diff --git a/src/admin/reports.php b/src/admin/reports.php index 53a6d0d..f79899b 100644 --- a/src/admin/reports.php +++ b/src/admin/reports.php @@ -1011,10 +1011,21 @@ if ( isset($_POST['op']) ) // Read Custom Filters foreach ( $content['CUSTOMFILTERS'] as &$tmpCustomFilter ) { -// print_r ( $tmpCustomFilter ); // Set fieldvalue if available from POST data - if ( isset($_POST[ $tmpCustomFilter['fieldname'] ]) ) - $tmpCustomFilter['fieldvalue'] = DB_RemoveBadChars($_POST[ $tmpCustomFilter['fieldname'] ]); + if ( $tmpCustomFilter['filtertype'] == FILTER_TYPE_BOOL ) + { + if ( isset($_POST[ $tmpCustomFilter['fieldname'] ]) ) + $tmpCustomFilter['fieldvalue'] = 1; + else + $tmpCustomFilter['fieldvalue'] = 0; + } + else + { + if ( isset($_POST[ $tmpCustomFilter['fieldname'] ]) ) + { + $tmpCustomFilter['fieldvalue'] = DB_RemoveBadChars($_POST[ $tmpCustomFilter['fieldname'] ]); + } + } } // Read done, now build "customFilters" string! @@ -1506,15 +1517,19 @@ function InitCustomFilterDefinitions($myReport, $CustomFilterValues) $szColcssclass = "line2"; $i++; // --- + + // Set Checkbox value + if ( $tmpCustomFilter['filtertype'] == FILTER_TYPE_BOOL && $szDefaultValue == 1 ) { $szFieldValueSelected = "checked"; } else { $szFieldValueSelected = ""; } // Add to Display Array of custom filters! $content['CUSTOMFILTERS'][] = array ( - 'fieldname' => $filterID, - 'fieldcaption' => $content[ $tmpCustomFilter['DisplayLangID'] ], - 'fielddescription' => $content[ $tmpCustomFilter['DescriptLangID'] ], - 'filtertype' => $tmpCustomFilter['filtertype'], - 'fieldvalue' => $szDefaultValue, - 'colcssclass' => $szColcssclass, + 'fieldname' => $filterID, + 'fieldcaption' => $content[ $tmpCustomFilter['DisplayLangID'] ], + 'fielddescription' => $content[ $tmpCustomFilter['DescriptLangID'] ], + 'filtertype' => $tmpCustomFilter['filtertype'], + 'fieldvalue' => $szDefaultValue, + 'fieldvalue_selected' => $szFieldValueSelected, + 'colcssclass' => $szColcssclass, ); } } diff --git a/src/classes/reports/report.eventlog.auditsummary.class.php b/src/classes/reports/report.eventlog.auditsummary.class.php index dc47f30..779ccc6 100644 --- a/src/classes/reports/report.eventlog.auditsummary.class.php +++ b/src/classes/reports/report.eventlog.auditsummary.class.php @@ -48,9 +48,20 @@ class Report_auditsummary extends Report { public $_reportInitialized = false; // True means report is installed // Advanced Report Options - private $_maxHosts = 20; // Threshold for maximum hosts to analyse! - private $_maxauditsummarysPerHost = 100; // Threshold for maximum amount of logon/logoffs to analyse per host - private $_colorThreshold = 10; // Threshold for coloured display of Eventcounter + private $_maxHosts = 20; // Threshold for maximum hosts to analyse! + private $_maxauditsummarysPerHost = 100; // Threshold for maximum amount of logon/logoffs to analyse per host + private $_colorThreshold = 10; // Threshold for coloured display of Eventcounter + private $_events_logon = 1; // Enable analysis of Logon Events + private $_events_logoff = 1; // Enable analysis of Logoff Events + private $_events_logonfail = 1; // Enable analysis of Logon failures Events + private $_events_policychangeevents = 1; // Enable analysis of Audit policy changes + private $_events_objectaccess = 1; // Enable analysis of Object access Events + private $_events_systemevents = 1; // Enable analysis of System Events + private $_events_hostsessionevents = 1; // Enable analysis of Host session Events + private $_events_useraccchangeevents = 1; // Enable analysis of User Account changes + private $_events_auditpolicychangesevents = 1; // Enable analysis of Audit policiy changes Events + private $_events_useractions = 1; // Enable analysis of individual User actions + private $_events_hostactions = 1; // Enable analysis of individual Host actions // Constructor public function Report_auditsummary() { @@ -94,6 +105,85 @@ class Report_auditsummary extends