow for tailing spaces when looking at the expression field
3/10/2004
- Removing any reference to company name
3/9/2004
- Changed out company logo
- Added GPL notice to all libraries
1/21/2004
- Found a bug where a host would email off an alert with no text. I've put a stop gap fix in.
1/13/2004
- Fixed bug with msyslog.pgsql where SET STORAGE didn't have a space before it.
- Fixed bug where hour in time of rules would default to 18:00 for no good reason
- Fixed two problems with cloning rules: 1) order was not preserved 2) an imported version of the database couldn't clone because fields that were empty needed to have non-null defaults applied
- Forgot to merge in latest VPN reports
1/6/2004
- Added 'left menu' support for ACID and MRTG groups in security framework should the ever be added 8)
1/6/2004
- Added 'left menu' support for ACID and MRTG groups in security framework should the ever be added 8)
1/1/2004
- Fixed spelling error in with the word 'threshold' in the rules schema
- Fixed a bug in vacuumdb where it was 'ANALYZ' not 'ANALYZE'
12/19/2003
- Updated code to look into /opt/apache
12/10/2003
- Updated database to schema to not use compressed text fields(we'll see how this performs)
- working on adding interfaces to more lock data and other new stats with PostgreSQL V7.4
- cleaned up some button descriptions on the maintenance page, also added a lock view as well as a settings view
12/9/2003
- Finished rule.php support for basic timer maintenance. Need to add another page to graft timers onto rules.
- processlogs.php is now setup to support rule timers
- need to write rule expiration process
- started converting away from compressed text in hopes of providing faster data retrieval.... also pulled OIDs from DB definition
12/8/2003
- Adding support for date and time based rules with date ranges, day of week selections, as well as deleted rules, need to add interface to control rule timestamp properties
12/7/2003
- finished adding accumulation thresholds
12/3/2003
- adding support for both types of thresholds. Need to update web pages to reflect new radio buttons.
- added web configuration support for supression thresholds and accumulating thresholds, now onto updating the log processor
- basic supression works(kinda), need to verify functionality
12/2/2003
- customer profiles can now have multiple hosts added at once.
- fixed a stupid bug where <prev|refresh|next> didn't behave right. next would stop working if you started at oct-26-2003 and it would stay on oct-26-2003
- Added web-based framework and database schema to support alert supression thresholds
12/1/2003
- Updated processlogs.php code to better deal with single entry/no rules vs mutliple rules
11/19/2003
- Updated mail table to enforce unique login ids(effectively stopping two processes from running at the same time, one will crash and die(safely))
- Updated openmail and closeopenmail to use transaction support since PostgreSQL no longer does server-side auto-commit(ie. convert everything to transactions)
- Transaction support should now be officially added, will do some testing
11/18/2003
- Updating program for support with PostGreSQL V7.4
- Fixed host process table to reflect the fact that multiple hosts are in there by default
10/13/2003
- Added alert total to bottom of alert aggregation
10/6/2003
- finished support for alert aggregation
- updated 1stview to pull the current time and date
- fixed host.php bug where you could expire syslogs but not be forced to expire syslogs
10/5/2003
- still adding support for alert aggregation. Basic aggregation works plus alert zooming but need to add support for across the board for other alert queries
10/3/2003
- added ability to un/suspend log processors from the web interface
- updated maintenance to rebuild all indexes in an better manner(ie. grab the index list from the DB rather then by hand)
- added additional framework to do alert aggregation interface. Need to add 'aggregation code' for display
9/24/2003
- weeklyindexrebuild.php now pulls all indexes from the system and rebuilds them. The result is that the system will now rebuild any new indexes without manual reconfiguration.
9/15/2003
- launchid was not initiated correctly in the clonerule.
9/2/2003
- Fixed a bug where '\'s at the end of a line caused problems because we were not properly dealing with them in general. Fixed that.
8/23/2003
- Created another bug when fixing 5000 line paging. Timestamp was thrown off in view.php
8/18/2003
- Syncing changes from production smt environment: vacuumtsyslog.php
- Updated weeklyindexrebuild.php to account for the correct indexes
- Updated maint.php to account for the three new indexes for the launch program section
8/13/2003
- view.php has had several updates. Paging should now be fixed. Multiple searches appeared not to be working correctly.
- Needed to add lastid as hidden var if the variable was set
- Needed to use urlencode on top of htmlspecialcharacters, filters were broken because of it
8/11/2003
- 1stfilter.php doesn't list 'global' filters that you down own
- modified view.php to not let the user save a filter with no description
- added support to delete all of a user's filters(ie. do before delete)
- another problem popped up with filter.php when I added the delete user filter option
8/1/2003
- processlogs.php now supports launching external programs!
7/31/2003
- Updated vacuumdb.php to do a full vacuum of the TSyslog table. Why? Because the system doesn't reclaim disk space or use old delete space for some reason
- Almost finished adding launch program code, need to test.
7/27/2003
- Added weeklyindexrebuild.php which rebuilds all indexes at 5am Sunday morning
7/23/2003
- Continue the programming of the 'launch' ability into the system. Will need to touch code for clearing stale processors
- Adding another maintenance option for viewing the log volume breakout of every host in the Syslog_TArchive table
- Just shoot me: I have added reindexing support to the maintenance page. I have also updated vacuumdb to reindex before the vacuum
- Updating maintenance displays to show what the object types are, views, tables, etc..
- Can now reindex the all of the SMT-related/created indexes from the maintenance page
7/22/2003
- Updating software to include a basic maintenance page
- Create script to do 'vacuum analyze TSyslog', the system will attempt to vacuum every hour
- Added maintenance section to allow for web-based manual db vacuum
- Cleaned up maintance page to do 'analyze'.
- Adjusted 'hourly' script to analyze, not vacuum
7/21/2003
- Updated processor.php to allow clearing of stale processors via the web browser
- Updated processlogs.php to update processed ID's via the same delete transaction
- processlogs.php no longer can clear stale processes, it now issues alerts in the event the system is taking longer than an hour between runs
- 1stequiptype.php did not properly exit if user did not have permissions 8(
- Found a bug in the BottomQuery portion of the distinction section for view.php. It was requesting entries from TSyslog, not tarchive. 8(
- Basic launch administration is finished. Need to extend rules to support launching.
- Updated rule.php to allow for the launch field.
- Fixed a problem where using premade rules only pulled the description + expression. Updated to pull severity, facility, rule-or-level, and launchid
7/20/2003
- Found BIG BUG with how the system pulls syslogs. It turns out that some systems are able to force SMT to think it is learning data @ 1/1/2003. In any case, the system is inserting records but it is not accounting for them. It was alerting but not deleting them. 8( I fixed it.
- I also fixed how the system calculates timeframes.
- Added new index to TSyslog for host & TSyslog_ID to hopefully allow for faster searching
7/16/2003
- processlogs.php is more vocal about cleanup
- changed page access so the system checks to see if the client connection is coming on a port < 443, if so then error
- there was a bug with view.php asking for BottomTopQuery instead of BottomQuery. Fixed
7/9/2003
- processlogs.php wasn't queueing to 64K before migrating logs over. The system now dumps out debug output for every 64K block
7/8/2003
- alert.php now adjusted to join both tables
- Found an issue with hosts.php where deleting a host deleted syslogs but not alerts related to those logs. Fixed that problem. 8)
- Processlogs.php is alsmost finished. 8)
- processlogs.php is done. Time to load another build onto dangermen.com!
- Fixed expirelogs.php to expire off of the archive table, nightlyroguecheck also checks both tables
7/7/2003
- Will be working to have TSyslog archive logs to a different table after processing. The result should be a giant speed up! Starting after 0.212
- Created an archive table. view.php now pulls from the archive table & current table
- alert.php needs to be adjusted.
- processlogs.php needs to push from one table to another
- Initial results are very positive
6/13/2003
- Found a but where host.php doesn't delete a processor association for a host that has been deleted. 8(
3/31/2003
- Fixed a bug in processlogs.php where it was submitting emails w/ subject using $host instead of $loghost
3/20/2003
- Finished adding 'per host' rate alerting
- Cleaned up rate-warning emails include the hostname in the subject line of the email
- Updated processor.php to only list those hosts where that have not been assigned. 8)
- We don't just make the syslog product you buy, we make the syslog product you buy better!
3/19/2003
- Found a bug in view.php where saving filters was not saving 'facility & severity' rules
- Update to pgsql.msyslog table to re-include premade hosts for SMT
- Modifed customer.php to allow setting 'edit' attribute on a per-host basis
- Added support for users to edit rules assuming they have 'permission' to do so. 8)
- Broke user cloning, forgot to adjust for destination user as well as new attributes, all fixed
- Added individual host log rate warnings, added per host rate warnings to host.php, need to do processlogs.php
2/21/2003
- Updated view.php as it was not having difficulties marking lines in red when multiple matches would be happening
2/3/2003
- Finished basic function comments in pix.php, should probably rename the library
1/27/2003
- Fixed a problem with numberofmonth where it was not going up to December.
1/14/2003
- Updated processlogs to be a little more carefull about 'divide by zero' errors when calculating speed numbers
- Updated vacuumdb script to vacuumdb the securityframework instance as well as SMT.
1/13/2003
- Included default host 'localhost' with one rule that responds to root@localhost
1/12/2003
- Made sure smt will work with mod_auth_pgsql
12/4/2002
- addmail function was missing a appostrophe protection for SQL insertion
- Took out a debug message in the clonedenial rules section
11/26/2002
- Removed dropdenials as I already had dropdenial. dropdenails was referenced in rule.php
- Adding lots of comments, need to finish this task
10/23/2002
- vacuumdb now does the vacuum inside PHP as cleanpgsqlnightly isn't working quite right.
10/1/2002
- emails issued by processlogs now append the name of the box for which the alert belongs
- the alert page now has a 'refresh' option
- discovered another bug in alert.php where viewing alerts by host doesn't work anymore 8(
- making alerts available to customers, that was the problem.
- alerts should now be viewable by users
9/29/2002
- Pulled some debugging code
- Made more premade rule adjustments
9/23/2002
- still working on the reporting engine
9/20/2002
- expire.php, archive.php, nightlyroguecheck.php, processlogs.php all use php-cli mode 8)
- working on reports to breakdown data procesing into smaller chunks
9/2/2002
- Finished first report: cisco-pix-bandwidthbreakdown.php
- Updated nightlyroguecheck.php to check logs from the last day to now
9/1/2002
- More work on the reporting framework
8/31/2002
- Begin adding support for pix utilization reports
8/30/2002
- Updated database indexes to have cencatenated index for TSyslog on host,date, & time
- Updated the customer view so that the filter type wasn't a text box but hidden as it should be.
8/28/2002
- Fixed yet another bug with the customer view where hostdropdown where logincanseehost as we were passing it host instead of hostid
8/28/2002
- Fixed a bug with SMT w/ view.php and filters using facility & severity, the code even mentioned it was broken
8/27/2002
- Missing a bunch of indexes on alerts & syslogs, we want indexs for time and date
8/26/2002
- Updated processlogs to provide more details about time frames
8/24/2002
- Fixed a problem with the premade rules not correctly saving the rule type.
8/23/2002
- Fixed a problem with using facility & severity and not matching rules correctly in both view.php & processlogs.php
- Added hostname as part of subject line in SMT report
- Found more problems with facility & severity with view, appears processlogs.php is also flawed
- Okay, so major fixes were made to processlogs.php and to view to finish up proper support for facility and severity
8/22/2002
- Took out an 'Expression:' debug statement
- Did some adjustment to the time stamping of 'processlogs.php'
8/13/2002
- Added support for 's and \'s in the filtering code
- Premade rules now supports 's and \'s. Also fixed new problems with rules page. Filters appears good as well
- Started updating premade hosts for cloning
- Pixes, LocalDirectors, CatOS Switches, and IOS Routers are now ready for cloning
- IOS Switches and VPN devices remain
8/12/2002
- Took out all of the premade rules from the Syslog_TPremade as they were overkill and unnecessary
8/10/2002
- Updated rule.php & processlogs.php to correctly support \'s & "'"s
8/8/2002
- nightlyroguecheck had a few bugs, fixed
- view.php was missing an AND for viewing syslogs for hosts assigned to a customer
8/5/2002
- Added pagma no-cache and 300 second refresh to alert.php
- Displays time & date of last syslog message when query generates logs > 5000 alerts, provides info in relation to query timeframe
7/28/2002
- Added the ability to view the next 5000 lines should someone want to.
7/26/2002
- added the ability to administer equipment types
- Fixed bug with emails where there wasn't an \r issues with each \n
- Fixed bug where emails contained HTML color codes
- ViewSaves would enable after anyone saved a syslog entry. Now it only enables after the logged in user saves something
7/24/2002
- There was an issue with filterid not being set correctly so filter.php could not properly tell between an add and a modfiy
- Added navigation buttons to alerts page
- Cloning of rules only appears if there is more than one host
- Delete page slimmed down to only allow optional deletion of syslog messages
- Saved results page displays error if there are no saved syslogs in the savedata table
- Changed version number to V0.99.20B
- SecurityFramework while a separate package has been sufficiently integrated into SMT
7/23/2002
- Filters are broken in that setting filters to facility & severity only 'includes' regardless of setting
- Fixed problem with filters, they were 'half implemented'
7/21/2002
- All users of the appropriate security level will see the saved syslog option
- Had to change Filter Type: Rule, etc...
7/15/2002
- Changed 'Rule Type: Rule, Log Level, and Both' to 'expression, facility + severity, and expression, facility & severity"
- Added scripts directory w/ expire, processlogs, and a /tmp debug tool
- Fixed renaming so that only syslogs may be renamed. 8)
- Added nightlyroguecheck script to call the nightlyroguecheck.php script(checks for hosts who log but aren't defined)
- I though "Multiple filter expressions appear to be broken when viewing syslogs", I was wrong.
- Fixed 'color' problem with alert.php
7/10/2002
- Adjusted pgsql.msyslog so we do not use 'char' but 'varchar'
5/29/2002
- Still working on processlogs.php to update processed ids for those hosts w/ no rules
- View.php line 321 appears to have issues
5/28/2002
- began work on processlogs.php to cover those hosts who are assigned to a processor but have no rules assigned.
- customer.php and processor.php now check for duplicates/single assignments as appropriate
5/12/2002
- processlogs.php is finished(in terms of configuration)
5/11/2002
- Started working on processlogs.php
5/10/2002
- expire.php was only written to support a single expiration time and not a time per host.
5/9/2002
- view.php updated to start supporting thost_id
5/8/2002
- 1sthost.php and hosts.php should be converted to support thost_id
- 1stcustomer.php and customer.php should be converted to support thost_id
- 1stprocessor.php and processor.php should be converted to support thost_id
5/7/2002
- Started working on converting the system from using _host as a key to THost_ID
4/11/2002
- Fixed 1stcustomer.php as the form did not 'close' for either form
- Fixed alert.php color coding
- I had to install 'distinct on' in the SQL log selection as some log entries appeared more than once.
4/4/2002
- Added code to fix duplicate entries in emails
- Changed version to V0.99.01B
3/18/2002
- Log data is color coded
- A new version of processlogs.php is out w/ debug msgs in it. Working good on Harley.
- Took debug out of 'saving syslogs'.
- Save Syslogs now supports using "'" 8( Much work left to do w/ 's
- Can now view data by 'user and host type'
- Started work on deleting hosts from the system and accounting for host rules
- adding a host no longer shows the 'renaming fields'
2/24/2002
- Hosts menu allows synchronizing other tables when renaming hosts
- Fixed paging
2/22/2002
- Denial chains are complete. 8)
2/19/2002
- working on processlogsnew.php which cache's host rules & denial rules at the beginning to minimize DB access
2/18/2002
- Updated pages to announce how long they took to process
- Clone rules broken, sequence not working
- Fixed cloned rules as they were calling for the premade sequence number not the rule sequence number
2/17/2002
- Final support included for priority & severity
- Created archive, supports dumping data to std out for bzip2 8)
- Denial chain support added to system, processlogs.php all that remains
2/16/2002
- View, Alerts, and View Saves all use colors to convey severity
- Filters support severity
2/15/2002
- Changed named to Syslog Management Tool(for now)
- Viewer now supports filters using facility and severity
2/13/2002
- Updated view to look like a Berbee product. 8)
2/12/2002
- Made some progress on using filters w/ facilty & severity. Very buggy
2/11/2002
- View logs produces repeates... think unnecessary Syslog_TRules invovled.
- Process logs was a bit messaged up, the old delvierymessage variable instead of deliverymessage
- Per host/per person email now works
- Added code to msyslog to support writing facility & severity to the log messages
- Working on scheme where rules & filters can be filter/rules,filter/rules & log levels, or just log levels
2/10/2002
- Can now clone customer accounts
- Added stale processor auto-cleaning code so the system will clean up 'old processors' after 30 minutes
- System sends an alert email if the system recieves some 3000+ log entries in a given sample.
- Nightly system issues emails notifying for hosts who are logging to the system but are not defined as hosts in the system
2/9/2002
- Updated code to use PGSQL V7.2 8) Can you say bigserial, no table lock vacuum, and much more? 8)
- Looking into using the transaction interface.
- host properties isn't properly keeping the alert log expiration time <= syslog expiration time
- View host had a issue with 'view data from last five minutes'
- View Saves had the group context wrong, denying access to the page if the group >= 2(ie noc or better)
- Filter administration is should be finished

23
html/admin/.htaccess Normal file
View file

@ -0,0 +1,23 @@
AuthName "System Login"
AuthType basic
Auth_PG_host 127.0.0.1
Auth_PG_port 5432
Auth_PG_user secframe
Auth_PG_pwd voQ3jV1x
Auth_PG_encrypted on
Auth_PG_hash_type MD5
Auth_PG_nopasswd off
Auth_PG_database securityframework
Auth_PG_pwd_table SecFrame_TLogin
Auth_PG_uid_field TLogin_Username
Auth_PG_pwd_field TLogin_Password
<LIMIT GET POST>
require valid-user
</LIMIT>
#Deny from all
#AuthType Basic
#AuthUserFile /usr/apache/conf/.htpass
#AuthName "System Login"
#Require valid-user
#Satisfy any

44
html/admin/ChangeLog.txt Normal file
View file

@ -0,0 +1,44 @@
Things to add:
Things Broken:
1. Deleting stuff sometimes barks about failing but doesn't really fail
12/19/2003
- changed software to use /opt/apache instead of /usr/apache
8/18/2003
- changed software to support http via ports > than 443
8/13/2003
- Updated generalweb.php to use urlencode.php
8/10/2003
- SecFrame now uses md5 passwords!
1/15/2003
- Updated password support to check for minimum length as well as a mixed case or single-case + symbols password
- Added md5pass.php from http://limonez.net/~jure/php/ to the package. Will use it to sync passwords to shadow
1/14/2003
- Updated to include Secframe_TQueue table for adding/deleting users + changing passwords, other functions to come
1/13/2003
- Updated to include msyslog application in ACL
- Now includes three users: msyslog, noc, and sample
- Users are setup to default in msyslog application.
1/12/2003
- Included .htaccess file for mod_auth_pgsql
8/26/2002
- Stripped out debug code from generalweb.php
8/8/2002
- fixed calls in .php files to /usr/apache/htdocs/inst, instead of /usr/apache/htdocs/login
7/24/2002
- Integrated interface into SMT
- Cleaned up interfaces to be more fluid
- Main interface(index.php) no longer has click-on links for add users, all functions are button drive
- Delete page slimmed down to only allow optional deletion of syslog messages

344
html/admin/app.php Normal file
View file

@ -0,0 +1,344 @@
<%
/*=============================================================================
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../config.php');
$dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($dbsocket,$REMOTE_USER);
$ADMIN_ID=sec_groupnametoid($dbsocket,'Administrators');
if ( ! sec_groupmember($dbsocket,$REMOTE_ID,$ADMIN_ID) ) {
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Application Membership";
do_header($PageTitle, 'adminapp');
if ( ! isset($appfunction)) {
$appfunction = 0;
};
if ( ( ( $action == "Modify") || ( $appfunction == 1 ) ) && ( isset($TApp_ID) ) ) {
$appfunction = 1 ;
echo "<B><H3>Modify Application</H3></B><BR>\n";
if ( $SaveID == 1 ) {
$Results = sec_updateapp ($dbsocket, $TApp_ID, $TApp_Name, $TApp_Desc);
if ( $Results ) {
echo "Save successfull<BR>\n";
} else {
echo "Save failed!<BR>\n";
}
}
$SQLQuery="select * from SecFrame_TApp where TApp_ID=$TApp_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or
die(pg_errormessage()."<BR>\n");
$TApp_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_name));
$TApp_Desc = stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_desc));
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
} else {
$TApp_Name="";
$Tapp_Desc="";
}
openform("app.php","post",2,1,0);
formfield("TApp_ID","Hidden",3,1,0,10,10,$TApp_ID);
formfield("appfunction","Hidden",3,1,0,10,10,$appfunction);
formfield("SaveID","Hidden",3,1,0,10,10,"1");
echo "Application Name: ";
formfield("TApp_Name","TEXT",3,1,1,30,30,$TApp_Name);
echo "Application Description: ";
formfield("TApp_Desc","TEXT",3,1,1,30,80,$TApp_Desc);
formsubmit("Save",3,1,0);
formreset("Reset",3,1,1);
closeform(1);
}
if ( ( ( $action == "Delete") || ( $appfunction == 2 ) ) && ( isset($TApp_ID) ) ) {
$appfunction = 2;
echo "<B><H3>Delete Application</H3></B><BR>\n";
if ( $DeleteID == 1 ) {
$ResultsApp = sec_delid($dbsocket,"SecFrame_TApp","TApp_ID",$TApp_ID);
$ResultsAppPerm = sec_delid($dbsocket,"SecFrame_TAppPerm","TApp_ID",$TApp_ID);
if ( ( $ResultsApp ) && ( $ResultsAppPerm ) ) {
echo "Delete successfull<BR>\n";
} else {
echo "Delete failed!<BR>\n";
}
} else {
$SQLQuery="select * from SecFrame_TApp where TApp_ID=$TApp_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or
die(pg_errormessage()."<BR>\n");
$TApp_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_name));
$TApp_Desc = stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_desc));
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
} else {
$TApp_Name="";
$TApp_Desc="";
}
openform("app.php","post",2,1,0);
formfield("TApp_ID","Hidden",3,1,0,10,10,$TApp_ID);
formfield("appfunction","Hidden",3,1,0,10,10,$appfunction);
/* formfield("DeleteID","Hidden",3,1,0,10,10,"1"); */
echo "<font color=#FF0000 size=+2><B>Are you sure you want to delete $TApp_Desc? ";
%>
<input type=radio name=DeleteID value=1>Yes
<input type=radio name=DeleteID value=0 checked>No</font><b><BR>
<%
formsubmit("Delete",3,1,0);
formreset("Reset",3,1,1);
closeform(1);
}
}
if ( ( ( $action == "Adjust ACL") || ( $appfunction == 3 ) ) && ( isset($TApp_ID) ) && ( sec_idexist($dbsocket,"SecFrame_TApp","TApp_ID",$TApp_ID) ) ) {
$appfunction = 3 ;
if ( ( $action == "Up" ) && ( sec_idexist($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$TAppPerm_ID) ) &&
( sec_idexist($dbsocket,"SecFrame_TApp","TApp_ID",$TApp_ID) ) ) {
$SQLQuery="select * from SecFrame_TAppPerm where TApp_ID=$TApp_ID order by TAppPerm_Priority";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$ACLID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_id));
$ACLUserGroup[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_usergroup));
$ACLUGID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_ugid));
$ACLAllowAccess[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_allowaccess));
$ACLAppID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_id));
$ACLPriority[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_priority));
array_multisort($ACLPriority,$ACLID,$ACLUGID,$ACLUserGroup,$ACLAllowAccess,$ACLAppID);
}
$found=0;
for ( $loop = $SQLNumRows ; $loop != 0 ; $loop-- ) {
if ( $loop != 0 ) {
if ( $ACLID[$loop] == $TAppPerm_ID ) { $found=$loop; }
}
}
if ( $found > 0 ) {
$swap=$ACLID[$found];
$ACLID[$found]=$ACLID[$found-1];
$ACLID[$found-1]=$swap;
$swap=$ACLUserGroup[$found];
$ACLUserGroup[$found]=$ACLUserGroup[$found-1];
$ACLUserGroup[$found-1]=$swap;
$swap=$ACLUGID[$found];
$ACLUGID[$found]=$ACLUGID[$found-1];
$ACLUGID[$found-1]=$swap;
$swap=$ACLAllowAccess[$found];
$ACLAllowAccess[$found]=$ACLAllowAccess[$found-1];
$ACLAllowAccess[$found-1]=$swap;
$swap=$ACLAppID[$found];
$ACLAppID[$found]=$ACLAppID[$found-1];
$ACLAppID[$found-1]=$swap;
/*$swap=$ACLPriority[$found];
$ACLPriority[$found]=$ACLPriority[$found-1];
$ACLPriority[$found-1]=$swap;*/
array_multisort($ACLPriority,$ACLID,$ACLUGID,$ACLUserGroup,$ACLAllowAccess,$ACLAppID);
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
sec_updateappperm ($dbsocket, $ACLID[$loop], $ACLUserGroup[$loop],
$ACLUGID[$loop], $ACLAllowAccess[$loop], $ACLAppID[$loop], $ACLPriority[$loop]);
}
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
if ( ( $action == "Down" ) && ( sec_idexist($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$TAppPerm_ID) ) &&
( sec_idexist($dbsocket,"SecFrame_TApp","TApp_ID",$TApp_ID) ) ) {
$SQLQuery="select * from SecFrame_TAppPerm where TApp_ID=$TApp_ID order by TAppPerm_Priority";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$ACLID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_id));
$ACLUserGroup[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_usergroup));
$ACLUGID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_ugid));
$ACLAllowAccess[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_allowaccess));
$ACLAppID[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_id));
$ACLPriority[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_priority));
array_multisort($ACLPriority,$ACLID,$ACLUGID,$ACLUserGroup,$ACLAllowAccess,$ACLAppID);
}
$found=0;
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
if ( $loop != $SQLNumRows ) {
if ( $ACLID[$loop] == $TAppPerm_ID ) { $found=$loop; }
}
}
if ( $found < $SQLNumRows ) {
$swap=$ACLID[$found];
$ACLID[$found]=$ACLID[$found+1];
$ACLID[$found+1]=$swap;
$swap=$ACLUserGroup[$found];
$ACLUserGroup[$found]=$ACLUserGroup[$found+1];
$ACLUserGroup[$found+1]=$swap;
$swap=$ACLUGID[$found];
$ACLUGID[$found]=$ACLUGID[$found+1];
$ACLUGID[$found+1]=$swap;
$swap=$ACLAllowAccess[$found];
$ACLAllowAccess[$found]=$ACLAllowAccess[$found+1];
$ACLAllowAccess[$found+1]=$swap;
$swap=$ACLAppID[$found];
$ACLAppID[$found]=$ACLAppID[$found+1];
$ACLAppID[$found+1]=$swap;
/*$swap=$ACLPriority[$found];
$ACLPriority[$found]=$ACLPriority[$found+1];
$ACLPriority[$found+1]=$swap;*/
array_multisort($ACLPriority,$ACLID,$ACLUGID,$ACLUserGroup,$ACLAllowAccess,$ACLAppID);
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
sec_updateappperm ($dbsocket, $ACLID[$loop], $ACLUserGroup[$loop],
$ACLUGID[$loop], $ACLAllowAccess[$loop], $ACLAppID[$loop], $ACLPriority[$loop]);
}
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
if ( $action == "Save" ) {
if ( $add == "user" ) {
$usergroup=1;
$ugid=$TLogin_ID;
} else {
$usergroup=2;
$ugid=$TGroup_ID;
}
$priority= sec_getpriority($dbsocket,$TApp_ID);
$Results = sec_addappperm($dbsocket,$usergroup,$ugid,$AllowAccess,$TApp_ID,$priority);
if ( $Results ) {
echo "Add successfull<BR>\n";
} else {
echo "Add failed!<BR>\n";
}
}
if ( ( $action == "Remove" ) && ( isset($TAppPerm_ID) ) && ( sec_idexist($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$TAppPerm_ID) ) ) {
$Results = sec_delid($dbsocket,"SecFrame_TAppPerm","TAppPerm_ID",$TAppPerm_ID);
if ( $Results ) {
echo "ACL removal successfull<BR>\n";
} else {
echo "ACL removal failed!<BR>\n";
}
}
openform("app.php","post",2,1,0);
formfield("TApp_ID","Hidden",3,1,0,10,10,$TApp_ID);
formfield("appfunction","Hidden",3,1,0,10,10,$appfunction);
echo "<font size=+2>Access-List: " . sec_appname($dbsocket,$TApp_ID) . "</font><BR>\n";
echo "<table border=2><tr><td><B>User/Group</B></td><td><B>User/Group Name</B></TD><TD><B>Permit/Deny</B></TD><TD><B>Save or Reset</B></td></tr>\n";
echo "<tr><td>Group: <input type=radio name=add value=group checked> </TD><TD ROWSPAN=2>Group: ";
groupdropdownbox ($dbsocket,"TGroup_ID",3,1,1,1,"");
echo "<BR>\nUser: ";
userdropdownbox ($dbsocket,"TLogin_ID",3,1,1,1,"");
echo "</td><td ROWSPAN=2>Action: ";
echo "<select name=AllowAccess size=1>\n";
echo "<option value=1>PERMIT</option>\n";
echo "<option value=0>DENY</option>\n";
echo "</select>\n";
echo "</TD><TD ROWSPAN=2>";
formsubmit("Save",3,1,0);
formreset("Reset",3,1,1);
echo "</TD></TR>\n";
echo "<TR><TD>User: <input type=radio name=add value=user> ";
echo "</TD></TR></TABLE>\n";
$SQLQuery="select * from SecFrame_TAppPerm where TApp_ID=$TApp_ID order by TAppPerm_Priority";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
echo "<TABLE border=2>";
echo "<TR><TD><B>ACL Entry</B></TD><TD><B>User/Group Name</B></TD><TD><B>User/Group</B></TD><TD><B>Permit/Deny</B></TD></TR>\n";
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$tappperm_id=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_id));
$tapp_id=stripslashes(pgdatatrim($SQLQueryResultsObject->tapp_id));
$tappperm_ugid=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_ugid));
$tappperm_usergroup=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_usergroup));
$tappperm_allowaccess=stripslashes(pgdatatrim($SQLQueryResultsObject->tappperm_allowaccess));
echo "<TR><TD align=center><input type=radio name=TAppPerm_ID value=$tappperm_id></TD>";
if ( $tappperm_usergroup == 1 ) {
echo "<TD>" . sec_username($dbsocket,$tappperm_ugid) . "</td><td>User</td>";
} else {
echo "<TD>" . sec_groupname($dbsocket,$tappperm_ugid) . "</td><td>Group</td>";
}
if ( $tappperm_allowaccess ) {
echo "<TD>Permit</TD></TR>\n";
} else {
echo "<TD>Deny</TD></TR>\n";
}
}
echo "<TR><TD>";
formsubmit("Remove",3,1,0);
echo "</TD><TD>";
formsubmit("Up",3,1,0);
formsubmit("Down",3,1,1);
echo "</TD></TR>";
echo "</table>\n";
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
closeform(1);
}
if ( $appfunction == 0 ) {
echo "<B><H3>Add an Application</H3></B><BR>\n";
if ( $SaveID == 1 ) {
$Results = sec_addapp($dbsocket,$TApp_Name,$TApp_Desc);
if ( $Results ) {
echo "Add successfull<BR>\n";
} else {
echo "Add failed!<BR>\n";
}
} else {
openform("app.php","post",2,1,0);
formfield("SaveID","Hidden",3,1,0,10,10,"1");
echo "Application Name: ";
formfield("TApp_Name","TEXT",3,1,1,30,30,"");
echo "Application Description: ";
formfield("TApp_Desc","TEXT",3,1,1,30,80,"");
formsubmit("Save",3,1,0);
formreset("Reset",3,1,1);
closeform(1);
}
}
do_footer();
dbdisconnect($dbsocket);
%>

33
html/admin/data/commands Normal file
View file

@ -0,0 +1,33 @@
CREATE TABLE SecFrame_TQueue (
TQueue_ID integer DEFAULT nextval('TQueue_Seq'),
TQueue_Command varchar(16) NOT NULL,
TQueue_Date date NOT NULL,
TQueue_Time time NOT NULL,
TQueue_DateProcessed date,
TQueue_TimeProcessed time,
TQueue_Processed integer,
TQueue_Data1 text,
TQueue_Data2 text
)\g
Commands:
adduser
data1: username
deluser
data1: username
moduser
data1: current username
data2: new username
changepass
data1: newpassword
TQueue_Processed:
0: not processed
1: done
2: aborted

48
html/admin/data/convertpw.php Executable file
View file

@ -0,0 +1,48 @@
#!/opt/bin/php
<%
/*=============================================================================
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$dbsocket=sec_dbconnect();
$SQLQuery="select TLogin_ID,TLogin_Username,TLogin_Password from SecFrame_TLogin;";
$SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
for ( $loop =0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$md5pass=md5($SQLQueryResultsObject->tlogin_password);
echo "$SQLQueryResultsObject->tlogin_id: $SQLQueryResultsObject->tlogin_username: " . md5($SQLQueryResultsObject->tlogin_password) . "\n";
$SQLQuery="update SecFrame_TLogin set TLogin_Password='$md5pass' where TLogin_ID=$SQLQueryResultsObject->tlogin_id";
$NewSQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($NewSQLQueryResults) or
die(pg_errormessage()."<BR>\n");
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
%>

5
html/admin/data/install.txt Normal file
View file

@ -0,0 +1,5 @@
Simple list for installing Security Framework.
1. Create the db, securityframework
2. cat pgsql.framework | psql securityframework
3. Adjust passwords as necessary

