tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-26 03:09:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added support for boolean custom filters in report facility

Browse Source 
Extended the new audit summary report with the option
to enable and disable specific audit events.
This commit is contained in:
Andre Lorbach 2012-01-12 16:06:13 +01:00
parent 622476f2e7
commit db90f4ee1a
5 changed files with 245 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/admin/reports.php
View File

@ -1011,10 +1011,21 @@ if ( isset($_POST['op']) )
// Read Custom Filters // Read Custom Filters
foreach ( $content['CUSTOMFILTERS'] as &$tmpCustomFilter ) foreach ( $content['CUSTOMFILTERS'] as &$tmpCustomFilter )
{ {
// print_r ( $tmpCustomFilter );
// Set fieldvalue if available from POST data // Set fieldvalue if available from POST data
if ( isset($_POST[ $tmpCustomFilter['fieldname'] ]) ) if ( $tmpCustomFilter['filtertype'] == FILTER_TYPE_BOOL )
$tmpCustomFilter['fieldvalue'] = DB_RemoveBadChars($_POST[ $tmpCustomFilter['fieldname'] ]); {
if ( isset($_POST[ $tmpCustomFilter['fieldname'] ]) )
$tmpCustomFilter['fieldvalue'] = 1;
else
$tmpCustomFilter['fieldvalue'] = 0;
}
else
{
if ( isset($_POST[ $tmpCustomFilter['fieldname'] ]) )
{
$tmpCustomFilter['fieldvalue'] = DB_RemoveBadChars($_POST[ $tmpCustomFilter['fieldname'] ]);
}
}
} }
// Read done, now build "customFilters" string! // Read done, now build "customFilters" string!
@ -1506,15 +1517,19 @@ function InitCustomFilterDefinitions($myReport, $CustomFilterValues)
$szColcssclass = "line2"; $szColcssclass = "line2";
$i++; $i++;
// --- // ---
// Set Checkbox value
if ( $tmpCustomFilter['filtertype'] == FILTER_TYPE_BOOL && $szDefaultValue == 1 ) { $szFieldValueSelected = "checked"; } else { $szFieldValueSelected = ""; }
// Add to Display Array of custom filters! // Add to Display Array of custom filters!
$content['CUSTOMFILTERS'][] = array ( $content['CUSTOMFILTERS'][] = array (
'fieldname' => $filterID, 'fieldname' => $filterID,
'fieldcaption' => $content[ $tmpCustomFilter['DisplayLangID'] ], 'fieldcaption' => $content[ $tmpCustomFilter['DisplayLangID'] ],
'fielddescription' => $content[ $tmpCustomFilter['DescriptLangID'] ], 'fielddescription' => $content[ $tmpCustomFilter['DescriptLangID'] ],
'filtertype' => $tmpCustomFilter['filtertype'], 'filtertype' => $tmpCustomFilter['filtertype'],
'fieldvalue' => $szDefaultValue, 'fieldvalue' => $szDefaultValue,
'colcssclass' => $szColcssclass, 'fieldvalue_selected' => $szFieldValueSelected,
'colcssclass' => $szColcssclass,
); );
} }
} }

220
src/classes/reports/report.eventlog.auditsummary.class.php
View File

@ -48,9 +48,20 @@ class Report_auditsummary extends Report {
public $_reportInitialized = false; // True means report is installed public $_reportInitialized = false; // True means report is installed
// Advanced Report Options // Advanced Report Options
private $_maxHosts = 20; // Threshold for maximum hosts to analyse! private $_maxHosts = 20; // Threshold for maximum hosts to analyse!
