tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 18:59:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added initial version of a new free report for consolidating Windows Eventlog Logon / Logoff events

Browse Source
This commit is contained in:
Andre Lorbach 2011-12-02 17:07:45 +01:00
parent 267796b408
commit 350e893f6a
6 changed files with 1377 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/classes/html2fpdf/fpdf.php
View File

@ -1171,7 +1171,10 @@ function WriteFlowingBlock( $s , $outofblock = false )
case 'J':
foreach ( $content as $k => $chunk )
{
// BEGIN FIX BY ANDRE
if ( isset($font[ $k ]) )
$this->restoreFont( $font[ $k ] );
// END FIX BY ANDRE
$stringWidth = $this->GetStringWidth( $chunk ) + ( $this->ws * substr_count( $chunk, ' ' ) / $this->k );
// determine which borders should be used
$b = '';
@ -1200,7 +1203,10 @@ function WriteFlowingBlock( $s , $outofblock = false )
case 'C':
foreach ( $content as $k => $chunk )
{
// BEGIN FIX BY ANDRE
if ( isset($font[ $k ]) )
$this->restoreFont( $font[ $k ] );
// END FIX BY ANDRE
$stringWidth = $this->GetStringWidth( $chunk ) + ( $this->ws * substr_count( $chunk, ' ' ) / $this->k );
// determine which borders should be used
$b = '';

482
src/classes/reports/report.eventlog.logonlogoff.class.php Normal file
View File

@ -0,0 +1,482 @@
<?php
/*
*********************************************************************
* LogAnalyzer - http://loganalyzer.adiscon.com
* ----------------------------------------------------------------- *
* Some constants *
* *
* Eventsummary Report is a basic report for EventLog
*
* \version 1.0.0 Init Version
* *
* All directives are explained within this file *
*
* Copyright (C) 2008-2009 Adiscon GmbH.
*
* This file is part of LogAnalyzer.
*
* LogAnalyzer is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* LogAnalyzer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with LogAnalyzer. If not, see <http://www.gnu.org/licenses/>.
*
* A copy of the GPL can be found in the file "COPYING" in this
* distribution.
*********************************************************************
*/
// --- Avoid directly accessing this file!
if ( !defined('IN_PHPLOGCON') )
{
die('Hacking attempt');
exit;
}
// ---
// --- Basic Includes!
require_once($gl_root_path . 'classes/reports/report.class.php');
// ---
class Report_logonlogoff extends Report {
// Common Properties
public $_reportVersion = 1; // Internally Version of the ReportEngine
public $_reportID = "report.eventlog.logonlogoff.class"; // ID for the report, needs to be unique!
public $_reportFileBasicName = "report.eventlog.logonlogoff"; // Basic Filename for reportfiles
public $_reportTitle = "EventLog Logon/Logoff Report"; // Display name for the report
public $_reportDescription = "This is a EventLog Logon/Logoff Summary Report";
public $_reportHelpArticle = "http://loganalyzer.adiscon.com/plugins/reports/eventlog-logonlogoff";
public $_reportNeedsInit = false; // True means that this report needs additional init stuff
public $_reportInitialized = false; // True means report is installed
// Advanced Report Options
private $_maxHosts = 20; // Threshold for maximum hosts to analyse!
private $_maxLogOnLogOffsPerHost = 100; // Threshold for maximum amount of logon/logoffs to analyse per host
private $_colorThreshold = 10; // Threshold for coloured display of Eventcounter
// Constructor
public function Report_logonlogoff() {
// $this->_logStreamConfigObj = $streamConfigObj;
// Fill fields we need for this report
$this->_arrProperties[] = SYSLOG_UID;
$this->_arrProperties[] = SYSLOG_DATE;
$this->_arrProperties[] = SYSLOG_HOST;
$this->_arrProperties[] = SYSLOG_MESSAGETYPE;
$this->_arrProperties[] = SYSLOG_SEVERITY;
$this->_arrProperties[] = SYSLOG_EVENT_ID;
$this->_arrProperties[] = SYSLOG_EVENT_SOURCE;
$this->_arrProperties[] = SYSLOG_EVENT_USER;
// $this->_arrProperties[] = SYSLOG_MESSAGE;
// $this->_arrProperties[] = MISC_CHECKSUM;
// Init Customfilters Array
$this->_arrCustomFilters['_maxHosts'] = array ( 'InternalID' => '_maxHosts',
'DisplayLangID' => 'ln_report_maxHosts_displayname',
'DescriptLangID'=> 'ln_report_maxHosts_description',
FILTER_TYPE => FILTER_TYPE_NUMBER,
'DefaultValue' => 20,
'MinValue' => 1,
/* 'MaxValue' => 0,*/
);
$this->_arrCustomFilters['_maxLogOnLogOffsPerHost'] =
array ( 'InternalID' => '_maxLogOnLogOffsPerHost',
'DisplayLangID' => 'ln_report_maxLogOnLogOffsPerHost_displayname',
'DescriptLangID'=> 'ln_report_maxLogOnLogOffsPerHost_description',
FILTER_TYPE => FILTER_TYPE_NUMBER,
'DefaultValue' => 100,
'MinValue' => 1,
/* 'MaxValue' => 0,*/
);
$this->_arrCustomFilters['_colorThreshold'] =
array ( 'InternalID' => '_colorThreshold',
'DisplayLangID' => 'ln_report_colorThreshold_displayname',
'DescriptLangID'=> 'ln_report_colorThreshold_description',
FILTER_TYPE => FILTER_TYPE_NUMBER,
'DefaultValue' => 10,
'MinValue' => 1,
/* 'MaxValue' => 0,*/
);
}
/**
* startDataProcessing, analysing data
*
* @param arrProperties array in: Properties wish list.