113
html/admin/data/pgsql.secframe Normal file
View file

@ -0,0 +1,113 @@
CREATE SEQUENCE TQueue_Seq\g
CREATE TABLE SecFrame_TQueue (
TQueue_ID integer DEFAULT nextval('TQueue_Seq'),
TQueue_Command varchar(16) NOT NULL,
TQueue_Date date NOT NULL,
TQueue_Time time NOT NULL,
TQueue_DateProcessed date,
TQueue_TimeProcessed time,
TQueue_Processed integer,
TQueue_Data1 text,
TQueue_Data2 text
)\g
CREATE UNIQUE INDEX TQueue_ID_Idx on SecFrame_TQueue (TQueue_ID)\g
CREATE INDEX TQueue_Command_Idx on SecFrame_TQueue (TQueue_Command)\g
grant all on TQueue_Seq to secframe\g
grant all on SecFrame_TQueue to secframe\g
CREATE SEQUENCE TLogin_Seq\g
CREATE TABLE SecFrame_TLogin (
TLogin_ID integer DEFAULT nextval('TLogin_Seq'),
TLogin_Username varchar(128) NOT NULL,
TLogin_Password varchar(32) NOT NULL,
TLogin_Name varchar(40) NOT NULL,
TLogin_Email varchar(40) NOT NULL,
TLogin_Home varchar(20),
TLogin_Work varchar(20),
TLogin_Cell varchar(20),
TLogin_Pager varchar(20),
TLogin_Address1 varchar(40),
TLogin_Address2 varchar(40),
TLogin_City varchar(40),
TLogin_State varchar(2),
TLogin_Zip varchar(12)
) \g
CREATE UNIQUE INDEX TLogin_ID_Idx on SecFrame_TLogin (TLogin_ID)\g
CREATE UNIQUE INDEX TLogin_Username_Idx on SecFrame_TLogin (TLogin_Username)\g
grant all on TLogin_Seq to secframe\g
grant all on SecFrame_TLogin to secframe\g
insert into SecFrame_TLogin (TLogin_Username,TLogin_Password,TLogin_Name,TLogin_Email,TLogin_Home,TLogin_Work,TLogin_Cell,TLogin_Pager,TLogin_Address1,TLogin_Address2,TLogin_City,TLogin_State,TLogin_Zip) values ('sample','password','Sample User','samplemail@yahoo.com','','','','','','','','','')\g
insert into SecFrame_TLogin (TLogin_Username,TLogin_Password,TLogin_Name,TLogin_Email,TLogin_Home,TLogin_Work,TLogin_Cell,TLogin_Pager,TLogin_Address1,TLogin_Address2,TLogin_City,TLogin_State,TLogin_Zip) values ('noc','password','NOC User','root@localhost','','','','','','','','','')\g
insert into SecFrame_TLogin (TLogin_Username,TLogin_Password,TLogin_Name,TLogin_Email,TLogin_Home,TLogin_Work,TLogin_Cell,TLogin_Pager,TLogin_Address1,TLogin_Address2,TLogin_City,TLogin_State,TLogin_Zip) values ('msyslog','password','msyslog User','root@localhost','','','','','','','','','')\g
CREATE SEQUENCE TGroup_Seq\g
CREATE TABLE SecFrame_TGroup (
TGroup_ID integer DEFAULT nextval('TGroup_Seq'),
TGroup_Name varchar(30) NOT NULL,
TGroup_Desc varchar(80) NOT NULL
) \g
CREATE UNIQUE INDEX TGroup_ID_Idx on SecFrame_TGroup (TGroup_ID)\g
grant all on TGroup_Seq to secframe\g
grant all on SecFrame_TGroup to secframe\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Everyone','All Users')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Administrators','System Administrators')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Normal Users','Standard System Users')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Customer','Customers of Syslog System')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Analyst','NOC Analyst')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Administrators','Syslog Adminstrator')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog msyslog','Syslog Processor')\g
CREATE SEQUENCE TGroupMembers_Seq\g
CREATE TABLE SecFrame_TGroupMembers (
TGroupMembers_ID integer DEFAULT nextval('TGroupMembers_Seq'),
TLogin_ID integer not null,
TGroup_ID integer not null
) \g
CREATE UNIQUE INDEX TGroupMembers_ID_Idx on SecFrame_TGroupMembers (TGroupMembers_ID)\g
grant all on TGroupMembers_Seq to secframe\g
grant all on SecFrame_TGroupMembers to secframe\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (1,1)\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (2,1)\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (3,1)\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (6,1)\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (1,2)\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (3,2)\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (5,2)\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (1,3)\g
insert into SecFrame_TGroupMembers (TGroup_ID,TLogin_ID) values (7,3)\g
CREATE SEQUENCE TApp_Seq\g
CREATE TABLE SecFrame_TApp (
TApp_ID integer DEFAULT nextval('TApp_Seq'),
TApp_Name varchar(30) NOT NULL,
TApp_Desc varchar(80) NOT NULL
) \g
CREATE UNIQUE INDEX TApp_ID_Idx on SecFrame_TApp (TApp_ID)\g
grant all on TApp_Seq to secframe\g
grant all on SecFrame_TApp to secframe\g
insert into SecFrame_TApp (TApp_Name,TApp_Desc) values ('Administrators','Administrators Access-List')\g
insert into SecFrame_TApp (TApp_Name,TApp_Desc) values ('SyslogOp','Syslog Access-List')\g
CREATE SEQUENCE TAppPerm_Seq\g
CREATE TABLE SecFrame_TAppPerm (
TAppPerm_ID integer DEFAULT nextval('TAppPerm_Seq'),
TAppPerm_UserGroup integer not null,
TAppPerm_UGID integer not null,
TAppPerm_AllowAccess integer not null,
TAppPerm_Priority integer not null,
TApp_ID integer not null
) \g
CREATE UNIQUE INDEX TAppPerm_ID_Idx on SecFrame_TAppPerm (TAppPerm_ID)\g
CREATE INDEX TAppPerm_UserGroup_Idx on SecFrame_TAppPerm (TAppPerm_UserGroup)\g
CREATE INDEX TAppPerm_UGID_Idx on SecFrame_TAppPerm (TAppPerm_UGID)\g
CREATE INDEX TAppPerm_AllowAccess_Idx on SecFrame_TAppPerm (TAppPerm_AllowAccess)\g
CREATE INDEX TAppPerm_TApp_ID_Idx on SecFrame_TAppPerm (TApp_ID)\g
grant all on TAppPerm_Seq to secframe\g
grant all on SecFrame_TAppPerm to secframe\g
insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,1,0,1,2);
insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,6,1,2,2);
insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,5,1,3,2);
insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,4,1,4,2);
insert into SecFrame_TAppPerm (TAppPerm_UserGroup,TAppPerm_UGID,TAppPerm_AllowAccess,TAppPerm_Priority,TApp_ID) values (2,7,1,5,2);

102
html/admin/faq.txt Normal file
View file

@ -0,0 +1,102 @@
1. Licensing
Modular Syslog and Cisco's TACACS+ Daemon have thier own licenses. READ THEM!
SMT and the Security Framework are covered under the GPL.
2. What is up with the versions of your software?
If you haven't noticed already, the version numbers reported in the tar.bz2 archives doesn't reflect the file names, this is because I'm moving from a crusty source management system to a better one. Real versioning via CVS is coming shortly.
3. What is the Syslog Management tool & the Security Framework?
The idea is quite simple, SMT uses Modular Syslog to collect syslog messages and dump them to a SQL server(PostGreSQL). SMT then grabs logs and runs rules consisting of regular expressions, facility & severity ranges, and other parameters such as time to determine who, when, and how to alert.
4. How much log volume can SMT handle?
Our system is an IBM 335 w/ Dual SCSI-160 36gig mirrored drives. I can sustain 28 megabytes per second reading and about 18 megabytes per second writing. All told, the highest volume my system has run was about 800 megabytes of logs in a given day. My calculations seem to indicate that our system could handle 4-5 gigabytes a day without showing significant lag on the web interface side.
5. What are the components of a working SMT System?
# I'll reserve the good detail for the docs but the components of a working SMT system are as follows: One or more log processors
# A log expiration process
# A reindexer
# A log archiver
# One or more web consoles
# The database
# One or more syslog servers
# The TACACS+ daemon to collect command accounting
6. What are the minimums?
Frankly, I run my software on my personal firewall at home(486 DX25 w/ 48MB of RAM). So you can get away with running it on a fairly slim system, problem: IDE sucks. If you run it on an IDE subsystem, don't complain to me when it doesn't perform. I do recommend a dual processor system for sites where there is a decent amount of use going on. Why? Because one processor can be involved dealing with the database and the other can handle everything else. V2.4 Linux Kernel CPU affinity isn't great but 2.6 shows better results(from my initial testing).
7. Great, how much RAM will I need?
That is a very good question. If you are serious about this, I'd recommend a gig of RAM. File system caching will use a LOT of it up. For example, we run about a 5 gig foot print and we have a gig and a half of RAM. PostgreSQL is acting using about 800megabytes of it. The rest is OS caching and the like.
8. PostgreSQL looks like it could use some tuning.... can you help?
Sure. Down below are some snippets from my postgresql.conf file(mind you, I have a 1.5gig of RAM):
DO NOT USE ALL OF YOUR FREE RAM FOR SHARED BUFFERS, YOUR PERFORMANCE WILL PAY!
shared_buffers = 29400 # min 16, at least max_connections*2, 8KB each
Default amount available for sorting each query
sort_mem = 4096 # min 64, size in KB
How much memory vacuum will have available to it(and it will need it)
vacuum_mem = 196608 # min 1024, size in KB
YOU MUST TUNE YOUR FSM PAGES! The Free space map is used to track free space within the existing table space. The FSM tracks free space, as soon as you have more slots free then FSM space, FSM will start losing free space withing your database. Thus it will start to grow and grow and grow till you either increase your FSM AND VACUUM or perform a FULL VACUUM.
max_fsm_pages = 40000000 # min max_fsm_relations*16, 6 bytes each
PostgreSQLs default action is to 'sync' after every write. This is too expensive. The downside is that you can suffer data corruption if the system crashes. Reality: I've never lost data to a crash but there is always a first time for everything
fsync = false # turns forced synchronization on or off
wal_buffers = 128 # min 4, 8KB each
If memory serves me correctly, this tells PostgreSQL about how much the system cache will typically run at. 8)
effective_cache_size = 48400 # typically 8KB each
Hey, it's a logging system, log dag nabit!
syslog = 1 # range 0-2; 0=stdout; 1=both; 2=syslog
syslog_facility = 'LOCAL0'
syslog_ident = 'postgres'
I've added profiling code to dump some stats about PostgreSQL. As a result we need to make sure PostGreSQL is actually collecting stats!
log_timestamp = true
stats_start_collector = true
stats_command_string = true
stats_block_level = true
stats_row_level = true
stats_reset_on_server_start = true
One other change to make but this is a system option not a PostgreSQL option
sysctl kernel.shmmax=1342177280
9. What OS does this run on?
Frankly, I've run it on RedHat but I prefer Slackware. However the limitations of my software would be more based on Modular Syslog and PostGreSQL. ie. of Modular Syslog compiles on FreeBSD, should work fine on FreeBSD.
10. How can I tell how large of Free Space Map I'll need for PostgreSQL?
Run a 'vacuum full analyze verbose' and it will tell you the number of pages your database is using. Make sure you do that after you have roughly the amount of data you want to maintain in your database.
11. Why is your software better then anyone elses?
a. Because anyone can manage it, not just the one sysadmin who is never around when his pager goes off and no one else knows.
b. It is scalable in that it can be centrally managed and grown.
c. It can interface with systems such as HP Service Desk.
d. It allows for better event correllation as all events are available via one console.
12. I noticed that you don't have your database doing a lot of bounds checking on data... what gives?
Database IO is a precious thing. I reserve all of the overhead other than IO for other hosts(in a distributed system). As a result, I leave data bounds checking mainly to the application and not the database.
13. What authentication mechanisms can I use?
You can use pretty much any authentication mechanism you want. My software looks for the REMOTE_USER variable. I recommend mod_auth_pgsql so you can use the Security Framework password database but you could use SecurID, ActiveDirectory, or any other native Apache authentication module.
14. What about MySQL?
Time dictates I have twenty four hours a day. Six hours of that is sleep, 10 hours of that is work, that leaves me a few hours to exercise and be with my wife. If you want MySQL support, I gladly welcome it but I do not have the time to write for it. 8(

180
html/admin/group.php Normal file
View file

@ -0,0 +1,180 @@
<?php
/*=============================================================================
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../config.php');
$dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($dbsocket,$_SERVER['REMOTE_USER']);
$ADMIN_ID=sec_groupnametoid($dbsocket,'Administrators');
if ( ! sec_groupmember($dbsocket,$REMOTE_ID,$ADMIN_ID) ) {
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Group Membership";
do_header($PageTitle, 'admingroup');
if (! isset($groupfunction)) {
$groupfunction = 0;
}
if ( ( ( $_POST['action'] == "Modify" ) || ( $groupfunction == 1 ) ) && ( isset($TGroup_ID) ) ) {
$groupfunction = 1 ;
echo "<B><H3>Modify Group</H3></B><BR>\n";
if ( $SaveID == 1 ) {
$Results = sec_updategroup ($dbsocket, $TGroup_ID, $TGroup_Name, $TGroup_Desc);
if ( $Results ) {
echo "Save successfull<BR>\n";
} else {
echo "Save failed!<BR>\n";
}
}
$SQLQuery="select * from SecFrame_TGroup where TGroup_ID=$TGroup_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or
die(pg_errormessage()."<BR>\n");
$TGroup_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tgroup_name));
$TGroup_Desc = stripslashes(pgdatatrim($SQLQueryResultsObject->tgroup_desc));
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
} else {
$TGroup_Name="";
$TGroup_Desc="";
}
openform("group.php","post",2,1,0);
formfield("TGroup_ID","Hidden",3,1,0,10,10,$TGroup_ID);
formfield("groupfunction","Hidden",3,1,0,10,10,$groupfunction);
formfield("SaveID","Hidden",3,1,0,10,10,"1");
echo "Group Name: ";
formfield("TGroup_Name","TEXT",3,1,1,30,30,$TGroup_Name);
echo "Group Description: ";
formfield("TGroup_Desc","TEXT",3,1,1,30,80,$TGroup_Desc);
formsubmit("Save",3,1,0);
formreset("Reset",3,1,1);
closeform(1);
}
if ( ( ( $_POST['action'] == "Delete" ) || ( $groupfunction == 2 ) ) && ( isset($TGroup_ID) ) ) {
$groupfunction = 2 ;
echo "<B><H3>Delete Group</H3></B><BR>\n";
if ( $DeleteID == 1 ) {
$Results = sec_delid($dbsocket,"SecFrame_TGroup","TGroup_ID",$TGroup_ID);
$ResultsGroupMembers = sec_delid($dbsocket,"SecFrame_TGroupMembers","TGroup_ID",$TGroup_ID);
if ( ( $Results ) && ( $ResultsGroupMembers ) ) {
$SQLQuery="delete from SecFrame_TAppPerm where TAppPerm_UserGroup=2 and TAppPerm_UGID=$TGroup_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Delete successfull<BR>\n";
} else {
echo "Delete failed!<BR>\n";
}
} else {
$SQLQuery="select * from SecFrame_TGroup where TGroup_ID=$TGroup_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or
die(pg_errormessage()."<BR>\n");
$TGroup_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tgroup_name));
$TGroup_Desc = stripslashes(pgdatatrim($SQLQueryResultsObject->tgroup_desc));
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
} else {
$TGroup_Name="";
$TGroup_Desc="";
}
openform("group.php","post",2,1,0);
formfield("TGroup_ID","Hidden",3,1,0,10,10,$TGroup_ID);
formfield("groupfunction","Hidden",3,1,0,10,10,$groupfunction);
/* formfield("DeleteID","Hidden",3,1,0,10,10,"1"); */
echo "<font color=#FF0000 size=+2><B>Are you sure you want to delete $TGroup_Desc? ";
?>
<input type=radio name=DeleteID value=1>Yes
<input type=radio name=DeleteID value=0 checked>No</b></font><BR>
<?php
formsubmit("Save",3,1,0);
formreset("Reset",3,1,1);
closeform(1);
}
}
if ( ( ( $_POST['action'] == "Adjust Membership" ) || ( $groupfunction == 3 ) ) && ( isset($TGroup_ID) ) && ( sec_idexist($dbsocket,"SecFrame_TGroup","TGroup_ID",$TGroup_ID) ) ) {
$groupfunction = 3;
echo "<B><H3>Modify Membership</H3></B><BR>\n";
if ( $_POST['action'] == "Remove" ) {
if ( count($TLogin_ID) != 0 ) {
for ( $loop = 0 ; $loop != count($TLogin_ID) ; $loop++ ) {
$Results = sec_dropgroupmembers($dbsocket,$TLogin_ID[$loop],$TGroup_ID);
}
}
}
if ( $_POST['action'] == "Add" ) {
if ( count($TLogin_ID) != 0 ) {
for ( $loop = 0 ; $loop != count($TLogin_ID) ; $loop++ ) {
$Results = sec_addgroupmembers($dbsocket,$TLogin_ID[$loop],$TGroup_ID);
}
}
}
openform("group.php","post",2,1,0);
formfield("TGroup_ID","Hidden",3,1,0,10,10,$TGroup_ID);
formfield("groupfunction","Hidden",3,1,0,10,10,$groupfunction);
echo "<B><font size=+1>Group: " . sec_groupname($dbsocket,$TGroup_ID) . "</B><BR>\n";
echo tabs(2) . "<TABLE border=2>\n<TR><TD>\n";
echo "<B><U><font color=#FF0000>Non-Members:</FONT></u></B></TD><TD><B><U><FONT Color=#00FF00>Members</FONT></U></B></TD></TR>\n<TR><TD>";
groupmemberdropdownbox ($dbsocket,"TLogin_ID[]",$TGroup_ID,0,0,1,1,5,1);
echo tabs(2) . "</TD><TD>\n";
groupmemberdropdownbox ($dbsocket,"TLogin_ID[]",$TGroup_ID,1,0,1,1,5,1);
echo tabs(2) . "</TD></TR>\n<TR><TD>";
formsubmit("Add",3,1,0);
echo tabs(2) . ">>> </TD><TD> <<<";
formsubmit("Remove",3,1,0);
echo tabs(2) . "</TD><TR></table>\n";
closeform(1);
}
if ( $groupfunction == 0 ) {
echo "<B><H3>Add a Group</H3></B><BR>\n";
if ( $SaveID == 1 ) {
$Results = sec_addgroup($dbsocket,$TGroup_Name,$TGroup_Desc);
if ( $Results ) {
echo "Add successfull<BR>\n";
} else {
echo "Add failed!<BR>\n";
}
} else {
openform("group.php","post",2,1,0);
formfield("SaveID","Hidden",3,1,0,10,10,"1");
echo "Group Name: ";
formfield("TGroup_Name","TEXT",3,1,1,30,30,"");
echo "Group Description: ";
formfield("TGroup_Desc","TEXT",3,1,1,30,80,"");
formsubmit("Save",3,1,0);
formreset("Reset",3,1,1);
closeform(1);
}
}
do_footer();
dbdisconnect($dbsocket);
?>

BIN
html/admin/images/background.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 181 B

BIN
html/admin/images/tile.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.7 KiB

BIN
html/admin/images/title.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 714 B

80
html/admin/index.php Normal file
View file

@ -0,0 +1,80 @@
<?php
/*=============================================================================
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../config.php');
$dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($dbsocket,$_SERVER['REMOTE_USER']);
$ADMIN_ID=sec_groupnametoid($dbsocket,'Administrators');
if ( ! sec_groupmember($dbsocket,$REMOTE_ID,$ADMIN_ID) ) {
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Security Framework Administration";
do_header($PageTitle, 'adminindex');
?>
<table width=100% border=0 valign=top>
<tr><td width=50?>
<B><font size=+1>Group Administration</B></font><BR>
<?php
openform("group.php","post",2,1,0);
echo "Select group: ";
groupdropdownbox ($dbsocket,"TGroup_ID",3,1,1,1,"");
formsubmit("Add",3,1,0);
formsubmit("Modify",3,1,0);
formsubmit("Delete",3,1,0);
formsubmit("Adjust Membership",3,1,0);
closeform(1);
?>
</td><td width=50?>
<B><font size=+1>Application Administration</font></B><BR>
<?php
openform("app.php","post",2,1,0);
echo "Select Application: ";
appdropdownbox ($dbsocket,"TApp_ID",3,1,1,1,"");
formsubmit("Add",3,1,0);
formsubmit("Modify",3,1,0);
formsubmit("Delete",3,1,0);
formsubmit("Adjust ACL",3,1,0);
closeform(1);
?>
</td></tr>
<tr><td width=50?>
<BR><B><font size=+1>User Administration</font></B><BR>
<?php
openform("user.php","post",2,1,0);
echo "Select User: ";
userdropdownbox ($dbsocket,"TLogin_ID",3,1,1,1,"");
formsubmit("Add",3,1,0);
formsubmit("Modify",3,1,0);
formsubmit("Delete",3,1,0);
closeform(1);
?>
</td><td width=50?>
</td></tr>
</table>
<?php
do_footer();
dbdisconnect($dbsocket);
?>

340
html/admin/license.txt Normal file
View file

@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

67
html/admin/scripts/php/queue.php Executable file
View file

@ -0,0 +1,67 @@
#!/usr/bin/php
<%
/*=============================================================================
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
/*
CREATE TABLE SecFrame_TQueue (
TQueue_ID integer DEFAULT nextval('TQueue_Seq'),
TQueue_Command varchar(16) NOT NULL,
TQueue_Date date NOT NULL,
TQueue_Time time NOT NULL,
TQueue_DateProcessed date,
TQueue_TimeProcessed time,
TQueue_Processed integer,
TQueue_Data1 text,
TQueue_Data2 text
)\g
*/
require_once('/opt/apache/htdocs/login/lib/pgsql.php');
require_once('/opt/apache/htdocs/login/lib/generalweb.php');
require_once('/opt/apache/htdocs/login/lib/secframe.php');
$sec_dbsocket=sec_dbconnect();
$date=date("M-d-Y",(time() - 86400));
$SQLQuery="select TSyslog.TSyslog_ID,TSyslog.host,TSyslog.date,TSyslog.time,TSyslog.message,TSyslog.Facility,TSyslog.Severity" ;
$SQLQueryResults = pg_exec($sec_dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows != 0 ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id));
$results=shell_exec($command);
$date=stripslashes(pgdatatrim($SQLQueryResultsObject->date));
$time=stripslashes(pgdatatrim($SQLQueryResultsObject->time));
$host=stripslashes(pgdatatrim($SQLQueryResultsObject->host));
$message=stripslashes(pgdatatrim($SQLQueryResultsObject->message));
$vseverity=verboseseverity(stripslashes(pgdatatrim($SQLQueryResultsObject->severity)));
$vfacility=verbosefacility(stripslashes(pgdatatrim($SQLQueryResultsObject->facility)));
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
dbdisconnect($sec_dbsocket);
%>

1
html/admin/secversion Normal file
View file

@ -0,0 +1 @@
1.1

260
html/admin/user.php Normal file
View file

@ -0,0 +1,260 @@
<%
/*=============================================================================
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../config.php');
$dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($dbsocket,$REMOTE_USER);
$ADMIN_ID=sec_groupnametoid($dbsocket,'Administrators');
if ( ! sec_groupmember($dbsocket,$REMOTE_ID,$ADMIN_ID) ) {
dbdisconnect($dbsocket);
exit;
}
$PageTitle="User Membership";
do_header($PageTitle, 'adminuser');
if ( ! isset($userfunction)) {
$userfunction = 0;
}
if ( ( ( $userfunction == 1 ) || ( $action == "Modify" ) ) && ( isset($TLogin_ID) ) ) {
$userfunction = 1 ;
echo "<BR><B><FONT SIZE=+1>Modify User</FONT></B><BR><BR>\n";
if ( isset($SaveID) && $SaveID == 1 ) {
$reason="";
if ( $TLogin_Password == $TLogin_Password2 ) {
if ( strlen($TLogin_Password) >= 8 ) {
if ( sec_verifypassword($TLogin_Password) || ( strlen($TLogin_Password) > 31 ) ) {
$Results = sec_updatelogin ($dbsocket,$TLogin_ID,$TLogin_Username,$TLogin_Password,
$TLogin_Name,$TLogin_Email,$TLogin_Home,$TLogin_Work,$TLogin_Cell,$TLogin_Pager,
$TLogin_Address1,$TLogin_Address2,$TLogin_City,$TLogin_State,$TLogin_Zip);
} else {
$reason = "<B>Password requires a mix of uppercase or lowercase letters with numbers or symbols</B>";
}
} else {
$reason = "<B>Password not log enough!</B>";
}
} else {
$reason = "<B>Password mismatch!</B>";
}
if ( isset($Results) ) {
echo "Save successfull<BR>\n";
} else {
echo "<font color=#FF0000 size=+2><B>Save failed!</B></FONT> $reason<BR>\n";
}
}
$SQLQuery="select * from SecFrame_TLogin where TLogin_ID=$TLogin_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or
die(pg_errormessage()."<BR>\n");
$TLogin_Username = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_username));
$TLogin_Password = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_password));
$TLogin_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_name));
$TLogin_Email = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_email));
$TLogin_Work = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_work));
$TLogin_Home = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_home));
$TLogin_Cell = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_cell));
$TLogin_Pager = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_pager));
$TLogin_Address1 = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_address1));
$TLogin_Address2 = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_address2));
$TLogin_City = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_city));
$TLogin_State = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_state));
$TLogin_Zip = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_zip));
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
} else {
$TLogin_Username="";
$TLogin_Password="";
$TLogin_Name="";
$TLogin_Email="";
$TLogin_Work="";
$TLogin_Home="";
$TLogin_Cell="";
$TLogin_Pager="";
$TLogin_Address1="";
$TLogin_Address2="";
$TLogin_City="";
$TLogin_State="";
$TLogin_Zip="";
}
openform("user.php","post",2,1,0);
formfield("TLogin_ID","Hidden",3,1,0,10,10,$TLogin_ID);
formfield("userfunction","Hidden",3,1,0,10,10,$userfunction);
formfield("SaveID","Hidden",3,1,0,10,10,"1");
echo "<TABLE border=2 COLS=2 WIDTH=100%><TR><TD>";
echo "<font color=#FF0000 size=+2><B>*</B></FONT>User Name: ";
formfield("TLogin_Username","TEXT",3,1,1,16,16,$TLogin_Username);
echo "</TD><TD WIDTH><font color=#FF0000 size=+2><B>*</B></FONT>Password: ";
formfield("TLogin_Password","Password",3,1,1,16,32,$TLogin_Password);
echo " <font color=#FF0000 size=+2><B>*</B></FONT>Confirm Password: ";
formfield("TLogin_Password2","Password",3,1,1,16,32,$TLogin_Password);
echo "</TD></TR><TR><TD><font color=#FF0000 size=+2><B>*</B></FONT>Name: ";
formfield("TLogin_Name","TEXT",3,1,1,40,128,$TLogin_Name);
echo "</TD><TD><font color=#FF0000 size=+2><B>*</B></FONT>Email:";
formfield("TLogin_Email","TEXT",3,1,1,30,40,$TLogin_Email);
echo "</TD></TR><TR><TD>Home Phone: ";
formfield("TLogin_Home","TEXT",3,1,1,20,20,$TLogin_Home);
echo "</TD><TD>Cell Phone: ";
formfield("TLogin_Cell","TEXT",3,1,1,20,20,$TLogin_Cell);
echo "</TD></TR><TR><TD>Work Phone: ";
formfield("TLogin_Work","TEXT",3,1,1,20,20,$TLogin_Work);
echo "</TD><TD>Pager: ";
formfield("TLogin_Pager","TEXT",3,1,1,20,20,$TLogin_Pager);
echo "</TD></TR><TR><TD COLSPAN=2>Address 1: ";
formfield("TLogin_Address1","TEXT",3,1,1,40,40,$TLogin_Address1);
echo "Address 2: ";
formfield("TLogin_Address2","TEXT",3,1,1,40,40,$TLogin_Address2);
echo "City: ";
formfield("TLogin_City","TEXT",3,0,0,40,40,$TLogin_City);
echo " State: ";
formfield("TLogin_State","TEXT",3,0,0,2,2,$TLogin_State);
echo " Zip: ";
formfield("TLogin_Zip","TEXT",3,1,1,12,12,$TLogin_Zip);
echo "</TD></TR><TR><TD>";
formsubmit("Save",3,1,0);
echo "</TD><TD>";
formreset("Reset",3,1,1);
echo "</TD></TR></TABLE><BR>\n<font color=#FF0000 size=+2><B>* - Denotes required field</B></font><BR> ";
closeform(1);
}
if ( ( ( $userfunction == 2 ) || ( $action == "Delete" ) ) && ( isset($TLogin_ID) ) ) {
$userfunction = 2;
echo "<B><H3>Delete User</H3></B><BR>\n";
if ( $DeleteID == 1 ) {
$Results = sec_delid($dbsocket,"SecFrame_TLogin","TLogin_ID",$TLogin_ID);
$ResultsGroupMembers = sec_delid($dbsocket,"SecFrame_TGroupMembers","TLogin_ID",$TLogin_ID);
if ( ( $Results ) && ( $ResultsGroupMembers ) ) {
$SQLQuery="delete from SecFrame_TAppPerm where TAppPerm_UserGroup=1 and TAppPerm_UGID=$TLogin_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Delete successfull<BR>\n";
} else {
echo "Delete failed!<BR>\n";
}
} else {
$SQLQuery="select * from SecFrame_TLogin where TLogin_ID=$TLogin_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows > 0 ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or
die(pg_errormessage()."<BR>\n");
$TLogin_Name = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_name));
$TLogin_Username = stripslashes(pgdatatrim($SQLQueryResultsObject->tlogin_username));
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
} else {
$TLogin_Name="";
$TLogin_Username="";
}
openform("user.php","post",2,1,0);
formfield("TLogin_ID","Hidden",3,1,0,10,10,$TLogin_ID);
formfield("userfunction","Hidden",3,1,0,10,10,$userfunction);
echo "<font color=#FF0000 size=+2><B>Are you sure you want to delete $TLogin_Name? ";
%>
<input type=radio name=DeleteID value=1>Yes
<input type=radio name=DeleteID value=0 checked>No</B></FONT><BR>
<%
formsubmit("Delete",3,1,0);
formreset("Reset",3,1,1);
closeform(1);
}
}
if ($userfunction == 0 ) {
echo "<B><H3>Add a User</H3></B><BR>\n";
if ( isset($SaveID) && ($SaveID == 1) ) {
$reason="";
$Results=0;
if ( $TLogin_Password == $TLogin_Password2 ) {
if ( strlen($TLogin_Password) >= 8 ) {
if ( sec_verifypassword($TLogin_Password) ) {
$Results = sec_addlogin($dbsocket,$TLogin_Username,$TLogin_Password,$TLogin_Name,
$TLogin_Email,$TLogin_Home,$TLogin_Work,$TLogin_Cell,$TLogin_Pager,
$TLogin_Address1,$TLogin_Address2,$TLogin_City,$TLogin_State,$TLogin_Zip);
$TempTLogin_ID=sec_usernametoid($dbsocket,$TLogin_Username);
$EVERYONEGROUP_ID=sec_groupnametoid($dbsocket,'Everyone');
$Results2 = sec_addgroupmembers($dbsocket,$TempTLogin_ID,$EVERYONEGROUP_ID);
} else {
$reason = "<B>Password requires a mix of uppercase or lowercase letters with numbers or symbols</B>";
}
} else {
$reason = "<B>Password not log enough!</B>";
}
} else {
$reason = "<B>Password mismatch!</B>";
}
if ( ( $Results ) && ( $Results2 ) ) {
echo "Add successfull<BR>\n";
} else {
echo "<font color=#FF0000 size=+2><B>Add failed!</B></FONT> $reason<BR>\n";
}
} else {
openform("user.php","post",2,1,0);
formfield("SaveID","Hidden",3,1,0,10,10,"1");
echo "<TABLE border=2 COLS=2 WIDTH=100%><TR><TD>";
echo "<font color=#FF0000 size=+2><B>*</B></FONT>User Name: ";
formfield("TLogin_Username","TEXT",3,1,1,16,16,"");
echo "</TD><TD><font color=#FF0000 size=+2><B>*</B></FONT>Password: ";
formfield("TLogin_Password","Password",3,1,1,16,32,"");
echo " <font color=#FF0000 size=+2><B>*</B></FONT>Confirm Password: ";
formfield("TLogin_Password2","Password",3,1,1,16,32,"");
echo "</TD></TR><TR><TD><font color=#FF0000 size=+2><B>*</B></FONT>Name: ";
formfield("TLogin_Name","TEXT",3,1,1,40,40,"");
echo "</TD><TD><font color=#FF0000 size=+2><B>*</B></FONT>Email: ";
formfield("TLogin_Email","TEXT",3,1,1,40,40,"");
echo "</TD></TR><TR><TD>Home Phone: ";
formfield("TLogin_Home","TEXT",3,1,1,20,20,"");
echo "</TD><TD>Cell Phone: ";
formfield("TLogin_Cell","TEXT",3,1,1,20,20,"");
echo "</TD></TR><TR><TD>Work Phone: ";
formfield("TLogin_Work","TEXT",3,1,1,20,20,"");
echo "</TD><TD>Pager: ";
formfield("TLogin_Pager","TEXT",3,1,1,20,20,"");
echo "</TD></TR><TR><TD COLSPAN=2>Address 1: ";
formfield("TLogin_Address1","TEXT",3,1,1,40,40,"");
echo "Address 2: ";
formfield("TLogin_Address2","TEXT",3,1,1,40,40,"");
echo "City: ";
formfield("TLogin_City","TEXT",3,0,0,40,40,"");
echo "State: ";
formfield("TLogin_State","TEXT",3,0,0,2,2,"");
echo "Zip: ";
formfield("TLogin_Zip","TEXT",3,1,1,12,12,"");
echo "</TD></TR><TR><TD>";
formsubmit("Save",3,1,0);
echo "</TD><TD>";
formreset("Reset",3,1,1);
echo "</TD></TR></TABLE><BR>\n<font color=#FF0000 size=+2><B>* - Denotes required field</B></font><BR> ";
closeform(1);
}
}
do_footer();
dbdisconnect($dbsocket);
%>