Report { 'MinValue' => 1, /* 'MaxValue' => 0,*/ ); + + /* Boolean Options */ + $this->_arrCustomFilters['_events_logon'] = + array ( 'InternalID' => '_events_logon', + 'DisplayLangID' => 'ln_report_events_logon_displayname', + 'DescriptLangID'=> 'ln_report_events_logon_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_logoff'] = + array ( 'InternalID' => '_events_logoff', + 'DisplayLangID' => 'ln_report_events_logoff_displayname', + 'DescriptLangID'=> 'ln_report_events_logoff_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_logonfail'] = + array ( 'InternalID' => '_events_logonfail', + 'DisplayLangID' => 'ln_report_events_logonfail_displayname', + 'DescriptLangID'=> 'ln_report_events_logonfail_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_policychangeevents'] = + array ( 'InternalID' => '_events_policychangeevents', + 'DisplayLangID' => 'ln_report_events_policychangeevents_displayname', + 'DescriptLangID'=> 'ln_report_events_policychangeevents_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_objectaccess'] = + array ( 'InternalID' => '_events_objectaccess', + 'DisplayLangID' => 'ln_report_events_objectaccess_displayname', + 'DescriptLangID'=> 'ln_report_events_objectaccess_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_systemevents'] = + array ( 'InternalID' => '_events_systemevents', + 'DisplayLangID' => 'ln_report_events_systemevents_displayname', + 'DescriptLangID'=> 'ln_report_events_systemevents_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_hostsessionevents'] = + array ( 'InternalID' => '_events_hostsessionevents', + 'DisplayLangID' => 'ln_report_events_hostsessionevents_displayname', + 'DescriptLangID'=> 'ln_report_events_hostsessionevents_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_useraccchangeevents'] = + array ( 'InternalID' => '_events_useraccchangeevents', + 'DisplayLangID' => 'ln_report_events_useraccchangeevents_displayname', + 'DescriptLangID'=> 'ln_report_events_useraccchangeevents_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_auditpolicychangesevents'] = + array ( 'InternalID' => '_events_auditpolicychangesevents', + 'DisplayLangID' => 'ln_report_events_auditpolicychangesevents_displayname', + 'DescriptLangID'=> 'ln_report_events_auditpolicychangesevents_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_useractions'] = + array ( 'InternalID' => '_events_useractions', + 'DisplayLangID' => 'ln_report_events_useractions_displayname', + 'DescriptLangID'=> 'ln_report_events_useractions_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); + $this->_arrCustomFilters['_events_hostactions'] = + array ( 'InternalID' => '_events_hostactions', + 'DisplayLangID' => 'ln_report_events_hostactions_displayname', + 'DescriptLangID'=> 'ln_report_events_hostactions_description', + FILTER_TYPE => FILTER_TYPE_BOOL, + 'DefaultValue' => 1, + ); @@ -253,6 +343,31 @@ class Report_auditsummary extends Report { else if ( $tmpfilterid == '_colorThreshold' ) $this->_colorThreshold = intval($szNewVal); } + else if ( $this->_arrCustomFilters[$tmpfilterid][FILTER_TYPE] == FILTER_TYPE_BOOL ) + { + if ( $tmpfilterid == '_events_logon' ) + $this->_events_logon = intval($szNewVal); + else if ( $tmpfilterid == '_events_logoff' ) + $this->_events_logoff = intval($szNewVal); + else if ( $tmpfilterid == '_events_logonfail' ) + $this->_events_logonfail = intval($szNewVal); + else if ( $tmpfilterid == '_events_policychangeevents' ) + $this->_events_policychangeevents = intval($szNewVal); + else if ( $tmpfilterid == '_events_objectaccess' ) + $this->_events_objectaccess = intval($szNewVal); + else if ( $tmpfilterid == '_events_systemevents' ) + $this->_events_systemevents = intval($szNewVal); + else if ( $tmpfilterid == '_events_hostsessionevents' ) + $this->_events_hostsessionevents = intval($szNewVal); + else if ( $tmpfilterid == '_events_useraccchangeevents' ) + $this->_events_useraccchangeevents = intval($szNewVal); + else if ( $tmpfilterid == '_events_auditpolicychangesevents' ) + $this->_events_auditpolicychangesevents = intval($szNewVal); + else if ( $tmpfilterid == '_events_useractions' ) + $this->_events_useractions = intval($szNewVal); + else if ( $tmpfilterid == '_events_hostactions' ) + $this->_events_hostactions = intval($szNewVal); + } else { // Write to debuglog @@ -325,69 +440,102 @@ class Report_auditsummary extends Report { $content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s "; // --- Process Logons - $content["report_consdata"]["logon"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("528,4624" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logonevents" /* Logon Events */); - $content["report_consdata"]["logon"]['DataCaption'] = $content["ln_report_logonevents"]; - $content["report_consdata"]["logon"]['cons_count'] = count($content["report_consdata"]["logon"]['cons_events']); + if ( $this->_events_logon == 1 ) + { + $content["report_consdata"]["logon"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("528,4624" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logonevents" /* Logon Events */); + $content["report_consdata"]["logon"]['DataCaption'] = $content["ln_report_logonevents"]; + $content["report_consdata"]["logon"]['cons_count'] = count($content["report_consdata"]["logon"]['cons_events']); + } // --- // --- Process Logoffs - $content["report_consdata"]["logoff"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("538,4634" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logoffevents" /* Logoff Events */); - $content["report_consdata"]["logoff"]['DataCaption'] = $content["ln_report_logoffevents"]; - $content["report_consdata"]["logoff"]['cons_count'] = count($content["report_consdata"]["logoff"]['cons_events']); + if ( $this->_events_logoff == 1 ) + { + $content["report_consdata"]["logoff"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("538,4634" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logoffevents" /* Logoff Events */); + $content["report_consdata"]["logoff"]['DataCaption'] = $content["ln_report_logoffevents"]; + $content["report_consdata"]["logoff"]['cons_count'] = count($content["report_consdata"]["logoff"]['cons_events']); + } // --- // --- Process Logon failures - $content["report_consdata"]["logonfail"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("529,530,531,532,533,534,535,536,537,4625,4626,4627,4628,4629,4630,4631,4632,4633" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logonfailevents" /* Logoff Events */); - $content["report_consdata"]["logonfail"]['DataCaption'] = $content["ln_report_logonfailevents"]; - $content["report_consdata"]["logonfail"]['cons_count'] = count($content["report_consdata"]["logonfail"]['cons_events']); + if ( $this->_events_logonfail == 1 ) + { + $content["report_consdata"]["logonfail"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("529,530,531,532,533,534,535,536,537,4625,4626,4627,4628,4629,4630,4631,4632,4633" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logonfailevents" /* Logoff Events */); + $content["report_consdata"]["logonfail"]['DataCaption'] = $content["ln_report_logonfailevents"]; + $content["report_consdata"]["logonfail"]['cons_count'] = count($content["report_consdata"]["logonfail"]['cons_events']); + } // --- // --- Process Audigpolicy changes - $content["report_consdata"]["auditpolchanged"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("617,618,619,643,4713,4714,4715,4719,4739" /* Include EventIDs for new and old Eventlog API*/, "ln_report_auditpolchangedevents" /* Logoff Events */); - $content["report_consdata"]["auditpolchanged"]['DataCaption'] = $content["ln_report_auditpolchangedevents"]; - $content["report_consdata"]["auditpolchanged"]['cons_count'] = count($content["report_consdata"]["auditpolchanged"]['cons_events']); + if ( $this->_events_policychangeevents == 1 ) + { + $content["report_consdata"]["auditpolchanged"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("617,618,619,643,4713,4714,4715,4719,4739" /* Include