* @return integer Error stat
*/
public function startDataProcessing()
{
global $content, $severity_colors, $gl_starttime, $fields;
// Create Filter string, append filter for EventLog Type msgs!
$szFilters = $this->_filterString . " " .
$fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_NT_EventReport . ",=" . IUT_WEVTMONV2 . " "; /* Include EventLog v1 and v2 */
// Set Filter string
$this->_streamObj->SetFilter( $szFilters );
// Need to Open stream first!
$res = $this->_streamObj->Open( $this->_arrProperties, true );
if ( $res == SUCCESS )
{
// Set to common content variables
$this->SetCommonContentVariables();
// Set report specific content variables
$content["_colorThreshold"] = $this->_colorThreshold;
// --- Report logic starts here
$content["report_rendertime"] = "";
// Step 1: Gather Summaries
// Obtain data from the logstream!
$content["report_summary"] = $this->_streamObj->ConsolidateDataByField( SYSLOG_HOST, 0, SYSLOG_HOST, SORTING_ORDER_DESC, null, false );
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s, ";
// If data is valid, we have an array!
if ( is_array($content["report_summary"]) && count($content["report_summary"]) > 0 )
{
// Count Total Events
$iTotalEvents = 0;
foreach ($content["report_summary"] as &$tmpReportData )
{
$tmpReportData['DisplayName'] = $tmpReportData[SYSLOG_HOST];
$tmpReportData['bgcolor'] = "#BBBBBB"; // $severity_colors[ $tmpReportData[SYSLOG_SEVERITY] ];
$iTotalEvents += $tmpReportData['itemcount'];
}
// Prepent Item with totalevents count
$totalItem['DisplayName'] = "Total Events";
$totalItem['bgcolor'] = "#999999";
$totalItem['itemcount'] = $iTotalEvents;
// Prepent to array
array_unshift( $content["report_summary"], $totalItem );
}
else
return ERROR_REPORT_NODATA;
/*
// Get List of hosts
$content["report_computers"] = $this->_streamObj->ConsolidateItemListByField( SYSLOG_HOST, $this->_maxHosts, SYSLOG_HOST, SORTING_ORDER_DESC );
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s, ";
if ( is_array($content["report_computers"]) && count($content["report_computers"]) > 0 )
{
// Create plain hosts list for Consolidate function
foreach ( $content["report_computers"] as $tmpComputer )
$arrHosts[] = $tmpComputer[SYSLOG_HOST];
}
else
return ERROR_REPORT_NODATA;
*/
// This function will consolidate the Events based per Host!
$this->ConsolidateLogonLogoffs(); // ($arrHosts);
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// ---
}
else
return $ret;
// Return success!
return SUCCESS;
}
/**
* InitReport, empty
*
*/
public function InitReport()
{
// Nothing to do
return SUCCESS;
}
/**
* RemoveReport, empty
*
*/
public function RemoveReport()
{
// Nothing to do
return SUCCESS;
}
/**
* validateLicense, check license code
*
*/
public function validateLicense()
{
// This is a free report!
return SUCCESS;
}
/**
* Init advanced settings from _customFilters string
*/
public function InitAdvancedSettings()
{
// Parse and Split _customFilters
if ( strlen($this->_customFilters) > 0 )
{
// First of all split by comma
$tmpFilterValues = explode( ",", $this->_customFilters );
//Loop through mappings
foreach ($tmpFilterValues as &$myFilterValue )
{
// Split subvalues
$tmpArray = explode( "=>", $myFilterValue );
// Set into temporary array
$tmpfilterid = trim($tmpArray[0]);
// Set advanced property
if ( isset($this->_arrCustomFilters[$tmpfilterid]) )
{
// Copy New value first!
$szNewVal = trim($tmpArray[1]);
// Negated logic
if (
$this->_arrCustomFilters[$tmpfilterid][FILTER_TYPE] == FILTER_TYPE_NUMBER &&
!(isset($this->_arrCustomFilters[$tmpfilterid]['MinValue']) && intval($szNewVal) < $this->_arrCustomFilters[$tmpfilterid]['MinValue']) &&
!(isset($this->_arrCustomFilters[$tmpfilterid]['MaxValue']) && intval($szNewVal) >= $this->_arrCustomFilters[$tmpfilterid]['MaxValue'])
)
{
if ( $tmpfilterid == '_maxHosts' )
$this->_maxHosts = intval($szNewVal);
else if ( $tmpfilterid == '_maxLogOnLogOffsPerHost' )
$this->_maxLogOnLogOffsPerHost = intval($szNewVal);
else if ( $tmpfilterid == '_colorThreshold' )
$this->_colorThreshold = intval($szNewVal);
}
else
{
// Write to debuglog
OutputDebugMessage("Failed setting advanced report option property '" . $tmpfilterid . "', value not in value range!", DEBUG_ERROR);
}
}
}
}
}
/*
* Implementation of CheckLogStreamSource
*/
public function CheckLogStreamSource( $mySourceID )
{
// Call basic report Check function
$res = $this->CheckLogStreamSourceByPropertyArray( $mySourceID, array(SYSLOG_HOST, MISC_CHECKSUM, SYSLOG_DATE, SYSLOG_EVENT_ID, SYSLOG_MESSAGETYPE), null );
// return results!