271
html/alert.php Normal file
View file

@ -0,0 +1,271 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group == 0 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
if ( ( $group == 1) && ( $viewtype != 1 ) && ( $datatype == 1) ) {
if ( ! logincanseehost($dbsocket,$REMOTE_ID,$hostid) ) {
echo "BYE<BR>\n";
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
}
/***************************************************************************/
/* Add aggregate interface: */
/* select count(tsyslog_id), host from TSyslog group by host order by host */
/***************************************************************************/
if ( $group == 1 ) {
$userid=$REMOTE_ID;
}
if ( ( $group == 1 ) && ( $viewtype == 2 ) && ( $datatype == 2 ) ) {
$datatype = 4;
$userid=$REMOTE_ID;
}
if ( $viewtype == 1 ) {
if ( ! $aggregate ) {
$SQLQuery="select TSyslog.TSyslog_id,Syslog_TAlert.TAlert_Date,Syslog_TAlert.TAlert_Time,Syslog_TAlert.TAlert_Info,TSyslog.date,TSyslog.time,TSyslog.host,TSyslog.message,TSyslog.Facility,TSyslog.Severity from TSyslog,Syslog_TAlert where Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id union select Syslog_TArchive.TSyslog_id,Syslog_TAlert.TAlert_Date,Syslog_TAlert.TAlert_Time,Syslog_TAlert.TAlert_Info,Syslog_TArchive.date,Syslog_TArchive.time,Syslog_TArchive.host,Syslog_TArchive.message,Syslog_TArchive.Facility,Syslog_TArchive.Severity from Syslog_TArchive,Syslog_TAlert where Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id order by date,time desc";
} else {
$SQLQuery="select tsyslog.host, count(distinct(TSyslog.TSyslog_id)) from TSyslog,Syslog_TAlert where Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id group by host union select syslog_tarchive.host,count(distinct(syslog_tarchive.TSyslog_id)) from Syslog_TArchive,Syslog_TAlert where Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id group by host order by host";
}
} else {
$SQLQuery="";
if ( ! $aggregate ) {
$TopSQLQuery="select TSyslog.TSyslog_id, Syslog_TAlert.TAlert_Date, Syslog_TAlert.TAlert_Time, Syslog_TAlert.TAlert_Info, TSyslog.date, TSyslog.time, TSyslog.host, TSyslog.message, TSyslog.Facility, TSyslog.Severity from TSyslog, Syslog_TAlert";
$BottomSQLQuery="select Syslog_TArchive.TSyslog_id, Syslog_TAlert.TAlert_Date, Syslog_TAlert.TAlert_Time, Syslog_TAlert.TAlert_Info, Syslog_TArchive.date, Syslog_TArchive.time, Syslog_TArchive.host, Syslog_TArchive.message, Syslog_TArchive.Facility, Syslog_TArchive.Severity from Syslog_TArchive, Syslog_TAlert";
} else {
$TopSQLQuery="select tsyslog.host, count(distinct(TSyslog.TSyslog_id)) from TSyslog, Syslog_TAlert";
$BottomSQLQuery="select syslog_tarchive.host, count(distinct(Syslog_TArchive.TSyslog_id)) from Syslog_TArchive, Syslog_TAlert";
}
if ( $datatype == 1 ) {
$host=gethost($dbsocket,$hostid);
$TopSQLQuery = $TopSQLQuery . ",Syslog_THost where TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=$hostid and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id and Syslog_TAlert.TAlert_Date='$month-$day-$year' ";
if ( $aggregate ) {
$TopSQLQuery = $TopSQLQuery . " group by host union ";
} else {
$TopSQLQuery = $TopSQLQuery . " union ";
}
$BottomSQLQuery = $BottomSQLQuery . ",Syslog_THost where Syslog_TArchive.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=$hostid and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id and Syslog_TAlert.TAlert_Date='$month-$day-$year' ";
if ( $aggregate ) {
$BottomSQLQuery = $BottomSQLQuery . " group by host order by host";
} else {
$BottomSQLQuery = $BottomSQLQuery . " order by date,time desc";
}
$SQLQuery=$TopSQLQuery . $BottomSQLQuery;
}
if ( $datatype == 2 ) {
$TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where TSyslog.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id ";
if ( $aggregate ) {
$TopSQLQuery = $TopSQLQuery . " group by host union ";
} else {
$TopSQLQuery = $TopSQLQuery . " union ";
}
$BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TArchive.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and Syslog_TAlert.TAlert_Date='$month-$day-$year' and Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id ";
if ( $aggregate ) {
$BottomSQLQuery = $BottomSQLQuery . " group by host order by host";
} else {
$BottomSQLQuery = $BottomSQLQuery . " order by date,time desc";
}
$SQLQuery=$TopSQLQuery . $BottomSQLQuery;
}
if ( $datatype == 3 ) {
$TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " .
"( Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id ) and ".
"( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " .
"( TSyslog.host=Syslog_THost.THost_Host ) and " .
"( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " .
"( Syslog_TAlert.TAlert_Date='$month-$day-$year' ) ";
if ( $aggregate ) {
$TopSQLQuery = $TopSQLQuery . " group by host union ";
} else {
$TopSQLQuery = $TopSQLQuery . " union ";
}
$BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " .
"( Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id ) and ".
"( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " .
"( Syslog_TArchive.host=Syslog_THost.THost_Host ) and " .
"( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " .
"( Syslog_TAlert.TAlert_Date='$month-$day-$year' ) ";
if ( $aggregate ) {
$BottomSQLQuery = $BottomSQLQuery . " group by host order by host";
} else {
$BottomSQLQuery = $BottomSQLQuery . " order by date,time desc";
}
$SQLQuery=$TopSQLQuery . $BottomSQLQuery;
}
if ( $datatype == 4 ) {
$TopSQLQuery = $TopSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " .
"( Syslog_TAlert.TSyslog_id=TSyslog.TSyslog_id ) and ".
"( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " .
"( TSyslog.host=Syslog_THost.THost_Host ) and " .
"( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " .
"( Syslog_THost.TPremadeType_ID=$typeid ) and ".
"( Syslog_TAlert.TAlert_Date='$month-$day-$year' ) ";
if ( $aggregate ) {
$TopSQLQuery = $TopSQLQuery . " group by host union ";
} else {
$TopSQLQuery = $TopSQLQuery . " union ";
}
$BottomSQLQuery = $BottomSQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " .
"( Syslog_TAlert.TSyslog_id=Syslog_TArchive.TSyslog_id ) and ".
"( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " .
"( Syslog_TArchive.host=Syslog_THost.THost_Host ) and " .
"( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " .
"( Syslog_THost.TPremadeType_ID=$typeid ) and ".
"( Syslog_TAlert.TAlert_Date='$month-$day-$year' ) " ;
if ( $aggregate ) {
$BottomSQLQuery = $BottomSQLQuery . " group by host order by host";
} else {
$BottomSQLQuery = $BottomSQLQuery . " order by date,time desc";
}
$SQLQuery=$TopSQLQuery . $BottomSQLQuery;
}
}
/* Create the 'previous' and 'next' day date parameters */
$todayseconds=mktime(12,0,0,numberofmonth($month),$day,$year);
$priorday=$todayseconds - 86400;
$nextday=$todayseconds + 86400;
$pmonth=strftime("%b",$priorday);
$pday=strftime("%d",$priorday);
$pyear=strftime("%Y",$priorday);
$nmonth=strftime("%b",$nextday);
$nday=strftime("%d",$nextday);
$nyear=strftime("%Y",$nextday);
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
$PageTitle="Syslog Management Tool";
do_header($PageTitle, 'alert');
if ( $aggregate ) {
$numhosts = 0;
$hosts = "";
$alerttotal=0;
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$found = 0;
for ( $subloop = 1 ; $subloop != ($numhosts + 1 ) ; $subloop++ ) {
if ( $SQLQueryResultsObject->host == $hosts[$subloop] ) {
$found++;
$count[$subloop] = $count[$subloop] + $SQLQueryResultsObject->count;
}
}
if ( ! $found ) {
$numhosts++;
$hosts[$numhosts]=$SQLQueryResultsObject->host;
$count[$numhosts]=$SQLQueryResultsObject->count;
$alerttotal = $alerttotal + $SQLQueryResultsObject->count;
}
}
}
echo "<B>Date:</B> $month-$day-$year<BR><BR>\n";
if ( $viewtype == 1 ) {
echo "<TABLE BORDER=2 cols=2>\n<TR><TD><A HREF='alert.php?month=$pmonth&day=$pday&year=$pyear&viewtype=$viewtype&aggregate=$aggregate'>Previous Day</A></TD>" .
"<TD><A HREF='alert.php?month=$month&day=$day&year=$year&viewtype=$viewtype&aggregate=$aggregate'>Refresh</A></TD>".
"<TD><A HREF='alert.php?month=$nmonth&day=$nday&year=$nyear&viewtype=$viewtype&aggregate=$aggregate'>Next Day</A></TD></TR></TABLE><BR>\n";
}
if ( $viewtype == 2 ) {
$append="&viewtype=$viewtype&datatype=$datatype&hostid=$hostid&typeid=$typeid&&userid=$userid&aggregate=$aggregate";
echo "<TABLE BORDER=2 cols=2>\n<TR><TD><A HREF='alert.php?month=$pmonth&day=$pday&year=$pyear$append'>Previous Day</A></TD>" .
"<TD><A HREF='alert.php?month=$month&day=$day&year=$year&viewtype=$viewtype$append'>Refresh</A></TD>".
"<TD><A HREF='alert.php?month=$nmonth&day=$nday&year=$nyear&viewtype=$viewtype$append'>Next Day</A></TD></TR></TABLE><BR>\n";
}
if ( $SQLNumRows ) {
if ( ! $aggregate ) {
echo "<TABLE BORDER=2 cols=9>\n";
echo "<TR><TD width=70>Syslog ID</TD><TD width=100>Alarm Date</TD><TD width=70>Alarm Time</TD><TD width=100>Learned Date</TD><TD width=70>Learned Time</TD><TD width=100>Facility</TD><TD width=100>Severity</TD><TD width=100>Host</TD><TD width=100>Alert Rule</TD></TR>\n";
for ( $loop=0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
if ( $bgcolor == "#EEEEEE" ) { $bgcolor = "#FFFFFF"; } else { $bgcolor = "#EEEEEE";}
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id));
$date=stripslashes(pgdatatrim($SQLQueryResultsObject->date));
$time=stripslashes(pgdatatrim($SQLQueryResultsObject->time));
$host=stripslashes(pgdatatrim($SQLQueryResultsObject->host));
$message=stripslashes(pgdatatrim($SQLQueryResultsObject->message));
$alertdate=stripslashes(pgdatatrim($SQLQueryResultsObject->talert_date));
$alerttime=stripslashes(pgdatatrim($SQLQueryResultsObject->talert_time));
$alertinfo=stripslashes(pgdatatrim($SQLQueryResultsObject->talert_info));
$severity=stripslashes(pgdatatrim($SQLQueryResultsObject->severity));
$facility=stripslashes(pgdatatrim($SQLQueryResultsObject->facility));
$fontcolor='#000000';
if ( ( $severity == 4 ) || ( $severity == 3 ) ) { $fontcolor='#FF8800'; }
if ( $severity <= 2 ) { $fontcolor='#FF0000'; }
$severity=verboseseverity($severity);
$facility=verbosefacility($facility);
echo "<TR BGCOLOR=$bgcolor><TD width=70>$id</TD><TD width=100>$alertdate</TD><TD width=70>$alerttime</TD><TD width=100>$date</TD><TD width=70>$time</TD><TD width=100>$facility</TD><TD width=100><font color=$fontcolor>$severity</font></TD><TD width=100>$host</TD><TD width=100><pre>$alertinfo</pre></TD></TR>\n";
echo "<TR><TD COLSPAN=9><pre>$message</pre></TD></TR>\n";
}
echo "</table>\n";
} else {
echo "<TABLE BORDER=2 cols=2>\n";
echo "<TR><TD><B>Host Name</B></TD><TD><B># of Alerts</B></TD></TR>\n";
for ( $loop = 1 ; $loop != ($numhosts+1) ; $loop ++ ) {
$hostid=relatedata($dbsocket,"Syslog_THost","THost_ID","THost_Host='$hosts[$loop]'");
$href="alert.php?viewtype=2&datatype=1&hostid=$hostid&typeid=6&month=$month&day=$day&year=$year&aggregate=0&action=View";
echo "<TR><TD><a href='$href'>$hosts[$loop]</A></TD><TD>$count[$loop]</TD></TR>\n";
}
echo "<TR><TD ALIGN=RIGHT><B>Total:</B></TD><TD><B>$alerttotal alerts</B></TD></TR>\n";
echo "</table>\n";
}
} else { echo "No alerts for given day.<BR><BR>\n"; }
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

9
html/background.html Normal file
View file

@ -0,0 +1,9 @@
<HTML>
<!-- $Id$ -->
<HEAD>
<TITLE>
</TITLE>
</HEAD>
<BODY bgcolor='#CCCC99' text='#000000' LINK='#336699' VLINK='#9900FF' ALINK='#CC9933' background='images/tile.gif'>
</BODY>
</HTML>

7
html/background.php Normal file
View file

@ -0,0 +1,7 @@
<?php
require_once('config.php');
do_header("Syslog Management Tool");
php?>
</BODY>
</HTML>

52
html/calendar.php Normal file
View file

@ -0,0 +1,52 @@
<?php
# PHP Calendar (version 2.2), written by Keith Devens
# http://keithdevens.com/software/php_calendar
# see example at http://keithdevens.com/weblog
# License: http://keithdevens.com/software/license
function generate_calendar($year, $month, $days = array(), $day_name_length = 3, $month_href = NULL, $first_day = 0){
$first_of_month = gmmktime(0,0,0,$month,1,$year);
#remember that mktime will automatically correct if invalid dates are entered
# for instance, mktime(0,0,0,12,32,1997) will be the date for Jan 1, 1998
# this provides a built in "rounding" feature to generate_calendar()
$day_names = array(); #generate all the day names according to the current locale
for($n=0,$t=(3+$first_day)*86400; $n<7; $n++,$t+=86400) #January 4, 1970 was a Sunday
$day_names[$n] = ucfirst(gmstrftime('%A',$t)); #%A means full textual day name
list($month, $year, $month_name, $weekday) = explode(',',gmstrftime('%m,%Y,%B,%w',$first_of_month));
$weekday = ($weekday + 7 - $first_day) % 7; #adjust for $first_day
$title = htmlentities(ucfirst($month_name)).' '.$year; #note that some locales don't capitalize month and day names
#Begin calendar. Uses a real <caption>. See http://diveintomark.org/archives/2002/07/03
$calendar = '<table class="calendar">'."\n".'<caption class="month">'.
($month_href ? '<a href="'.htmlspecialchars($month_href).'">'.$title.'</a>' : $title).
"</caption>\n<tr>";
if($day_name_length){ #if the day names should be shown ($day_name_length > 0)
#if day_name_length is >3, the full name of the day will be printed
foreach($day_names as $day) $calendar .= '<th abbr="'.$day.'">'.
htmlentities($day_name_length < 4 ? substr($day,0,$day_name_length) : $day).
'</th>';
$calendar .= "</tr>\n<tr>";
}
if($weekday > 0) $calendar .= '<td colspan="'.$weekday.'">&nbsp;</td>'; #initial 'empty' days
for($day=1,$days_in_month=gmdate('t', $first_of_month); $day<=$days_in_month; $day++,$weekday++){
if($weekday == 7){
$weekday = 0; #start a new week
$calendar .= "</tr>\n<tr>";
}
if(isset($days[$day]) and is_array($days[$day])){
@list($link, $classes, $content) = $days[$day];
if(is_null($content)) $content = $day;
$calendar .= '<td'.($classes ? ' class="'.htmlspecialchars($classes).'">' : '>').
($link ? '<a href="'.htmlspecialchars($link).'">'.$content.'</a>' : $content).'</td>';
}
else $calendar .= "<td>$day</td>";
}
if($weekday != 7) $calendar .= '<td colspan="'.(7-$weekday).'">&nbsp;</td>'; #remaining "empty" days
return $calendar."</tr>\n</table>\n";
}
?>

12
html/config.php Normal file
View file

@ -0,0 +1,12 @@
<?php
$libpath = '/var/www/lib';
$archivedir = '/var/www/html/Archives';
require_once($libpath.'/pgsql.php');
require_once($libpath.'/generalweb.php');
require_once($libpath.'/secframe.php');
require_once($libpath.'/pix.php');
require_once('header.php');
?>

136
html/customer.php Normal file
View file

@ -0,0 +1,136 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( ( $group != 3 ) || ( $userid == "" ) ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
if ( ( $action == "Delete" ) && ( $id > 0 ) ) {
dropcustomerhost($dbsocket,$id);
}
if ( ( $action == "Add" ) && ( count($hostid) >= 1 ) && ( $userid != "" ) ) {
for ( $loop=0 ; $loop != count($hostid) ; $loop++ ) {
if ( $hostid != "" ) {
if ( idexist($dbsocket,"Syslog_THost","THost_ID",$hostid[$loop]) ) {
if ( ! assignedtouser ($dbsocket,$userid,$hostid[$loop]) ) { addcustomerhost($dbsocket,$hostid[$loop],$userid,$allowedit); }
}
}
}
}
if ( ( $action == "Save" ) && ( $assignedhostid != "" ) ) {
if ( assignedtouser ($dbsocket,$userid,$assignedhostid) ) {
dropcustomerhost($dbsocket,$id);
addcustomerhost($dbsocket,$assignedhostid,$userid,$existallowedit);
}
}
if ( ( $action == "Clone") && ( idexist($dbsocket,"Syslog_TCustomerProfile","TLogin_ID",$userid) ) ) {
$groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( ( sec_groupmember($sec_dbsocket,$userid,$groupid) ) &&
( sec_groupmember($sec_dbsocket,$duserid,$groupid) ) ) {
$SQLQuery="select TCustomerProfile_EditRules,THost_ID from Syslog_TCustomerProfile where Syslog_TCustomerProfile.TLogin_ID=$userid";
$SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$hostid=pgdatatrim($SQLQueryResultsObject->thost_id);
$allowedit=$SQLQueryResultsObject->tcustomerprofile_editrules;
if ( ! assignedtouser ($dbsocket,$duserid,$hostid) ) { addcustomerhost($dbsocket,$hostid,$duserid,$allowedit); }
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
$userid=$duserid;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, 'customer');
echo "<B>Customer: " . sec_username($sec_dbsocket,$userid) . "</B><BR>\n";
$SQLQuery="select THost_ID,TCustomerProfile_EditRules,TCustomerProfile_ID,Syslog_THost.THost_Host from Syslog_TCustomerProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and Syslog_TCustomerProfile.THost_ID=Syslog_THost.THost_ID order by Syslog_THost.THost_Host";
$SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
openform("customer.php","post",2,1,0);
formfield("host","Hidden",3,1,0,10,10,$host);
formfield("userid","Hidden",3,1,0,10,10,$userid);
echo "<TABLE BORDER=2>\n";
echo "<TR><TD><B>Action</B></TD><TD><B>Host</B></TD><TD><B>Allow Host Rule Edits</B></TD></TR>";
echo "<TR><TD><input type=submit name=action value='Add'></TD><TD>" ;
hostdropdown ($dbsocket, $sec_dbsocket, "hostid[]", $REMOTE_ID,$group,0,0,0,5);
echo "</TD><TD align=center><input type=checkbox name=allowedit value=1></TD></TR>\n";
closeform();
if ( $SQLNumRows ) {
echo "<TR><TD><B>Action</B></TD><TD><B>Host</B></TD></TR>";
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->tcustomerprofile_id));
$host=pgdatatrim($SQLQueryResultsObject->thost_host);
$assignedhostid=pgdatatrim($SQLQueryResultsObject->thost_id);
$allowedit=$SQLQueryResultsObject->tcustomerprofile_editrules;
openform("customer.php","post",2,1,0);
formfield("userid","Hidden",3,1,0,10,10,$userid);
formfield("id","Hidden",3,1,0,10,10,$id);
echo "<TR><TD>";
echo '<input type="submit" name=action value="Delete">';
echo '<input type="submit" name=action value="Save"></TD>';
echo "<TD>$host</TD><TD align=center>";
formfield("assignedhostid","Hidden",3,1,0,10,10,$assignedhostid);
if ( $allowedit ) {
echo "<input type=checkbox name=existallowedit value=1 checked>";
} else {
echo "<input type=checkbox name=existallowedit value=1>";
}
echo "</TD></TR>";
closeform();
echo "</TD></TR>\n";
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
echo "</TABLE>\n";
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

10
html/data/install Normal file
View file

@ -0,0 +1,10 @@
$Id$
1. cat pgsql.secframe | psql -Upostgres securityframework
2. createdb TSyslog
3. cat pgsql.msyslog | psql -Upostgres TSyslog
4. adjust php.ini
sendmail_path = /usr/sbin/sendmail -i -t -fmailfromsmac@yourdomain.com
max_execution_time = 295
memory_limit = 16M
5. put the .htaccess file into the correct directory

499
html/data/pgsql.msyslog Normal file
View file

@ -0,0 +1,499 @@
/* $Id$ */
/****************************************************/
/* */
/* Table: Syslog_TMail */
/* */
/* Purpose: A TMail entry is made per processor to */
/* watch for stale processors, duplicate */
/* processors, and processor overlap */
/* */
/****************************************************/
CREATE TABLE Syslog_TMail (
TMail_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TMail_Open integer,
TMail_Date date not null,
TMail_Time time not null,
TLogin_ID bigint not null
)\g
grant all on Syslog_TMail to msyslog\g
grant all on syslog_tmail_tmail_id_seq to msyslog\g
CREATE UNIQUE INDEX Syslog_TMail_TLogin_ID on Syslog_TMail (TLogin_ID)\g
ALTER TABLE Syslog_TMail OWNER TO msyslog\g
ALTER TABLE Syslog_TMail SET WITHOUT OIDS\g
/****************************************************/
/* */
/* Table: Syslog_TLaunchQueue */
/* */
/* Purpose: Store launch entries to be run at the */
/* end of processing */
/* */
/****************************************************/
CREATE TABLE Syslog_TLaunchQueue (
TLaunchQueue_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TLaunchQueue_Desc varchar(256),
TLaunch_ID bigint not null,
TMail_ID bigint not null,
TSyslog_ID bigint not null
)\g
grant all on Syslog_TLaunchQueue to msyslog\g
grant all on syslog_tlaunchqueue_tlaunchqueue_id_seq to msyslog\g
ALTER TABLE Syslog_TLaunchQueue OWNER TO msyslog\g
ALTER TABLE Syslog_TLaunchQueue SET WITHOUT OIDS\g
ALTER TABLE syslog_tlaunchqueue alter column tlaunchqueue_desc SET STORAGE EXTERNAL\g
/****************************************************/
/* */
/* Table: Syslog_TSuspend */
/* */
/* Purpose: The table is used to store the suspend */
/* status for log processors */
/* */
/****************************************************/
CREATE TABLE Syslog_TSuspend (
TSuspend_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TSuspend_Status integer not null,
TLogin_ID bigint not null
)\g
ALTER TABLE Syslog_TSuspend OWNER TO msyslog\g
ALTER TABLE Syslog_TSuspend SET WITHOUT OIDS\g
grant all on syslog_tsuspend_tsuspend_id_seq to msyslog\g
/****************************************************/
/* */
/* Table: Syslog_TEMail */
/* */
/* Purpose: Store email entries to be shipped out */
/* at the end of processing */
/* */
/****************************************************/
CREATE TABLE Syslog_TEmail (
TEmail_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TEmail_Email varchar(80) not null,
TEmail_Desc varchar(256),
TMail_ID bigint not null,
TSyslog_ID bigint not null
)\g
grant all on Syslog_TEmail to msyslog\g
grant all on Syslog_TEmail_temail_id_seq to msyslog\g
ALTER TABLE Syslog_TEmail OWNER TO msyslog\g
ALTER TABLE Syslog_TEmail SET WITHOUT OIDS\g
ALTER TABLE syslog_temail alter column temail_email SET STORAGE EXTERNAL\g
ALTER TABLE syslog_temail alter column temail_desc SET STORAGE EXTERNAL\g
/****************************************************/
/* */
/* Table: TSyslog */
/* */
/* Purpose: Syslog messages are submitted directly */
/* to this table. Once messages are processed they */
/* are moved to the archive table */
/* */
/****************************************************/
CREATE TABLE TSyslog (
TSyslog_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
facility integer,
severity integer,
date date,
time time,
host varchar(128),
message text
)\g
CREATE INDEX host_Idx on TSyslog (host)\g
CREATE INDEX TSyslogDateTime_IDX on TSyslog (date,time)\g
CREATE INDEX TSyslHostID_Idx on TSyslog (TSyslog_ID,host)\g
grant all on TSyslog to msyslog\g
grant all on TSyslog_TSyslog_ID_Seq to msyslog\g
ALTER TABLE TSyslog OWNER TO msyslog\g
ALTER TABLE TSyslog SET WITHOUT OIDS\g
ALTER TABLE tsyslog alter column host SET STORAGE EXTERNAL\g
ALTER TABLE tsyslog alter column message SET STORAGE EXTERNAL\g
/****************************************************/
/* */
/* Table: Syslog_TArchive */
/* */
/* Purpose: Syslog messages are moved from the */
/* primary table to the secondary table for long */
/* term storage */
/* */
/****************************************************/
CREATE TABLE Syslog_TArchive (
TSyslog_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
facility integer,
severity integer,
date date,
time time,
host varchar(128),
message text
)\g
CREATE INDEX ArchHost_Idx on Syslog_TArchive (host)\g
CREATE INDEX TArchDateTime_IDX on Syslog_TArchive (date,time)\g
CREATE INDEX TArchHostID_IDX on Syslog_TArchive (TSyslog_ID,host)\g
grant all on Syslog_TArchive to msyslog\g
grant all on syslog_tarchive_tsyslog_id_seq to msyslog\g
ALTER TABLE Syslog_TArchive OWNER TO msyslog\g
ALTER TABLE Syslog_TArchive SET WITHOUT OIDS\g
CREATE TABLE Syslog_TFilter (
TFilter_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TFilter_UserOrGlobal integer not null,
TFilter_Desc varchar(128) not null,
TLogin_ID integer not null
)\g
grant all on Syslog_TFilter to msyslog\g
grant all on Syslog_TFilter_TFilter_ID_Seq to msyslog\g
ALTER TABLE Syslog_TFilter OWNER TO msyslog\g
ALTER TABLE Syslog_TFilter SET WITHOUT OIDS\g
ALTER TABLE syslog_tfilter alter column tfilter_desc SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TFilterData (
TFilterData_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TFilterData_Filter varchar(80),
TFilterData_Include integer,
TFilterData_FilterOrLevel integer,
TFilterData_StartFacility integer,
TFilterData_StopFacility integer,
TFilterData_StartSeverity integer,
TFilterData_StopSeverity integer,
TFilter_ID bigint not null
)\g
grant all on syslog_tfilte_tfilterdata_i_seq to msyslog\g
grant all on Syslog_TFilterData to msyslog\g
ALTER TABLE Syslog_TFilterData OWNER TO msyslog\g
ALTER TABLE Syslog_TFilterData SET WITHOUT OIDS\g
ALTER TABLE syslog_tfilterdata alter column tfilterdata_filter SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TSave (
TSave_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TSave_ExpireDate date not null,
TSave_Desc varchar(128),
TSave_Time time not null,
TSave_Date date not null,
TLogin_ID integer not null
)\g
grant all on Syslog_TSave_TSave_ID_Seq to msyslog\g
grant all on Syslog_TSave to msyslog\g
ALTER TABLE Syslog_TSave OWNER TO msyslog\g
ALTER TABLE Syslog_TSave SET WITHOUT OIDS\g
ALTER TABLE syslog_tsave alter column tsave_desc SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TSaveData (
TSaveData_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TSaveData_Date date not null,
TSaveData_Time time not null,
TSaveData_Host varchar(128) not null,
TSaveData_Message text not null,
TSaveData_Facility integer,
TSaveData_Severity integer,
TSave_ID bigint not null
)\g
CREATE INDEX TSaveData_SaveID_Idx on Syslog_TSaveData (TSave_ID)\g
grant all on syslog_tsaveda_tsavedata_id_seq to msyslog\g
grant all on Syslog_TSaveData to msyslog\g
ALTER TABLE Syslog_TSaveData OWNER TO msyslog\g
ALTER TABLE Syslog_TSaveData SET WITHOUT OIDS\g
ALTER TABLE syslog_tsavedata alter column tsavedata_host SET STORAGE EXTERNAL\g
ALTER TABLE syslog_tsavedata alter column tsavedata_message SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TProcess (
TProcess_ID bigint,
THost_ID bigint not null
)\g
grant all on Syslog_TProcess to msyslog\g
ALTER TABLE Syslog_TProcess OWNER TO msyslog\g
ALTER TABLE Syslog_TProcess SET WITHOUT OIDS\g
insert into Syslog_TProcess values (0,1);
insert into Syslog_TProcess values (0,2);
insert into Syslog_TProcess values (0,3);
insert into Syslog_TProcess values (0,4);
insert into Syslog_TProcess values (0,5);
insert into Syslog_TProcess values (0,6);
insert into Syslog_TProcess values (0,7);
CREATE TABLE Syslog_THost (
THost_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
THost_Host varchar(128) not null,
THost_AlertExpire integer,
THost_LogExpire integer,
THost_Rate bigint,
TPremadeType_ID bigint not null
)\g
grant all on Syslog_THost to msyslog\g
grant all on Syslog_THost_THost_ID_Seq to msyslog\g
ALTER TABLE Syslog_THost OWNER TO msyslog\g
ALTER TABLE Syslog_THost SET WITHOUT OIDS\g
ALTER TABLE syslog_thost alter column thost_host SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TProcessorProfile (
TProcessorProfile_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
THost_ID bigint not null,
TLogin_ID bigint not null
)\g
CREATE INDEX TProcessorProfile_TLogin_ID_Idx on Syslog_TProcessorProfile (TLogin_ID)\g
grant all on syslog_tproce_tprocessorpro_seq to msyslog\g
grant all on Syslog_TProcessorProfile to msyslog\g
ALTER TABLE Syslog_TProcessorProfile OWNER TO msyslog\g
ALTER TABLE Syslog_TProcessorProfile SET WITHOUT OIDS\g
insert into syslog_tprocessorprofile (THost_ID,TLogin_ID) values (7,3);
CREATE TABLE Syslog_TCustomerProfile (
TCustomerProfile_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TCustomerProfile_EditRules bigint,
THost_ID bigint not null,
TLogin_ID bigint not null
)\g
CREATE INDEX TCustomerProfile_TLogin_ID_Idx on Syslog_TCustomerProfile (TLogin_ID)\g
grant all on syslog_tcusto_tcustomerprof_seq to msyslog\g
grant all on Syslog_TCustomerProfile to msyslog\g
ALTER TABLE Syslog_TCustomerProfile OWNER TO msyslog\g
ALTER TABLE Syslog_TCustomerProfile SET WITHOUT OIDS\g
CREATE TABLE Syslog_TLaunch (
TLaunch_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TLaunch_Program text not null,
TLaunch_LongDesc text not null,
TLaunch_ShortDesc varchar(30) not null
)\g
CREATE UNIQUE INDEX TLaunch_ShortDesc_Idx on Syslog_TLaunch (TLaunch_ShortDesc)\g
grant all on syslog_tlaunch_tlaunch_id_seq to msyslog\g
grant all on Syslog_TLaunch to msyslog\g
ALTER TABLE Syslog_TLaunch OWNER TO msyslog\g
ALTER TABLE Syslog_TLaunch SET WITHOUT OIDS\g
ALTER TABLE syslog_tlaunch alter column tlaunch_program SET STORAGE EXTERNAL\g
ALTER TABLE syslog_tlaunch alter column tlaunch_longdesc SET STORAGE EXTERNAL\g
ALTER TABLE syslog_tlaunch alter column tlaunch_shortdesc SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TAlert (
TAlert_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TAlert_Date date,
TAlert_Time time,
TAlert_Info varchar(80),
TSyslog_ID bigint
)\g
CREATE UNIQUE INDEX TAlert_TSyslog_ID_idx on Syslog_TAlert (TSyslog_ID)\g
grant all on Syslog_TAlert_TAlert_ID_Seq to msyslog\g
grant all on Syslog_TAlert to msyslog\g
ALTER TABLE Syslog_TAlert OWNER TO msyslog\g
ALTER TABLE Syslog_TAlert SET WITHOUT OIDS\g
ALTER TABLE syslog_talert alter column talert_info SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TRuleDeny (
TRuleDeny_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TRuleDeny_Expression varchar(80) not null,
TRuleDeny_StartFacility integer,
TRuleDeny_StopFacility integer,
TRuleDeny_StartSeverity integer,
TRuleDeny_StopSeverity integer,
TRule_ID bigint
)\g
grant all on syslog_trulede_truledeny_id_seq to msyslog\g
grant all on Syslog_TRuleDeny to msyslog\g
CREATE INDEX TRule_ID_DENY_Idx on Syslog_TRuleDeny (TRule_ID)\g
ALTER TABLE Syslog_TRuleDeny OWNER TO msyslog\g
ALTER TABLE Syslog_TRuleDeny SET WITHOUT OIDS\g
ALTER TABLE syslog_truledeny alter column truledeny_expression SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TRule (
TRule_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TRule_LogAlert integer,
TRule_Email varchar(80),
TRule_Expression varchar(80),
TRule_Desc varchar(256),
TRule_RuleOrLevel integer,
TRule_StartFacility integer,
TRule_StopFacility integer,
TRule_StartSeverity integer,
TRule_StopSeverity integer,
TRule_Threshold integer,
TRule_ThresholdType integer,
TRule_StartTime bigint,
TRule_EndTime bigint,
TRule_TimerType integer,
TRule_DaysofWeek integer,
TLaunch_ID bigint,
THost_ID bigint not null
)\g
CREATE INDEX TRule_host_Idx on Syslog_TRule (THost_ID)\g
grant all on Syslog_TRule_TRule_ID_Seq to msyslog\g
grant all on Syslog_TRule to msyslog\g
ALTER TABLE Syslog_TRule OWNER TO msyslog\g
ALTER TABLE Syslog_TRule SET WITHOUT OIDS\g
ALTER TABLE syslog_trule alter column trule_email SET STORAGE EXTERNAL\g
ALTER TABLE syslog_trule alter column trule_expression SET STORAGE EXTERNAL\g
ALTER TABLE syslog_trule alter column trule_desc SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TPremadeType (
TPremadeType_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TPremadeType_Desc varchar(40) not null
)\g
grant all on syslog_tprema_tpremadetype__seq to msyslog\g
grant all on Syslog_TPremadeType to msyslog\g
ALTER TABLE Syslog_TPremadeType OWNER TO msyslog\g
ALTER TABLE Syslog_TPremadeType SET WITHOUT OIDS\g
ALTER TABLE syslog_tpremadetype alter column tpremadetype_desc SET STORAGE EXTERNAL\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Firewalls')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Routers')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Switches')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco VPN Devices')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Local Directors')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Cisco Content Services Switch')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Linux Host')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Solaris Host')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('Windows Host')\g
insert into Syslog_TPremadeType (TPremadeType_Desc) values ('NetApp')\g
CREATE TABLE Syslog_TPremadeDeny (
TPremadeDeny_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TPremadeDeny_Expression varchar(80) not null,
TPremadeDeny_StartFacility integer,
TPremadeDeny_StopFacility integer,
TPremadeDeny_StartSeverity integer,
TPremadeDeny_StopSeverity integer,
TPremade_ID bigint
)\g
grant all on syslog_tprema_tpremadedeny__seq to msyslog\g
grant all on Syslog_TPremadeDeny to msyslog\g
CREATE INDEX TPremade_ID_DENY_Idx on Syslog_TPremadeDeny (TPremade_ID)\g
ALTER TABLE Syslog_TPremadeDeny OWNER TO msyslog\g
ALTER TABLE Syslog_TPremadeDeny SET WITHOUT OIDS\g
ALTER TABLE syslog_tpremadedeny alter column tpremadedeny_expression SET STORAGE EXTERNAL\g
CREATE TABLE Syslog_TPremade (
TPremade_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
TPremade_Code varchar(80) not null,
TPremade_Desc text,
TPremade_PremadeOrLevel integer,
TPremade_StartFacility integer,
TPremade_StopFacility integer,
TPremade_StartSeverity integer,
TPremade_StopSeverity integer,
TPremadeType_ID bigint,
TPremade_Threshold integer,
TPremade_ThresholdType integer,
TLaunch_ID bigint
)\g
CREATE INDEX TPremadeType_ID2_Idx on Syslog_TPremade (TPremadeType_ID)\g
ALTER TABLE Syslog_TPremade OWNER TO msyslog\g
ALTER TABLE Syslog_TPremade SET WITHOUT OIDS\g
ALTER TABLE syslog_tpremade alter column tpremade_code SET STORAGE EXTERNAL\g
ALTER TABLE syslog_tpremade alter column tpremade_desc SET STORAGE EXTERNAL\g
grant all on Syslog_TPremade to msyslog\g
grant all on Syslog_TPremade_TPremade_ID_Seq to msyslog\g
insert into Syslog_TPremade (TPremadeType_ID,TPremade_Code,TPremade_Desc) values (1,'%PIX-1-101002:','(Primary) Bad failover cable.')\g
insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('V6.X Cisco Pix Rules',0,0,1)\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-1-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-2-201003')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-3-201008')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-3-202001')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-3-211001')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-3-211003')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-5-199001')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-6-199002')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,1,'%PIX-6-199005')\g
insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('V4.2 Cisco LocalDirector Rules',0,0,5)\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Error reading cable status')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Failover communications failure')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Link status')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Lost Failover communications with mate')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Mate reporting failure')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Mate says *.* failed')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'No response from mate')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Power failure other side')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'SYN attack')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Switching to')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,2,'Testing on interface')\g
insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('V5.X Cisco Content Switch Rules',0,0,6)\g
#insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,3,'')\g
insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('Cisco IOS Router Rules',0,0,2)\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%BGP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C5RSP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C6KENV-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C6KPWR-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C6MSFC-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%C7200')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%CONTROLLER-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%CRYPTO-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DHCPD-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DIALER-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DMA-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DTP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DUAL-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%DVMRP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%EC-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%ENVM-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FIB-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FILESYS-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FLASH-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FR-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FW-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%FX1000-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%GRP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%GRPGE-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%HW_VPN-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%I82543-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IDS-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IPC-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IPFAST-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IPFLOW-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IPRT-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%IP_SNMP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%ISA-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%ISDN-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%LINK-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%MCAST-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%MEMSCAN-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%OIR-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%OOBP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%OSPF-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PA-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PLATFORM-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PPP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PQUICC_ETHER-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%PQUICC_FE-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%QUICC_ETHER-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%QUICC_SERIAL-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SERVICE_MODULE-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SNMP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SPANTREE-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%STANDBY-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SW_VLAN-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SYS-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SYSCTLR-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%SYSMGT_RPC-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%TBRIDGE-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%TCP-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%TR-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%TUN-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%UCODE-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%UDLD-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%VPDN-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,4,'%WCCP-5-CACHEFOUND')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,3,0,23,0,7,4,'')\g
insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('Cisco IOS Switch Rules',0,0,3)\g
#insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,5,'')\g
insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('Cisco CatOS Switch Rules',0,0,3)\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%IP-[346]')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%EARL-')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%KERNEL-1-CREATEPROCESSFAILED')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%SECURITY-[1357]')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%SYS-[0-7]')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%CDP-4-DUPLEXMISMATCH')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%SNMP-5-COLDSTART')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%SNMP-5-WARMSTART')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%PAGP-5-PORTTOSTP')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,1,0,23,0,7,6,'%PAGP-5-PORTFROMSTP')\g
insert into Syslog_TRule (TRule_LogAlert,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID,TRule_Expression) values (1,3,0,23,0,7,6,'')\g
insert into Syslog_THost (THost_Host,THost_AlertExpire,THost_LogExpire,TPremadeType_ID) values ('localhost',2419200,2419200,7);
insert into Syslog_TRule (TRule_LogAlert,TRule_Email,TRule_Expression,TRule_Desc,TRule_RuleOrLevel,TRule_StartFacility,TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,THost_ID) values (1,'root@localhost','',' Default catch-most rule',3,0,23,0,3,7);

5
html/data/pgsql.secframe Normal file
View file

@ -0,0 +1,5 @@
/* $Id$ */
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Customer','Customers of Syslog System')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Analyst','NOC Analyst')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog Administrators','Syslog Adminstrator')\g
insert into SecFrame_TGroup (TGroup_Name,TGroup_Desc) values ('Syslog msyslog','Syslog Processor')\g

119
html/equiptype.php Normal file
View file

@ -0,0 +1,119 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, 'equiptype');
$actiontext="";
if ( ( $subaction == 1 ) && ( $action == "Save" ) && ( pgdatatrim($typedesc) != "" ) ) {
addequiptype($dbsocket,$typedesc, $logwatch);
$actiontext="<font color=#FF0000>New record saved</FONT><BR>\n";
$typeid=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","TPremadeType_ID","TPremadeType_Desc='$typedesc'")));
$action = "Modify";
}
if ( ( $subaction == 2 ) && ( $action == "Save" ) && ( idexist($dbsocket,"Syslog_TPremadeType","TPremadeType_ID",$typeid) ) &&
( pgdatatrim($typedesc) != "" ) ) {
updateequiptype($dbsocket,$typeid,$typedesc, $logwatch);
$actiontext="<font color=#FF0000>Record updated</FONT><BR>\n";
}
if ( ( $DeleteID == 1 ) && ( $subaction == 3 ) && ( $action == "Delete" ) &&
( idexist($dbsocket,"Syslog_TPremadeType","TPremadeType_ID",$typeid) ) ) {
if ( numberofhostsusingtype($dbsocket,$typeid) < 1 ) {
dropequiptype($dbsocket,$typeid);
$actiontext="<font color=#FF0000>Record deleted</FONT><BR>\n";
} else {
$actiontext="<font color=#FF0000>Cannot delete record because hosts already reference premade type</FONT><BR>\n";
}
$action="Deleted";
}
if ( $action == "Add" ) {
$subaction = 1;
$typeid = "";
}
if ( $action == "Modify" ) {
$subaction = 2;
$typedesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","TPremadeType_Desc","TPremadeType_ID=$typeid")));
$logwatch=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","logwatch_cmd","TPremadeType_ID=$typeid")));
}
if ( $action == "Delete" ) {
$subaction = 3;
$typedesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","TPremadeType_Desc","TPremadeType_ID=$typeid")));
$logwatch=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TPremadeType","logwatch_cmd","TPremadeType_ID=$typeid")));
}
openform("equiptype.php","post",2,1,0);
echo "<B>Equipment Type</B><BR>\n";
if ( $subaction != 3 ) {
echo "1. Enter Equipment Type: ";
formfield("typedesc","text",3,1,1,40,40,$typedesc);
echo "2. Enter Logwatch Command Line: ";
formfield("logwatch","text",3,1,1,40,40,$logwatch);
formsubmit("Save",3,1,0);
formfield("subaction","hidden",3,1,0,200,200,$subaction);
if ( $typeid != "" ) { formfield("typeid","hidden",3,1,0,200,200,$typeid); }
closeform();
} else {
if ( ( $subaction == 3 ) && ( $action == "Delete" ) ) {
openform("equiptype.php","post",2,1,0);
formfield("typeid","Hidden",3,1,0,200,200,$typeid);
formfield("subaction","Hidden",3,1,0,10,10,$subaction);
echo "<font color=#FF0000 size=+2><B>Are you sure you want to delete $typedesc? ";
php?>
<input type=radio name=DeleteID value=1>Yes
<input type=radio name=DeleteID value=0 checked>No</font><b><BR>
<?php
formsubmit("Delete",3,1,0);
closeform(1);
}
}
echo $actiontext;
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