private $_maxauditsummarysPerHost = 100; // Threshold for maximum amount of logon/logoffs to analyse per host private $_maxauditsummarysPerHost = 100; // Threshold for maximum amount of logon/logoffs to analyse per host
private $_colorThreshold = 10; // Threshold for coloured display of Eventcounter private $_colorThreshold = 10; // Threshold for coloured display of Eventcounter
private $_events_logon = 1; // Enable analysis of Logon Events
private $_events_logoff = 1; // Enable analysis of Logoff Events
private $_events_logonfail = 1; // Enable analysis of Logon failures Events
private $_events_policychangeevents = 1; // Enable analysis of Audit policy changes
private $_events_objectaccess = 1; // Enable analysis of Object access Events
private $_events_systemevents = 1; // Enable analysis of System Events
private $_events_hostsessionevents = 1; // Enable analysis of Host session Events
private $_events_useraccchangeevents = 1; // Enable analysis of User Account changes
private $_events_auditpolicychangesevents = 1; // Enable analysis of Audit policiy changes Events
private $_events_useractions = 1; // Enable analysis of individual User actions
private $_events_hostactions = 1; // Enable analysis of individual Host actions
// Constructor // Constructor
public function Report_auditsummary() { public function Report_auditsummary() {
@ -94,6 +105,85 @@ class Report_auditsummary extends Report {
'MinValue' => 1, 'MinValue' => 1,
/* 'MaxValue' => 0,*/ /* 'MaxValue' => 0,*/
); );
/* Boolean Options */
$this->_arrCustomFilters['_events_logon'] =
array ( 'InternalID' => '_events_logon',
'DisplayLangID' => 'ln_report_events_logon_displayname',
'DescriptLangID'=> 'ln_report_events_logon_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_logoff'] =
array ( 'InternalID' => '_events_logoff',
'DisplayLangID' => 'ln_report_events_logoff_displayname',
'DescriptLangID'=> 'ln_report_events_logoff_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_logonfail'] =
array ( 'InternalID' => '_events_logonfail',
'DisplayLangID' => 'ln_report_events_logonfail_displayname',
'DescriptLangID'=> 'ln_report_events_logonfail_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_policychangeevents'] =
array ( 'InternalID' => '_events_policychangeevents',
'DisplayLangID' => 'ln_report_events_policychangeevents_displayname',
'DescriptLangID'=> 'ln_report_events_policychangeevents_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_objectaccess'] =
array ( 'InternalID' => '_events_objectaccess',
'DisplayLangID' => 'ln_report_events_objectaccess_displayname',
'DescriptLangID'=> 'ln_report_events_objectaccess_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_systemevents'] =
array ( 'InternalID' => '_events_systemevents',
'DisplayLangID' => 'ln_report_events_systemevents_displayname',
'DescriptLangID'=> 'ln_report_events_systemevents_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_hostsessionevents'] =
array ( 'InternalID' => '_events_hostsessionevents',
'DisplayLangID' => 'ln_report_events_hostsessionevents_displayname',
'DescriptLangID'=> 'ln_report_events_hostsessionevents_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_useraccchangeevents'] =
array ( 'InternalID' => '_events_useraccchangeevents',
'DisplayLangID' => 'ln_report_events_useraccchangeevents_displayname',
'DescriptLangID'=> 'ln_report_events_useraccchangeevents_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_auditpolicychangesevents'] =
array ( 'InternalID' => '_events_auditpolicychangesevents',
'DisplayLangID' => 'ln_report_events_auditpolicychangesevents_displayname',
'DescriptLangID'=> 'ln_report_events_auditpolicychangesevents_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_useractions'] =
array ( 'InternalID' => '_events_useractions',
'DisplayLangID' => 'ln_report_events_useractions_displayname',
'DescriptLangID'=> 'ln_report_events_useractions_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
$this->_arrCustomFilters['_events_hostactions'] =
array ( 'InternalID' => '_events_hostactions',
'DisplayLangID' => 'ln_report_events_hostactions_displayname',