return $res;
}
/*
* Implementation of CreateLogStreamIndexes | Will create missing INDEXES
*/
public function CreateLogStreamIndexes( $mySourceID )
{
// Call basic report Check function
$res = $this->CreateLogStreamIndexesByPropertyArray( $mySourceID, array(SYSLOG_HOST, MISC_CHECKSUM, SYSLOG_DATE, SYSLOG_EVENT_ID, SYSLOG_MESSAGETYPE) );
// return results!
return $res;
}
/*
* Implementation of CreateLogStreamIndexes | Will create missing TRIGGER
*/
public function CreateLogStreamTrigger( $mySourceID )
{
// Dummy return SUCCESS!
return SUCCESS;
}
// --- Private functions...
/**
* Helper function to consolidate events
*/
private function ConsolidateLogonLogoffs() // ( $arrHosts )
{
global $content, $gl_starttime, $fields;
// Now open the stream for data processing
$res = $this->_streamObj->Open( $this->_arrProperties, true );
if ( $res == SUCCESS )
{
// --- New Method to consolidate data!
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// Update all Checksums first!
//not needed $this->_streamObj->UpdateAllMessageChecksum();
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// Get all LOGON Data
// Set custom filters
$this->_streamObj->ResetFilters();
$this->_streamObj->SetFilter(
$this->_filterString . " " .
$fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_NT_EventReport . ",=" . IUT_WEVTMONV2 . " " .
$fields[SYSLOG_EVENT_ID]['SearchField'] . ":=528,4624" ); /* Include EventIDs for new and old Eventlog API*/
$content["report_consdata"]['logon']['cons_events'] = $this->_streamObj->ConsolidateDataByField( SYSLOG_EVENT_USER, $this->_maxLogOnLogOffsPerHost, SYSLOG_EVENT_USER, SORTING_ORDER_DESC, null, true, true );
foreach ( $content["report_consdata"]['logon']['cons_events'] as &$myConsData )
{
// Set Basic data entries
if (!isset( $content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]] ))
$myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE; // Set default in this case
}
// Set Basic properties
$content["report_consdata"]['logon']['DataCaption'] = "Logon Events";
// Get all LOGOFF Data
// Set custom filters
$this->_streamObj->ResetFilters();
$this->_streamObj->SetFilter(
$this->_filterString . " " .
$fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_NT_EventReport . ",=" . IUT_WEVTMONV2 . " " .
$fields[SYSLOG_EVENT_ID]['SearchField'] . ":=538,4634" ); /* Include EventIDs for new and old Eventlog API*/
$content["report_consdata"]['logoff']['cons_events'] = $this->_streamObj->ConsolidateDataByField( SYSLOG_EVENT_USER, $this->_maxLogOnLogOffsPerHost, SYSLOG_EVENT_USER, SORTING_ORDER_DESC, null, true, true );
foreach ( $content["report_consdata"]['logoff']['cons_events'] as &$myConsData )
{
// Set Basic data entries
if (!isset( $content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]] ))
$myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE; // Set default in this case
}
// Set Basic properties
$content["report_consdata"]['logoff']['DataCaption'] = "Logoff Events";
/* foreach ( $arrHosts as $myHost )
{
// Set custom filters
$this->_streamObj->ResetFilters();
$this->_streamObj->SetFilter( $this->_filterString . " " . $fields[SYSLOG_MESSAGETYPE]['SearchField'] . ":=" . IUT_NT_EventReport . ",=" . IUT_WEVTMONV2 . " " . $fields[SYSLOG_HOST]['SearchField'] . ":=" . $myHost );
// Set Host Item Basics if not set yet
$content["report_consdata"][ $myHost ][SYSLOG_HOST] = $myHost;
// Get Data for single host
$content["report_consdata"][ $myHost ]['cons_events'] = $this->_streamObj->ConsolidateDataByField( SYSLOG_EVENT_ID, $this->_maxLogOnLogOffsPerHost, SYSLOG_EVENT_USER, SORTING_ORDER_DESC, null, true, true );
//print_r ($fields[SYSLOG_MESSAGE]);
foreach ( $content["report_consdata"][ $myHost ]['cons_events'] as &$myConsData )
{
// Set Basic data entries
if (!isset( $content['filter_severity_list'][$myConsData[SYSLOG_SEVERITY]] ))
$myConsData[SYSLOG_SEVERITY] = SYSLOG_NOTICE; // Set default in this case
}
}
*/
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// ---
// Start Postprocessing
foreach( $content["report_consdata"] as &$tmpConsolidatedData )
{
// First use callback function to sort array
uasort($tmpConsolidatedData['cons_events'], "MultiSortArrayByItemCountDesc");
/*
// Remove entries according to _maxLogOnLogOffsPerHost
if ( count($tmpConsolidatedComputer['cons_events']) > $this->_maxLogOnLogOffsPerHost )
{
$iDropCount = 0;
do
{
array_pop($tmpConsolidatedComputer['cons_events']);
$iDropCount++;
} while ( count($tmpConsolidatedComputer['cons_events']) > $this->_maxLogOnLogOffsPerHost );
// Append a dummy entry which shows count of all other events
if ( $iDropCount > 0 )
{
$lastEntry[SYSLOG_SEVERITY] = SYSLOG_NOTICE;
$lastEntry[SYSLOG_EVENT_ID] = "-";
$lastEntry[SYSLOG_EVENT_SOURCE] = $content['LN_GEN_ALL_OTHER_EVENTS'];
$lastEntry[SYSLOG_MESSAGE] = $content['LN_GEN_ALL_OTHER_EVENTS'];
$lastEntry['itemcount'] = $iDropCount;
$lastEntry['FirstEvent_Date'] = "-";
$lastEntry['LastEvent_Date'] = "-";
$tmpConsolidatedComputer['cons_events'][] = $lastEntry;
}
}
*/
// TimeStats
$nowtime = microtime_float();
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// PostProcess Events!