102
html/faq.txt Normal file
View file

@ -0,0 +1,102 @@
1. Licensing
Modular Syslog and Cisco's TACACS+ Daemon have thier own licenses. READ THEM!
SMT and the Security Framework are covered under the GPL.
2. What is up with the versions of your software?
If you haven't noticed already, the version numbers reported in the tar.bz2 archives doesn't reflect the file names, this is because I'm moving from a crusty source management system to a better one. Real versioning via CVS is coming shortly.
3. What is the Syslog Management tool & the Security Framework?
The idea is quite simple, SMT uses Modular Syslog to collect syslog messages and dump them to a SQL server(PostGreSQL). SMT then grabs logs and runs rules consisting of regular expressions, facility & severity ranges, and other parameters such as time to determine who, when, and how to alert.
4. How much log volume can SMT handle?
Our system is an IBM 335 w/ Dual SCSI-160 36gig mirrored drives. I can sustain 28 megabytes per second reading and about 18 megabytes per second writing. All told, the highest volume my system has run was about 800 megabytes of logs in a given day. My calculations seem to indicate that our system could handle 4-5 gigabytes a day without showing significant lag on the web interface side.
5. What are the components of a working SMT System?
# I'll reserve the good detail for the docs but the components of a working SMT system are as follows: One or more log processors
# A log expiration process
# A reindexer
# A log archiver
# One or more web consoles
# The database
# One or more syslog servers
# The TACACS+ daemon to collect command accounting
6. What are the minimums?
Frankly, I run my software on my personal firewall at home(486 DX25 w/ 48MB of RAM). So you can get away with running it on a fairly slim system, problem: IDE sucks. If you run it on an IDE subsystem, don't complain to me when it doesn't perform. I do recommend a dual processor system for sites where there is a decent amount of use going on. Why? Because one processor can be involved dealing with the database and the other can handle everything else. V2.4 Linux Kernel CPU affinity isn't great but 2.6 shows better results(from my initial testing).
7. Great, how much RAM will I need?
That is a very good question. If you are serious about this, I'd recommend a gig of RAM. File system caching will use a LOT of it up. For example, we run about a 5 gig foot print and we have a gig and a half of RAM. PostgreSQL is acting using about 800megabytes of it. The rest is OS caching and the like.
8. PostgreSQL looks like it could use some tuning.... can you help?
Sure. Down below are some snippets from my postgresql.conf file(mind you, I have a 1.5gig of RAM):
DO NOT USE ALL OF YOUR FREE RAM FOR SHARED BUFFERS, YOUR PERFORMANCE WILL PAY!
shared_buffers = 29400 # min 16, at least max_connections*2, 8KB each
Default amount available for sorting each query
sort_mem = 4096 # min 64, size in KB
How much memory vacuum will have available to it(and it will need it)
vacuum_mem = 196608 # min 1024, size in KB
YOU MUST TUNE YOUR FSM PAGES! The Free space map is used to track free space within the existing table space. The FSM tracks free space, as soon as you have more slots free then FSM space, FSM will start losing free space withing your database. Thus it will start to grow and grow and grow till you either increase your FSM AND VACUUM or perform a FULL VACUUM.
max_fsm_pages = 40000000 # min max_fsm_relations*16, 6 bytes each
PostgreSQLs default action is to 'sync' after every write. This is too expensive. The downside is that you can suffer data corruption if the system crashes. Reality: I've never lost data to a crash but there is always a first time for everything
fsync = false # turns forced synchronization on or off
wal_buffers = 128 # min 4, 8KB each
If memory serves me correctly, this tells PostgreSQL about how much the system cache will typically run at. 8)
effective_cache_size = 48400 # typically 8KB each
Hey, it's a logging system, log dag nabit!
syslog = 1 # range 0-2; 0=stdout; 1=both; 2=syslog
syslog_facility = 'LOCAL0'
syslog_ident = 'postgres'
I've added profiling code to dump some stats about PostgreSQL. As a result we need to make sure PostGreSQL is actually collecting stats!
log_timestamp = true
stats_start_collector = true
stats_command_string = true
stats_block_level = true
stats_row_level = true
stats_reset_on_server_start = true
One other change to make but this is a system option not a PostgreSQL option
sysctl kernel.shmmax=1342177280
9. What OS does this run on?
Frankly, I've run it on RedHat but I prefer Slackware. However the limitations of my software would be more based on Modular Syslog and PostGreSQL. ie. of Modular Syslog compiles on FreeBSD, should work fine on FreeBSD.
10. How can I tell how large of Free Space Map I'll need for PostgreSQL?
Run a 'vacuum full analyze verbose' and it will tell you the number of pages your database is using. Make sure you do that after you have roughly the amount of data you want to maintain in your database.
11. Why is your software better then anyone elses?
a. Because anyone can manage it, not just the one sysadmin who is never around when his pager goes off and no one else knows.
b. It is scalable in that it can be centrally managed and grown.
c. It can interface with systems such as HP Service Desk.
d. It allows for better event correllation as all events are available via one console.
12. I noticed that you don't have your database doing a lot of bounds checking on data... what gives?
Database IO is a precious thing. I reserve all of the overhead other than IO for other hosts(in a distributed system). As a result, I leave data bounds checking mainly to the application and not the database.
13. What authentication mechanisms can I use?
You can use pretty much any authentication mechanism you want. My software looks for the REMOTE_USER variable. I recommend mod_auth_pgsql so you can use the Security Framework password database but you could use SecurID, ActiveDirectory, or any other native Apache authentication module.
14. What about MySQL?
Time dictates I have twenty four hours a day. Six hours of that is sleep, 10 hours of that is work, that leaves me a few hours to exercise and be with my wife. If you want MySQL support, I gladly welcome it but I do not have the time to write for it. 8(

271
html/filter.php Normal file
View file

@ -0,0 +1,271 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group < 1 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
if ( ( $action == "Modify" ) && ( isset($newfilter) ) ) { $newfilter = ""; }
if ( ( $action == "Save Filter Header" ) && ( strlen(pgdatatrim($filtertitle)) > 0 ) &&
( ( $userorglobal == 1 ) || ( $userorglobal == 2 ) ) ) {
if ( $group < 2 ) { $userorglobal=1; }
if ( isset($filterid) ) {
updatefilter($dbsocket,$filterid,$filtertitle,$userorglobal) ;
} else {
addfilterheader($dbsocket,$userorglobal,$filtertitle,$REMOTE_ID) ;
$filterid=relatedata ($dbsocket,"Syslog_TFilter","TFilter_ID","TFilter_Desc='$filtertitle'");
}
}
if ( ( $filtermain != "1" ) || ( ( $filtermain == "1" ) && ( $action != "Add" ) ) ) {
if ( isset($filterid) && $filterid >= 1 ) {
$filterowner=relatedata ($dbsocket,"Syslog_TFilter","TLogin_ID","TFilter_ID=$filterid");
}
if ( isset($filterdataid) && $filterdataid >= 1 ) {
$filterdataowner=relatedata ($dbsocket,"Syslog_TFilter,Syslog_TFilterData","TLogin_ID","Syslog_TFilter.TFilter_ID=Syslog_TFilterData.TFilter_ID and Syslog_TFilterData.TFilterData_ID=$filterdataid");
}
if ( ( $action != "Delete User Filters" ) && ( ( isset($filterowner) && ($filterowner != $REMOTE_ID )) || ( ( isset($filterdataowner) && ($filterdataowner != $REMOTE_ID) ) && ( $filterdataid >= 1 ) && ( isset($filterdataid) ) ) ) ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
if ( isset($filterid) ) {
$userorglobal=relatedata ($dbsocket,"Syslog_TFilter","TFilter_UserOrGlobal","TFilter_ID=$filterid");
$filtertitle=relatedata ($dbsocket,"Syslog_TFilter","TFilter_Desc","TFilter_ID=$filterid");
}
$deletestatus="FAILED";
if ( $action == "Delete" ) {
if (!isset($filtermod) || (isset($filtermod) && ($filtermod != 1)) ) {
if ( ( dropallfilterdata($dbsocket,$filterid) ) && ( dropfilter($dbsocket,$filterid) ) ) { $deletestatus="Success"; }
} else {
if ( dropfilterdata($dbsocket,$filterdataid) ) { $deletestatus="Success"; }
}
}
if ( ( $group >= 3 ) && ( $action == "Delete User Filters" ) ) {
$SQLQuery="begin;delete from syslog_tfilterdata where syslog_tfilterdata.tfilter_id=syslog_tfilter.tfilter_id and syslog_tfilter.tlogin_id=$userid; delete from syslog_tfilter where syslog_tfilter.tlogin_id=$userid;commit;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
if ( $SQLQueryResults ) { $deletestatus="Success"; }
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
if ( isset($filteradd) ) {
if ( $startfacility > $stopfacility ) {
$temp=$startfacility;
$startfacility=$stopfacility;
$stopfacility=$temp;
}
if ( $startseverity > $stopseverity ) {
$temp=$startseverity;
$startseverity=$stopseverity;
$stopseverity=$temp;
}
if ( ( strlen($filter) > 0 ) || ( $filterorlevel == 3 ) ) { addfilter($dbsocket,$filter,$filterid,$include,$filterorlevel,$startfacility,$stopfacility,$startseverity,$stopseverity); }
}
if ( ( $action == "Save" ) && ( $filtermod ) && ( strval($filterdataid) > 0 ) ) {
if ( $startfacility > $stopfacility ) {
$temp=$startfacility;
$startfacility=$stopfacility;
$stopfacility=$temp;
}
if ( $startseverity > $stopseverity ) {
$temp=$startseverity;
$startseverity=$stopseverity;
$stopseverity=$temp;
}
updatefilterdata($dbsocket,$filterdataid,$filter,$include,$filterorlevel,$startfacility,$stopfacility,$startseverity,$stopseverity) ;
}
if ( ( $deletestatus == "FAILED" ) || ( ( $deletestatus == "Success" ) && ( $action == "Delete" ) && ( ! isset($filtermain) ) ) ) {
$SQLQuery="select * from Syslog_TFilterData where TFilter_ID='$filterid' order by TFilterData_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
}
} else {
$SQLNumRows = 0;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, 'filter');
if ( ( ( $group >= 3 ) && ( $action == "Delete User Filters" ) ) || ( ( $action == "Delete" ) && ((isset($filterdataid) && $filterdataid < 1 ) ) ) ) {
echo "<BR>Delete: $deletestatus<BR>\n";
} else {
echo "<TABLE COLS=4 BORDER=1>\n";
echo "<TR><TD>";
openform("filter.php","post",2,1,0);
if ( ( $filtermain ) && ( $action == "Add" ) ) {
formfield("newfilter","Hidden",3,1,0,10,10,1);
} else {
formfield("filterid","Hidden",3,1,0,10,10,$filterid);
}
echo "Filter Description: ";
if (! isset($filtertitle)) {
$filtertitle = '';
}
formfield("filtertitle","text",3,1,1,40,128,$filtertitle);
echo "</TR>";
if ( $group >= 2 ) {
if ( isset($userorglobal) && ($userorglobal == 1) ) {
echo "<TR><TD><input type=radio name=userorglobal value=1 checked>Private ";
echo "<input type=radio name=userorglobal value=2>Global</TD></TR>";
} else {
echo "<TR><TD><input type=radio name=userorglobal value=1>Private ";
echo "<input type=radio name=userorglobal value=2 checked>Global</TD></TR>";
}
} else {
formfield("userorglobal","hidden",3,1,1,40,40,1);
}
echo "<TR><TD>";
formsubmit("Save Filter Header",3,1,0);
echo "</TD></TR>";
closeform();
echo "</TABLE><BR>\n";
if ( ( ( isset($filterid) && ($filterid > 0) ) && ( $filtermain != 1 ) ) || ( ( $filtermain == 1 ) && ( $action != "Add" ) ) ) {
echo "<U><B>New Entry:</B></U><BR>\n";
echo "<TABLE COLS=4 BORDER=1>\n";
echo "<TR><TD width=115>";
openform("filter.php","post",2,1,0);
formsubmit("Add",3,1,0);
formfield("filterid","Hidden",3,1,0,10,10,$filterid);
formfield("filteradd","Hidden",3,1,0,10,10,"1");
echo "</TD><TD width=90>";
echo "<input type=radio name=include value=1 checked>Include</TD><TD width=90>";
echo "<input type=radio name=include value=0>Exclude</TD>";
echo "<TD>Filter: ";
formfield("filter","text",3,1,1,40,128,"");
echo "</TD></TR><TR><TD COLSPAN=4>";
echo "Filter Type: <input type=radio name=filterorlevel value=1 checked>Expression ";
echo "<input type=radio name=filterorlevel value=3>Facility & Severity ";
echo "<input type=radio name=filterorlevel value=2>Expression w/ Facility & Severity</TD></TR><TR><TD COLSPAN=3>";
echo "Facility Range: ";
facilitydropdown("startfacility",1,0,0,1,0);
echo " to ";
facilitydropdown("stopfacility",1,0,0,1,23);
echo "</TD><TD>Severity Range: ";
severitydropdown("startseverity",1,0,0,1,0);
echo " to ";
severitydropdown("stopseverity",1,0,0,1,7);
closeform();
echo "</TD></TR></TABLE><BR>\n";
}
if ( $SQLNumRows > 0 ) {
echo "<TABLE COLS=4 BORDER=1>\n";
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
echo "<TR><TD width=50>";
openform("filter.php","post",2,1,0);
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$filterdataid=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_id));
echo "Filter ID: $filterdataid</TD></TR><TR><TD WIDTH=115>";
formsubmit("Save",3,1,0);
formsubmit("Delete",3,1,0);
$filter=pgdatatrim($SQLQueryResultsObject->tfilterdata_filter);
$include=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_include));
$filterorlevel=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_filterorlevel));
$startfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_startfacility));
$stopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_stopfacility));
$startseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_startseverity));
$stopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->tfilterdata_stopseverity));
formfield("filterid","Hidden",3,1,0,10,10,$filterid);
formfield("filterdataid","Hidden",3,1,0,10,10,$filterdataid);
formfield("filtermod","Hidden",3,1,0,10,10,"1");
echo "</TD><TD width=90>";
if ( $include ) {
echo "<input type=radio name=include value=1 checked>Include</TD><TD width=90>";
echo "<input type=radio name=include value=0>Exclude</TD>";
} else {
echo "<input type=radio name=include value=1>Include</TD><TD width=90>";
echo "<input type=radio name=include value=0 checked>Exclude</TD>";
}
echo "<TD>Filter: ";
formfield("filter","text",3,1,1,40,128,$filter);
echo "</TD></TR><TR><TD COLSPAN=4>";
echo "Rule Type: <input type=radio name=filterorlevel value=1 ";
if ( ( $filterorlevel != "2" ) && ( $filterorlevel != "3" ) ) { $filterorlevel=1;}
if ( $filterorlevel == 1 ) { echo " checked "; }
echo ">Expression ";
echo "<input type=radio name=filterorlevel value=3";
if ( $filterorlevel == 3 ) { echo " checked "; }
echo ">Facility & Severity ";
echo "<input type=radio name=filterorlevel value=2";
if ( $filterorlevel == 2 ) { echo " checked "; }
echo ">Expression w/ Facility & Severity";
echo "</TD></TR><TR><TD COLSPAN=3>";
echo "Facility Range: ";
facilitydropdown("startfacility",1,0,0,1,$startfacility);
echo " to ";
facilitydropdown("stopfacility",1,1,1,1,$stopfacility);
echo "</TD><TD>Severity Range: ";
severitydropdown("startseverity",1,0,0,1,$startseverity);
echo " to ";
severitydropdown("stopseverity",1,1,1,1,$stopseverity);
echo "</TD></TR><TR><TD COLSPAN=4></TD></TR>";
closeform();
}
echo "</TABLE>\n";
}
if ( $SQLNumRows > 0 ) {
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
}
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
?>
</BODY>
</HTML>
<?php
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
?>

68
html/header.php Normal file
View file

@ -0,0 +1,68 @@
<?php
function do_header($title, $section='') {
php?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<LINK REL="Stylesheet" HREF="/include_main.css" type="text/css">
<title><?php echo $title ?></title>
</head>
<BODY background='/images/bg3.gif' text=#000000 vLink=#ffffff aLink=#ffffff link=#ffffff bgColor=#ffffff leftMargin=0 topMargin=0 MARGINWIDTH="0" MARGINHEIGHT="0">
<TABLE cellSpacing=0 cellPadding=0 width=100% border=0>
<TBODY>
<TR>
<TD vAlign=top>
<TABLE cellSpacing=0 cellPadding=0 width=100% border=0>
<TBODY>
<tr>
<TD width=100% vAlign=top>
<TABLE cellSpacing=0 cellPadding=0 border=0 width=100%>
<TBODY><tr><td>&nbsp;</td></tr>
<TR>
<TD vAlign=top>
<TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#ffffff border=0>
<TBODY>
<TR>
<td height=40>  <A href="http://www.csc.com/"><IMG src="/images/csc_name.gif" border=0></a></td>
</TR>
</TBODY></TABLE>
</TD></TR>
<TR>
<TD vAlign=top bgColor=#ffffff>
<TABLE cellSpacing=0 cellPadding=0 width="100%" bgColor=#cc0000 border=0>
<TBODY>
<TR>
<TD colspan=2><IMG height=4 alt="" src="/images/Px_Clear.gif" width=100% border=0></TD>
</TR>
<TR>
<TD class=pipe vAlign=center>  <A class=tNav href="http://www.csc.com">CSC.COM</A> 
 </TD>
<td class=pipe Align=middle vAlign=center><span class=headline3><?php echo $title ?></span></td>
<TD class=pipe Align=right><A class=tNav href="helpinfo.php?topic=<?php echo $section ?>">Help</A>  </TD>
</TR>
</table>
</table>
</table></table>
<table border =0 height=85% width=100% cellSpacing=0 cellPadding=0 ><tr><td width=5>&nbsp</td><td
valign=top>
<?php
}
function do_footer() {
?>
</td></tr>
<TR> <TD colspan=2 bgColor=#003399 colSpan=4 valign=top><IMG height=1 alt="" src="/images/Px_Clear.gif" width=10 border=0></TD></TR>
<tr><td colspan=2>
<P class=text><SPAN class=copyright>©Copyright 2004, Computer Sciences Corporation. All rights reserved. <A class=more href="../pwcsc/legal.html">Legal</A>.</SPAN></P>
</td></tr>
</table></body></html>
<?php
}
?>

156
html/host.php Normal file
View file

@ -0,0 +1,156 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( ( $action == "Save" ) && ( $rensyslogs ) && ( ( pgdatatrim($host) != pgdatatrim($oldhost) ) && ( strlen(pgdatatrim($host)) > 0 ) ) ) {
if ( $rensyslogs ) {
renamehosts($dbsocket,"TSyslog","host='$oldhost'","host",$host);
renamehosts($dbsocket,"Syslog_TArchive","host='$oldhost'","host",$host);
}
}
if ( $action == "Delete" ) {
$hosttype=2;
}
if ( $action == "Add" ) {
$hostid="";
unset($host);
}
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
if ( $alertexpire > $syslogexpire ) {
$alertexpire=$syslogexpire;
}
if ( ( $alertexpire == 0 ) && ( $syslogexpire != 0 ) ) {
$alertexpire = $syslogexpire ;
}
if ( ( $hostadd ) && ( $host != "" ) ) {
addhost($dbsocket,$host,$syslogexpire,$alertexpire,$typeid,$hostrate);
$hostid = stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","THost_ID","THost_Host='$host'")));
addhostprocess($dbsocket,$hostid);
}
if ( ( $hostmod ) && ( isset($hostid) ) && ( $host != "" ) ) {
updatehost($dbsocket,$hostid,$host,$syslogexpire,$alertexpire,$typeid,$hostrate);
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, 'host');
if ( isset($hostid) && ( $hostid > 0 ) ) {
$host=gethost($dbsocket,$hostid);
$syslogexpire=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","THost_LogExpire","THost_ID=$hostid")));
$alertexpire=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","THost_AlertExpire","THost_ID=$hostid")));
$typeid=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","TPremadeType_ID","THost_ID=$hostid")));
$hostrate=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_THost","THost_Rate","THost_ID=$hostid")));
if ( $hostid == 0 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
} else {
$host="";
}
echo $HeaderText;
if ( $hosttype != 2 ) {
openform("host.php","post",2,1,0);
if ( $hostid > 0 ) {
formfield("hostid","Hidden",3,1,0,10,10,$hostid);
formfield("hostmod","Hidden",3,1,0,10,10,"1");
formfield("oldhost","Hidden",3,1,0,10,10,$host);
} else {
formfield("hostadd","Hidden",3,1,0,10,10,"1");
}
formfield("hosttype","Hidden",3,1,0,10,10,$hosttype);
echo "Host name: ";
formfield("host","text",3,1,1,40,128,$host);
echo "Expire Syslogs: ";
expiredropdown("syslogexpire",2,0,0,1,$syslogexpire);
echo "Expire Alerts: ";
expiredropdown("alertexpire",2,1,1,1,$alertexpire);
echo "Host Type: ";
premadetypedropdown ($dbsocket, "typeid",0,1,1,1,$typeid);
echo "Log Rate Warning Threshold: ";
logratesthreshold("hostrate",2,1,1,1,$hostrate);
if ( strval($hostid) > 0 ) {
echo "<input type='checkbox' name='rensyslogs' value='1'>Rename Syslogs<BR>\n";
}
formsubmit("Save",3,1,0);
formreset("Reset",3,1,0);
closeform();
} else {
if ( $confirmdelete ) {
if ( $delsyslogs ) {
/* Remove any alerts in the system that are tied to the host */
drophostalerts($dbsocket,$hostid);
/* Remove any syslogs in the TSyslog table */
drophostsyslogs($dbsocket,$hostid);
/* Remove any syslogs in the archive table */
drophostarchivesyslogs($dbsocket,$hostid);
}
drophostprocess($dbsocket,$hostid);
dropprocessorhostfromprofile($dbsocket,$hostid);
$delresults=drophostid($dbsocket,$hostid);
if ( $delresults ) {
echo "Delete Successfull<BR>\n";
} else {
echo "Delete Failed!<BR>\n";
}
} else {
openform("host.php","post",2,1,0);
formfield("hostid","Hidden",3,1,0,10,10,$hostid);
formfield("confirmdelete","Hidden",3,1,0,10,10,1);
echo "Are you sure you wish to delete $host?<BR>\n";
echo "<input type='checkbox' name='delsyslogs' value='1'>Delete Syslogs<BR>\n";
formsubmit("Delete",3,1,0);
closeform();
openform("background.php","post",2,1,0);
formsubmit("Do NOT delete",3,1,1);
closeform();
}
}
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

BIN
html/images/Exclamation.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1 KiB

175
html/images/IEWin.css Normal file
View file

@ -0,0 +1,175 @@
.copy {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000;}
.sup {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:65%; color:#CC0000;}
.copy1 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000;}
.copy1b {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:80%; font-weight:bold; color:#003399;}
.copy2 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:65%; color:#000000;}
.copy3 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#FFFFFF;}
.copy4 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:85%; font-weight:bold; color:#CC0000;}
.copy5 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:80%; color:#CC0000;}
.copyright {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#FFFFFF;}
.byline {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:65%; color:#FFFFFF;}
.headline1 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:15px; font-weight:bold; color:#FFFFFF;}/* same as headline8 but CSC people are using it */
.headline2 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:85%; font-weight:bold; color:#000000;}
.headline2a {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:20px; font-weight:bold; color:#003399;}
.headline2b {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:20px; font-weight:bold; color:#696969;}
.headline2c {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:15px; font-weight:bold; color:#003399;}
.headline2d {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:10px; font-weight:bold; color:#696969;}
.headline3 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:14px; font-weight:bold; color:#000000;}
.headline4 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; font-weight:bold; color:#FFFF99;}
.headline5 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; font-weight:bold; color:#FFFFFF;}
.headline6 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:95%; font-weight:bold; color:#000000;}
.headline7 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; font-weight:bold; color:#003366;}
.headline8 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:15px; font-weight:bold; color:#FFFFFF;}
a:link {color:#003366}
a:visited {color:#003366}
a.link1:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#FFFFFF;}
a.link1:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000;}
a.link2:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2a:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2a:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2a:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2b:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2b:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2b:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#000000; text-decoration:underline;}
a.link2c:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#003399; text-decoration:underline;}
a.link2c:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#003399; text-decoration:underline;}
a.link2c:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:11px; color:#003399; text-decoration:underline;}
a.link3:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000; font-weight:bold; text-decoration:none;}
a.link3:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000; font-weight:bold; text-decoration:none;}
a.link3:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#000000; font-weight:bold; text-decoration:underline;}
a.link4:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#003366; font-weight:bold; text-decoration:underline;}
a.link4:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#993333; font-weight:bold; text-decoration:underline;}
a.link5:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#003366; text-decoration:underline;}
a.link5:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; color:#993333; text-decoration:underline;}
a.link6:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#003366; text-decoration:underline;}
a.link6:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#993333; text-decoration:underline;}
a.link7:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#FFFFFF; text-decoration:none;}
a.link7:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#FFFFFF; text-decoration:none;}
a.link7:hover {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; color:#FFFFFF; text-decoration:underline;}
a.link8:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:9px; color:#FFFFFF;}
a.link8:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:9px; color:#FFFFFF;}
a.link9:link {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:90%; color:#CC0000;}
a.link9:visited {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:90%; color:#CC0000;}
a.linksmap:link {font-family:verdana,arial; font-size:55%; color:003366; text-decoration:none; font-weight:bold;}
a.linksmap:visited {font-family:verdana,arial; font-size:55%; color:993333; text-decoration:none; font-weight:bold;}
a.linksmap:hover {font-family:verdana,arial; font-size:55%; color:003366; text-decoration:underline; font-weight:bold; }
a.linksmaphead:link {font-family:verdana,arial; font-size:65%; color:000000; text-decoration:none; font-weight:bold;}
a.linksmaphead:visited {font-family:verdana,arial; font-size:65%; color:993333; text-decoration:none; font-weight:bold;}
a.linksmaphead:hover {font-family:verdana,arial; font-size:65%; color:000000; text-decoration:underline; font-weight:bold; }
a.crumb1:link {color:#003366; text-decoration:underline; font-size:9px; font-family:verdana, arial, helvetica, universe, ms sans, default sans, default;}
a.crumb1:visited {color:#003366; text-decoration:underline; font-size:9px; font-family:verdana, arial, helvetica, universe, ms sans, default sans, default;}
.crumb2 {color:#000000; font-size:9px; font-family:verdana, arial, helvetica, universe, ms sans, default sans, default;}
TD.pipe {font-family:verdana,arial; font-size:10px; color:#FFFFFF; font-weight:bold;}
.error {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:60%; font-weight:bold; color:#990000;}
.errormessage {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:70%; font-weight:bold; color:#990000;}
#aboutbrandPop {position:absolute; left: 159px; top: 105px; visibility:hidden;z-index:100;}
#guidelinesPop {position:absolute; left: 159px; top: 127px; visibility:hidden;z-index:100;}
#printPop {position:absolute; left: 159px; top: 149px; visibility:hidden;z-index:100;}
#electronicPop {position:absolute; left: 169px; top: 171px; visibility:hidden;z-index:100;}
#contentPop {position:absolute; left: 159px; top: 193px; visibility:hidden;z-index:100;}
#photographyPop {position:absolute; left: 169px; top: 215px; visibility:hidden;z-index:100;}
#promotionalPop {position:absolute; left: 159px; top: 237px; visibility:hidden;z-index:100;}
#tradeshowsPop {position:absolute; left: 159px; top: 259px; visibility:hidden;z-index:100;}
#alliancesPop {position:absolute; left: 159px; top: 281px; visibility:hidden;z-index:100;}
/* For CSC descretionary pages only */
.cookies { color:#000000; font-size:9px; font-family:verdana,arial}
a.cookieLinks:link { color:#003366; text-decoration:underline; font-size:9px; font-family:verdana,arial}
a.cookieLinks:visited { color:#003366; text-decoration:underline; font-size:9px; font-family:verdana,arial}
a.cookieLinks:hover { color:#003366; text-decoration:underline; font-size:9px; font-family:verdana,arial}
P {
FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default
}
P.heading {
FONT-WEIGHT: bold; FONT-SIZE: 11px; MARGIN: 4px 6px; COLOR: #ffffff
}
P.text {
MARGIN: 4px 6px
}
P.globalH {
FONT-WEIGHT: bold; FONT-SIZE: 11px; MARGIN: 0px 6px 2px 16px; COLOR: #ffff99
}
P.global {
MARGIN: 0px 16px 5px
}
P.globalT {
FONT-SIZE: 10px; MARGIN: 0px 6px 5px 16px; COLOR: #000000; LINE-HEIGHT: 12px
}
P.topNav {
MARGIN: 0px 6px; COLOR: #ffffff
}
A.tNav:link {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: none
}
A.tNav:visited {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: none
}
A.tNav:hover {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: underline
}
A.head1:link {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default; TEXT-DECORATION: none
}
A.head1:visited {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default; TEXT-DECORATION: none
}
A.head1:hover {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default; TEXT-DECORATION: underline
}
A.head2:link {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: none
}
A.head2:visited {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: none
}
A.head2:hover {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY: verdana,arial; TEXT-DECORATION: underline
}
A.more:link {
FONT-SIZE: 10px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default
}
A.more:visited {
FONT-SIZE: 10px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default
}
TD.pipe {
FONT-WEIGHT: bold; FONT-SIZE: 10px; COLOR: #ffffff; FONT-FAMILY: verdana,arial
}
.globalH {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffff99; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default
}
.globalT {
FONT-SIZE: 10px; COLOR: #000000; LINE-HEIGHT: 12px; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default
}
.copyr {
FONT-SIZE: 10px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default
}
#countryDiv {
LEFT: 154px; VISIBILITY: hidden; POSITION: absolute; TOP: 80px
}

BIN
html/images/Px_Clear.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 45 B

BIN
html/images/background.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 6.3 KiB

BIN
html/images/bg2.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.6 KiB

BIN
html/images/bg3.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.7 KiB

BIN
html/images/blue.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 49 B

BIN
html/images/csc_name.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.7 KiB

BIN
html/images/no.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 572 B

BIN
html/images/ok.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 266 B

BIN
html/images/over_nav_qing.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 64 B

BIN
html/images/tile.gif Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.7 KiB

BIN
html/images/title.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 964 B

209
html/include_main.css Normal file
View file

@ -0,0 +1,209 @@
.header-top {background-color: #C8D0E0; color: black;}
.header-bottom {background-color: #98A0B8; color: black;}
.footer-top {background-color: #98A0B8; color: black;} /*same as header_bottom*/
.footer-bottom {background-color: #C8D0E0; color: black;} /*same as header_top*/
.footer-button {vertical-align: bottom; text-align: center; padding-left: 2px; font-size: 8pt}
.layout-separator {background-color: #333366; height: 1px}
.hilite{background-color: yellow; color: black}
img{border: 0}
kbd{color: #003366;
font-family: Courier, monospace;}
body{margin: 0; padding:0; background-color: white}
body, td, th {
font-family: arial,helvetica,sans-serif;
font-size: 8pt}
blockquote{font-family: verdana, sans-serif; margin-bottom: 0; font-size: 9pt; margin-left: 2em; margin-right: 2em}
.breadcrumbs{border: 1px dashed #98A0B8; padding: 2px}
.small {
font-family: arial,helvetica,sans-serif;
font-size: 5pt;}
.small a {
text-decoration: none;}
a:link {color: #000099}
a:active {color: #0000ff}
a:visited {color: #000055}
label {cursor: pointer}
ul.st-markup,ol.st-markup{margin-top: .25em}
ul.st-markup li, ol.st-markup li{margin-bottom: .25em}
p.st-markup {margin-top: 1em; margin-bottom: .2em}
blockquote.st-markup{margin-bottom: 1em; border: 1px dashed #C8D0E0}
blockquote.st-markup p{margin: 0}
code{margin-top: 1em; margin-bottom: 1em;}
/*hr.st-markup{margin-top: -.3em; margin-bottom: -.7em; display: block}*/
h1.st-markup,h2.st-markup,h3.st-markup,h4.st-markup,h5.st-markup,h6.st-markup{
margin-top: 0;}
/* End Markup Styles */
input.FormHelper-invalid, select.FormHelper-invalid, textarea.FormHelper-invalid {background-color: #ffc0cb}
label.FormHelper-invalid{color: red; font-weight: bold}
label.FormHelper-invalid:after{color: red; font-size: smaller;content: ' (required)'}
input.Formation-invalid, select.Formation-invalid, textarea.Formation-invalid {background-color: #ffc0cb}
label.Formation-invalid{color: red; font-weight: bold}
label.Formation-invalid:after{color: red; font-size: smaller;content: ' (required)'}
table.calendar {border: 0}
table.calendar td, th {text-align: center; border: 0}
table.calendar th {height: 10px; font-size: 7pt;}
table.calendar td {width: 19px; height: 10px; font-size: 9pt;}
table.calendar .month {font-weight: bold; margin-top: 3px; font-size: 12pt; text-align: center}
table.calendar .month a{text-decoration: none}
table.calendar th {color: green; text-align: center;}
table.calendar td.linked-day {font-size: 11pt;}
table.calendar td.highlight-day {font-size: 11pt; background-color: red}
table.calendar td.light-day {font-size: 11pt; background-color: green}
.content-main, .header, .footer{ width: 100% }
.content-left {
background-color: #f0f0f0;
font-size: 10pt;
width: 110px;
padding: 4px;
vertical-align: top;
text-align: left;
/* padding-right: 15px;*/
border-right: thin dashed #CCC}/*this is the same color as "dark_grey" above*/
.content-middle{
vertical-align: top;
width: 625px;
padding: 10px;}
.content-right{
vertical-align: top;
border-left: thin dashed #CCC;
background-color: #eee;
padding-left: .8ex;
}
h1, h2, h3, h4 {
font-family: arial,helvetica,sans-serif;
font-weight: bold;
color: #006;}
h1{font-size: 140%; margin-top: .2em}
h2{font-size: 125%}
h3{font-size: 110%}
h4{font-size: 100%}
input {font-family: arial, helvetica, sans-serif}
input.small, select.small {
font-size: 9pt;}
textarea {font-family: "andale mono", "monotype.com", "courier new", monospace; font-size: 10pt}
textarea.small {
font-size: 9pt;}
pre,code,tt {
font-family: "andale mono", "monotype.com", "courier new", monospace;
font-size: 90%;
}
code{
background-color: #f0f0f0;
border: thin dashed #C8D0E0;
display: block;
margin-right: 15px;
margin-left: 10px;
font-size: 8pt;
line-height: 1.3em;
/*
width:95%;
overflow: auto;
/* font-size: 85%;
*/ }
ul.tab-navigation{
margin: 0;
padding: 0;
margin-top: 4px;
line-height: 1.2em;
list-style: none;
border: none;
clear: both;
}
ul.tab-navigation li{
margin: 0;
padding: 0;
float: left;
width: auto;
}
ul.tab-navigation a, ul.tab-navigation a:visited{
display: block;
width: auto;
white-space: nowrap;
color: white;
font-family: verdana;
border: 1px solid;
border-color: white #B7C0D0 #B7C0D0 white;
-moz-border-radius: .5em .5em 0em 0em;
border-radius: .5em .5em 0em 0em;
border-top-right-radius: .5em;
border-bottom-right-radius: .5em;
background-color: #98A0B8;
padding: 2px 5px;
margin-bottom: -3px;
font-size: smaller;
text-decoration: none;
}
ul.tab-navigation a:hover{
background-color: #C8D0E0;
}
ul.tab-navigation a.active, ul.tab-navigation a.active:visited {
background-color: #C8D0E0;
color: black;
}
ul.flat-list{
margin: 0;
padding: 0;
border: 0;
}
ul.flat-list li:before {
display: marker;
marker-offset: 0;
}
ul.flat-list li{
list-style-position: inside;
padding: 0;
margin: 0;
border: 0;
}
.delPost{font-size: smaller; margin-bottom: .5em}
.delPost p{margin-top: 0; margin-bottom: 0}
.delTag {font-style: italic; text-decoration: none}
.delExtended{margin-left: 1em; margin-top:0}
/* ok stuff */
A.tNav:link {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY:
verdana,arial; TEXT-DECORATION: none
}
A.tNav:visited {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY:
verdana,arial; TEXT-DECORATION: none
}
A.tNav:hover {
FONT-WEIGHT: bold; FONT-SIZE: 11px; COLOR: #ffffff; FONT-FAMILY:
verdana,arial; TEXT-DECORATION: underline
}
.copyr {
FONT-SIZE: 10px; COLOR: #003399; FONT-FAMILY: verdana, arial, helvetica, universe, ms sans, default sans, default
}
.headline3 {font-family:verdana, arial, helvetica, universe, ms sans, default sans, default; font-size:14px; font-weight:bold; color:#000000;}