EventIDs for new and old Eventlog API*/, "ln_report_policychangeevents" /* Logoff Events */); + $content["report_consdata"]["auditpolchanged"]['DataCaption'] = $content["ln_report_policychangeevents"]; + $content["report_consdata"]["auditpolchanged"]['cons_count'] = count($content["report_consdata"]["auditpolchanged"]['cons_events']); + } // --- // --- Process Objectaccess - $content["report_consdata"]["objectaccess"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("567,4663" /* Include EventIDs for new and old Eventlog API*/, "ln_report_objectaccessevents" /* Logoff Events */); - $content["report_consdata"]["objectaccess"]['DataCaption'] = $content["ln_report_objectaccessevents"]; - $content["report_consdata"]["objectaccess"]['cons_count'] = count($content["report_consdata"]["objectaccess"]['cons_events']); + if ( $this->_events_objectaccess == 1 ) + { + $content["report_consdata"]["objectaccess"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("567,4663" /* Include EventIDs for new and old Eventlog API*/, "ln_report_objectaccessevents" /* Object access Events */); + $content["report_consdata"]["objectaccess"]['DataCaption'] = $content["ln_report_objectaccessevents"]; + $content["report_consdata"]["objectaccess"]['cons_count'] = count($content["report_consdata"]["objectaccess"]['cons_events']); + } // --- // --- Process System events - $content["report_consdata"]["systemevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("512,513,520,4108,4109,4616,4697" /* Include EventIDs for new and old Eventlog API*/, "ln_report_systemevents" /* Logoff Events */); - $content["report_consdata"]["systemevents"]['DataCaption'] = $content["ln_report_systemevents"]; - $content["report_consdata"]["systemevents"]['cons_count'] = count($content["report_consdata"]["systemevents"]['cons_events']); + if ( $this->_events_systemevents == 1 ) + { + $content["report_consdata"]["systemevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("512,513,520,4108,4109,4616,4697" /* Include EventIDs for new and old Eventlog API*/, "ln_report_systemevents" /* System Events */); + $content["report_consdata"]["systemevents"]['DataCaption'] = $content["ln_report_systemevents"]; + $content["report_consdata"]["systemevents"]['cons_count'] = count($content["report_consdata"]["systemevents"]['cons_events']); + } // --- // --- Process Host Session events - $content["report_consdata"]["hostsessionevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("682,683,4778,4779" /* Include EventIDs for new and old Eventlog API*/, "ln_report_hostsessionevents" /* Logoff Events */); - $content["report_consdata"]["hostsessionevents"]['DataCaption'] = $content["ln_report_hostsessionevents"]; - $content["report_consdata"]["hostsessionevents"]['cons_count'] = count($content["report_consdata"]["hostsessionevents"]['cons_events']); + if ( $this->_events_hostsessionevents == 1 ) + { + $content["report_consdata"]["hostsessionevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("682,683,4778,4779" /* Include EventIDs for new and old Eventlog API*/, "ln_report_hostsessionevents" /* Host session Events */); + $content["report_consdata"]["hostsessionevents"]['DataCaption'] = $content["ln_report_hostsessionevents"]; + $content["report_consdata"]["hostsessionevents"]['cons_count'] = count($content["report_consdata"]["hostsessionevents"]['cons_events']); + } // --- // --- Process User Account Changes events - $content["report_consdata"]["useraccchangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("642," /* Include EventIDs for new and old Eventlog API*/, "ln_report_useraccchangeevents" /* Logoff Events */); - $content["report_consdata"]["useraccchangeevents"]['DataCaption'] = $content["ln_report_useraccchangeevents"]; - $content["report_consdata"]["useraccchangeevents"]['cons_count'] = count($content["report_consdata"]["useraccchangeevents"]['cons_events']); + if ( $this->_events_useraccchangeevents == 1 ) + { + $content["report_consdata"]["useraccchangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("642" /* Include EventIDs for new and old Eventlog API*/, "ln_report_useraccchangeevents" /* User Account Changes */); + $content["report_consdata"]["useraccchangeevents"]['DataCaption'] = $content["ln_report_useraccchangeevents"]; + $content["report_consdata"]["useraccchangeevents"]['cons_count'] = count($content["report_consdata"]["useraccchangeevents"]['cons_events']); + } // --- // --- Process Audit policy changes events - $content["report_consdata"]["auditpolicychangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("612, 807, 4719, 4912" /* Include EventIDs for new and old Eventlog API*/, "ln_report_auditpolicychangeevents" /* Logoff Events */); - $content["report_consdata"]["auditpolicychangeevents"]['DataCaption'] = $content["ln_report_auditpolicychangeevents"]; - $content["report_consdata"]["auditpolicychangeevents"]['cons_count'] = count($content["report_consdata"]["auditpolicychangeevents"]['cons_events']); + if ( $this->_events_auditpolicychangesevents == 1 ) + { + $content["report_consdata"]["auditpolicychangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("612, 807, 4719, 4912" /* Include EventIDs for new and old Eventlog API*/, "ln_report_auditpolicychangeevents" /* Logoff Events */); + $content["report_consdata"]["auditpolicychangeevents"]['DataCaption'] = $content["ln_report_auditpolicychangeevents"]; + $content["report_consdata"]["auditpolicychangeevents"]['cons_count'] = count($content["report_consdata"]["auditpolicychangeevents"]['cons_events']); + } // --- // --- Individual User Actions - $content["report_detaildata_users"] = $this->ConsolidateAuditSummaryByField( SYSLOG_EVENT_USER, "ln_report_individualuseractions" /* User Actions */); - $content["report_detaildata_users_caption"] = $content["ln_report_individualuseractions"]; - $content["report_detaildata_users_cons_count"] = count($content["report_detaildata_users"]); + if ( $this->_events_useractions == 1 ) + { + $content["report_detaildata_users"] = $this->ConsolidateAuditSummaryByField( SYSLOG_EVENT_USER, "ln_report_individualuseractions" /* User Actions */); + $content["report_detaildata_users_caption"] = $content["ln_report_individualuseractions"]; + $content["report_detaildata_users_cons_count"] = count($content["report_detaildata_users"]); + } // --- // --- Individual Host Actions - $content["report_detaildata_hosts"] = $this->ConsolidateAuditSummaryByField( SYSLOG_HOST, "ln_report_individualhostactions" /* Host Actions */); - $content["report_detaildata_hosts_caption"] = $content["ln_report_individualhostactions"]; - $content["report_detaildata_hosts_cons_count"] = count($content["report_detaildata_hosts"]); + if ( $this->_events_hostactions == 1 ) + { + $content["report_detaildata_hosts"] = $this->ConsolidateAuditSummaryByField( SYSLOG_HOST, "ln_report_individualhostactions" /* Host Actions */); + $content["report_detaildata_hosts_caption"] = $content["ln_report_individualhostactions"]; + $content["report_detaildata_hosts_cons_count"] = count($content["report_detaildata_hosts"]); + } // --- // Start Postprocessing diff --git a/src/classes/reports/report.eventlog.auditsummary/report.eventlog.auditsummary.lang.en.php b/src/classes/reports/report.eventlog.auditsummary/report.eventlog.auditsummary.lang.en.php index 580aa94..8c71530 100644 --- a/src/classes/reports/report.eventlog.auditsummary/report.eventlog.auditsummary.lang.en.php +++ b/src/classes/reports/report.eventlog.auditsummary/report.eventlog.auditsummary.lang.en.php @@ -42,7 +42,7 @@ $content['ln_report_consolidated_summary'] = "Summary of Audit Events"; $content['ln_report_logonevents'] = "Logon Events"; $content['ln_report_logoffevents'] = "Logoff Events"; $content['ln_report_logonfailevents'] = "Login Failures"; -$content['ln_report_auditpolchangedevents'] = "Audit policy