foreach( $tmpConsolidatedData["cons_events"] as &$tmpMyEvent )
{
$tmpMyEvent['FirstEvent_Date_Formatted'] = GetFormatedDate( $tmpMyEvent['firstoccurrence_date'] );
$tmpMyEvent['LastEvent_Date_Formatted'] = GetFormatedDate( $tmpMyEvent['lastoccurrence_date'] );
$tmpMyEvent['syslogseverity_text'] = $content['filter_severity_list'][ $tmpMyEvent['syslogseverity'] ]["DisplayName"];
$tmpMyEvent['syslogseverity_bgcolor'] = $this->GetSeverityBGColor($tmpMyEvent['syslogseverity']);
}
}
// ---
}
// Work done!
return SUCCESS;
}
/*
* Helper function to obtain Severity background color
*/
private function GetSeverityBGColor( $nSeverity )
{
global $severity_colors;
if ( isset( $severity_colors[$nSeverity] ) )
return $severity_colors[$nSeverity];
else
return $severity_colors[SYSLOG_INFO]; //Default
}
}
?>

576
src/classes/reports/report.eventlog.logonlogoff/report.eventlog.logonlogoff.css Normal file
View File

@ -0,0 +1,576 @@
/* Generell Tag Classes */
BODY
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
color: #000000;
background-color: #f9f9f9;
scrollbar-face-color: #DEE3E7;
scrollbar-highlight-color: #FFFFFF;
scrollbar-shadow-color: #DEE3E7;
scrollbar-3dlight-color: #D1D7DC;
scrollbar-arrow-color: #006699;
scrollbar-track-color: #EFEFEF;
scrollbar-darkshadow-color: #98AAB1;
}
TD
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
color: #000000
}
/* Default Link Classes */
a:link,a:active,a:visited,a.postlink
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
text-decoration:none;
background-color: transparent;
color:#38140E;
}
a:hover
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
color:#CC0000;
}
/*---*/
/* Context Link Classes */
a.contextlink:link,a.contextlink:active,a.contextlink:visited,a.contextlink
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-weight: bold;
background-color: transparent;
color:#3814BB;
text-decoration:underline;
}
a.contextlink:hover
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-weight:bold;
color:#3844FF;
text-decoration:none;
}
/*---*/
img
{
border: 0px;
}
/* Title Classes */
.title
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
font-weight:bold;
background-color: #C6B097;
color: #032D5D;
border: 1px solid;
border-color: #ACBED6 #3B679B #3B679B #ACBED6;
height: 20px;
text-align:center;
vertical-align:middle;
}
A.title, A.title:active, A.title:visited
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 11px;
font-weight:bold;
COLOR: #ED9D10;
TEXT-DECORATION: none;
}
A.title:hover
{
COLOR: #982D00;
TEXT-DECORATION: none;
}
.titleSecond
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight:bold;
background-color: #E3D2AE;
background-image: url(images/bg_4.png);
background-repeat: repeat-x;
color: #1A3745;
height: 18px;
text-align:center;
vertical-align:middle;
}
/* Default Font Classes */
font
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
}
/* Table / Border Classes */
.table_with_border
{
background-color:#EEF2F6;
border:1px solid;
border-color: #CCCCCC #000000 #000000 #CCCCCC;
}
.table_with_border_second
{
background-color:#D5E0E7;
border:1px solid;
border-color: #CCCCCC #000000 #000000 #CCCCCC;
}
.table_with_border_light
{
background-color:#CCCCCC;
border:1px #AAAAAA solid;
}
.with_border
{
text-indent:3px;
background-color:#CCCCCC;
border:1px #AAAAAA solid;
}
.with_border_alternate
{
text-indent:3px;
background-color:#CCCCCC;
border:1px #AAAAAA ridge;
}
.mainheader
{
border:1px solid;
background-color:#C7CBD1;
border-color: #44617D #203040 #203040 #44617D;
}
.mainfooter
{
height: 20px;
background-color:#DDDDDD;
border-top: #97A8B9 1px solid;
border-bottom: #6592BD 1px solid;
}
.imageborder
{
border:1px solid;
border-color: #44617D #203040 #203040 #44617D;
}
/* Cells for listening */
.line0
{
font-size: 7pt;
color: #000000;
background-color: #DDDDDD;
}
.line0:hover
{
background-color:#F9F9F9;
}
.line1
{
font-size: 7pt;
color: #000000;
background-color: #EEEEEE;
}
.line1:hover
{
background-color:#F9F9F9;
}
.line2
{
font-size: 7pt;
color: #000000;
background-color: #F5F5F5;
}
.line2:hover
{
background-color:#F9F9F9;
}
.tableBackground
{
font-size: 10px;
color: #000000;
background-color: #F5F5F5;
}
.lineColouredWhite, .lineColouredWhite:hover, a.lineColouredWhite
{
font-size: 10px;
color: #FFFFFF;
}
.lineColouredBlack, .lineColouredBlack:hover, a.lineColouredBlack
{
font-size: 10px;
color: #000000;