61
html/index.php Normal file
View file

@ -0,0 +1,61 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$_SERVER['REMOTE_USER']);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
?>
<html>
<head>
<title>Centralized Logging Framework</title>
</head>
<frameset cols="191,*" border="1" framespacing="0" frameborder="no">
<frame src="menu.php" name="nav" scrolling="no">
<frameset rows="*" border="0" framespacing="0">
<frame src="background.php" name="main" scrolling="yes">
</frameset>
</frameset>
<body background='images/background.gif');
<noframes>
<p></p>
</body>
</noframes>
</html>
<?php
dbdisconnect($sec_dbsocket);
?>

132
html/launch.php Normal file
View file

@ -0,0 +1,132 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
$actiontext="";
if ( ( $subaction == 1 ) && ( $action == "Save" ) && ( pgdatatrim($shortdesc) != "" ) && ( pgdatatrim($program) != "" ) ) {
addlaunch($dbsocket,$shortdesc,$longdesc,$program);
$actiontext="<font color=#FF0000>New record saved</FONT><BR>\n";
$launchid=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_ID","TLaunch_LongDesc='$longdesc'")));
$action = "Modify";
}
if ( ( $subaction == 2 ) && ( $action == "Save" ) && ( idexist($dbsocket,"Syslog_TLaunch","TLaunch_ID",$launchid) ) &&
( pgdatatrim($shortdesc) != "" ) ) {
updatelaunch($dbsocket,$launchid,$shortdesc,$longdesc,$program);
$actiontext="<font color=#FF0000>Record updated</FONT><BR>\n";
}
if ( ( $DeleteID == 1 ) && ( $subaction == 3 ) && ( $action == "Delete" ) &&
( idexist($dbsocket,"Syslog_TLaunch","TLaunch_ID",$launchid) ) ) {
if ( droplaunch($dbsocket,$launchid) ) {
$actiontext="<font color=#FF0000>Record deleted</FONT><BR>\n";
} else {
$actiontext="<font color=#FF0000>Delete FAILED!</FONT><BR>\n";
}
$action="Deleted";
}
if ( $action == "Add" ) {
$subaction = 1;
$launchid = "";
}
if ( $action == "Modify" ) {
if ( idexist($dbsocket,"Syslog_TLaunch","TLaunch_ID",$launchid) ) {
$subaction = 2;
$shortdesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_ShortDesc","TLaunch_ID=$launchid")));
$longdesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_LongDesc","TLaunch_ID=$launchid")));
$program=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_Program","TLaunch_ID=$launchid")));
} else {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
}
if ( $action == "Delete" ) {
if ( idexist($dbsocket,"Syslog_TLaunch","TLaunch_ID",$launchid) ) {
$subaction = 3;
$shortdesc=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TLaunch","TLaunch_ShortDesc","TLaunch_ID=$launchid")));
} else {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
}
do_header($PageTitle, 'launch');
openform("launch.php","post",2,1,0);
echo "<B>Equipment Type</B><BR>\n";
if ( $subaction != 3 ) {
echo "1. Enter Short Description(ie. HP Service Desk): ";
formfield("shortdesc","text",3,1,1,30,30,$shortdesc);
echo "1. Enter Long Description: ";
formfield("longdesc","text",3,1,1,40,250,$longdesc);
echo "1. Enter Program w/ Arguments: ";
formfield("program","text",3,1,1,40,128,$program);
formsubmit("Save",3,1,0);
formfield("subaction","hidden",3,1,0,200,200,$subaction);
if ( $launchid != "" ) { formfield("launchid","hidden",3,1,0,200,200,$launchid); }
closeform();
} else {
if ( ( $subaction == 3 ) && ( $action == "Delete" ) ) {
openform("launch.php","post",2,1,0);
formfield("launchid","Hidden",3,1,0,200,200,$launchid);
formfield("subaction","Hidden",3,1,0,10,10,$subaction);
echo "<font color=#FF0000 size=+2><B>Are you sure you want to delete $shortdesc? ";
php?>
<input type=radio name=DeleteID value=1>Yes
<input type=radio name=DeleteID value=0 checked>No</font><b><BR>
<?php
formsubmit("Delete",3,1,0);
closeform(1);
}
}
echo $actiontext;
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

340
html/license.txt Normal file
View file

@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

5
html/logout.php Normal file
View file

@ -0,0 +1,5 @@
<?
header('WWW-Authenticate: Basic realm="CLF Login"');
header('HTTP/1.0 401 Unauthorized');
?>
<h1>Logged Out</h1>

235
html/logwatch.php Normal file
View file

@ -0,0 +1,235 @@
<?
require_once('calendar.php');
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$_SERVER['REMOTE_USER']);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$time = time();
if (!isset($year)) {
$year = date('Y', $time);
}
if (!isset($month)) {
$month = date('n', $time);
} else {
if ($month == 0) {
$month = 12;
$year = $year -1;
}
if ($month == 13) {
$month = 1;
$year = $year +1;
}
}
do_header("Log Summary Reports", 'logwatch');
function echo_datelink($year, $month, $day) {
return "year=$year&month=$month&day=$day";
}
function display_ticks($req, $done) {
global $sec_dbsocket;
if ($done < $req) {
return "$done<img src=/images/no.gif>";
} else {
return "$done<img src=/images/ok.gif>";
}
}
if ($month < 1) {
$year = $year -1;
$month = 12 + $month;
}
if ($month > 12) {
$year = $year+1;
$month = $month - 12;
}
?>
<table width=100% border=1>
<?
if (!isset($view)) {
?>
<tr><td align=left><a href="?month=<? echo $month-6; ?>&year=<? echo $year; ?>">&lt Previous</a></td><td></td><td align=right><a href="?month=<? echo $month+6; ?>&year=<? echo $year; ?>">Next &gt</a></td></tr>
<?
}
if (!isset($view)) {
for ($loop1 = -5; $loop1 != 1; $loop1++) {
if (($loop1 == -5) || ($loop1 == -2)) {
echo "<tr>";
}
echo "<td>";
$myear = $year;
$tmp2 = $month + $loop1;
if ($tmp2 < 1) {
$myear = $myear -1;
$tmp2 = 12 + $tmp2;
}
if ($tmp2 > 12) {
$myear = $myear +1;
$tmp2 = $tmp2 - 12;
}
$myear2 = $myear;
$tmp = $tmp2 + 1;
if ($tmp > 12) {
$tmp = $tmp - 12;
}
$sql = "select date_part('day', date) as day, date_part('month', date) as month, * from syslog_tsummary lw, syslog_thost h where lw.host = h.thost_host and (date >= '$myear/$tmp2/01' and date < '$myear2/$tmp/01') order by date;";
$SQLQueryResults = pg_exec($dbsocket,$sql) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
$days = array();
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$host = $SQLQueryResultsObject->thost_id;
$tsid = $SQLQueryResultsObject->tsummary_id;
$sql2 = "select * from syslog_treview where tsummary_id = $tsid";
$SQLQueryResults2 = pg_exec($dbsocket, $sql2) or
die(pg_errormessage()."<BR>");
if ( ( $group >= 2 ) || ( (logincanseehost($dbsocket,$REMOTE_ID,$host)) && $group == 1 ) ) {
$myday = $SQLQueryResultsObject->day;
$today = date('d', $time);
$mnt2 = date('m', time());
if (($tmp2 < $mnt2) || ($today - $myday > 2)) {
if (@pg_numrows($SQLQueryResults2) < $SQLQueryResultsObject->log_reviewers) {
$var = array("?".echo_datelink($year, $tmp2, $myday), 'highlight-day');
} else {
$var = array("?".echo_datelink($year, $tmp2, $myday), 'light-day');
}
} else {
$var = array("?".echo_datelink($year, $tmp2, $myday), 'linked-day');
}
$days[$myday] = $var;
}
}
echo generate_calendar($myear, $tmp2, $days, 3);
echo "</td>";
if (($loop1 == -3) || ($loop1 == 0)) {
echo "</tr>";
}
}
if (isset($day)) {
$tmp2 = $month + 1;
$sql = "select date_part('day', date) as day, date_part('month', date) as month, * from syslog_tsummary lw, syslog_thost h where lw.host = h.thost_host and (date >= '$year/$month/01' and date < '$year/$tmp2/01') order by date;";
$SQLQueryResults = pg_exec($dbsocket,$sql) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
echo "<h2>Available Logwatch Reports on $day/$month/$year for ".sec_username($sec_dbsocket, $REMOTE_ID)." </h2>";
echo "</td></tr><tr><td>Host</td><td>Reviews Required</td><td>Reviews Performed</td></tr>";
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$host = $SQLQueryResultsObject->thost_id;
$hostname = $SQLQueryResultsObject->thost_host;
$reportid = $SQLQueryResultsObject->tsummary_id;
$revreq = $SQLQueryResultsObject->log_reviewers;
$sql2 = "select * from syslog_treview where tsummary_id = $reportid";
$SQLQueryResults2 = pg_exec($dbsocket, $sql2) or
die(pg_errormessage()."<BR>");
$cnt = @pg_numrows($SQLQueryResults2);
if ($SQLQueryResultsObject->day == $day) {
if ( ( $group >= 2 ) || ( (logincanseehost($dbsocket,$REMOTE_ID,$host)) && $group == 1 ) ) {
echo "<tr><td><a href=?view=$reportid&".echo_datelink($year, $month, $day).">$hostname</a></td><td>".$revreq."</td><td>".display_ticks($revreq, $cnt)."</td></tr>";
}
}
}
}
}
if (isset($view)) {
if (isset($action)) {
if ($action == 'Complete Review') {
if ($donerev == 0) {
$sql = "insert into syslog_treview (reviewer, date, tsummary_id, comments) values ($REMOTE_ID, 'NOW()', $view, '$comment')";
echo "<tr><td colspan=3 align=center><h2>Review Completed</h2></td></tr>";
} else {
$sql = "update syslog_treview set comments='$comment' where id=$donerev";
echo "<tr><td colspan=3 align=center><h2>Review Updated</h2></td></tr>";
}
pg_exec($dbsocket, $sql) or
die(pg_errormessage()."<BR>");
} else {
echo "<tr><td colspan=3 align=center><h2>Review Aborted</h2></td></tr>";
}
}
$sql = "select * from syslog_tsummary ts, syslog_thost h where ts.tsummary_id = $view and ts.host=h.thost_host order by ts.date";
$SQLQueryResults = pg_exec($dbsocket,$sql) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ($SQLNumRows > 0) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or
die(pg_errormessage()."<BR>\n");
$hostname = $SQLQueryResultsObject->thost_host;
$report = stripslashes(nl2br($SQLQueryResultsObject->data));
$date = $SQLQueryResultsObject->date;
$sql = "select * from syslog_treview where tsummary_id=$SQLQueryResultsObject->tsummary_id order by date";
$SQLQueryResults = pg_exec($dbsocket, $sql) or
die(pg_errormessage()."<BR>");
$numrows = pg_numrows($SQLQueryResults);
$mycomment = "";
$donerev = 0;
if ($numrows > 0 ) {
echo "<tr><th>Reviewer</th><th>Comments</th><th>Date</th></tr>";
}
for ($loop = 0; $loop != $numrows; $loop++) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults, $loop) or
die(pg_errormessage()."<BR>");
if ($SQLQueryResultsObject->reviewer == $REMOTE_ID) {
$mycomment = stripslashes($SQLQueryResultsObject->comments);
$donerev = $SQLQueryResultsObject->id;
}
$reviewer = sec_username($sec_dbsocket, $SQLQueryResultsObject->reviewer);
$comments = stripslashes(nl2br($SQLQueryResultsObject->comments));
$date = $SQLQueryResultsObject->date;
echo "<tr><td align=center>$reviewer</td><td align=left>$comments</td><td align=center>$date</td></tr>";
}
echo "<tr><td colspan=3><hr></td></tr><tr><td colspan=3><h3>Logwatch report for $hostname on $date</h3></td></tr>";
echo "<tr><td colspan=3 bgcolor=gray>$report</td></tr>";
}
/* now the feedback form only to update or insert one comment per reviewer*/
echo "<tr><td colspan=2>";
openform("logwatch.php", "post", 0, 0, 0);
formfield("donerev", "hidden", 3, 1, 0, 200, 200, $donerev);
formfield("view", "hidden", 3, 1, 0, 200, 200, $view);
if ($donerev > 0) {
echo "Update ";
}
echo "Reviewer Comments:<br><textarea rows=10 cols=70 name=comment>$mycomment</textarea></td><td>";
formsubmit("Complete Review");
echo "<br>";
formsubmit("Abort Review");
closeform();
echo "</td></tr>";
}
?>
</td></tr></table>
<?php
do_footer();
?>

274
html/maintenance.php Normal file
View file

@ -0,0 +1,274 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, 'maintenance');
$actiontext="";
echo "$action<BR>\n";
if ( $action == "Reindex SMT Instance" ) {
echo "Reindexing all indexes....";
$SQLQuery="select indexrelname from pg_statio_all_indexes where pg_statio_all_indexes.schemaname='public' order by indexrelname";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
for ( $loop=0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$starttime=time();
$SQLQuery="reindex index $SQLQueryResultsObject->indexrelname;";
$TempSQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($TempSQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
$endtime=time();
echo "Reindex of $SQLQueryResultsObject->indexrelname done in " . ($starttime - $begintime) . " seconds.<BR>\n " ;
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Finished!<BR>\n";
}
if ( $action == "Reindex TSyslog" ) {
echo "Reindexing TSyslog....";
$SQLQuery="reindex index tsyslog_pkey ; reindex index host_Idx ;reindex index TSyslogDateTime_IDX ; reindex index TSyslHostID_Idx ; ";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Finished!<BR>\n";
}
if ( $action == "Reindex Syslog_TArchive" ) {
echo "Reindexing Syslog_TArchive....";
$SQLQuery="reindex index syslog_tarchive_pkey ; reindex index archhost_idx ; reindex index tarchdatetime_idx ;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Finished!<BR>\n";
}
if ( $action == "Vacuum Entire Database" ) {
echo "Conducting Vacuum....";
$SQLQuery="vacuum ANALYZE";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Finished!<BR>\n";
}
if ( $action == "Analyze TSyslog Table" ) {
echo "Conducting Analyze of TSyslog....";
$SQLQuery="ANALYZE TSyslog";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Finished!<BR>\n";
}
if ( $action == "Analyze Syslog_TArchive Table" ) {
echo "Conducting Analyze of Syslog_TArchive....";
$SQLQuery="ANALYZE Syslog_TArchive";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Finished!<BR>\n";
}
if ( $action == "FULL Vacuum Entire Database" ) {
echo "Conducting Full Vacuum of Entire Database....";
$SQLQuery="VACUUM FULL ANALYZE";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery);
die(pg_errormessage() . "<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Finished!<BR>\n";
}
if ( ( $action == "View Unprocessed Log Breakdown" ) || ( $action == "View Archive Log Breakdown" ) ) {
if ( $action == "View Unprocessed Log Breakdown" ) {
$SQLQuery="select count(tsyslog_id), host from TSyslog group by host order by host";
}
if ( $action == "View Archive Log Breakdown" ) {
$SQLQuery="select count(tsyslog_id), host from Syslog_TArchive group by host order by host";
}
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
echo "<TABLE COLS=2 BORDER=1><TR><TD width=1><B>Host</B></TD><TD width=1><B># of Records</B></TR>\n";
for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$HostID=$hostid = relatedata($dbsocket,"Syslog_THost","THost_ID","THost_Host='$SQLQueryResultsObject->host'");
if ( $HostID > 0 ) {
$HostProcessed=relatedata($dbsocket,"syslog_tprocessorprofile","THost_ID","THost_ID='$HostID'");
} else {
$HostProcessed=0;
}
if ( $HostID > 0 ) {
if ( $HostProcessed > 0 ) {
echo "<TR><TD>$SQLQueryResultsObject->host</TD><TD>$SQLQueryResultsObject->count</TD></TR>\n";
} else {
echo "<TR><TD><FONT COLOR=#FF8800>$SQLQueryResultsObject->host</FONT></TD><TD>$SQLQueryResultsObject->count</TD></TR>\n";
}
} else {
echo "<TR><TD><FONT COLOR=#FF0000>$SQLQueryResultsObject->host</FONT></TD><TD>$SQLQueryResultsObject->count</TD></TR>\n";
}
}
echo "</TABLE><BR>\n";
}
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
if ( $action == "Display Database Confguration" ) {
echo "<B>$action</B><BR>\n";
$SQLQuery="select * from pg_settings";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
echo "<TABLE COLS=6 BORDER=1><TR><TD><B>Name</B></TD><TD align=center width=1><B>Setting</B></TD><TD align=center width=1><B>Context</B></TD><TD align=center width=1><B>Vartype</B></TD><TD><B>Source</B></TD><TD align=center width=1><B>Min_Val</B></TD><TD align=center width=1><B>Max_Val</B></TD></TR>\n";
for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
echo "<TR><TD>$SQLQueryResultsObject->name</TD><TD align=center width=1>$SQLQueryResultsObject->setting</TD><TD align=center width=1>$SQLQueryResultsObject->context</TD><TD align=center width=1>$SQLQueryResultsObject->vartype</TD><TD>$SQLQueryResultsObject->source</TD><TD align=center width=1>$SQLQueryResultsObject->min_val</TD><TD align=center width=1>$SQLQueryResultsObject->max_val</TD></TR>\n";
}
echo "</TABLE><BR>\n";
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
if ( $action == "Display Current Locks" ) {
echo "<B>$action</B><BR>\n";
$SQLQuery="select * from pg_locks;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
echo "<TABLE COLS=6 BORDER=1><TR><TD width=1><B>Relation</B></TD><TD width=1><B>Database</B></TD><TD width=1><B>Transaction</B></TD><TD width=1><B>PID</B></TD><TD width=1><B>Mode</B></TD><TD width=1><B>Granted</B></TD></TR>\n";
for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
echo "<TR><TD width=1>$SQLQueryResultsObject->relation</TD><TD width=1>$SQLQueryResultsObject->database</TD><TD width=1>$SQLQueryResultsObject->transaction</TD><TD width=1>$SQLQueryResultsObject->pid</TD><TD width=1>$SQLQueryResultsObject->mode</TD><TD width=1>$SQLQueryResultsObject->granted</TD></TR>\n";
}
echo "</TABLE><BR>\n";
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
if ( ( $action == "Display Index Usage" ) || ( $action == "Display Relavent Table Usage" ) || ( $action == "Display SMT Table Usage" ) ) {
echo "<B>$action</B><BR>\n";
$condition="";
$total=0;
if ( $action == "Display Index Usage" ) {
$SQLQuery="SELECT c2.relname, c2.relpages, c2.relkind FROM pg_class c, pg_class c2, pg_index i where c.oid = i.indrelid AND c2.oid = i.indexrelid ORDER BY c2.relname";
$title="Index Name";
}
if ( $action == "Display SMT Table Usage" ) {
$SQLQuery="select relname, relpages,relkind from pg_class where relkind='r' order by relname;";
$condition = "syslog";
$title="Table Name";
}
if ( $action == "Display Relavent Table Usage" ) {
$SQLQuery="SELECT relname, relpages,relkind FROM pg_class ORDER BY relpages;";
$title="Object Name";
}
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
echo "<TABLE COLS=2 BORDER=1><TR><TD width=1><B>$title</B></TD><TD width=1><B>Size(bytes)</B><TD width=1><B>Type</B></TD></TR>\n";
for ( $loop = ($SQLNumRows - 1) ; $loop != -1 ; $loop-- ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
if ( $condition != "" ) {
if ( ereg($condition,$SQLQueryResultsObject->relname) ) {
echo "<TR><TD>$SQLQueryResultsObject->relname</TD><TD>" . number_format($SQLQueryResultsObject->relpages * 8192) . "</TD><TD align=center>";
if ( $SQLQueryResultsObject->relkind == 'r' ) { echo "Table";}
if ( $SQLQueryResultsObject->relkind == 'i' ) { echo "Index";}
if ( $SQLQueryResultsObject->relkind == 'S' ) { echo "Sequence";}
if ( $SQLQueryResultsObject->relkind == 'v' ) { echo "View";}
if ( $SQLQueryResultsObject->relkind == 'c' ) { echo "Composite";}
if ( $SQLQueryResultsObject->relkind == 's' ) { echo "Special";}
if ( $SQLQueryResultsObject->relkind == 't' ) { echo "Toast";}
echo "</TD></TR>\n";
$total = $total + $SQLQueryResultsObject->relpages * 8192;
}
} else {
echo "<TR><TD>$SQLQueryResultsObject->relname</TD><TD>" . number_format($SQLQueryResultsObject->relpages * 8192) . "</TD><TD align=center>";
if ( $SQLQueryResultsObject->relkind == 'r' ) { echo "Table";}
if ( $SQLQueryResultsObject->relkind == 'i' ) { echo "Index";}
if ( $SQLQueryResultsObject->relkind == 'S' ) { echo "Sequence";}
if ( $SQLQueryResultsObject->relkind == 'v' ) { echo "View";}
if ( $SQLQueryResultsObject->relkind == 'c' ) { echo "Composite";}
if ( $SQLQueryResultsObject->relkind == 's' ) { echo "Special";}
if ( $SQLQueryResultsObject->relkind == 't' ) { echo "Toast";}
echo "</TD></TR>\n";
$total = $total + $SQLQueryResultsObject->relpages * 8192;
}
}
echo "<TR><TD align=right><B>Total:</B></TD><TD>" . number_format($total) . "</TD></TR>\n";
echo "</TABLE><BR>\n";
}
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
closeform();
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

143
html/menu.php Normal file
View file

@ -0,0 +1,143 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$_SERVER['REMOTE_USER']);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$mrtg=0;
$acid=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=4; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'MRTG');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $mrtg=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'ACID');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $acid=1; }
$dbsocket=dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group == 0 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$HeaderText="<a href=http://www.csc.com/ target='main'><img width = 120 src=images/title.png></a><BR><BR>";
$FooterText="<TR><TD WIDTH=" . LEFTWIDTH . "><font face='Arial, Helvetica, sans-serif' size='-2'><BR>Version " . SMTVER . "<BR>&copy; Copyright 2004 Computer Sciences Corporation</font></TD></TR>\n";
$PageTitle="Centralized Logging Server";
?>
<HTML>
<HEAD>
<TITLE>
<?php echo $PageTitle; ?>
</TITLE>
<LINK REL="Stylesheet" HREF="include_main.css" type="text/css">
</HEAD>
<BODY background='images/background.gif' topMargin=0 MARGINWIDTH="0" MARGINHEIGHT="0" leftMargin=0>
<TABLE cellSpacing=0 cellPadding=0 width=100% border=0>
<TBODY>
<TR>
<TD vAlign=top width=190>
<TABLE cellSpacing=0 cellPadding=0 width=100% border=0>
<TBODY>
<TR>
<TD><A href="http://www.csc.com/" target=_new><IMG height=64 alt="CSC Home Page"
src="images/Px_Clear.gif" width=190 border=0></A></TD></TR>
<TR>
<TD>
<TABLE id=countrySel cellSpacing=0 cellPadding=0 border=0 width=100%>
<TBODY>
<TR>
<TD bgColor=#cccccc><IMG height=6 src="images/over_nav_qing.gif" width=190 border=0></TD></TR></TBODY></TABLE></TD></TR>
</TBODY></TABLE></TD>
<!-- Vertical White line between nav and rest of home page -->
<TD width=1 vAlign=bottom bgColor=#cc0000><IMG alt="" src="images/blue.gif" width=1
border=0></td>
</tr><tr height=1000><td vAlign=top>
<?php
// echo $HeaderText;
echo "<table>";
echo "<TR><TD WIDTH=" . LEFTWIDTH . "><b>Log Options</b><BR>";
if ( $group >= 1 ) {
echo tabs(2) . "<tr><td WIDTH=" . LEFTWIDTH . "><LI><a href=1stview.php target='main'>Syslogs</a></TD></TR>";
echo tabs(2) . "<tr><TD WIDTH=" . LEFTWIDTH . "><LI><A HREF=1stfilter.php target='main'>Filters</A></TD></TR>";
echo tabs(2) . "<tr><TD WIDTH=" . LEFTWIDTH . "><LI><A HREF=logwatch.php target='main'>Reports</A></TD></TR>";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1stalertview.php target='main'>Alerts</a></TD></TR>";
if ( userhasruleaccess ($dbsocket,$REMOTE_ID) ) {
echo "<TR><TD><BR><b>Administration</B></TD></TR>";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1strule.php target='main'>Rules</a></TD></TR>\n";
}
}
if ( $group >= 2 ) {
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1stsaves.php target='main'>View Saved Logs</A></TD></TR>";
}
echo "</TR>";
if ( $group >= 3 ) {
echo "<TR><TD><BR><b>Administration</B></TD></TR>";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1sthost.php target='main'>Hosts</a></TD></TR>";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1strule.php target='main'>Rules</a></TD></TR>\n";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1stcustomer.php target='main'>Customers</a></TD></TR>";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1stprocessor.php target='main'>Processors</a></TD></TR>\n";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1stequiptype.php target='main'>Equip. Types</a></TD></TR>\n";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1stlaunch.php target='main'>Launch Programs</a></TD></TR>\n";
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=1stmaint.php target='main'>System Maint.</a></TD></TR>\n";
}
if ( $group >= 4 ) {
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=../admin/index.php target='main'>Security Framework</a></TD></TR>\n";
}
if ( $mrtg || $acid ) {
echo "<TR><TD><BR><b>Other Applications</B></TD></TR>";
if ( $mrtg ) {
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=/cgi-bin/14all.cgi target='main'>MRTG Graphs</a></TD></TR>";
}
if ( $acid ) {
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=/login/acid/ target='main'>A.C.I.D.</a></TD></TR>";
}
}
echo tabs(2) . "<TR><TD WIDTH=" . LEFTWIDTH . "><LI><a href=logout.php target=_top>Logout</a></TD></TR>";
echo $FooterText;
echo "</TABLE>\n";
?>
</td>
<TD width=1 vAlign=bottom bgColor=#cc0000><IMG alt="" src="images/blue.gif" width=1
border=0></td>
</tr></table>
</BODY>
</HTML>
<?php
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
?>

159
html/old1stview.php Normal file
View file

@ -0,0 +1,159 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group == 0 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
$HeaderText="<font size=+1><B>Syslog Management</B></font><BR><BR>";
$FooterText="<font face='Arial, Helvetica, sans-serif' size='-2'><BR>Version " . SMTVER . "<BR>&copy; Jeremy M. Guthrie All rights reserved.</font>\n";
$PageTitle="Syslog Management Tool";
?>
<HTML>
<HEAD>
<TITLE>
<?php echo $PageTitle; ?>
</TITLE>
</HEAD>
<?php
startbody();
echo $HeaderText;
$month=date("M",time());
$day=date("d",time());
$year=date("Y",time());
$hour=date("G",time());
$minute=date("i",time());
if ( $group >= 1 ) {
openform("view.php","post",2,1,0);
echo "<B>View Specific Time Frame</B><BR><BR>\n";
echo "1. Select View Type: ";
echo "<TABLE COLS=2 BORDER=1><TR><TD><input type=radio name=datatype value=1 checked></TD><TD>Host: ";
hostdropdown ($dbsocket, $sec_dbsocket, "hostid", $REMOTE_ID,$group);
crbr(1,0);
echo "</TD></TR>";
if ( $group >= 2 ) {
echo "<TR><TD width=20><input type=radio name=datatype value=4></TD><TD>By Group and By Host Type (Select Below)</TD></TR>\n";
}
echo "<TR><TD width=20><input type=radio name=datatype value=2></TD><TD>Host Type: ";
if (! isset($typeid)) {
$typeid = '';
}
premadetypedropdown ($dbsocket, "typeid",0,0,1,1,$typeid);
echo "</TD><TR>";
if ( $group >= 2 ) {
echo "</TD><TD width=20><input type=radio name=datatype value=3></TD><TD>Group: ";
$groupid=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
userdropdownbox ($sec_dbsocket,"userid",2,1,0,1,"",$groupid);
echo "</TD></TR>\n";
}
echo "</table>2. Select Time Range:<br><table border=1 width=100%><TR><TD>";
echo "Start Date:</TD><TD>";
monthdropdown ("month",0,0,0,1,$month);
echo "/";
daydropdown("day",0,0,0,1,$day);
echo "/";
yeardropdown("year",0,0,0,1,$year);
echo " Time: ";
hourdropdown("hour", 0, 0, 0, 1, $hour);
echo ":";
minutedropdown("minute", 0, 1, 1, $lines=1, $minute);
echo "</TD></TR><tr><td><input type=radio name=durtype value=1 checked>Duration:</td><td>";
durationdropdown("duration");
echo "</td></tr><tr><td><input type=radio name=durtype value=2>";
echo "End Date:</TD><TD>";
monthdropdown ("emonth",0,0,0,1,$month);
echo "/";
daydropdown("eday",0,0,0,1,$day);
echo "/";
yeardropdown("eyear",0,0,0,1,$year);
echo " Time: ";
hourdropdown("ehour", 0, 0, 0, 1, $hour);
echo ":";
minutedropdown("eminute", 0, 1, 1, $lines=1, $minute);
echo "</TD></TR>";
echo "<TR><TD><input type=radio name=durtype value=3>View Data From Last Minutes:</TD><TD><input type='text' name='lastfive' value = '' size='4'></TD></TR></table>";
echo "<table border = 1><TR><TD>Page Breaks:</TD><TD>Yes<input type='radio' name='pagebreak' value='1' checked>";
echo " No<input type='radio' name='pagebreak' value='0'></TD></TR>";
echo "<TR><TD>Lines/Page:</TD><TD>";
pagesize("pagesize",2,1);
echo "</TD></TR></TABLE>";
formfield("viewtype","Hidden",3,1,0,10,10,2);
echo "Choose Filter Type(Optional)<BR><TABLE BORDER=1><TR><TD>";
echo "<input type=radio name=regexpinclude[] value=0 checked>Exclude ";
echo "<input type=radio name=regexpinclude[] value=1>Include<BR>\n";
echo "Regular Expression Filter: ";
formfield("regexp[]","text",3,1,1,20,40);
echo "</TD></TR><TR><TD>\n";
echo "<input type='checkbox' name='filter' value='1'>Use Premade Filter: ";
filterdropdown ($dbsocket,"filterid",$REMOTE_ID);
echo "</TR><TR><TD>Filter Type: <input type=radio name=filterorlevel[] value=1 checked>Expression ";
echo "<input type=radio name=filterorlevel[] value=3>Facility & Severity ";
echo "<input type=radio name=filterorlevel[] value=2>Expression w/ Facility & Severity";
echo "</TD></TR><TR><TD>";
echo "Facility Range: ";
facilitydropdown("startfacility[]",1,0,0,1,0);
echo " to ";
facilitydropdown("stopfacility[]",1,0,0,1,23);
echo "</TD></TR><TR><TD>Severity Range: ";
severitydropdown("startseverity[]",1,0,0,1,0);
echo " to ";
severitydropdown("stopseverity[]",1,0,0,1,7);
echo "</TD></TR></TABLE>\n";
formsubmit("View",3,1,1);
closeform();
crbr(1,1);
}
$endtime=time();
echo "Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
echo $FooterText;
?>
</BODY>
</HTML>
<?php
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
?>

182
html/processor.php Normal file
View file

@ -0,0 +1,182 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( $group != 3 ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
if ( $action == "Delete" ) {
$hosttype=2;
}
if ( $action == "Add" ) {
$hostid="";
unset($host);
}
if ( $action== "Save" ) {
if ( idexist($dbsocket,"Syslog_THost","THost_ID",$hostid) ) {
if ( ! assignedtoprocessor($dbsocket,$hostid) ) { addprocessorprofile($dbsocket,$userid,$hostid); }
}
}
if ( $action== "Delete" ) {
if ( idexist($dbsocket,"Syslog_TProcessorProfile","TProcessorProfile_ID",$id) ) {
dropprocessorprofile($dbsocket,$id);
}
}
if ( $action== "Toggle Suspension" ) {
if ( idexist($dbsocket,"syslog_tsuspend","tlogin_id",$userid) ) {
deletesuspend($dbsocket,$userid);
} else {
addsuspend($dbsocket,$userid);
}
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, 'processor');
echo "<B>Processor Account: " . sec_username($sec_dbsocket,$userid) . "</B><BR>\n";
echo "<BR>Status: ";
if ( idexist($dbsocket,"Syslog_TSuspend","TLogin_ID",$userid) ) {
echo "<font color=#FF0000><B>SUSPENDED</B></FONT><BR><BR>\n";
} else {
echo "Not Suspended<BR><BR>\n";
}
if ( $action == "Clear Stale Processor" ) {
if ( ($testmailid = ismailopen($dbsocket,$userid) ) && ( idexist($sec_dbsocket,"Secframe_TLogin","TLogin_ID",$userid) ) ) {
if ( ! $subaction ) {
openform("processor.php","post",2,1,0);
formfield("userid","Hidden",3,1,0,200,200,$userid);
formfield("subaction","Hidden",3,1,0,10,10,1);
echo "<font color=#FF0000 size=+2><B>Are you sure you want to clear stale processor : " . sec_username($sec_dbsocket,$userid) . "? ";
php?>
<input type=radio name=Sure value=1>Yes
<input type=radio name=Sure value=0 checked>No</font><b><BR>
<?php
formsubmit("Clear Stale Processor",3,1,0);
closeform(1);
} else {
if ( $Sure) {
$maildate=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TMail","TMail_Date","TMail_ID=$testmailid")));
$mailtime=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TMail","TMail_Time","TMail_ID=$testmailid")));
$SQLQuery="select distinct TProcess_ID,Syslog_TProcess.THost_ID from Syslog_TProcess,Syslog_TProcessorProfile where ( ( Syslog_TProcessorProfile.TLogin_ID=$userid ) and ( Syslog_TProcessorProfile.THost_ID=Syslog_TProcessorProfile.THost_ID) )";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
$PurgeQuery="Begin ; ";
if ( $SQLNumRows ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."\n");
$cleanid=stripslashes(pgdatatrim($SQLQueryResultsObject->tprocess_id));
$cleanhost=gethost($dbsocket,stripslashes(pgdatatrim($SQLQueryResultsObject->thost_id)));
$PurgeQuery = $PurgeQuery . "delete from Syslog_TAlert where Syslog_TAlert.TSyslog_ID=TSyslog.TSyslog_ID and TSyslog.TSyslog_ID > $cleanid and TSyslog.host='$cleanhost' ; ";
$PurgeQuery = $PurgeQuery . "delete from Syslog_TArchive where TSyslog_ID > $cleanid and host='$cleanhost' ; ";
}
$PurgeQuery = $PurgeQuery . "commit ; ";
$PurgeSQLQueryResults = pg_exec($dbsocket,$PurgeQuery) or
die(pg_errormessage()."\n");
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "\n");
cleanemail($dbsocket,$testmailid);
clearlaunchqueue($dbsocket,$testmailid);
closeopenmail($dbsocket,$testmailid);
}
if ( $PurgeSQLQueryResults ) {
echo "<BR><B>SUCCESS!!</B><BR>\n";
pg_freeresult($PurgeSQLQueryResults) or
die(pg_errormessage() . "\n");
} else {
echo "<BR><B><font color=#FF0000 size=+2>FAIlED!!</font></B><BR>\n";
pg_freeresult($PurgeSQLQueryResults) or
die(pg_errormessage() . "\n");
}
}
} else {
echo "<BR><B>The processor you've selected is not stale!</B><BR><BR>\n";
}
} else {
openform("processor.php","post",2,1,0);
formfield("userid","Hidden",3,1,0,200,200,$userid);
formsubmit("Toggle Suspension",3,1,1);
closeform();
echo "<TABLE border=2>";
echo "<TR><TD><B>Action</B></TD><TD><B>Host</B></TD></TR>\n<TR><TD ALIGN=CENTER VALIGN=CENTER>";
openform("processor.php","post",2,1,0);
formsubmit("Save",3,1,0);
echo "</TD><TD ALIGN=CENTER VALIGN=CENTER>";
hostdropdown ($dbsocket, $sec_dbsocket,"hostid",$REMOTE_ID,$group,0,0,0,1,"",1);
echo "</TD></TR>\n";
formfield("userid","Hidden",3,0,0,10,10,$userid);
closeform();
/* $SQLQuery="select * from Syslog_TProcessorProfile where TLogin_ID=$userid"; */
$SQLQuery="select TProcessorProfile_ID,Syslog_THost.THost_Host from Syslog_TProcessorProfile where Syslog_TProcessorProfile.TLogin_ID=$userid and Syslog_TProcessorProfile.THost_ID=Syslog_THost.THost_ID order by Syslog_THost.THost_Host";
$SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
echo "<TR><TD><B>Action</B></TD><TD><B>Host</B></TD></TR>\n";
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->tprocessorprofile_id));
$host=pgdatatrim($SQLQueryResultsObject->thost_host);
echo "<TR><TD ALIGN=CENTER VALIGN=CENTER>";
openform("processor.php","post",2,1,0);
echo '<input type="submit" name=action value="Delete">';
echo "</TD><TD VALIGN=CENTER>$host</TD></TR>";
formfield("userid","Hidden",3,1,0,10,10,$userid);
formfield("id","Hidden",3,1,0,10,10,$id);
formfield("host","Hidden",3,1,0,10,128,$host);
closeform();
}
}
echo "</TABLE>";
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