changes"; +$content['ln_report_policychangeevents'] = "Policy changes"; $content['ln_report_objectaccessevents'] = "Object Access"; $content['ln_report_systemevents'] = "System events"; $content['ln_report_hostsessionevents'] = "Host Sessions"; @@ -51,6 +51,30 @@ $content['ln_report_auditpolicychangeevents'] = "Audit policy changes"; $content['ln_report_individualuseractions'] = "Individual User Actions"; $content['ln_report_detailactions'] = "Detailed Actions"; $content['ln_report_individualhostactions'] = "Individual Host Actions"; +$content['ln_report_events_logon_displayname'] = "Include Logon Events"; +$content['ln_report_events_logon_description'] = "This option will include logon events with Event IDs: 528,4624"; +$content['ln_report_events_logoff_displayname'] = "Include Logoff Events"; +$content['ln_report_events_logoff_description'] = "This option will include logoff events with Event IDs: 538,4634"; +$content['ln_report_events_logonfail_displayname'] = "Include Logon failures Events"; +$content['ln_report_events_logonfail_description'] = "This option will include logon failures with Event IDs: 529,530,531,532,533,534,535,536,537, 4625,4626,4627,4628,4629,4630,4631,4632,4633"; +$content['ln_report_events_policychangeevents_displayname'] = "Include Policy Changeevents"; +$content['ln_report_events_policychangeevents_description'] = "This option will include logoff events with Event IDs: 617,618,619,643,4713,4714,4715,4719,4739"; +$content['ln_report_events_objectaccess_displayname'] = "Include Object access Events"; +$content['ln_report_events_objectaccess_description'] = "This option will include logoff events with Event IDs: 567,4663"; +$content['ln_report_events_systemevents_displayname'] = "Include System Events"; +$content['ln_report_events_systemevents_description'] = "This option will include logoff events with Event IDs: 512,513,520,4108,4109,4616,4697"; +$content['ln_report_events_hostsessionevents_displayname'] = "Include Host session Events"; +$content['ln_report_events_hostsessionevents_description'] = "This option will include logoff events with Event IDs: 682,683,4778,4779"; +$content['ln_report_events_useraccchangeevents_displayname'] = "Include User Account changes"; +$content['ln_report_events_useraccchangeevents_description'] = "This option will include logoff events with Event IDs: 642"; +$content['ln_report_events_auditpolicychangesevents_displayname'] = "Include Audit policy Changeevents"; +$content['ln_report_events_auditpolicychangesevents_description'] = "This option will include logoff events with Event IDs: 612, 807, 4719, 4912"; +$content['ln_report_events_useractions_displayname'] = "Include individual User actions"; +$content['ln_report_events_useractions_description'] = "This option will include all security events consolidated by user"; +$content['ln_report_events_hostactions_displayname'] = "Include individual Host actions"; +$content['ln_report_events_hostactions_description'] = "This option will include all security events consolidated by host"; +$content['ln_report_'] = ""; +$content['ln_report_'] = ""; $content['ln_report_'] = ""; $content['ln_report_'] = ""; diff --git a/src/include/constants_logstream.php b/src/include/constants_logstream.php index 08a44ed..f7e920b 100644 --- a/src/include/constants_logstream.php +++ b/src/include/constants_logstream.php @@ -83,6 +83,7 @@ define('MISC_CHECKSUM', 'misc_checksum'); define('FILTER_TYPE_STRING', 0); define('FILTER_TYPE_NUMBER', 1); define('FILTER_TYPE_DATE', 2); +define('FILTER_TYPE_BOOL', 3); define('FILTER_TYPE_UNKNOWN', 99); // Define possible alignments diff --git a/src/templates/admin/admin_reports.html b/src/templates/admin/admin_reports.html index 02159ce..9236d04 100644 --- a/src/templates/admin/admin_reports.html +++ b/src/templates/admin/admin_reports.html @@ -444,12 +444,20 @@ - + + {fieldcaption}
({fielddescription}) - - + + + + + + + {fieldcaption}   ({fielddescription}) + +