}
/* TOP Menu Classes */
.topmenu1begin
{
height: 16px;
border:0px;
padding: 2px 2px 0px 2px;
vertical-align: middle;
background-color: #4E6485;
}
.topmenu1
{
height: 16px;
border:1px ridge;
border-color: #79AABE #09506C #79AABE #79AABE;
padding: 2px 2px 0px 2px;
vertical-align: middle;
font: 10px Verdana, Arial, Helvetica, sans-serif;
color: #FFFFFF;
background-color: #4E6485;
}
.topmenu1:hover
{
color: #FFFF99;
border:1px inset;
border-color: #79AABE #09506C #79AABE #79AABE;
background-color: #6A88B8;
text-decoration: none;
}
.topmenuend
{
height: 16px;
font: 10px Verdana, Arial, Helvetica, sans-serif;
color: #FFFFFF;
background-color: #4E6485;
}
.topmenuextra
{
height: 16px;
font: 10px Verdana, Arial, Helvetica, sans-serif;
color: #FFFFFF;
background-color: #B8D4E0;
}
.topmenu2begin
{
height: 16px;
border:0px;
padding: 2px 2px 0px 2px;
vertical-align: middle;
background-color: #7A92A6;
}
.topmenu2
{
height: 16px;
border:1px ridge;
border-color: #BDEEFF #79AABE #09506C #09506C;
padding: 2px 2px 0px 2px;
vertical-align: middle;
font: 10px Verdana, Arial, Helvetica, sans-serif;
color: #FFFFFF;
background-color: #7A92A6;
}
.topmenu2:hover
{
color: #FFFF99;
border:1px inset;
border-color: #BDEEFF #79AABE #09506C #09506C;
background-color: #6A88B8;
text-decoration: none;
}
.topmenu2_link, A.topmenu2_link
{
color: #FFDD22;
}
.topmenu2_link:hover, A.topmenu2_link:hover
{
color: #FFFF99;
text-decoration: none;
}
.topmenu2end
{
height: 16px;
border:1px inset;
border-color: #BDEEFF #79AABE #09506C #09506C;
font: 10px Verdana, Arial, Helvetica, sans-serif;
color: #FFFFFF;
background-color: #7A92A6;
}
.topmenu3begin
{
height: 16px;
border:0px;
padding: 2px 2px 0px 2px;
vertical-align: middle;
background-color: #D4DAE3;
}
.topmenu3
{
height: 16px;
border:1px ridge;
border-color: #BDEEFF #79AABE #09506C #09506C;
padding: 2px 2px 0px 2px;
vertical-align: middle;
font: 10px Arial, Verdana, Helvetica, sans-serif;
color: #FFFFFF;
background-color: #D4DAE3;
}
.topmenu3:hover
{
color: #FFFF99;
border:1px inset;
border-color: #BDEEFF #79AABE #09506C #09506C;
background-color: #ACCBFD;
text-decoration: none;
}
.topmenu3end
{
height: 16px;
font: 10px Arial, Verdana, Helvetica, sans-serif;
color: #FFFFFF;
background-color: #D4DAE3;
}
.topmenu1_link, a.topmenu1_link, a.topmenu1_link:visited, .topmenu2_link, a.topmenu2_link, a.topmenu2_link:visited, .topmenu3_link, a.topmenu3_link, a.topmenu3_link:visited
{
vertical-align: middle;
height: 16px;
color: #FFDD22;
font-weight:bold;
text-decoration: none;
}
.topmenu1_link:hover, .topmenu2_link:hover, .topmenu3_link:hover
{
vertical-align: middle;
color: #FFFF99;
font-weight:bold;
text-decoration: none;
}
/* Cell Columns */
.cellmenu1
{
border:1px ridge;
border-color: #79AABE #09506C #09506C #79AABE;
text-indent:0px;
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight:bold;
background-color: #2E79A0;
color: #FFFFFF;
}
.cellmenu1_naked
{
border:1px ridge;
border-color: #79AABE #09506C #09506C #79AABE;
background-color: #2E79A0;
text-indent:0px;
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight:bold;
color: #FFFFFF;
}
.cellmenu1:hover .cellmenu1_naked:hover
{
color: #FFFF99;
text-decoration: none;
}
A.cellmenu1_link
{
color: #FFFF55;
text-decoration: underline;
}
A.cellmenu1_link:hover
{
color: #FFBB55;
text-decoration: none;
}
.cellmenu2
{
border:1px inset;
border-color: #79AABE #09506C #09506C #79AABE;
text-indent:0px;
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight:bold;
background-color: #9FDAF1;
color: #393327;
}
.cellmenu2_naked
{
text-indent:0px;
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight:bold;
color: #393327;
border:1px inset;
border-color: #79AABE #09506C #09506C #79AABE;
background-color: #9FDAF1;
}
.cellmenu2:hover, .cellmenu2_naked:hover
{
color: #A31D32;
text-decoration: none;
}
/* Usefull Text Classes */
.ErrorMsg
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
font-weight: bold;
COLOR: #FF0000;
}
.PriorityEmergency
{
color: #FFFFFF;
background-color: #ff4444;
border-top: black 1px solid;
border-bottom: black 1px solid;
border-right: gray 1px solid;
}
.PriorityAlert
{
color: #FFFFFF;
background-color: #dd00dd;
border-top: black 1px solid;
border-bottom: black 1px solid;
border-right: gray 1px solid;
}
.PriorityCrit
{
color: #FFFFFF;
background-color: #dd9900;
border-top: black 1px solid;