533
html/reports/cisco-pix-bandwidthbreakdown.php Normal file
View file

@ -0,0 +1,533 @@
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
if ( $SERVER_PORT != 443 ) {
echo "This page must be accessed with SSL<BR>\n";
exit;
}
require_once('/opt/apache/htdocs/login/lib/pgsql.php');
require_once('/opt/apache/htdocs/login/lib/generalweb.php');
require_once('/opt/apache/htdocs/login/lib/secframe.php');
require_once('/opt/apache/htdocs/login/lib/pix.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$HeaderText="<font size=+1><B>Reports</B></font><BR><BR>\n";
$FooterText="<font face='Arial, Helvetica, sans-serif' size='-2'><BR>Version " . SMTVER . "<BR>&copy; Jeremy M. Guthrie All rights reserved.</font>\n";
$PageTitle="Syslog Management Tool";
$totalrows=0;
$ftpcount=0;
$ftp=0;
$httpcount=0;
$http=0;
$https=0;
$httpscount=0;
$dnsudpcount=0;
$dnsudp=0;
$dnstcpcount=0;
$dnstcp=0;
$telnet=0;
$telnetcount=0;
$ssh=0;
$sshcount=0;
/* Port 25 tcp */
$smtp=0;
$smtpcount=0;
/* Port 465 tcp */
$smtps=0;
$smtpscount=0;
/* Port 161 udp */
$snmp=0;
$snmpcount=0;
/* Port 162 udp */
$snmptrap=0;
$snmptrapcount=0;
$gopher=0;
$gophercount=0;
/* Port 110 tcp */
$pop3=0;
$pop3count=0;
/* Port 995 tcp */
$pop3s=0;
$pop3scount=0;
$nntp=0;
$nntpcount=0;
$ntp=0;
$ntpcount=0;
/* 69 udp */
$tftp=0;
$tftpcount=0;
/* Port 143 */
$imap=0;
$imapcount=0;
/* Port 993 */
$imaps=0;
$imapscount=0;
/* Port 135 */
$locservudp=0;
$locservudpcount=0;
$locservtcp=0;
$locservtcpcount=0;
/* Port 137 */
$netbiosnsudp=0;
$netbiosnsudpcount=0;
$netbiosnstcp=0;
$netbiosnstcpcount=0;
/* Port 138 */
$netbiosdgmudp=0;
$netbiosdgmudpcount=0;
$netbiosdgmtcp=0;
$netbiosdgmtcpcount=0;
/* Port 139 */
$netbiosssnudp=0;
$netbiosssnudpcount=0;
$netbiosssntcp=0;
$netbiosssntcpcount=0;
/* Other */
$othertcp=0;
$othertcpcount=0;
$otherudp=0;
$otherudpcount=0;
$other=0;
$othercount=0;
$goodrows=0;
if ( ( $group < 2 ) && ( $datatype > 3 ) ) { $datatype = 1; }
$time1=$hour . ":" . $minute . ":00";
$date1=$month . "-" . $day . "-" . $year;
$date2=$month2 . "-" . $day2 . "-" . $year2;
$time2=$hour2 . ":" . $minute2 . ":00";
for ( $loop = 1 ; $loop != 13 ; $loop++ ) {
if ( $month == date("M",mktime(0,0,0,$loop,1,2002)) ) {
$timestamp=mktime($hour,$minute,0,$loop,$day,$year);
}
}
for ( $loop = 1 ; $loop != 13 ; $loop++ ) {
if ( $month2 == date("M",mktime(0,0,0,$loop,1,2002)) ) {
$timestamp2=mktime($hour2,$minute2,0,$loop,$day2,$year2);
}
}
$BaseSQLQuery="select TSyslog_ID, TSyslog.date, TSyslog.Time, TSyslog.host, TSyslog.message, TSyslog.Severity, TSyslog.Facility from TSyslog";
$alldata=0;
%>
<HTML>
<HEAD>
<TITLE>
<% echo $PageTitle; %>
</TITLE>
</HEAD>
<%
$firsttimethrough=1;
while ( ! $alldata ) {
$SQLQuery = $BaseSQLQuery;
if ( $datatype == 1 ) {
$host=gethost($dbsocket,$hostid);
$SQLQuery = $SQLQuery . " where host='$host' and ";
}
if ( $datatype == 2 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where TSyslog.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and ";
}
if ( $datatype == 3 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID and ";
}
if ( $datatype == 4 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " .
"( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " .
"( TSyslog.host=Syslog_THost.THost_Host ) and " .
"( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " .
"( Syslog_THost.TPremadeType_ID=$typeid ) and ";
}
if ( ! $firsttimethrough ) {
$date1=$newstartdate;
$time1=$newstarttime;
$temphour=substr($time1,0,2);
$tempmin=substr($time1,3,2);
$tempsec=substr($time1,6,2);
$tempyear=substr($date1,0,4);
$tempmonth=substr($date1,5,2);
$tempday=substr($date1,8,2);
$tempday=$tempday + 1 ;
$tempday=$tempday - 1 ;
$timestamp=mktime($temphour,$tempmin,$tempsec,$tempmonth,$tempday,$tempyear);
$tempmonth = date("M",mktime(0,0,0,$tempmonth,1,2002));
$date1=$tempmonth . "-" . $tempday . "-" . $tempyear;
}
if ( $date1 == $date2 ) {
$SQLQueryDate="date = '$date1' and ( time >= '$time1' and time <= '$time2')";
}
if ( ( ( date("z",$timestamp2) - date("z",$timestamp) ) == 1 ) && ( $year1 == $year2 ) ) {
$SQLQueryDate="( ( date = '$date1' and time >= '$time1' ) or " .
"( date = '$date2' and time <= '$time2' ) ) ";
}
if ( ( date("z",$timestamp2) - date("z",$timestamp) ) > 1 ) {
$SQLQueryDate=" ( ( date = '$date1' and time >= '$time1' ) or " .
"( date > '$date1' and date < '$date2' ) or " .
"( date = '$date2' and time <= '$time2' ) )";
}
if ( ! $firsttimethrough ) {
$SQLQuery = $SQLQuery . $SQLQueryDate . " and tsyslog_id > $lastid order by date, time, TSyslog_ID limit 50";
} else {
$SQLQuery = $SQLQuery . $SQLQueryDate . " order by date, time, TSyslog_ID limit 50";
}
echo " ";
if ( $timestamp <= $timestamp2 ) {
echo "SQL Query: $SQLQuery<BR>\n";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
} else {
$SQLNumRows = 0;
}
$totalrows = $totalrows + $SQLNumRows;
if ( ( $SQLNumRows == 0 ) || ( $SQLNumRows < 50 ) ) {
$alldata = 1 ;
} else {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,49) or
die(pg_errormessage()."<BR>\n");
$newstartdate=pgdatatrim($SQLQueryResultsObject->date);
$newstarttime=pgdatatrim($SQLQueryResultsObject->time);
$lastid=pgdatatrim($SQLQueryResultsObject->tsyslog_id);
}
$firsttimethrough=0;
if ( $SQLNumRows != 0 ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$host=pgdatatrim($SQLQueryResultsObject->host);
$message=pgdatatrim($SQLQueryResultsObject->message);
$date=pgdatatrim($SQLQueryResultsObject->date);
$time=pgdatatrim($SQLQueryResultsObject->time);
if ( $reporttype == 3 ) {
if ( ereg("^%PIX-6-302002",$message) ) {
$goodrows++;
$stringtoken = strtok($message," \\");
$count=0;
while ( $stringtoken ) {
$count++;
$stringtoken = strtok(" \\");
switch ($count) {
case 2:
$protocol=$stringtoken;
break;
case 6:
$faddr=$stringtoken;
$faddrport=substr(strstr($faddr,'/'),1);
$faddr=substr($faddr,0,(strlen($faddr) - (strlen($faddrport) + 1)));
break;
case 8:
$gaddr=$stringtoken;
$gaddrport=substr(strstr($gaddr,'/'),1);
$gaddr=substr($gaddr,0,(strlen($gaddr) - (strlen($gaddrport) + 1)));
break;
case 10:
$laddr=$stringtoken;
$laddrport=substr(strstr($laddr,'/'),1);
$laddr=substr($laddr,0,(strlen($laddr) - (strlen($laddrport) + 1)));
break;
case 12:
$duration=$stringtoken;
break;
case 14:
$bytes=$stringtoken;
break;
}
}
$workport=0;
if ( $laddrport < 1024 ) { $workport = $laddrport;
} else {
if ( $faddrport < 1024 ) { $workport = $faddrport; }
}
if ( $workport == 0 ) { $workport = $laddrport; }
/* Time to Add Protocols Up */
$counted=0;
if ( $protocol == "TCP" ) {
switch ($workport) {
case 20:
case 21:
$ftpcount++;
$ftp = $ftp + $bytes;
$counted=1;
break;
case 22:
$sshcount++;
$ssh = $ssh + $bytes;
$counted=1;
break;
case 23:
$telnetcount++;
$telnet = $telnet + $bytes;
$counted=1;
break;
case 25:
$smtpcount++;
$smtp = $smtp + $bytes;
$counted=1;
break;
case 53:
$dnstcpcount++;
$dnstcp = $dnstcp + $bytes;
$counted=1;
break;
case 70:
$gophercount++;
$gopher = $gopher + $bytes;
$counted=1;
$break;
case 80:
$httpcount++;
$http = $http + $bytes;
$counted=1;
break;
case 110:
$pop3count++;
$pop3 = $pop3 + $bytes;
$counted=1;
break;
case 119:
$nntpcount++;
$nntp = $nntp + $bytes;
$counted=1;
break;
case 135:
$locservtcpcount++;
$locservtcp = $locservtcp + $bytes;
$counted=1;
break;
case 137:
$netbiosnstcpcount++;
$netbiosnstcp = $netbiosnstcp + $bytes;
$counted=1;
break;
case 138:
$netbiosdgmtcpcount++;
$netbiosdgmtcp = $netbiosdgmtcp + $bytes;
$counted=1;
break;
case 139:
$netbiosssntcpcount++;
$netbiosssntcp = $netbiosssntcp + $bytes;
$counted=1;
break;
case 143:
$imapcount++;
$imap = $imap + $bytes;
$counted=1;
break;
case 443:
$httpscount++;
$https = $https + $bytes;
$counted=1;
break;
case 465:
$smtpscount++;
$smtps = $smtps + $bytes;
$counted=1;
break;
case 993:
$imapscount++;
$imaps = $imaps + $bytes;
$counts=1;
break;
case 995:
$pop3scount++;
$pop3s = $pop3s + $bytes;
$counted=1;
break;
default:
$counted=1;
$othertcpcount++;
$othertcp = $othertcp + $bytes ;
break;
}
}
if ( $protocol == "UDP" ) {
switch ($workport) {
case 53:
$dnsudpcount++;
$dnsudp = $dnsudp + $bytes;
$counted=1;
break;
case 69:
$tftpcount++;
$tftp = $tftp + $bytes;
$counted=1;
break;
case 135:
$locservudpcount++;
$locservudp = $locservudp + $bytes;
$counted=1;
break;
case 137:
$netbiosnsudpcount++;
$netbiosnsudp = $netbiosnsudp + $bytes;
$counted=1;
break;
case 138:
$netbiosdgmudpcount++;
$netbiosdgmudp = $netbiosdgmudp + $bytes;
$counted=1;
break;
case 139:
$netbiosssnudpcount++;
$netbiosssnudp = $netbiosssnudp + $bytes;
$counted=1;
break;
case 161:
$snmpcount++;
$snmp = $snmp + $bytes;
$counted=1;
break;
case 162:
$snmptrapcount++;
$snmptrap = $snmptrap + $bytes;
$counted=1;
break;
default:
$counted=1;
$otherudpcount++;
$otherudp = $otherudp + $bytes ;
break;
}
}
if ( ! $counted ) {
$othercount++;
$other = $other + $bytes;
}
}
}
}
}
if ( $SQLNumRows > 0 ) {
pg_freeresult($SQLQueryResults) or
die(pg_errormessage()."<BR>\n");
}
}
startbody();
echo $HeaderText;
echo "<fort size=+1><B>Report Type: " . reporttypename($reporttype) . "</B></FONT><BR><BR>\n";
echo "<fort size=+1><B>Report Timeframe: $date1 $time1 to $date2 $time2</B></FONT><BR>\n";
echo "<fort size=+1><B>$goodrows rows valid in data set of $totalrows.</B></FONT><BR><BR>\n";
echo "<TABLE COLS=8 BORDER=1 ><TR><TD><B>Protocol</b></TD><TD><B>TCP/UDP/Other</B></TD><TD><B># of Connections</B></TD><TD><B>Bytes TX'd/RX'd</B></TD>" .
"<TD><B>Protocol</b></TD><TD><B>TCP/UDP/Other</B></TD><TD><B># of Connections</B></TD><TD><B>Bytes TX'd/RX'd</B></TD></TR>\n";
echo "<TR align=center><TD>FTP</TD><TD>TCP</TD><TD>$ftpcount</TD><TD>$ftp</TD>";
echo "<TD>SSH</TD><TD>TCP</TD><TD>$sshcount</TD><TD>$ssh</TD></TR>\n";
echo "<TR align=center><TD>Telnet</TD><TD>TCP</TD><TD>$telnetcount</TD><TD>$telnet</TD>";
echo "<TD>TFTP</TD><TD>UDP</TD><TD>$tftpcount</TD><TD>$tftp</TD></TR>\n";
echo "<TR align=center><TD>HTTP</TD><TD>TCP</TD><TD>$httpcount</TD><TD>$http</TD>";
echo "<TD>HTTPS</TD><TD>TCP</TD><TD>$httpscount</TD><TD>$https</TD></TR>\n";
echo "<TR align=center><TD>Gopher</TD><TD>TCP</TD><TD>$gophercount</TD><TD>$gopher</TD>";
echo "<TD>NNTP</TD><TD>TCP</TD><TD>$nntpcount</TD><TD>$nntp</TD></TR>\n";
echo "<TR align=center><TD>SMTP</TD><TD>TCP</TD><TD>$smtpcount</TD><TD>$smtp</TD>";
echo "<TD>SMTPS</TD><TD>TCP</TD><TD>$smtpscount</TD><TD>$smtps</TD></TR>\n";
echo "<TR align=center><TD>POP3</TD><TD>TCP</TD><TD>$pop3count</TD><TD>$pop3</TD>";
echo "<TD>POP3S</TD><TD>TCP</TD><TD>$pop3scount</TD><TD>$pop3s</TD></TR>\n";
echo "<TR align=center><TD>IMAP</TD><TD>TCP</TD><TD>$imapcount</TD><TD>$imap</TD>";
echo "<TD>IMAPS</TD><TD>TCP</TD><TD>$imapscount</TD><TD>$imaps</TD></TR>\n";
echo "<TR align=center><TD>LocServe</TD><TD>TCP</TD><TD>$locservtcpcount</TD><TD>$locservtcp</TD>";
echo "<TD>LocServe</TD><TD>UDP</TD><TD>$locservudpcount</TD><TD>$locservudp</TD></TR>\n";
echo "<TR align=center><TD>Netbios-NS</TD><TD>TCP</TD><TD>$netbiosnstcpcount</TD><TD>$netbiosnstcp</TD>";
echo "<TD>Netbios-NS</TD><TD>UDP</TD><TD>$netbiosnsudpcount</TD><TD>$netbiosnsudp</TD></TR>\n";
echo "<TR align=center><TD>Netbios-DGM</TD><TD>TCP</TD><TD>$netbiosdgmtcpcount</TD><TD>$netbiosdgmtcp</TD>";
echo "<TD>Netbios-DGM</TD><TD>UDP</TD><TD>$netbiosdgmudpcount</TD><TD>$netbiosdgmudp</TD></TR>\n";
echo "<TR align=center><TD>Netbios-SSN</TD><TD>TCP</TD><TD>$netbiosssntcpcount</TD><TD>$netbiosssntcp</TD>";
echo "<TD>Netbios-SSN</TD><TD>UDP</TD><TD>$netbiosssnudpcount</TD><TD>$netbiosssnudp</TD></TR>\n";
echo "<TR align=center><TD>DNS</TD><TD>TCP</TD><TD>$dnstcpcount</TD><TD>$dnstcp</TD>";
echo "<TD>DNS</TD><TD>UDP</TD><TD>$dnsudpcount</TD><TD>$dnsudp</TD></TR>\n";
echo "<TR align=center><TD>SNMP</TD><TD>UDP</TD><TD>$snmpcount</TD><TD>$snmptrap</TD>";
echo "<TD>SNMP Trap</TD><TD>UDP</TD><TD>$snmptrapcount</TD><TD>$snmptrap</TD></TR>\n";
echo "<TR align=center><TD>Other</TD><TD>TCP</TD><TD>$othertcpcount</TD><TD>$othertcp</TD>";
echo "<TD>Other</TD><TD>UDP</TD><TD>$otherudpcount</TD><TD>$otherudp</TD></TR>\n";
echo "<TR align=center><TD>Other Protocols</TD><TD>Other</TD><TD>$othercount</TD><TD>$other</TD>";
echo "<TD></TD><TD></TD><TD></TD><TD></TD></TR>\n";
echo "</TABLE>";
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
echo $FooterText;
%>
</BODY>
</HTML>
<%
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

488
html/reports/severity-facility.php Normal file
View file

@ -0,0 +1,488 @@
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
if ( $SERVER_PORT != 443 ) {
echo "This page must be accessed with SSL<BR>\n";
exit;
}
require_once('/opt/apache/htdocs/login/lib/pgsql.php');
require_once('/opt/apache/htdocs/login/lib/generalweb.php');
require_once('/opt/apache/htdocs/login/lib/secframe.php');
require_once('/opt/apache/htdocs/login/lib/pix.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$HeaderText="<font size=+1><B>Reports</B></font><BR><BR>\n";
$FooterText="<font face='Arial, Helvetica, sans-serif' size='-2'><BR>Version " . SMTVER . "<BR>&copy; Jeremy M. Guthrie All rights reserved.</font>\n";
$PageTitle="Syslog Management Tool";
if ( ( $group < 2 ) && ( $datatype > 3 ) ) { $datatype = 1; }
$time1=$hour . ":" . $minute . ":00";
$date1=$month . "-" . $day . "-" . $year;
$date2=$month2 . "-" . $day2 . "-" . $year2;
$time2=$hour2 . ":" . $minute2 . ":00";
for ( $loop = 1 ; $loop != 13 ; $loop++ ) {
if ( $month == date("M",mktime(0,0,0,$loop,1,2002)) ) {
$timestamp=mktime($hour,$minute,0,$loop,$day,$year);
}
}
for ( $loop = 1 ; $loop != 13 ; $loop++ ) {
if ( $month2 == date("M",mktime(0,0,0,$loop,1,2002)) ) {
$timestamp2=mktime($hour2,$minute2,0,$loop,$day2,$year2);
}
}
$SQLQuery="select host,count(severity),severity from TSyslog group by host,severity ";
if ( $datatype == 1 ) {
$host=gethost($dbsocket,$hostid);
$SQLQuery = $SQLQuery . " where host='$host' and ";
}
if ( $datatype == 2 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where TSyslog.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and ";
}
if ( $datatype == 3 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and TSyslog.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID and ";
}
if ( $datatype == 4 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " .
"( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " .
"( TSyslog.host=Syslog_THost.THost_Host ) and " .
"( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " .
"( Syslog_THost.TPremadeType_ID=$typeid ) and ";
}
if ( $date1 == $date2 ) {
$SQLQueryDate="date = '$date1' and ( time >= '$time1' and time <= '$time2')";
}
if ( ( ( date("z",$timestamp2) - date("z",$timestamp) ) == 1 ) && ( $year1 == $year2 ) ) {
$SQLQueryDate="( ( date = '$date1' and time >= '$time1' ) or " .
"( date = '$date2' and time <= '$time2' ) ) ";
}
if ( ( date("z",$timestamp2) - date("z",$timestamp) ) > 1 ) {
$SQLQueryDate=" ( ( date = '$date1' and time >= '$time1' ) or " .
"( date > '$date1' and date < '$date2' ) or " .
"( date = '$date2' and time <= '$time2' ) )";
}
$SQLQuery = $SQLQuery . $SQLQueryDate . " order by date, time, TSyslog_ID";
if ( $timestamp <= $timestamp2 ) {
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
} else {
$SQLNumRows = 0;
}
if ( $reporttype == 3 ) {
$ftpcount=0;
$ftp=0;
$httpcount=0;
$http=0;
$https=0;
$httpscount=0;
$dnsudpcount=0;
$dnsudp=0;
$dnstcpcount=0;
$dnstcp=0;
$telnet=0;
$telnetcount=0;
$ssh=0;
$sshcount=0;
/* Port 25 tcp */
$smtp=0;
$smtpcount=0;
/* Port 465 tcp */
$smtps=0;
$smtpscount=0;
/* Port 161 udp */
$snmp=0;
$snmpcount=0;
/* Port 162 udp */
$snmptrap=0;
$snmptrapcount=0;
$gopher=0;
$gophercount=0;
/* Port 110 tcp */
$pop3=0;
$pop3count=0;
/* Port 995 tcp */
$pop3s=0;
$pop3scount=0;
$nntp=0;
$nntpcount=0;
$ntp=0;
$ntpcount=0;
/* 69 udp */
$tftp=0;
$tftpcount=0;
/* Port 143 */
$imap=0;
$imapcount=0;
/* Port 993 */
$imaps=0;
$imapscount=0;
/* Port 135 */
$locservudp=0;
$locservudpcount=0;
$locservtcp=0;
$locservtcpcount=0;
/* Port 137 */
$netbiosnsudp=0;
$netbiosnsudpcount=0;
$netbiosnstcp=0;
$netbiosnstcpcount=0;
/* Port 138 */
$netbiosdgmudp=0;
$netbiosdgmudpcount=0;
$netbiosdgmtcp=0;
$netbiosdgmtcpcount=0;
/* Port 139 */
$netbiosssnudp=0;
$netbiosssnudpcount=0;
$netbiosssntcp=0;
$netbiosssntcpcount=0;
/* Other */
$othertcp=0;
$othertcpcount=0;
$otherudp=0;
$otherudpcount=0;
$other=0;
$othercount=0;
}
%>
<HTML>
<HEAD>
<TITLE>
<% echo $PageTitle; %>
</TITLE>
</HEAD>
<%
startbody();
echo $HeaderText;
echo "<fort size=+1><B>Report Type: " . reporttypename($reporttype) . "</B></FONT><BR><BR>\n";
echo "<fort size=+1><B>Report Timeframe: $date1 $time1 to $date2 $time2</B></FONT><BR>\n";
if ( $SQLNumRows != 0 ) {
$goodrows=0;
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$host=pgdatatrim($SQLQueryResultsObject->host);
$message=pgdatatrim($SQLQueryResultsObject->message);
$date=pgdatatrim($SQLQueryResultsObject->date);
$time=pgdatatrim($SQLQueryResultsObject->time);
if ( $reporttype == 3 ) {
if ( ereg("^%PIX-6-302002",$message) ) {
$goodrows++;
$stringtoken = strtok($message," \\");
$count=0;
while ( $stringtoken ) {
$count++;
$stringtoken = strtok(" \\");
switch ($count) {
case 2:
$protocol=$stringtoken;
break;
case 6:
$faddr=$stringtoken;
$faddrport=substr(strstr($faddr,'/'),1);
$faddr=substr($faddr,0,(strlen($faddr) - (strlen($faddrport) + 1)));
break;
case 8:
$gaddr=$stringtoken;
$gaddrport=substr(strstr($gaddr,'/'),1);
$gaddr=substr($gaddr,0,(strlen($gaddr) - (strlen($gaddrport) + 1)));
break;
case 10:
$laddr=$stringtoken;
$laddrport=substr(strstr($laddr,'/'),1);
$laddr=substr($laddr,0,(strlen($laddr) - (strlen($laddrport) + 1)));
break;
case 12:
$duration=$stringtoken;
break;
case 14:
$bytes=$stringtoken;
break;
}
}
$workport=0;
if ( $laddrport < 1024 ) { $workport = $laddrport;
} else {
if ( $faddrport < 1024 ) { $workport = $faddrport; }
}
if ( $workport == 0 ) { $workport = $laddrport; }
/* Time to Add Protocols Up */
$counted=0;
if ( $protocol == "TCP" ) {
switch ($workport) {
case 20:
case 21:
$ftpcount++;
$ftp = $ftp + $bytes;
$counted=1;
break;
case 22:
$sshcount++;
$ssh = $ssh + $bytes;
$counted=1;
break;
case 23:
$telnetcount++;
$telnet = $telnet + $bytes;
$counted=1;
break;
case 25:
$smtpcount++;
$smtp = $smtp + $bytes;
$counted=1;
break;
case 53:
$dnstcpcount++;
$dnstcp = $dnstcp + $bytes;
$counted=1;
break;
case 70:
$gophercount++;
$gopher = $gopher + $bytes;
$counted=1;
$break;
case 80:
$httpcount++;
$http = $http + $bytes;
$counted=1;
break;
case 110:
$pop3count++;
$pop3 = $pop3 + $bytes;
$counted=1;
break;
case 119:
$nntpcount++;
$nntp = $nntp + $bytes;
$counted=1;
break;
case 135:
$locservtcpcount++;
$locservtcp = $locservtcp + $bytes;
$counted=1;
break;
case 137:
$netbiosnstcpcount++;
$netbiosnstcp = $netbiosnstcp + $bytes;
$counted=1;
break;
case 138:
$netbiosdgmtcpcount++;
$netbiosdgmtcp = $netbiosdgmtcp + $bytes;
$counted=1;
break;
case 139:
$netbiosssntcpcount++;
$netbiosssntcp = $netbiosssntcp + $bytes;
$counted=1;
break;
case 143:
$imapcount++;
$imap = $imap + $bytes;
$counted=1;
break;
case 443:
$httpscount++;
$https = $https + $bytes;
$counted=1;
break;
case 465:
$smtpscount++;
$smtps = $smtps + $bytes;
$counted=1;
break;
case 993:
$imapscount++;
$imaps = $imaps + $bytes;
$counts=1;
break;
case 995:
$pop3scount++;
$pop3s = $pop3s + $bytes;
$counted=1;
break;
default:
$counted=1;
$othertcpcount++;
$othertcp = $othertcp + $bytes ;
break;
}
}
if ( $protocol == "UDP" ) {
switch ($workport) {
case 53:
$dnsudpcount++;
$dnsudp = $dnsudp + $bytes;
$counted=1;
break;
case 69:
$tftpcount++;
$tftp = $tftp + $bytes;
$counted=1;
break;
case 135:
$locservudpcount++;
$locservudp = $locservudp + $bytes;
$counted=1;
break;
case 137:
$netbiosnsudpcount++;
$netbiosnsudp = $netbiosnsudp + $bytes;
$counted=1;
break;
case 138:
$netbiosdgmudpcount++;
$netbiosdgmudp = $netbiosdgmudp + $bytes;
$counted=1;
break;
case 139:
$netbiosssnudpcount++;
$netbiosssnudp = $netbiosssnudp + $bytes;
$counted=1;
break;
case 161:
$snmpcount++;
$snmp = $snmp + $bytes;
$counted=1;
break;
case 162:
$snmptrapcount++;
$snmptrap = $snmptrap + $bytes;
$counted=1;
break;
default:
$counted=1;
$otherudpcount++;
$otherudp = $otherudp + $bytes ;
break;
}
}
if ( ! $counted ) {
$othercount++;
$other = $other + $bytes;
}
}
}
}
}
echo "<fort size=+1><B>$goodrows rows valid in data set of $SQLNumRows.</B></FONT><BR><BR>\n";
echo "<TABLE COLS=8 BORDER=1 ><TR><TD><B>Protocol</b></TD><TD><B>TCP/UDP/Other</B></TD><TD><B># of Connections</B></TD><TD><B>Bytes TX'd/RX'd</B></TD>" .
"<TD><B>Protocol</b></TD><TD><B>TCP/UDP/Other</B></TD><TD><B># of Connections</B></TD><TD><B>Bytes TX'd/RX'd</B></TD></TR>\n";
echo "<TR align=center><TD>FTP</TD><TD>TCP</TD><TD>$ftpcount</TD><TD>$ftp</TD>";
echo "<TD>SSH</TD><TD>TCP</TD><TD>$sshcount</TD><TD>$ssh</TD></TR>\n";
echo "<TR align=center><TD>Telnet</TD><TD>TCP</TD><TD>$telnetcount</TD><TD>$telnet</TD>";
echo "<TD>TFTP</TD><TD>UDP</TD><TD>$tftpcount</TD><TD>$tftp</TD></TR>\n";
echo "<TR align=center><TD>HTTP</TD><TD>TCP</TD><TD>$httpcount</TD><TD>$http</TD>";
echo "<TD>HTTPS</TD><TD>TCP</TD><TD>$httpscount</TD><TD>$https</TD></TR>\n";
echo "<TR align=center><TD>Gopher</TD><TD>TCP</TD><TD>$gophercount</TD><TD>$gopher</TD>";
echo "<TD>NNTP</TD><TD>TCP</TD><TD>$nntpcount</TD><TD>$nntp</TD></TR>\n";
echo "<TR align=center><TD>SMTP</TD><TD>TCP</TD><TD>$smtpcount</TD><TD>$smtp</TD>";
echo "<TD>SMTPS</TD><TD>TCP</TD><TD>$smtpscount</TD><TD>$smtps</TD></TR>\n";
echo "<TR align=center><TD>POP3</TD><TD>TCP</TD><TD>$pop3count</TD><TD>$pop3</TD>";
echo "<TD>POP3S</TD><TD>TCP</TD><TD>$pop3scount</TD><TD>$pop3s</TD></TR>\n";
echo "<TR align=center><TD>IMAP</TD><TD>TCP</TD><TD>$imapcount</TD><TD>$imap</TD>";
echo "<TD>IMAPS</TD><TD>TCP</TD><TD>$imapscount</TD><TD>$imaps</TD></TR>\n";
echo "<TR align=center><TD>LocServe</TD><TD>TCP</TD><TD>$locservtcpcount</TD><TD>$locservtcp</TD>";
echo "<TD>LocServe</TD><TD>UDP</TD><TD>$locservudpcount</TD><TD>$locservudp</TD></TR>\n";
echo "<TR align=center><TD>Netbios-NS</TD><TD>TCP</TD><TD>$netbiosnstcpcount</TD><TD>$netbiosnstcp</TD>";
echo "<TD>Netbios-NS</TD><TD>UDP</TD><TD>$netbiosnsudpcount</TD><TD>$netbiosnsudp</TD></TR>\n";
echo "<TR align=center><TD>Netbios-DGM</TD><TD>TCP</TD><TD>$netbiosdgmtcpcount</TD><TD>$netbiosdgmtcp</TD>";
echo "<TD>Netbios-DGM</TD><TD>UDP</TD><TD>$netbiosdgmudpcount</TD><TD>$netbiosdgmudp</TD></TR>\n";
echo "<TR align=center><TD>Netbios-SSN</TD><TD>TCP</TD><TD>$netbiosssntcpcount</TD><TD>$netbiosssntcp</TD>";
echo "<TD>Netbios-SSN</TD><TD>UDP</TD><TD>$netbiosssnudpcount</TD><TD>$netbiosssnudp</TD></TR>\n";
echo "<TR align=center><TD>DNS</TD><TD>TCP</TD><TD>$dnstcpcount</TD><TD>$dnstcp</TD>";
echo "<TD>DNS</TD><TD>UDP</TD><TD>$dnsudpcount</TD><TD>$dnsudp</TD></TR>\n";
echo "<TR align=center><TD>SNMP</TD><TD>UDP</TD><TD>$snmpcount</TD><TD>$snmptrap</TD>";
echo "<TD>SNMP Trap</TD><TD>UDP</TD><TD>$snmptrapcount</TD><TD>$snmptrap</TD></TR>\n";
echo "<TR align=center><TD>Other</TD><TD>TCP</TD><TD>$othertcpcount</TD><TD>$othertcp</TD>";
echo "<TD>Other</TD><TD>UDP</TD><TD>$otherudpcount</TD><TD>$otherudp</TD></TR>\n";
echo "<TR align=center><TD>Other Protocols</TD><TD>Other</TD><TD>$othercount</TD><TD>$other</TD>";
echo "<TD></TD><TD></TD><TD></TD><TD></TD></TR>\n";
echo "</TABLE>";
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
echo $FooterText;
%>
</BODY>
</HTML>
<%
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