border-bottom: black 1px solid;
border-right: gray 1px solid;
}
.PriorityError
{
color: #FFFFFF;
background-color: #CC0000;
border-top: black 1px solid;
border-bottom: black 1px solid;
border-right: gray 1px solid;
}
.PriorityWarning
{
color: #FFFFFF;
background-color: #FFAA00;
border-top: black 1px solid;
border-bottom: black 1px solid;
border-right: gray 1px solid;
}
.PriorityNotice
{
color: #FFFFFF;
background-color: #66CC33;
border-top: black 1px solid;
border-bottom: black 1px solid;
border-right: gray 1px solid;
}
.PriorityInfo
{
color: #000000;
background-color: #ABF1FF;
border-top: black 1px solid;
border-bottom: black 1px solid;
border-right: gray 1px solid;
}
.PriorityDebug
{
color: #FFFFFF;
background-color: #3333ff;
border-top: black 1px solid;
border-bottom: black 1px solid;
border-right: gray 1px solid;
}
/* Form elements */
select, input, button, textarea
{
background-color: #E8E7E2;
color:#000000;
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight: bold;
border: 1px solid;
border-color: #233B51 #124A7C #124A7C #233B51;
}
.SearchFormControl
{
height: 20px;
margin: 2px;
background-color: #E8E7E2;
color:#000000;
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight: bold;
border: 1px solid;
border-color: #233B51 #124A7C #124A7C #233B51;
}
.SearchFormTextbox
{
height: 20px;
margin: 2px;
background-color: #E8E7E2;
color:#000000;
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight: bold;
border: 1px solid;
border-color: #233B51 #124A7C #124A7C #233B51;
}
.highlighted
{
font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;
font-size: 10px;
font-weight: bold;
color: #BB0000
}

57
src/classes/reports/report.eventlog.logonlogoff/report.eventlog.logonlogoff.lang.en.php Normal file
View File

@ -0,0 +1,57 @@
<?php
/*
*********************************************************************
* LogAnalyzer - http://loganalyzer.adiscon.com
* -----------------------------------------------------------------
*
* Copyright (C) 2008-2011 Adiscon GmbH.
*
* This file is part of LogAnalyzer.
*
* LogAnalyzer is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* LogAnalyzer is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with LogAnalyzer. If not, see <http://www.gnu.org/licenses/>.
*
* A copy of the GPL can be found in the file "COPYING" in this
* distribution.
*********************************************************************
*/
global $content;
// Global Stuff
$content['ln_report_event_summary'] = "Event Summary";
$content['ln_report_computer_summary'] = "Computer Summary";
$content['ln_report_consolidation'] = "Logon / Logoff Events consolidated per User";
$content['ln_report_summary'] = "Report Summary";
$content['ln_report_number'] = "No.";
$content['ln_report_firstevent'] = "First Event";
$content['ln_report_lastevent'] = "Last Event";
$content['ln_report_user'] = "Domain & Username";
$content['ln_report_severity'] = "Type";
$content['ln_report_host'] = "Servername";
$content['ln_report_description'] = "Description";
$content['ln_report_count'] = "Count";
$content['ln_report_maxHosts_displayname'] = "Max hosts";
$content['ln_report_maxHosts_description'] = "The maximum number of hosts which will be displayed.";
$content['ln_report_maxLogOnLogOffsPerHost_displayname'] = "Max Logon/Logoffs per host/user";
$content['ln_report_maxLogOnLogOffsPerHost_description'] = "The maximum number of Logon/Logoff events displayed per host/user.";
$content['ln_report_colorThreshold_displayname'] = "Counter Threshold";
$content['ln_report_colorThreshold_description'] = "If the amount of consolidated events is higher then this threshold, the countfield will be marked red.";
$content['ln_report_'] = "";
$content['ln_report_'] = "";
$content['ln_report_'] = "";
$content['ln_report_'] = "";
$content['ln_report_'] = "";
$content['ln_report_'] = "";
$content['ln_report_'] = "";
?>

152
src/classes/reports/report.eventlog.logonlogoff/report.eventlog.logonlogoff.template.html Normal file
View File

@ -0,0 +1,152 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>{report_title}</title>
<style type="text/css">
<!-- INCLUDE report.eventlog.logonlogoff.css -->
</style>
</head>
<body TOPMARGIN="0" LEFTMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" class="with_border">
<tr>
<td class="title" width="100%" nowrap><B>{report_title}</B></td>
</td>
</tr>
<tr><td class="titleSecond" width="100%" align="left">{LN_REPORT_GENERATEDTIME} <b>{report_gentime}</b></td></tr>
<tr><td class="titleSecond" width="100%" align="left">{report_comment}</td></tr>
<!-- IF report_filters_enabled="true" -->
<tr>
<td class="tableBackground" width="100%" align="left">
<table width="50%" cellpadding="0" cellspacing="1" border="0" align="left" class="with_border_alternate">
<tr>
<td class="cellmenu1" colspan="2" align="center">{LN_REPORT_FILTERS}</td>
</tr>
<!-- BEGIN report_filters -->
<tr>
<td class="cellmenu2">{FilterType}</td>
<td class="line1" align="left"><b>{FilterDisplay}</b></td>
</tr>
<!-- END report_filters -->
</table>
</td>
</tr>
<!-- ENDIF report_filters_enabled="true" -->
</table>
<br/><br/>
<table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" class="with_border">
<tr>
<td class="title" width="100%" nowrap><b>{ln_report_summary}</b></td>
</td>
</tr>
<tr>
<td class="tableBackground" width="100%" align="left">
<table width="200" cellpadding="0" cellspacing="1" border="0" align="left" class="with_border_alternate">
<tr>
<td class="cellmenu1" colspan="2" align="center">{ln_report_event_summary}</td>
</tr>
<!-- BEGIN report_summary -->
<tr>
<td class="cellmenu2">{DisplayName}</td>
<td class="lineColouredWhite" bgcolor="{bgcolor}" align="right"><b>{itemcount}</b></td>
</tr>
<!-- END report_summary -->
</table>
<table width="50%" cellpadding="0" cellspacing="1" border="0" align="right" class="with_border_alternate">
<tr>
<td class="cellmenu1" colspan="2" align="center">{ln_report_computer_summary}</td>
</tr>
<tr>
<td class="line1">
<!-- BEGIN report_computers -->
<a href="#{FROMHOST}">{FROMHOST}</a>({itemcount}),
<!-- END report_computers -->
</td>
</tr>
</table>
</td>
</tr>
</table>
<br/><br/>
<table width="100%" cellpadding="0" cellspacing="0" border="0" align="center" class="with_border">
<tr>
<td class="title" width="100%" nowrap><B>{ln_report_consolidation}</B></td>
</td>
</tr>
</table>
<!-- BEGIN report_consdata -->
<h3><a name="{DataCaption}">{DataCaption}</a></h3>
<table width="100%" cellpadding="2" cellspacing="1" border="0" align="center" class="with_border_alternate">
<tr>
<td class="cellmenu1" align="center" width="50" nowrap>{ln_report_number}</td>
<td class="cellmenu1" align="center" width="50" nowrap>{ln_report_count}</td>
<td class="cellmenu1" align="center" width="100" nowrap>{ln_report_firstevent}</td>
<td class="cellmenu1" align="center" width="100" nowrap>{ln_report_lastevent}</td>
<td class="cellmenu1" align="center" width="100%" nowrap>{ln_report_user}</td>
<td class="cellmenu1" align="center" width="100" nowrap>{ln_report_severity}</td>
<td class="cellmenu1" align="center" width="80" nowrap>{ln_report_host}</td>
</tr>
<!-- BEGIN cons_events -->
<tr>
<td class="line1" valign="top" align="center">{ZAEHLER}</td>
<!-- IF itemcount>=$_colorThreshold -->
<td class="lineColouredWhite" valign="top" align="right" bgcolor="#990000"><b>{itemcount}</b></td>
<!-- ENDIF itemcount>=$_colorThreshold -->
<!-- IF itemcount<$_colorThreshold -->
<td class="lineColouredWhite" valign="top" align="right" bgcolor="#AAAAAA"><b>{itemcount}</b></td>
<!-- ENDIF itemcount<$_colorThreshold -->
<td class="line1" valign="top" align="center">{FirstEvent_Date_Formatted}</td>
<td class="line1" valign="top" align="center">{LastEvent_Date_Formatted}</td>
<td class="line1" valign="top" align="left">{user}</a></td>
<td class="lineColouredWhite" valign="top" align="center" bgcolor="{syslogseverity_bgcolor}"><b>{syslogseverity_text}</b></td>
<td class="line1" valign="top" align="center">{FROMHOST}</td>
</tr>
<!-- END cons_events -->
</table>
<!-- END report_consdata -->
<table width="100%" border="0" cellspacing="1" cellpadding="0" class="mainfooter">
<tr>
<td align="center" class="line0" valign="top">Made by <a href="http://www.adiscon.com" target="_blank">Adiscon GmbH</a> (2009-2011)</td>
<td align="center" class="line1" valign="top">
&nbsp;<a href="http://loganalyzer.adiscon.com" target="_blank">Report</A> Version {report_version}
</td>
<td align="center" class="line0" valign="top">
&nbsp;<B>Partners:</B>
</td>
<td align="center" class="line1" valign="top">
&nbsp;<a href="http://www.rsyslog.com" target="_blank">Rsyslog</a> |
&nbsp;<a href="http://www.winsyslog.com" target="_blank">WinSyslog</a>
</td>
<!-- IF ShowPageRenderStats="true" -->