229
html/reports/vpnuserusage.php Normal file
View file

@ -0,0 +1,229 @@
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
if ( $SERVER_PORT < 443 ) {
echo "This page must be accessed with SSL<BR>\n";
exit;
}
require_once('/opt/apache/htdocs/login/lib/pgsql.php');
require_once('/opt/apache/htdocs/login/lib/generalweb.php');
require_once('/opt/apache/htdocs/login/lib/secframe.php');
require_once('/opt/apache/htdocs/login/lib/pix.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$HeaderText="<font size=+1><B>Reports</B></font><BR><BR>\n";
$FooterText="<font face='Arial, Helvetica, sans-serif' size='-2'><BR>Version " . SMTVER . "<BR>&copy; Jeremy M. Guthrie All rights reserved.</font>\n";
$PageTitle="Syslog Management Tool";
if ( ! $datatype ) { $datatype = 1; }
if ( ( $group < 2 ) && ( $datatype > 3 ) ) { $datatype = 1; }
$time1=$hour . ":" . $minute . ":00";
$date1=$month . "-" . $day . "-" . $year;
$date2=$month2 . "-" . $day2 . "-" . $year2;
$time2=$hour2 . ":" . $minute2 . ":59";
for ( $loop = 1 ; $loop != 13 ; $loop++ ) {
if ( $month == date("M",mktime(0,0,0,$loop,1,2002)) ) {
$timestamp=mktime($hour,$minute,0,$loop,$day,$year);
}
}
for ( $loop = 1 ; $loop != 13 ; $loop++ ) {
if ( $month2 == date("M",mktime(0,0,0,$loop,1,2002)) ) {
$timestamp2=mktime($hour2,$minute2,0,$loop,$day2,$year2);
}
}
$SQLQuery="select host,date,time,message,tsyslog_id from Syslog_TArchive ";
if ( $datatype == 1 ) {
$host=gethost($dbsocket,$hostid);
$SQLQuery = $SQLQuery . " where host='$host' and ";
}
if ( $datatype == 2 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TArchive.host=Syslog_THost.THost_Host and TPremadeType_ID=$typeid and ";
}
if ( $datatype == 3 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TProcessorProfile where Syslog_TCustomerProfile.TLogin_ID=$userid and Syslog_TArchive.host=Syslog_THost.THost_Host and Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID and ";
}
if ( $datatype == 4 ) {
$SQLQuery = $SQLQuery . " ,Syslog_THost,Syslog_TCustomerProfile where " .
"( Syslog_TCustomerProfile.TLogin_ID=$userid ) and " .
"( Syslog_TArchive.host=Syslog_THost.THost_Host ) and " .
"( Syslog_THost.THost_ID=Syslog_TCustomerProfile.THost_ID ) and " .
"( Syslog_THost.TPremadeType_ID=$typeid ) and ";
}
if ( $date1 == $date2 ) {
$SQLQueryDate="date = '$date1' and ( time >= '$time1' and time <= '$time2')";
}
if ( ( ( date("z",$timestamp2) - date("z",$timestamp) ) == 1 ) && ( $year == $year2 ) ) {
echo "HI<BR>\n";
$SQLQueryDate="( ( date = '$date1' and time >= '$time1' ) or " .
"( date = '$date2' and time <= '$time2' ) ) ";
}
if ( ( date("z",$timestamp2) - date("z",$timestamp) ) > 1 ) {
$SQLQueryDate=" ( ( date = '$date1' and time >= '$time1' ) or " .
"( date > '$date1' and date < '$date2' ) or " .
"( date = '$date2' and time <= '$time2' ) )";
}
$SQLQuery = $SQLQuery . $SQLQueryDate . " order by date, time, TSyslog_ID";
if ( $timestamp <= $timestamp2 ) {
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
} else {
$SQLNumRows = 0;
}
%>
<HTML>
<HEAD>
<TITLE>
<% echo $PageTitle; %>
</TITLE>
</HEAD>
<%
startbody();
echo $HeaderText;
echo "<fort size=+1><B>Report Type: " . reporttypename($reporttype) . "</B></FONT><BR><BR>\n";
echo "<fort size=+1><B>Report Timeframe: $date1 $time1 to $date2 $time2</B></FONT><BR>\n";
if ( $SQLNumRows != 0 ) {
echo "<TABLE COLS=9 BORDER=1><TR><TD ALIGN=CENTER><B>Disconnect Date & Time</b></TD><TD ALIGN=CENTER><B>VPN Device</B></TD><TD ALIGN=CENTER><B>User</B></TD><TD ALIGN=CENTER><B>Group</B></TD><TD ALIGN=CENTER><B>IP Address</B></TD><TD ALIGN=CENTER><B>Duration</B></TD><TD ALIGN=CENTER><B>TX Bytes</B></TD><TD ALIGN=CENTER><B>RX Bytes</b></TD><TD><B>Disconnect Reason</B></TD></TR>\n";
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$host=pgdatatrim($SQLQueryResultsObject->host);
$message=pgdatatrim($SQLQueryResultsObject->message);
$date=pgdatatrim($SQLQueryResultsObject->date);
$time=pgdatatrim($SQLQueryResultsObject->time);
if ( ( ereg("Bytes xmt",$message) ) && ( ereg("Bytes rcv",$message) ) ) {
$break=0;
$stringtoken = strtok($message," ");
$stage=0;
$ip=0;
$user="";
$ip=0;
$duration=0;
$group=0;
$groupdesc="";
$rx=-98132984712;
$tx=0;
$reason=0;
/* Parse the message */
$countarrayelements=count(split(" ",$message));
/* echo "<TR><TD COLSPAN=8>message: $message</TD></TR>\n"; */
while ( $break != $countarrayelements ) {
$break++;
$token = strtok(" ");
if ( ( $stage ) && ( ! $ip ) ) {
$ip=$token;
}
if ( ( $stage ) && ( $user == 1 ) ) {
$user=substr($token,1,strlen($token) -3 ) ;
}
if ( ( $stage ) && ( $group == 2 ) && ( $token != "disconnected:" ) ) {
$groupdesc=$groupdesc . " $token";
}
if ( ( $stage ) && ( $group == 2 ) && ( $token == "disconnected:" ) ) {
$group = 0;
}
if ( ( $stage ) && ( $group == 1 ) ) {
$groupdesc=$token;
$group=2;
}
if ( ( $stage ) && ( $duration == "1" ) ) {
$duration=$token;
}
if ( ( $stage ) && ( $tx == 1 ) ) {
$tx=$token;
}
if ( ( $stage ) && ( $token != "Reason:" ) && ( $reason != "0" ) ) {
$reason = $reason . " " . $token;
}
if ( ( $stage ) && ( $rx == -98132984712 ) ) {
$rx=$token;
$reason="";
}
if ( $stage ) {
if ( ( $token == "User" ) && ( strlen($user) <= 1 ) ) { $user=1; }
if ( $token == "Duration:" ) { $duration=1; }
if ( $token == "Group" ) { $group=1; }
if ( $token == "xmt:" ) { $tx=1; }
if ( $token == "rcv:" ) { $rx=-98132984712; }
}
if ( substr($token,0,4) == "RPT=" ) {
$stage=1;
}
}
/* sanitize data based on different vpn software versions */
/* Remove trailing ":" */
if ( substr($ip,strlen($ip)-1,1) == ":" ) {
$ip = substr($ip,0,strlen($ip)-1);
}
/* Remove [s */
if ( substr($groupdesc,0,1) == "[" ) {
$groupdesc = substr($groupdesc,1,strlen($groupdesc));
}
/* Remove ]s */
if ( substr($groupdesc,strlen($groupdesc)-1,1) == "]" ) {
$groupdesc = substr($groupdesc,0,strlen($groupdesc)-1);
}
echo "<TR><TD>$date $time</TD><TD ALIGN=CENTER>$host</TD><TD ALIGN=CENTER>$user</TD><TD ALIGN=CENTER>$groupdesc</TD><TD ALIGN=CENTER>$ip</TD><TD ALIGN=CENTER>$duration</TD><TD ALIGN=CENTER>$tx</TD><TD ALIGN=CENTER>$rx</TD><TD>$reason</TD></TR>\n";
}
}
echo "</TABLE>";
}
if ( $SQLNumRows > 0 ) {
pg_freeresult($SQLQueryResults) or
die(pg_errormessage()."<BR>\n");
}
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
echo $FooterText;
%>
</BODY>
</HTML>
<%
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

602
html/rule.php Normal file
View file

@ -0,0 +1,602 @@
<?php
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
$begintime=time();
require_once('config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$group=0;
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Customer');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {$group=1; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Analyst');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=2; }
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog Administrators');
if ( sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) { $group=3; }
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
if ( ( $group != 3 ) && ( ! userhasruleaccess ($dbsocket,$REMOTE_ID,0,$hostid) ) ) {
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
exit;
}
if ( $group == 1 ) {
$ruletype = 2;
}
if ( $ruletype == 3 ) {
/* this section is for cloning hosts */
$SQLQuery="select * from Syslog_TRule where THost_ID = $source order by TRule_ID";
$SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_id));
$alert=pgdatatrim($SQLQueryResultsObject->trule_logalert);
$email=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_email));
$expression=pgdatatrim($SQLQueryResultsObject->trule_expression);
$desc=pgdatatrim($SQLQueryResultsObject->trule_desc);
$startseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startseverity));
$stopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopseverity));
$startfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startfacility));
$stopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopfacility));
$ruleorlevel=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_ruleorlevel));
$launchid=stripslashes(pgdatatrim($SQLQueryResultsObject->tlaunch_id));
$newid=getnextid ($dbsocket, "syslog_trule_trule_id_seq");
$threshold=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_threshold));
$thresholdtype=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_thresholdtype));
$starttime=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_starttime));
$endtime=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_endtime));
$timertype=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_timertype));
$daysofweek=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_daysofweek));
clonehostrule($dbsocket,$newid,$destination,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek);
if ( numdenials($dbsocket,1,$id) ) {
clonedenials($dbsocket,$id,$newid);
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
$hostid=$destination;
$ruletype=2;
}
if ( $ruletype == 1 ) {
if ( $subaction == "save" ) {
if ( strval($id) < 1 ) {
addpremaderule($dbsocket,$code,$desc,$typeid,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype);
$id=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_ID',"TPremade_Desc='".$desc."'")));
} else {
updatepremaderule($dbsocket,$id,$code,$desc,$typeid,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype);
}
}
if ( ( $action == "Add Deny Rule" ) && ( strval($id) > 0 ) ){
addblankdenypremade($dbsocket,$id);
}
if ( $subaction == "savedeny" ) {
if ( $action == "Save" ) {
updatedenial($dbsocket,2,$denyid,$denyexp,$denystartfacility,$denystopfacility,$denystartseverity,$denystopseverity);
}
}
if ( ( $id != "" ) && ( $action != "Add" ) ) {
$SQLQuery="select * from Syslog_TPremade where TPremade_ID=$id";
$SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
if ( $SQLQueryResults ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,0) or
die(pg_errormessage()."<BR>\n");
$code=pgdatatrim($SQLQueryResultsObject->tpremade_code);
$desc=pgdatatrim($SQLQueryResultsObject->tpremade_desc);
$typeid=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremadetype_id));
$ruleorlevel=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_premadeorlevel));
$startseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_startseverity));
$stopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_stopseverity));
$startfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_startfacility));
$stopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_stopfacility));
$launchid=stripslashes(pgdatatrim($SQLQueryResultsObject->tlaunch_id));
$threshold=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_threshold));
$thresholdtype=stripslashes(pgdatatrim($SQLQueryResultsObject->tpremade_thresholdtype));
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
} else {
$id="";
$code="";
$desc="";
}
}
if ( $ruletype == 2 ) {
if ( $action == "Save New" ) {
$host = gethost($dbsocket,$hostid);
if ( $alert != 1 ) { $alert=0; }
if ( $exptype == 2 ) {
$cnt=count($premadeid);
for ( $loop = 0 ; $loop != $cnt ; $loop ++ ) {
$preid=$premadeid[($loop)];
$expression=pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_Code',"TPremade_ID=$preid"));
$desc=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_Desc',"TPremade_ID=$preid")));
$ruleorlevel=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_premadeorlevel',"TPremade_ID=$preid")));
$startseverity=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_StartSeverity',"TPremade_ID=$preid")));
$stopseverity=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_StopSeverity',"TPremade_ID=$preid")));
$startfacility=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_StartFacility',"TPremade_ID=$preid")));
$stopfacility=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_Stopfacility',"TPremade_ID=$preid")));
$launchid=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TLaunch_ID',"TPremade_ID=$preid")));
$threshold=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_Threshold',"TPremade_ID=$preid")));
$thresholdtype=stripslashes(pgdatatrim(relatedata ($dbsocket,'Syslog_TPremade','TPremade_ThresholdType',"TPremade_ID=$preid")));
$starttime=mktime($starthour,$startminute,0,numberofmonth($startmonth),$startday,$startyear);
$endtime=mktime($stophour,$stopminute,0,numberofmonth($stopmonth),$stopday,$stopyear);
$newdaysofweek=0;
for ( $dayloop=0; $dayloop != count($daysofweek) ; $dayloop++ ) { $newdaysofweek=$newdaysofweek+$daysofweek[$dayloop]; }
$daysofweek=$newdaysofweek;
addhostrule($dbsocket,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek);
}
} else {
$starttime=mktime($starthour,$startminute,0,numberofmonth($startmonth),$startday,$startyear);
$endtime=mktime($stophour,$stopminute,0,numberofmonth($stopmonth),$stopday,$stopyear);
$newdaysofweek=0;
for ( $dayloop=0; $dayloop != count($daysofweek) ; $dayloop++ ) { $newdaysofweek=$newdaysofweek+$daysofweek[$dayloop]; }
$daysofweek=$newdaysofweek;
addhostrule($dbsocket,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$threshold,$thresholdtype,$starttime,$endtime,$timertype,$daysofweek);
}
}
if ( ( $action == "Delete" ) && ( $subaction != "ruledeny" ) ) {
dropruleid($dbsocket,$ruleid);
dropdenial($dbsocket,1,$ruleid);
}
if ( ( $action == "Save" ) && ( $subaction != "ruledeny" ) ) {
if ( $alert != 1 ) { $alert=0; }
$rulestarttime=mktime($rulestarthour,$rulestartminute,0,numberofmonth($rulestartmonth),$rulestartday,$rulestartyear);
$ruleendtime=mktime($rulestophour,$rulestopminute,0,numberofmonth($rulestopmonth),$rulestopday,$rulestopyear);
$newdaysofweek=0;
for ( $dayloop=0; $dayloop != count($ruledaysofweek) ; $dayloop++ ) { $newdaysofweek=$newdaysofweek+$ruledaysofweek[$dayloop]; }
$ruledaysofweek=$newdaysofweek;
updatehostrule($dbsocket,$ruleid,$hostid,$alert,$email,$expression,$desc,$startfacility,$stopfacility,$startseverity,$stopseverity,$ruleorlevel,$launchid,$rulethreshold,$rulethresholdtype,$rulestarttime,$ruleendtime,$ruletimertype,$ruledaysofweek);
}
if ( $subaction == "ruledeny" ) {
if ( $action == "Delete" ) { dropdenial($dbsocket,1,$denyid); }
if ( $action == "Save" ) {
updatedenial($dbsocket,1,$denyid,$denyexp,$denystartfacility,$denystopfacility,$denystartseverity,$denystopseverity);
}
}
}
$PageTitle="Syslog Management Tool";
do_header($PageTitle, 'rule');
if ( $ruletype == 1 ) {
/* This section is for manipulating premade rules */
if ( ( $action == "Delete" ) && ( $subaction == "savedeny" ) ) { dropdenial($dbsocket,2,$denyid); }
if ( ( $action == "Delete" ) && ( $subaction != "savedeny" ) ) {
if ( droppremade($dbsocket,$id) ) {
dropdenial($dbsocket,2,$id);
echo "Delete Successfull<BR>\n";
} else {
echo "Delete Failed!<BR>\n";
}
} else {
if ( $startfacility == "" ) {
$startfacility=0;
$stopfacility=23;
$startseverity=0;
$stopseverity=7;
}
openform("rule.php","post",2,1,0);
formfield("ruletype","Hidden",3,1,0,10,10,1);
formfield("id","Hidden",3,1,0,10,10,$id);
formfield("subaction","Hidden",3,1,0,10,10,"save");
echo "Expression: ";
formfield("code","text",3,1,1,60,80,$code);
echo "Problem/Resolution Description: ";
formfield("desc","text",3,1,1,60,256,$desc);
echo "Premade Type: ";
premadetypedropdown ($dbsocket, "typeid",0,1,1,1,$typeid);
echo "Facility Range: ";
facilitydropdown("startfacility",1,0,0,1,$startfacility);
echo " to ";
facilitydropdown("stopfacility",1,1,1,1,$stopfacility);
echo "Severity Range: ";
severitydropdown("startseverity",1,0,0,1,$startseverity);
echo " to ";
severitydropdown("stopseverity",1,1,1,1,$stopseverity);
echo "Rule Type: <input type=radio name=ruleorlevel value=1 ";
if ( ( $ruleorlevel != "2" ) && ( $ruleorlevel != "3" ) ) { $ruleorlevel=1;}
if ( $ruleorlevel == 1 ) { echo " checked "; }
echo ">Expression ";
echo "<input type=radio name=ruleorlevel value=3";
if ( $ruleorlevel == 3 ) { echo " checked "; }
echo ">Facility & Severity ";
echo "<input type=radio name=ruleorlevel value=2";
if ( $ruleorlevel == 2 ) { echo " checked "; }
echo ">Expression w/ Facility & Severity<BR>";
echo "Launch External Program: ";
launchdropdown ($dbsocket, "launchid",0,1,1,1,$launchid);
echo "Threshold Type: <input type=radio name=thresholdtype value=0";
if ( $thresholdtype == 0 ) { echo " checked "; }
echo ">None ";
echo "<input type=radio name=thresholdtype value=1";
if ( $thresholdtype == 1 ) { echo " checked "; }
echo ">Supression Threshold ";
echo "<input type=radio name=thresholdtype value=2";
if ( $thresholdtype == 2 ) { echo " checked "; }
echo ">Accumulating Threshold<BR>\n";
echo "Threshold: ";
thresholddropdown('threshold', 0, 0, 1, 1,$threshold);
formsubmit("Add Deny Rule",3,1,0);
formsubmit("Save",3,1,0);
formreset("Reset",3,1,0);
closeform();
if ( numdenials($dbsocket,2,$id) ) {
$SQLQuery="select * from Syslog_TPremadeDeny where TPremade_ID=$id order by TPremadeDeny_ID";
$DenySQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$DenySQLNumRows = pg_numrows($DenySQLQueryResults);
if ( $DenySQLNumRows ) {
for ( $denyloop=0 ; $denyloop != $DenySQLNumRows ; $denyloop++ ) {
$DenySQLQueryResultsObject = pg_fetch_object($DenySQLQueryResults,$denyloop) or
die(pg_errormessage()."<BR>\n");
$denyid=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_id));
$denyexp=pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_expression);
$denystartfacility=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_startfacility));
$denystopfacility=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_stopfacility));
$denystartseverity=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_startseverity));
$denystopseverity=stripslashes(pgdatatrim($DenySQLQueryResultsObject->tpremadedeny_stopseverity));
echo "<TABLE BORDER=1 COLUMNS=2></TR><TD>ID: $denyid</TD><TD></TD></TR>\n";
openform("rule.php","post",2,1,0);
formfield("id","Hidden",3,1,0,10,10,$id);
formfield("denyid","Hidden",3,1,0,10,10,$denyid);
formfield("ruletype","Hidden",3,1,0,10,10,1);
formfield("subaction","Hidden",3,1,0,10,10,"savedeny");
echo "<TR><TD COLSPAN=2>";
echo "Reg. Expression Code: ";
formfield("denyexp","text",3,1,1,60,80,$denyexp);
echo "</TD></TR><TR><TD>Facility Range: ";
facilitydropdown("denystartfacility",1,0,0,1,$denystartfacility);
echo " to ";
facilitydropdown("denystopfacility",1,1,1,1,$denystopfacility);
echo "</TD><TD>Severity Range: ";
severitydropdown("denystartseverity",1,0,0,1,$denystartseverity);
echo " to ";
severitydropdown("denystopseverity",1,1,1,1,$denystopseverity);
echo "</TD></TR><TR><TD>";
formsubmit("Save",3,1,0);
formsubmit("Delete",3,1,0);
formreset("Reset",3,1,0);
closeform();
echo "</TD></TR>";
echo "</TABLE>\n";
}
}
pg_freeresult($DenySQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
}
}
if ( $ruletype == 2 ) {
/* This section is for adding new rules to a host */
$host = gethost($dbsocket,$hostid);
if ( ( $action == "Add Denial" ) && ( strval($ruleid) > 0 ) ){
addblankdenyrule($dbsocket,$ruleid);
}
echo "<B>Host: $host</B><BR>\n";
$SQLQuery="select * from Syslog_TRule where THost_ID = $hostid order by TRule_ID";
$SQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
openform("rule.php","post",2,1,0);
formfield("hostid","Hidden",3,1,0,10,10,$hostid);
formfield("ruletype","Hidden",3,1,0,10,10,2);
echo "<TABLE COLS=7 BORDER=2>\n";
echo "<TR><TD WIDTH=120 ALIGN=CENTER VALIGN=CENTER><B>Action</B></TD><TD WIDTH=60 ALIGN=CENTER VALIGN=CENTER><B>Log Alert</B></TD><TD WIDTH=5 ALIGN=CENTER VALIGN=CENTER><B>Email Address</B></TD>" .
"<TD COLSPAN=2><B>Expression</B></TD><TD COLSPAN=2><B>Pre-made Rule</B></TD></TR>";
echo "<TR><TD><input type=submit name=action value='Save New'></TD>\n<TD>" .
"<CENTER><input type=checkbox name=alert value=1></CENTER></TD>\n<TD><input type='Text' name='email'" .
" size=20 maxlength=80></TD>\n<TD><input type='radio' name='exptype' value=1 checked></TD><TD>\n" .
"<input type='Text' name='expression' size=20 maxlength=80></TD>\n<TD>" .
"<input type='radio' name='exptype' value=2></TD><TD>";
pixruledropdown ($dbsocket, "premadeid[]",2,1,0,5,"multiple");
echo "</TD></TR>\n";
echo "<TR><TD COLSPAN=3><B>Facility Range:</B> ";
facilitydropdown("startfacility",1,0,0,1,0);
echo " <B>to</B> ";
facilitydropdown("stopfacility",1,0,0,1,23);
echo "</TD><TD COLSPAN=4><B>Severity Range:</B> ";
severitydropdown("startseverity",1,0,0,1,0);
echo " <B>to</B> ";
severitydropdown("stopseverity",1,0,0,1,7);
echo "</TD></TR>";
echo "<TR><TD COLSPAN=7>";
echo "<B>Rule Type:</B> <input type=radio name=ruleorlevel value=1 checked><B>Expression</B> ";
echo "<input type=radio name=ruleorlevel value=3";
echo "><B>Facility & Severity</B> ";
echo "<input type=radio name=ruleorlevel value=2";
echo "><B>Expression w/ Facility & Severity</B></TD></TR>";
echo "<TR><TD COLSPAN=7><B>Launch External Program: ";
launchdropdown ($dbsocket, "launchid",0,0,0,1,"");
echo "</TR></TD><TR><TD COLSPAN=4 valign=center><B>Threshold Type: <input type=radio name=thresholdtype value=0";
if ( $thresholdtype == 0 ) { echo " checked "; }
echo ">None ";
echo "<input type=radio name=thresholdtype value=1";
if ( $thresholdtype == 1 ) { echo " checked "; }
echo ">Supression Threshold ";
echo "<input type=radio name=thresholdtype value=3";
if ( $thresholdtype == 2 ) { echo " checked "; }
echo ">Accumulating Threshold </B></TD><TD COLSPAN=2>";
echo " <B>Threshold: </B>";
thresholddropdown('threshold', 0, 0, 0, 1,$threshold);
echo "</TD></TR>\n";
echo "<TR><TD COLSPAN=7><B>Problem/Resolution Description:</B> ";
formfield("desc","text",3,1,0,80,256,"");
echo "</TD></TR><TR><TD COLSPAN=7><B>Rule Timer: <input type=radio name=timertype value=0";
if ( $timertype == 0 ) { echo " checked "; }
echo ">None ";
echo "<input type=radio name=timertype value=1";
if ( $timertype == 1 ) { echo " checked "; }
echo ">Suspend ";
echo "<input type=radio name=timertype value=2";
if ( $timertype == 2 ) { echo " checked "; }
echo ">Delete & Suspend ";
echo "<input type=radio name=timertype value=3";
if ( $timertype == 3 ) { echo " checked "; }
echo ">Specified Suspend</B></TD></TR>\n";
echo "<TR><TD COLSPAN=3><B>Rule Start:<BR>Time: " ;
hourdropdown("starthour") ;
echo ":" ;
minutedropdown("startminute") ;
echo "<BR>\nDate: ";
monthdropdown("startmonth");
echo "/";
daydropdown("startday");
echo "/";
yeardropdown("startyear");
echo "</TD><TD COLSPAN=4><B>Rule End:<BR>Time: ";
hourdropdown("stophour") ;
echo ":" ;
minutedropdown("stopminute") ;
echo "<BR>Date: ";
monthdropdown("stopmonth");
echo "/";
daydropdown("stopday");
echo "/";
yeardropdown("stopyear");
echo "</B></TD></TR><TR><TD COLSPAN=7><B>";
dayofweekboxes("daysofweek",0,0,0,$daysofweek) . "\n";
closeform();
echo "</B></TD></TR></TABLE><BR>\n";
if ( $SQLNumRows ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
/* This section shows rules that are already assigned to the host */
echo "</TABLE><TABLE COLS=5 BORDER=2>\n";
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_id));
$alert=pgdatatrim($SQLQueryResultsObject->trule_logalert);
$email=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_email));
$expression=pgdatatrim($SQLQueryResultsObject->trule_expression);
$desc=pgdatatrim($SQLQueryResultsObject->trule_desc);
$launchid=pgdatatrim($SQLQueryResultsObject->tlaunch_id);
$startseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startseverity));
$stopseverity=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopseverity));
$startfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startfacility));
$stopfacility=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopfacility));
$ruleorlevel=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_ruleorlevel));
$rulethreshold=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_threshold));
$rulethresholdtype=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_thresholdtype));
$rulestarttime=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_starttime));
$ruleendtime=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_endtime));
$ruletimertype=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_timertype));
$ruledaysofweek=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_daysofweek));
if ( strval($rulestarttime) > 0 ) {
$rulestartmonth=date("M",$rulestarttime);
$rulestartyear=date("Y",$rulestarttime);
$rulestartday=date("j",$rulestarttime);
$rulestarthour=date("G",$rulestarttime);
$rulestartminute=date("i",$rulestarttime);
}
if ( strval($ruleendtime) > 0 ) {
$rulestopmonth=date("M",$ruleendtime);
$rulestopyear=date("Y",$ruleendtime);
$rulestopday=date("j",$ruleendtime);
$rulestophour=date("G",$ruleendtime);
$rulestopminute=date("i",$ruleendtime);
}
openform("rule.php","post",2,1,0);
formfield("hostid","Hidden",3,1,0,10,10,$hostid);
formfield("ruletype","Hidden",3,1,0,10,10,2);
formfield("ruleid","Hidden",3,1,0,10,10,$id);
echo "<TR><TD ALIGN=CENTER VALIGN=CENTER WIDTH=200>";
echo '<input type="submit" name=action value="Save">';
echo '<input type="submit" name=action value="Add Denial">';
echo '<input type="submit" name=action value="Delete"></TD>';
echo "<TD ALIGN=CENTER VALIGN=CENTER WIDTH=60><B>ID: </B>$id</TD><TD ALIGN=CENTER VALIGN=CENTER WIDTH=110><B>Log Alert: </B>";
if ( $alert ) {
echo "<input type=checkbox name=alert value=1 checked>";
} else {
echo "<input type=checkbox name=alert value=1>";
}
echo "</TD><TD WIDTH=210><B>EMail: </B>";
formfield("email","Text",3,1,1,20,80,$email);
echo "</TD><TD><B>Expression: </B>";
formfield("expression","Text",3,1,1,20,80,$expression);
echo "</TD></TR>";
echo "<TR><TD COLSPAN=3><B>Facility Range: </B>";
facilitydropdown("startfacility",1,0,0,1,$startfacility);
echo " <B>to</B> ";
facilitydropdown("stopfacility",1,0,0,1,$stopfacility);
echo "</TD><TD COLSPAN=4><B>Severity Range: </B>";
severitydropdown("startseverity",1,0,0,1,$startseverity);
echo " <B>to</B> ";
severitydropdown("stopseverity",1,0,0,1,$stopseverity);
echo "</TD></TR>";
echo "<TR><TD COLSPAN=7>";
echo "<B>Rule Type: </B><input type=radio name=ruleorlevel value=1 ";
if ( $ruleorlevel == 1 ) { echo " checked "; }
echo "><B>Expression </B>";
echo "<input type=radio name=ruleorlevel value=3";
if ( $ruleorlevel == 3 ) { echo " checked "; }
echo "><B>Facility & Severity </B>";
echo "<input type=radio name=ruleorlevel value=2";
if ( $ruleorlevel == 2 ) { echo " checked "; }
echo "><B>Expression w/ Facility & Severity</B></TD></TR>";
echo "<TR><TD COLSPAN=7><B>Launch External Program: ";
launchdropdown ($dbsocket, "launchid",0,0,0,1,$launchid);
echo "</TD></TR><TR><TD COLSPAN=4><B>Threshold Type: <input type=radio name=rulethresholdtype value=0";
if ( $rulethresholdtype == 0 ) { echo " checked "; }
echo ">None ";
echo "<input type=radio name=rulethresholdtype value=1";
if ( $rulethresholdtype == 1 ) { echo " checked "; }
echo ">Supression Threshold ";
echo "<input type=radio name=rulethresholdtype value=2";
if ( $rulethresholdtype == 2 ) { echo " checked "; }
echo ">Accumulating Threshold </B>";
echo " </TD><TD><B>Threshold: </B>";
thresholddropdown('rulethreshold', 0, 0, 0, 1,$rulethreshold);
echo "</TD></TR>\n";
echo "<TR><TD COLSPAN=5><B>Problem/Resolution Description: </B>";
formfield("desc","text",3,1,0,80,256,$desc) ;
echo "</TD></TR><TR><TD COLSPAN=7><B>Rule Timer: <input type=radio name=ruletimertype value=0";
if ( $ruletimertype == 0 ) { echo " checked "; }
echo ">None ";
echo "<input type=radio name=ruletimertype value=1";
if ( $ruletimertype == 1 ) { echo " checked "; }
echo ">Suspend ";
echo "<input type=radio name=ruletimertype value=2";
if ( $ruletimertype == 2 ) { echo " checked "; }
echo ">Delete & Suspend ";
echo "<input type=radio name=ruletimertype value=3";
if ( $ruletimertype == 3 ) { echo " checked "; }
echo ">Specified Suspend</B></TD></TR>\n";
echo "<TR><TD COLSPAN=3><B>Rule Start:<BR>Time: ";
hourdropdown("rulestarthour",0,0,0,1,$rulestarthour) ;
echo ":" ;
minutedropdown("rulestartminute",0,0,0,1,$rulestartminute) ;
echo "<BR>Date: ";
monthdropdown("rulestartmonth",0,0,0,1,$rulestartmonth);
echo "/";
daydropdown("rulestartday",0,0,0,1,$rulestartday);
echo "/";
yeardropdown("rulestartyear",0,0,0,1,$rulestartyear);
echo "</TD><TD COLSPAN=4><B>Rule End:<BR>Time: ";
hourdropdown("rulestophour",0,0,0,1,$rulestophour) ;
echo ":" ;
minutedropdown("rulestopminute",0,0,0,1,$rulestopminute) ;
echo "<BR>Date: ";
monthdropdown("rulestopmonth",0,0,0,1,$rulestopmonth);
echo "/";
daydropdown("rulestopday",0,0,0,1,$rulestopday);
echo "/";
yeardropdown("rulestopyear",0,0,0,1,$rulestopyear);
echo "</B></TD></TR><TR><TD COLSPAN=7><B>";
dayofweekboxes("ruledaysofweek",0,0,0,$ruledaysofweek) . "\n";
closeform();
echo "</B></TD></TR>\n";
echo "</TABLE>\n";
if ( numdenials($dbsocket,1,$id) ) {
/* This section is for handling denial rules */
$SQLQuery="select * from Syslog_TRuleDeny where TRule_ID=$id order by TRuleDeny_ID" ;
$DenySQLQueryResults=pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$DenySQLNumRows = pg_numrows($DenySQLQueryResults);
if ( $DenySQLNumRows ) {
for ( $denyloop=0 ; $denyloop != $DenySQLNumRows ; $denyloop++ ) {
$DenySQLQueryResultsObject = pg_fetch_object($DenySQLQueryResults,$denyloop) or
die(pg_errormessage()."<BR>\n");
$denyid=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_id));
$denyexp=pgdatatrim($DenySQLQueryResultsObject->truledeny_expression);
$denystartfacility=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_startfacility));
$denystopfacility=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_stopfacility));
$denystartseverity=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_startseverity));
$denystopseverity=stripslashes(pgdatatrim($DenySQLQueryResultsObject->truledeny_stopseverity));
echo "<TABLE BORDER=1 COLUMNS=2 BGCOLOR=#BBBBBB></TR><TD><B><FONT COLOR=#FF0000>DENIAL ID: $denyid </B></FONT></TD><TD ALIGN=RIGHT>";
openform("rule.php","post",2,0,0);
formsubmit("Save",3,1,0);
formsubmit("Delete",3,1,0);
formreset("Reset",3,1,0);
echo "</TD></TR>\n";
formfield("denyid","Hidden",3,1,0,10,10,$denyid);
formfield("hostid","Hidden",3,1,0,10,10,$hostid);
formfield("ruletype","Hidden",3,1,0,10,10,2);
formfield("ruleid","Hidden",3,1,0,10,10,$id);
formfield("subaction","Hidden",3,1,0,10,10,"ruledeny");
echo "<TR><TD COLSPAN=2>";
echo "Expression: ";
formfield("denyexp","text",3,1,1,60,80,$denyexp);
echo "</TD></TR><TR><TD>Facility Range: ";
facilitydropdown("denystartfacility",1,0,0,1,$denystartfacility);
echo " to ";
facilitydropdown("denystopfacility",1,1,1,1,$denystopfacility);
echo "</TD><TD>Severity Range: ";
severitydropdown("denystartseverity",1,0,0,1,$denystartseverity);
echo " to ";
severitydropdown("denystopseverity",1,1,1,1,$denystopseverity);
echo "</TD></TR>";
closeform();
echo "</TD></TR>";
echo "</TABLE>\n";
}
echo "<BR>\n";
}
pg_freeresult($DenySQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
}
$endtime=time();
echo "<BR>Page loaded in " . ($endtime - $begintime) . " seconds.<BR>\n";
do_footer();
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
php?>

1
html/runlog.txt Normal file
View file

@ -0,0 +1 @@

5
html/scripts/bin/analyzetsyslog Normal file
View file

@ -0,0 +1,5 @@
#!/bin/tcsh
#$Id$
set file=`ls -t /tmp/webresults.html.* | tail -n 1`
setenv REMOTE_USER msyslog
/opt/apache/htdocs/login/smt/scripts/php/vacuumtsyslog.php >& $file

8
html/scripts/bin/archivelogs Executable file
View file

@ -0,0 +1,8 @@
#!/bin/tcsh
#$Id$
set currentlog="/tmp/smt.log.`date +"%y%m%d"`"
touch $currentlog
chown root.users $currentlog
chmod 640 $currentlog
setenv REMOTE_USER msyslog
/var/www/html/scripts/php/archive.php

5
html/scripts/bin/autovac Normal file
View file

@ -0,0 +1,5 @@
#!/bin/tcsh
#$Id$
set file=`ls -t /tmp/webresults.html.* | tail -n 1`
setenv REMOTE_USER msyslog
/opt/apache/htdocs/login/smt/scripts/php/autovac.php >& $file

28
html/scripts/bin/convertlogtosyslog Normal file
View file

@ -0,0 +1,28 @@
#!/bin/tcsh
#$Id$
set loop=0
set host=$2
if ( ! -e $1 ) then
exit
endif
set count=`wc -l $1 | tr -s " " "\t" | cut -f2`
while ( $loop != $count )
set loop=`expr $loop + 1`
set results=`getline $1 $loop | tr -s " " "\t" | cut -f3,5-`
set msgtime=`echo $results | tr -s " " "\t" | cut -f1`
set message=`echo $results | tr -s " " "\t" | cut -f2- | tr "\t" " "`
echo "insert into TSyslog (facility,severity,date,time,host,message) values (4,21,'8/31/2002','$msgtime','$host','$message');"
end
exit
CREATE TABLE TSyslog (
TSyslog_ID bigserial UNIQUE NOT NULL PRIMARY KEY,
facility integer,
severity integer,
date date,
time time,
host varchar(128),
message text
)\g

12
html/scripts/bin/createtmpoutputfiles Normal file
View file

@ -0,0 +1,12 @@
#!/bin/tcsh
#$Id$
# this script can be used to create output files in /tmp so expirelogs.php and processlogs.php
# can both have their debug output saved to disk
set loop=0
while ( $loop != 5 )
set loop=`expr $loop + 1`
cp /dev/null /tmp/webresults.html.$loop
chmod 640 /tmp/webresults.html.$loop
chown root.users /tmp/webresults.html.$loop
end

5
html/scripts/bin/expirelogs Normal file
View file

@ -0,0 +1,5 @@
#!/bin/tcsh
#$Id$
set file=`ls -t /tmp/webresults.html.* | tail -n 1`
setenv REMOTE_USER msyslog
/opt/apache/htdocs/login/smt/scripts/php/expire.php >& $file

8
html/scripts/bin/logbreakout Normal file
View file

@ -0,0 +1,8 @@
#!/bin/tcsh
#$Id$
set hosts=`cat $1 | tr -s " " "\t" | cut -f4 | sort -u`
foreach host ( $hosts )
echo -n "Host: $host "
set results=`egrep " $host " $1 | wc | tr -s " " "\t" | cut -f 2,4`
echo "Lines: $results[1] Bytes: $results[2]"
end

5
html/scripts/bin/nightlyroguecheck Executable file
View file

@ -0,0 +1,5 @@
#!/bin/tcsh
#$Id$
set file=`ls -t /tmp/webresults.html.* | tail -n 1`
setenv REMOTE_USER msyslog
php /var/www/html/scripts/php/nightlyroguecheck.php >& $file

7
html/scripts/bin/pgsqlhealth Normal file
View file

@ -0,0 +1,7 @@
#!/bin/tcsh
#$Id$
set file=/tmp/pgsqlhealthcheck.$$
pgsqllogin >& $file
set results=`grep ^'TSyslog=>' $file | wc -l | tr -s " " "\t" | cut -f2`
echo $results
rm -f $file

7
html/scripts/bin/pgsqllogin Normal file
View file

@ -0,0 +1,7 @@
#!/usr/bin/expect -f
#$Id$
spawn su - postgres -c "/usr/pgsql/bin/psql -U msyslog TSyslog"
expect assword
send "31xrmfOH\n"
expect "TSyslog=>"
send "\q"

4
html/scripts/bin/processlogs Executable file
View file

@ -0,0 +1,4 @@
#!/bin/tcsh
#$Id$
setenv REMOTE_USER msyslog
php /var/www/html/scripts/php/processlogs.php >& /tmp/webresults.1

3
html/scripts/bin/rebuild.php Normal file
View file

@ -0,0 +1,3 @@
#!/bin/tcsh
#$Id$
./configure --prefix=/usr --sysconfdir=/usr/php/conf --with-config-file-path=/usr/php/conf --with-safe-mode --enable-calendar --enable-memory-limit --enable-debug --with-pgsql=/usr/pgsql --with-gd --with-snmp --with-openssl --with-png-dir=/usr/lib --with-zlib-dir=/usr/lib --enable-cli --without-mysql