<td align="center" class="line2" valign="top">
<small>
{LN_REPORT_FOOTER_ENDERED}: <B>{report_rendertime}</B>
&nbsp;|&nbsp;{LN_FOOTER_DBQUERIES}: <B>{TOTALQUERIES}</B>
</small>
</td>
<!-- ENDIF ShowPageRenderStats="true" -->
</tr>
</table>
</body>
</html>

102
src/classes/reports/report.eventlog.logonlogoff/report.eventlog.logonlogoff.template.pdf Normal file
View File

@ -0,0 +1,102 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>{report_title}</title>
<style type="text/css">
<!-- INCLUDE report.eventlog.logonlogoff.css -->
</style>
</head>
<body TOPMARGIN="0" LEFTMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
<H3>{report_title}</H3>
<p>{LN_REPORT_GENERATEDTIME} <b>{report_gentime}</b></p>
<p>{report_comment}</p>
<!-- IF report_filters_enabled="true" -->
<br />
<table width="100%" cellpadding="0" cellspacing="1" border="1" align="left" class="with_border_alternate">
<tr>
<td class="cellmenu1" colspan="2" align="center" bgcolor="#9FDAF1">{LN_REPORT_FILTERS}</td>
</tr>
<!-- BEGIN report_filters -->
<tr>
<td class="cellmenu2">{FilterType}</td>
<td class="line1" align="left"><b>{FilterDisplay}</b></td>
</tr>
<!-- END report_filters -->
</table>
<!-- ENDIF report_filters_enabled="true" -->
<br />
<H3>{ln_report_summary}</H3>
<table width="200" cellpadding="0" cellspacing="1" border="1" align="left" class="with_border_alternate">
<tr>
<td class="cellmenu1" colspan="2" align="center" bgcolor="#9FDAF1"><b>{ln_report_event_summary}</b></td>
</tr>
<!-- BEGIN report_summary -->
<tr>
<td class="cellmenu2">{DisplayName}</td>
<td class="lineColouredWhite" bgcolor="{bgcolor}" align="right"><b>{itemcount}</b></td>
</tr>
<!-- END report_summary -->
</table>
<br />
<H3>{ln_report_consolidation}</H3>
<!-- BEGIN report_consdata -->
<h3><a name="{DataCaption}">{DataCaption}</a></h3>
<table width="100%" cellpadding="0" cellspacing="1" border="1" align="center" class="with_border_alternate">
<tr>
<td class="cellmenu1" bgcolor="#9FDAF1" align="center" width="25" nowrap>{ln_report_number}</td>
<td class="cellmenu1" bgcolor="#9FDAF1" align="center" width="40" nowrap>{ln_report_count}</td>
<td class="cellmenu1" bgcolor="#9FDAF1" align="left" width="100" nowrap>{ln_report_firstevent}</td>
<td class="cellmenu1" bgcolor="#9FDAF1" align="left" width="100" nowrap>{ln_report_lastevent}</td>
<td class="cellmenu1" bgcolor="#9FDAF1" align="left" width="100" nowrap>{ln_report_user}</td>
<td class="cellmenu1" bgcolor="#9FDAF1" align="left" width="60" nowrap>{ln_report_severity}</td>
<td class="cellmenu1" bgcolor="#9FDAF1" align="left" width="80" nowrap>{ln_report_host}</td>
</tr>
<!-- BEGIN cons_events -->
<tr>
<td class="line1" valign="top" align="center">{ZAEHLER}</td>
<!-- IF itemcount>=$_colorThreshold -->
<td class="lineColouredWhite" valign="top" align="right" bgcolor="#DD0000"><b>{itemcount}</b></td>
<!-- ENDIF itemcount>=$_colorThreshold -->
<!-- IF itemcount<$_colorThreshold -->
<td class="lineColouredWhite" valign="top" align="right" bgcolor="#CCCCCC"><b>{itemcount}</b></td>
<!-- ENDIF itemcount<$_colorThreshold -->
<td class="line1" valign="top" align="left">{FirstEvent_Date_Formatted}</td>
<td class="line1" valign="top" align="left">{LastEvent_Date_Formatted}</td>
<td class="line1" valign="top" align="left">{user}</td>
<td class="line1" valign="top" align="left">{syslogseverity_text}</td>
<td class="line1" valign="top" align="left">{FROMHOST}</td>
</tr>
<!-- END cons_events -->
</table>
<!-- END report_consdata -->
<br /><br />
<table width="100%" border="0" cellspacing="1" cellpadding="0" class="mainfooter">
<tr>
<td align="center" class="line0" valign="top">Made by <a href="http://www.adiscon.com" target="_blank">Adiscon GmbH</a> (2009-2011) &nbsp;<a href="http://loganalyzer.adiscon.com" target="_blank">Report</A> Version {report_version} </td>
<td align="center" class="line1" valign="top"><B>Partners:</B>&nbsp;<a href="http://www.rsyslog.com" target="_blank">Rsyslog</a> | &nbsp;<a href="http://www.winsyslog.com" target="_blank">WinSyslog</a></td>
</tr>
<!-- IF ShowPageRenderStats="true" -->
<tr>
<td align="center" class="line2" valign="top" colspan="2">
<small>
{LN_REPORT_FOOTER_ENDERED}: <B>{report_rendertime}</B>
&nbsp;|&nbsp;{LN_FOOTER_DBQUERIES}: <B>{TOTALQUERIES}</B>
</small>
</td>
</tr>
<!-- ENDIF ShowPageRenderStats="true" -->
</table>
</body>
</html>