5
html/scripts/bin/vacuumdb Normal file
View file

@ -0,0 +1,5 @@
#!/bin/tcsh
#$Id$
set file=`ls -t /tmp/webresults.html.* | tail -n 1`
setenv REMOTE_USER msyslog
/opt/apache/htdocs/login/smt/scripts/php/vacuumdb.php >& $file

5
html/scripts/bin/vacuumtsyslog Normal file
View file

@ -0,0 +1,5 @@
#!/bin/tcsh
#$Id$
set file=`ls -t /tmp/webresults.html.* | tail -n 1`
setenv REMOTE_USER msyslog
/opt/apache/htdocs/login/smt/scripts/php/vacuumtsyslog.php >& $file

6
html/scripts/bin/weeklyindexrebuild Normal file
View file

@ -0,0 +1,6 @@
#!/bin/tcsh
#$Id$
set file=`ls -t /tmp/webresults.html.* | tail -n 1`
setenv REMOTE_USER msyslog
/opt/apache/htdocs/login/smt/scripts/php/weeklyindexrebuild.php
#>& $file

24
html/scripts/crontab/root Normal file
View file

@ -0,0 +1,24 @@
#$Id$
#batch process logs every five minutes
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /opt/apache/htdocs/login/smt/scripts/bin/processlogs
#Full-vacuum the TSyslog table if it is less than 10 megs in size or vacuum if the table is 20 megs or less
3,8,13,18,23,28,33,38,43,48,53,58 * * * * /opt/apache/htdocs/login/smt/scripts/bin/autovac
#expire old logs once a day
6 0 * * * /opt/apache/htdocs/login/smt/scripts/bin/expirelogs
#check for hosts who log to this box but are not setup
2 23 * * * /opt/apache/htdocs/login/smt/scripts/bin/nightlyroguecheck
#re-optimize the db at 4am, this recovers deleted space but leaves it allocated on the disk
#2 1 * * * /opt/apache/htdocs/login/smt/scripts/bin/vacuumdb
2 3 * * * /opt/apache/htdocs/login/smt/scripts/bin/vacuumdb
#rebuild & clean up all indexes at 3am sunday morning
3 3 * * sun /opt/apache/htdocs/login/smt/scripts/bin/weeklyindexrebuild
#every hour re-analyze the whole DB
59 * * * * /opt/apache/htdocs/login/smt/scripts/bin/analyze

42
html/scripts/php/analyzetsyslog.php Executable file
View file

@ -0,0 +1,42 @@
#!/usr/bin/php
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$SQLQuery="ANALYZE TSyslog;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

64
html/scripts/php/archive.php Executable file
View file

@ -0,0 +1,64 @@
#!/opt/bin/php
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$date=date("M-d-Y",(time() - 86400));
$SQLQuery="select TSyslog.TSyslog_ID,TSyslog.host,TSyslog.date,TSyslog.time,TSyslog.message,TSyslog.Facility,TSyslog.Severity" .
" from TSyslog,Syslog_TProcess,Syslog_TProcessorProfile where ( " .
" ( Syslog_TProcess.TProcess_Host=TSyslog.host )" .
" and ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and " .
" ( TSyslog.host=Syslog_TProcessorProfile.TProcessorProfile_Host) and ( TSyslog.date = '$date' ) ) order by host,date,time,TSyslog_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows != 0 ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id));
$date=stripslashes(pgdatatrim($SQLQueryResultsObject->date));
$time=stripslashes(pgdatatrim($SQLQueryResultsObject->time));
$host=stripslashes(pgdatatrim($SQLQueryResultsObject->host));
$message=stripslashes(pgdatatrim($SQLQueryResultsObject->message));
$vseverity=verboseseverity(stripslashes(pgdatatrim($SQLQueryResultsObject->severity)));
$vfacility=verbosefacility(stripslashes(pgdatatrim($SQLQueryResultsObject->facility)));
echo "$date $time $host $vfacility $vseverity $message\n";
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

86
html/scripts/php/autovac.php Executable file
View file

@ -0,0 +1,86 @@
#!/opt/bin/php
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$reindex='reindex index tsyslog_pkey; reindex index host_idx; reindex index tsyslhostid_idx;reindex index tsyslogdatetime_idx; analyze tsyslog;';
$starttime=time();
$output=pgdatatrim(shell_exec('/usr/bin/uptime | /usr/bin/tr -s " ," "\t" | /bin/cut -f11'));
$endtime=time();
$SQLQuery="SELECT (relpages*8192) as size FROM pg_class where relname='tsyslog' ORDER BY relpages";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$size=$SQLQueryResultsObject->size;
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
echo "Load: $output Size: $size\n";
$starttime=time();
if ( ( strval($output) < 3.5 ) && ( ($endtime - $starttime) < 3 ) ) {
if ( ( $size < 60000000 ) && ( $size > 50000000 ) ) {
echo "Vacuum Size: $size Load: $output\n";
$SQLQuery="vacuum analyze tsyslog;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
if ( $size <= 50000000 ) {
echo "Vacuum Full Size: $size Load: $output\n";
$SQLQuery="vacuum full analyze tsyslog; $reindex;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
if ( $size > 20000000 ) {
echo "Size: $size Load: $output\n";
}
} else {
echo "Size: $size Load: $output\n";
}
$endtime=time();
echo "Autovac operation took " . ($endtime - $starttime) . " seconds.\n";
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

130
html/scripts/php/expire.php Executable file
View file

@ -0,0 +1,130 @@
#!/usr/bin/php -q
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,'msyslog');
$APP_ID=sec_appnametoid($sec_dbsocket,'SyslogOp');
if ( ! sec_accessallowed($sec_dbsocket,$REMOTE_ID,$APP_ID) ) {
dbdisconnect($sec_dbsocket);
echo "Access Denined\n";
exit;
}
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
echo "Access Denined\n";
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$HeaderText="";
$FooterText="";
$PageTitle="";
$SQLQuery="select * from Syslog_THost";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
$count=$SQLNumRows;
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$alertexpire[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_alertexpire));
$logexpire[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_logexpire));
$hosts[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_host));
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
if ( $count ) {
for ( $loop = 0 ; $loop != $count ; $loop++ ) {
$dropdate=date("M-d-Y",(time() - $alertexpire[$loop]));
if ( $alertexpire[$loop] != 0 ) {
$SQLQuery="begin;delete from Syslog_TAlert where TAlert_Date <= '$dropdate' and Syslog_TAlert.TSyslog_ID=Syslog_TArchive.TSyslog_ID and Syslog_TArchive.host='$hosts[$loop]';commit;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
$dropdate=date("M-d-Y",(time() - $logexpire[$loop]));
if ( $logexpire[$loop] != 0 ) {
$SQLQuery = "select * from Syslog_TArchive where date <= '$dropdate' and host='$hosts[$loop]';";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$count2 = pg_numrows($SQLQueryResults);
if ($count2 > 0) {
$mydate = date("d-M-y", time());
$handle = fopen($archivedir.'/LogArchive-'.$mydate.'.smt', "a") or
die("Failed To open Archive File\n");
for ( $myloop = 0 ; $myloop != $count2 ; $myloop++) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$myloop) or
die(pg_errormessage()."<BR>\n");
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id));
$date=stripslashes(pgdatatrim($SQLQueryResultsObject->date));
$time=stripslashes(pgdatatrim($SQLQueryResultsObject->time));
$host=stripslashes(pgdatatrim($SQLQueryResultsObject->host));
$message=stripslashes(pgdatatrim($SQLQueryResultsObject->message));
$vseverity=verboseseverity(stripslashes(pgdatatrim($SQLQueryResultsObject->severity)));
$vfacility=verbosefacility(stripslashes(pgdatatrim($SQLQueryResultsObject->facility)));
fwrite($handle, "$date $time $host $vfacility $vseverity $message\n");
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
$SQLQuery="begin;delete from Syslog_TArchive where date <= '$dropdate' and host='$hosts[$loop]';commit;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
}
}
}
if ($handle) {
fclose($handle);
$cmd = "md5sum ".$archivedir."/LogArchive-".$mydate.".smt";
$md5log = $archivedir."/MD5ChkSum-".$mydate.".txt";
$handle = fopen($md5log, "a");
@fwrite($handle, @system(escapeshellcmd($cmd))."\n");
fclose($handle);
}
$dropdate=date("M-d-Y",(time()));
$SQLQuery="begin;delete from Syslog_TSaveData where Syslog_TSaveData.TSave_ID=Syslog_TSave.TSave_ID and Syslog_TSave.TSave_ExpireDate <= '$dropdate';commit;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLQuery="begin;delete from Syslog_TSave where Syslog_TSave.TSave_ExpireDate <= '$dropdate';commit;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

60
html/scripts/php/nightlyroguecheck.php Executable file
View file

@ -0,0 +1,60 @@
#!/usr/bin/php -q
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,'msyslog');
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$month=date("M",(time()-86400));
$day=date("d",(time()-86400));
$year=date("Y",(time()-86400));
$date="$month-$day-$year";
$SQLQuery="select distinct host from TSyslog where date >= '$date' except select THost_Host as host from Syslog_THost union select distinct host from Syslog_TArchive where date >= '$date' except select THost_Host as host from Syslog_THost";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
$hosttext="The following hosts are logging to SMT but are not defined:\n\r";
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$hosttext=$hosttext . stripslashes(pgdatatrim($SQLQueryResultsObject->host)) . "\n\r" ;
}
echo $hosttext;
mail(WARNINGADDRESS,"SMT Rogue Warning",$hosttext);
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

564
html/scripts/php/processlogs.php Executable file
View file

@ -0,0 +1,564 @@
#!/opt/bin/php
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
echo "Authenticated\n";
if ( idexist($dbsocket,"Syslog_TSuspend","TLogin_ID",$REMOTE_ID) ) {
echo "Processor Suspended! Quitting....\n";
dbdisconnect($dbsocket);
dbdisconnect($sec_dbsocket);
exit;
}
if ( ($testmailid = ismailopen($dbsocket,$REMOTE_ID)) ) {
echo "Found what appears to be a stale connection.\n";
$maildate=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TMail","TMail_Date","TMail_ID=$testmailid")));
$mailtime=stripslashes(pgdatatrim(relatedata($dbsocket,"Syslog_TMail","TMail_Time","TMail_ID=$testmailid")));
$testhour=substr($mailtime,0,2);
$testminute=substr($mailtime,3,2);
$testsecond=substr($mailtime,6,2);
$testmonth=substr($maildate,5,2);
$testday=substr($maildate,8,2);
$testyear=substr($maildate,0,4);
$mailunixtime=mktime($testhour,$testminute,$testsecond,$testmonth,$testday,$testyear);
$currentunixtime=time();
if ( ( $currentunixtime - $mailunixtime ) > 3600 ) {
mail(WARNINGADDRESS,"SMT WARNING: Stale or Overrun Processor","SMT Processor: $REMOTE_ID\nThe SMT system cannot process logs at the moment.\nThis could be caused by one of three things:\n1. Regularlary scheduled maintenance is keeping the database busy afterwhich you should not longer see this warning.\n2. The log processor crashed and will require manual fixing.\n3. The overall load of the box is too great and may need to be resized.\n\nPlease see the appropriate support documentation to help determine which of these three it is.\n\nSincerely, SMT-Auto Message");
}
dbdisconnect($dbsocket);
dbdisconnect($sec_dbsocket);
exit;
} else {
echo "No stale data, proceeding.\n";
$maildate=date("M-d-Y",time());
$mailtime=date("G:i:s",time());
$mailid=openmail($dbsocket,$maildate,$mailtime,$REMOTE_ID);
}
$SQLQuery="select Syslog_THost.THost_ID,Syslog_THost.THost_Rate,Syslog_THost.THost_Host from Syslog_THost,syslog_tprocessorprofile where ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and ( Syslog_TProcessorProfile.THost_ID=Syslog_THost.THost_ID ) and ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID )";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
$numhosts=0;
if ( $SQLNumRows > 0 ) {
$numhosts = $SQLNumRows;
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."\n");
$hostname[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_host));
$hostnameids[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_id));
$hostrate[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_rate));
if ( $hostrate[$loop] < 100 ) { $hostrate[$loop] = 100; }
}
}
echo "Building host rule cache\n";
$SQLQuery="select TRule_ID,TRule_LogAlert,TRule_Email,TRule_Expression,TRule_Desc,TRule_RuleOrLevel,TRule_StartFacility," .
"TRule_StopFacility,TRule_StartSeverity,TRule_StopSeverity,Syslog_THost.THost_Host,Syslog_THost.THost_ID,Syslog_TRule.TLaunch_ID,TRule_Threshold,TRule_ThresholdType,TRule_StartTime,TRule_EndTime," .
"TRule_TimerType,TRule_DaysofWeek from Syslog_TRule,Syslog_TProcessorProfile,Syslog_THost where ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and " .
"( Syslog_TProcessorProfile.THost_ID=Syslog_TRule.THost_ID ) and ( Syslog_TRule.THost_ID=Syslog_THost.THost_ID) order by THost_Host,TRule_ID";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
echo "Found $SQLNumRows rules\n";
$NumRules=$SQLNumRows;
$ruleemailcount="";
if ( $SQLNumRows > 0 ) {
$workhost="";
$numrules=$SQLNumRows;
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."\n");
$temphost=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_host));
$temphostids=stripslashes(pgdatatrim($SQLQueryResultsObject->thost_id));
if ( $workhost != $temphost ) {
$workhost = $temphost;
echo "$numhosts Host: $temphost\n";
for ( $hostloop = 0 ; $hostloop != count($hostname) ; $hostloop++ ) {
if ( $hostname[$hostloop] == $workhost ) { $workhostid=$hostloop; }
}
$toprule[$workhostid]=$loop;
$bottomrule[$workhostid]=$loop;
$hostprocid[$workhostid]=0;
$hosttotalproc[$workhostid]=0;
} else { $bottomrule[$workhostid]=$loop; }
$ruleid[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_id));
$rulelogalert[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_logalert));
$ruleemail[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_email));
$ruleemailcount1 = array ( $ruleemail[$loop] => 0 );
$ruleemailcount=array_merge($ruleemailcount,$ruleemailcount1);
$ruleexpression[$loop]=pgdatatrim($SQLQueryResultsObject->trule_expression);
$ruledesc[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_desc));
$ruleruleorlevel[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_ruleorlevel));
$rulestartfacility[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startfacility));
$rulestopfacility[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopfacility));
$rulestartseverity[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_startseverity));
$rulestopseverity[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_stopseverity));
$rulehost[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->host));
$rulelaunchid[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->tlaunch_id));
$rulethreshold[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_threshold));
$rulethresholdtype[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_thresholdtype));
$rulethresholdcount[$loop]=0;
$rulestarttime[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_starttime));
$ruleendtime[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_endtime));
$ruletimertype[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_timertype));
$ruledaysofweek[$loop]=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_daysofweek));
$ruledenytop[$loop]=="";
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "\n");
echo "Loading denial rules\n";
$SQLQuery="select syslog_truledeny.truledeny_expression,syslog_truledeny.truledeny_startfacility," .
"syslog_truledeny.truledeny_stopfacility,syslog_truledeny.truledeny_startseverity," .
"syslog_truledeny.truledeny_stopseverity,syslog_truledeny.trule_id from Syslog_TRule," .
"Syslog_TProcessorProfile,Syslog_TRuleDeny where " .
"( Syslog_TProcessorProfile.THost_ID=Syslog_TRule.THost_ID ) and " .
"( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and " .
"( Syslog_TRule.TRule_ID=Syslog_TRuleDeny.TRule_ID ) order by syslog_truledeny.trule_id";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
echo "Found $SQLNumRows deny rules\n";
if ( $SQLNumRows > 0 ) {
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."\n");
$newid=stripslashes(pgdatatrim($SQLQueryResultsObject->trule_id));
if ( $ruledenytop[$newid] == "" ) {
echo "Rule ID: $newid start deny ID: " . $loop+1 . "\n";
$ruledenytop[$newid]=$loop+1;
}
$ruledenybottom[$newid]=$loop+1;
$ruledenyexp[$loop+1]=pgdatatrim($SQLQueryResultsObject->truledeny_expression);
echo $loop+1 . " Deny Rule Expression: " . $ruledenyexp[$loop+1] . "\n";
$ruledenystartfacility[$loop+1]=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_startfacility));
$ruledenystopfacility[$loop+1]=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_stopfacility));
$ruledenystartseverity[$loop+1]=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_startseverity));
$ruledenystopseverity[$loop+1]=stripslashes(pgdatatrim($SQLQueryResultsObject->truledeny_stopseverity));
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "\n");
$SQLQuery="select distinct on ( host, TSyslog_ID ) TSyslog.TSyslog_ID, TSyslog.host, TSyslog.date, TSyslog.time, TSyslog.message" .
", TSyslog.severity, TSyslog.facility from TSyslog,syslog_thost,Syslog_TProcess,Syslog_TProcessorProfile where ( " .
"( TSyslog_ID > Syslog_TProcess.TProcess_ID ) and ( Syslog_TProcess.THost_ID = Syslog_THost.THost_ID ) and " .
"( Syslog_THost.THost_Host = TSyslog.host ) and ( Syslog_TProcessorProfile.TLogin_ID=$REMOTE_ID ) and " .
" ( TSyslog.host = Syslog_THost.THost_Host ) and ( Syslog_TProcessorProfile.THost_ID = Syslog_THost.THost_ID ) ) order by host, TSyslog_ID";
echo "SQL Query: $SQLQuery<BR>\n";
echo "Grabbing Syslog data...";
$begintime=time();
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
$SyslogRows = $SQLNumRows;
if ( $SQLNumRows == 0 ) {
echo "Done.\n Found $SQLNumRows rows.\n";
closeopenmail($dbsocket,$mailid);
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "\n");
dbdisconnect($dbsocket);
dbdisconnect($sec_dbsocket);
exit;
}
echo "Done.\n Found $SQLNumRows rows.\n";
$endtime=time();
if ( ($endtime - $begintime) != 0 ) {
echo "Data loaded in " . ($endtime - $begintime) . " seconds. " . ( $SQLNumRows / ($endtime - $begintime) ) . " rows/sec\n";
} else {
echo "Data loaded in 0 seconds. Loaded $SQLNumRows.\n";
}
$begintime=time();
$email=0;
$alert=0;
$workhost="";
$rulehostid="";
$archivecommit="begin; ";
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."\n");
$globalalert=0;
$globalmatchedexpression="";
$globalid=0;
$id=stripslashes(pgdatatrim($SQLQueryResultsObject->tsyslog_id));
$date=stripslashes(pgdatatrim($SQLQueryResultsObject->date));
$time=stripslashes(pgdatatrim($SQLQueryResultsObject->time));
$host=stripslashes(pgdatatrim($SQLQueryResultsObject->host));
$message=pgdatatrim($SQLQueryResultsObject->message);
$severity=pgdatatrim($SQLQueryResultsObject->severity);
$facility=pgdatatrim($SQLQueryResultsObject->facility);
if ( strlen($archivecommit) < 64000 ) {
$tempmessage=str_replace("\\", "\\\\", $message);
$tempmessage=str_replace("'", "''", $tempmessage);
$archivecommit = $archivecommit . " insert into Syslog_TArchive values ($id,$facility,$severity,'$date','$time','$host','$tempmessage'); ";
} else {
$archivecommit = $archivecommit . " commit; ";
echo "Committing data block: " . strlen($archivecommit) . " bytes. Row $loop of $SQLNumRows.\n";
$TempSQLQueryResults = pg_exec($dbsocket,$archivecommit) or
die(pg_errormessage()."\n");
pg_freeresult($TempSQLQueryResults) or
die(pg_errormessage() . "\n");
$archivecommit = "begin;";
}
if ( $workhost != $host ) {
echo "New Host: $host\n";
$workhost=$host;
$rulehostid="";
for ( $hostloop = 0 ; $hostloop != (count($hostname)) ; $hostloop++ ) {
if ( $hostname[$hostloop] == $host ) { $rulehostid=$hostloop; }
}
}
$email=0;
$alert=0;
$launch=0;
if ( strlen($toprule[$rulehostid]) > 0 ) {
$loop1=$toprule[$rulehostid];
while ( $loop1 <= $bottomrule[$rulehostid] ) {
$matchedrule=$ruleexpression[$loop1];
$ruleorlevel=$ruleruleorlevel[$loop1];
$startfacility=$rulestartfacility[$loop1];
$stopfacility=$rulestopfacility[$loop1];
$startseverity=$rulestartseverity[$loop1];
$stopseverity=$rulestopseverity[$loop1];
$logalerts=$rulelogalert[$loop1];
$emails=$ruleemail[$loop1];
$descs=$ruledesc[$loop1];
$launchid=$rulelaunchid[$loop1];
$timertype=$ruletimertype[$loop1];
$starttime=$rulestarttime[$loop1];
$endtime=$ruleendtime[$loop1];
$daysofweek=$ruledaysofweek[$loop1];
if ( $matchedrule != "" ) {
$regresults=ereg($matchedrule,$message);
} else {
$regresults=0;
}
/* $regresults=ereg($matchedrule,$message); */
$bounds=withinbounds($facility,$severity,$startfacility,$stopfacility,$startseverity,$stopseverity);
if ( ( ( $ruleorlevel == 1 ) && ( $regresults ) ) ||
( ( $ruleorlevel == 2 ) && ( $regresults ) && ( $bounds ) ) ||
( ( $ruleorlevel == 3 ) && ( $bounds ) ) ) {
$matchedexpression=$matchedrule;
if ( $logalerts ) { $alert= 1; }
if ( $launchid ) { $launch= 1; }
if ( $emails != "" ) {
$email=1;
$emailaddress=$emails;
$desc=$descs;
}
$postdate=date("M-d-Y",time());
$posttime=date("G:i:s",time());
}
/* convert date & time to obtain seconds since 1970 so that we may pass that to suppressruleresults */
$dateyear=substr($date,0,4);
$datemonth=substr($date,5,2);
$dateday=substr($date,8,2);
$timehour=substr($time,0,2);
$timeminute=substr($time,3,2);
$timesec=substr($time,6,2);
$timestamp=mktime($timehour,$timeminute,$timesec,$datemonth,$dateday,$dateyear);
if ( ( $alert ) || ( $email ) || ( $launch ) ) {
if ( supressruleresults($starttime,$endtime,$daysofweek,$timertype,$timestamp) ) {
$alert=0;
$email=0;
$launch=0;
}
}
if ( ( ( $alert ) || ( $email ) || ( $launch ) ) && ( ! supressruleresults($starttime,$endtime,$daysofweek,$timertype,$timestamp) ) ) {
$rid=$ruleid[$loop1];
if ( $rulethresholdtype[$loop1] ) {
$rulethresholdcount[$loop1]++;
}
if ( $ruledenytop[$rid] != "" ) {
$loop2=$ruledenytop[$rid];
while ( $loop2 <= $ruledenybottom[$rid] ) {
$bounds=withinbounds($facility,$severity,
$ruledenystartfacility[$loop2],
$ruledenystopfacility[$loop2],
$ruledenystartseverity[$loop2],
$ruledenystopseverity[$loop2]);
if ( $ruledenyexp[$loop2] != "" ) {
$denyresults=ereg($ruledenyexp[$loop2],$message);
} else {
$denyresults="";
}
if ( ( $bounds ) && ( $denyresults ) ) {
/* echo "Supressing $message matched by '$matchedrule' with Deny ID: $loop2\n"; */
$alert=0;
$email=0;
$launch=0;
$loop2=$ruledenybottom[$rid];
}
$loop2++;
}
}
echo "Type: $rulethresholdtype[$loop1] Count: $rulethresholdtype[$loop1]\n";
if ( ( ! $alert ) && ( ! $email ) && ( ! $launch ) && ( $rulethresholdtype[$loop1] ) ) {
echo "No alerts, no emails, no launch... decrementing\n";
$rulethresholdcount[$loop1]--;
}
if ( ( $rulethresholdcount[$loop1] != $rulethreshold[$loop1] ) && ( $rulethresholdtype[$loop1] == 2 ) ) {
$email=0;
$launch=0;
}
if ( ( $rulethresholdcount[$loop1] == $rulethreshold[$loop1] ) && ( $rulethresholdtype[$loop1] == 2 ) ) {
$desc=$desc . "\nThe rule matched $rulethreshold[$loop1] message(s).\n";
$rulethresholdcount[$loop1]=0;
}
if ( ( $rulethresholdcount[$loop1] == $rulethreshold[$loop1] ) && ( $rulethresholdtype[$loop1] == 1 ) ) {
$desc=$desc . "\nFurther rule hits will be supressed after this log entry. Supress after $rulethreshold[$loop1] match(es).\n";
}
if ( ( $rulethresholdcount[$loop1] > $rulethreshold[$loop1] ) && ( $rulethresholdtype[$loop1] == 1 ) && ( $rulethreshold[$loop1] > 0 ) ) {
$email=0;
$launch=0;
}
}
if ( $launch ) {
if ( ! launchassociated($dbsocket,$launchid,$id,$mailid) ) {
addlaunchdataentry($dbsocket,$launchid,$id,$mailid,$desc);
}
}
if ( $alert ) {
$globalalert=1;
$globalmatchedexpression=$matchedexpression;
$globalid=$id;
}
if ( $email ) {
if ( $ruleemailcount[$emailaddress] != $id ) {
echo "Last ID $emailaddress was emailed was $ruleemailcount[$emailaddress]\n";
addmail($dbsocket,$emailaddress,$mailid,$id,$desc);
$ruleemailcount[$emailaddress] = $id;
echo "$emailaddress processed $ruleemailcount[$emailaddress]\n";
}
}
$loop1++;
}
}
$hostprocid[$rulehostid]=$id;
$hosttotalproc[$rulehostid]=$hosttotalproc[$rulehostid] + 1;
if ( $globalalert ) {
echo "Adding Alert $globalid $loop\n";
addalert($dbsocket,$postdate,$posttime,$globalmatchedexpression,$globalid);
}
}
/* Commit the last set of logs over to the table */
echo "Committing data block: " . strlen($archivecommit) . " bytes\n";
$archivecommit = $archivecommit . " commit; ";
$TempSQLQueryResults = pg_exec($dbsocket,$archivecommit) or
die(pg_errormessage()."\n");
pg_freeresult($TempSQLQueryResults) or
die(pg_errormessage() . "\n");
$purgesyslogtable="begin; ";
echo "Host Count: " . count($hostname) . "\n";
for ( $hostloop = 0 ; $hostloop != (count($hostname)) ; $hostloop++ ) {
echo "$hostname[$hostloop] Total Lines Processed: $hosttotalproc[$hostloop] Last Entry: $hostprocid[$hostloop]\n";
if ( $hostprocid[$hostloop] != 0 ) {
echo "Updating $hostname[$hostloop]: $hostnameids[$hostloop]\n";
/* updateprocessid($dbsocket,$hostprocid[$hostloop],$hostnameids[$hostloop]); */
$purgesyslogtable = $purgesyslogtable . "update Syslog_TProcess set TProcess_ID=$hostprocid[$hostloop] where THost_ID='$hostnameids[$hostloop]'; ";
$purgesyslogtable = $purgesyslogtable . "delete from TSyslog where TSyslog_ID <= $hostprocid[$hostloop] and host='$hostname[$hostloop]'; ";
}
if ( $hosttotalproc[$hostloop] >= $hostrate[$hostloop] ) {
echo "Sending warning that $hostname[$hostloop] has sent $hosttotalproc[$hostloop] since last check\n";
mail(WARNINGADDRESS,"SMT WARNING: Log Rate Warning: $hostname[$hostloop]","$hostname[$hostloop] produced $hosttotalproc[$hostloop] log entries since last sample. Threshold set to $hostrate[$hostloop].\nPlease check host as this could be a sign of a serious problem.\n\nSincerely, SMT-Auto Message");
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "\n");
echo "Finished processing syslogs, switching to emails\n";
if ( numemailrecords($dbsocket,$mailid) ) {
$SQLQuery = "select distinct TEmail_Email from Syslog_TEmail where TMail_ID=$mailid";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."\n");
$clientemail=stripslashes(pgdatatrim($SQLQueryResultsObject->temail_email));
echo "Sending email to $clientemail\n";
$SQLQuery = "select TSyslog.TSyslog_ID,TSyslog.date,TSyslog.time,TSyslog.host,message,temail_desc from TSyslog,Syslog_TEmail where Syslog_TEmail.TEmail_Email='$clientemail' and TSyslog.TSyslog_ID=Syslog_TEmail.TSyslog_ID order by TSyslog.host,Syslog_TEmail.TSyslog_ID";
$EmailSQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$EmailSQLNumRows = pg_numrows($EmailSQLQueryResults);
$loghost="";
for ( $loop1 = 0 ; $loop1 != $EmailSQLNumRows ; $loop1++ ) {
$EmailSQLQueryResultsObject = pg_fetch_object($EmailSQLQueryResults,$loop1) or
die(pg_errormessage()."\n");
$logid=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->tsyslog_id));
$host=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->host));
$date=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->date));
$time=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->time));
$message=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->message));
$desc=stripslashes(pgdatatrim($EmailSQLQueryResultsObject->temail_desc));
if ( $loghost == "" ) {
$loghost=$host;
$deliverymessage="";
};
if ( $loghost != $host ) {
$results=mail($clientemail,"SMT Report: $loghost",$deliverymessage);
$deliverymessage="";
$loghost=$host;
}
$deliverymessage=$deliverymessage . "$date $time $host $logid $message\nProblem Description/Resolution: $desc\n";
}
pg_freeresult($EmailSQLQueryResults) or
die(pg_errormessage() . "\n");
if ( $EmailSQLNumRows > 0 ) {
$results=mail($clientemail,"SMT Report: $host",$deliverymessage);
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "\n");
}
echo "Cleaning up email\n";
cleanemail($dbsocket,$mailid);
/* Delete mail that would have been sent, equivalent to a mail queue */
echo "Finished emails, switching to launch section\n";
if ( numlaunchrecords($dbsocket,$mailid) ) {
$SQLQuery = "select distinct TLaunch_ID from Syslog_TLaunchQueue where TMail_ID=$mailid";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
for ( $loop = 0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."\n");
$launchid=stripslashes(pgdatatrim($SQLQueryResultsObject->tlaunch_id));
$execprogram=relatedata($dbsocket,"Syslog_TLaunch","TLaunch_Program","TLaunch_ID=$launchid");
echo "Going to launch '$execprogram'.";
$SQLQuery = "select TSyslog.TSyslog_ID,TSyslog.date,TSyslog.time,TSyslog.host,message,TLaunchQueue_Desc from TSyslog,Syslog_TLaunchQueue where Syslog_TLaunchQueue.TLaunch_ID='$launchid' and TSyslog.TSyslog_ID=Syslog_TLaunchQueue.TSyslog_ID order by TSyslog.host,Syslog_TLaunchQueue.TSyslog_ID";
$LaunchSQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."\n");
$LaunchSQLNumRows = pg_numrows($LaunchSQLQueryResults);
$loghost="";
for ( $loop1 = 0 ; $loop1 != $LaunchSQLNumRows ; $loop1++ ) {
$LaunchSQLQueryResultsObject = pg_fetch_object($LaunchSQLQueryResults,$loop1) or
die(pg_errormessage()."\n");
$logid=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->tsyslog_id));
$host=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->host));
$date=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->date));
$time=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->time));
$message=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->message));
$desc=stripslashes(pgdatatrim($LaunchSQLQueryResultsObject->tlaunchqueue_desc));
if ( $loghost == "" ) {
$loghost=$host;
$deliverymessage="Target Host: $host\n";
$file="/tmp/launchprogram." . rand(0,262144) . "." . rand(0,262144);
$fd = fopen ("$file", "w+");
};
if ( $loghost != $host ) {
fwrite ( $fd, $deliverymessage , strlen($deliverymessage));
fclose($fd);
exec("$execprogram $file");
$deliverymessage="Target Host: $host\n";
$loghost=$host;
$file="/tmp/launchprogram." . rand(0,262144) . "." . rand(0,262144);
$fd = fopen ("$file", "w+");
}
$deliverymessage=$deliverymessage . "$date $time $host $logid $message\nProblem Description/Resolution: $desc\n";
}
pg_freeresult($LaunchSQLQueryResults) or
die(pg_errormessage() . "\n");
fwrite ( $fd, $deliverymessage , strlen($deliverymessage));
fclose($fd);
exec("$execprogram $file");
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "\n");
}
echo "Cleaning up launched programs\n";
clearlaunchqueue($dbsocket,$mailid);
/* Time to finally delete the log messages in the TSyslog table that we are done with. */
/* Note that the system tries to process this as a whole 'delete' transaction. If it fails, */
/* the logs will be kept in even though the system is finished. This will cause problems if the */
/* system attempts to rerun */
$endtime=time();
if ( ($endtime - $begintime) != 0 ) {
echo "Page loaded in " . ($endtime - $begintime) . " seconds. " . ($SyslogRows / ($endtime - $begintime) ) . " rows/sec\n";
} else {
echo "Page loaded in " . ($endtime - $begintime) . " seconds. $SyslogRows rows/sec\n";
}
echo "Purging TSyslog table\n";
$purgebegintime=time();
$purgesyslogtable = $purgesyslogtable . "commit;";
echo "SQL Query: $purgesyslogtable<BR>\n";
$SQLQueryResults = pg_exec($dbsocket,$purgesyslogtable) or
die(pg_errormessage()."\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "\n");
$purgeendtime=time();
if ( ($purgeendtime - $purgebegintime) != 0 ) {
echo "Data purged @ " . ($purgeendtime - $purgebegintime) . " seconds. " . ($SyslogRows / ($purgeendtime - $purgebegintime) ) . " rows/sec\n";
} else {
echo "Data purged @ " . ($purgeendtime - $purgebegintime) . " seconds. $SyslogRows rows/sec\n";
}
clearlaunchqueue($dbsocket,$testmailid);
closeopenmail($dbsocket,$mailid);
echo "Finished cleaning up email\n";
dbdisconnect($dbsocket);
dbdisconnect($sec_dbsocket);
%>

48
html/scripts/php/vacuumdb.php Executable file
View file

@ -0,0 +1,48 @@
#!/opt/bin/php
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$SQLQuery="vacuum ANALYZE ; VACUUM FULL ANALYZE TSyslog; reindex index tsyslog_pkey ; reindex index host_Idx ;reindex index TSyslogDateTime_IDX ; reindex index TSyslHostID_Idx ;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
$SQLQuery="vacuum ANALYZE;";
$SQLQueryResults = pg_exec($sec_dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
%>

47
html/scripts/php/vacuumtsyslog.php Executable file
View file

@ -0,0 +1,47 @@
#!/opt/bin/php
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$begintime=time();
$SQLQuery="ANALYZE TSyslog;";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
$endtime=time();
echo "Analyze TSyslog done in " . ($endtime - $begintime) . " seconds. " ;
%>

62
html/scripts/php/weeklyindexrebuild.php Executable file
View file

@ -0,0 +1,62 @@
#!/opt/bin/php
<%
/*=============================================================================
* $Id$
*
* Copyright 2004 Jeremy Guthrie smt@dangermen.com
*
* This is free software; you can redistribute it and/or modify
* it under the terms of version 2 only of the GNU General Public License as
* published by the Free Software Foundation.
*
* It is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
=============================================================================*/
require_once('../../config.php');
$sec_dbsocket=sec_dbconnect();
$REMOTE_ID=sec_usernametoid($sec_dbsocket,$REMOTE_USER);
$GROUP_ID=sec_groupnametoid($sec_dbsocket,'Syslog msyslog');
if ( ! sec_groupmember($sec_dbsocket,$REMOTE_ID,$GROUP_ID) ) {
dbdisconnect($sec_dbsocket);
exit;
}
$dbsocket= dbconnect(SMACDB,"msyslog",SMACPASS);
$begintime=time();
$SQLQuery="select indexrelname from pg_statio_all_indexes where pg_statio_all_indexes.schemaname='public' order by indexrelname";
$SQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
$SQLNumRows = pg_numrows($SQLQueryResults);
if ( $SQLNumRows ) {
for ( $loop=0 ; $loop != $SQLNumRows ; $loop++ ) {
$SQLQueryResultsObject = pg_fetch_object($SQLQueryResults,$loop) or
die(pg_errormessage()."<BR>\n");
$starttime=time();
$SQLQuery="reindex index $SQLQueryResultsObject->indexrelname;";
$TempSQLQueryResults = pg_exec($dbsocket,$SQLQuery) or
die(pg_errormessage()."<BR>\n");
pg_freeresult($TempSQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
$endtime=time();
echo "Reindex of $SQLQueryResultsObject->indexrelname done in " . ($endtime - $starttime) . " seconds.\n " ;
}
}
pg_freeresult($SQLQueryResults) or
die(pg_errormessage() . "<BR>\n");
dbdisconnect($sec_dbsocket);
dbdisconnect($dbsocket);
$endtime=time();
echo "Reindex of entire database done in " . ($endtime - $begintime) . " seconds.\n " ;
%>

Some files were not shown because too many files have changed in this diff Show more