'DescriptLangID'=> 'ln_report_events_hostactions_description',
FILTER_TYPE => FILTER_TYPE_BOOL,
'DefaultValue' => 1,
);
@ -253,6 +343,31 @@ class Report_auditsummary extends Report {
else if ( $tmpfilterid == '_colorThreshold' ) else if ( $tmpfilterid == '_colorThreshold' )
$this->_colorThreshold = intval($szNewVal); $this->_colorThreshold = intval($szNewVal);
} }
else if ( $this->_arrCustomFilters[$tmpfilterid][FILTER_TYPE] == FILTER_TYPE_BOOL )
{
if ( $tmpfilterid == '_events_logon' )
$this->_events_logon = intval($szNewVal);
else if ( $tmpfilterid == '_events_logoff' )
$this->_events_logoff = intval($szNewVal);
else if ( $tmpfilterid == '_events_logonfail' )
$this->_events_logonfail = intval($szNewVal);
else if ( $tmpfilterid == '_events_policychangeevents' )
$this->_events_policychangeevents = intval($szNewVal);
else if ( $tmpfilterid == '_events_objectaccess' )
$this->_events_objectaccess = intval($szNewVal);
else if ( $tmpfilterid == '_events_systemevents' )
$this->_events_systemevents = intval($szNewVal);
else if ( $tmpfilterid == '_events_hostsessionevents' )
$this->_events_hostsessionevents = intval($szNewVal);
else if ( $tmpfilterid == '_events_useraccchangeevents' )
$this->_events_useraccchangeevents = intval($szNewVal);
else if ( $tmpfilterid == '_events_auditpolicychangesevents' )
$this->_events_auditpolicychangesevents = intval($szNewVal);
else if ( $tmpfilterid == '_events_useractions' )
$this->_events_useractions = intval($szNewVal);
else if ( $tmpfilterid == '_events_hostactions' )
$this->_events_hostactions = intval($szNewVal);
}
else else
{ {
// Write to debuglog // Write to debuglog
@ -325,69 +440,102 @@ class Report_auditsummary extends Report {
$content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s "; $content["report_rendertime"] .= number_format($nowtime - $gl_starttime, 2, '.', '') . "s ";
// --- Process Logons // --- Process Logons
$content["report_consdata"]["logon"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("528,4624" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logonevents" /* Logon Events */); if ( $this->_events_logon == 1 )
$content["report_consdata"]["logon"]['DataCaption'] = $content["ln_report_logonevents"]; {
$content["report_consdata"]["logon"]['cons_count'] = count($content["report_consdata"]["logon"]['cons_events']); $content["report_consdata"]["logon"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("528,4624" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logonevents" /* Logon Events */);
$content["report_consdata"]["logon"]['DataCaption'] = $content["ln_report_logonevents"];
$content["report_consdata"]["logon"]['cons_count'] = count($content["report_consdata"]["logon"]['cons_events']);
}
// --- // ---
// --- Process Logoffs // --- Process Logoffs
$content["report_consdata"]["logoff"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("538,4634" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logoffevents" /* Logoff Events */); if ( $this->_events_logoff == 1 )
$content["report_consdata"]["logoff"]['DataCaption'] = $content["ln_report_logoffevents"]; {
$content["report_consdata"]["logoff"]['cons_count'] = count($content["report_consdata"]["logoff"]['cons_events']); $content["report_consdata"]["logoff"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("538,4634" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logoffevents" /* Logoff Events */);
$content["report_consdata"]["logoff"]['DataCaption'] = $content["ln_report_logoffevents"];
$content["report_consdata"]["logoff"]['cons_count'] = count($content["report_consdata"]["logoff"]['cons_events']);
}
// --- // ---
// --- Process Logon failures // --- Process Logon failures
$content["report_consdata"]["logonfail"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("529,530,531,532,533,534,535,536,537,4625,4626,4627,4628,4629,4630,4631,4632,4633" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logonfailevents" /* Logoff Events */); if ( $this->_events_logonfail == 1 )
$content["report_consdata"]["logonfail"]['DataCaption'] = $content["ln_report_logonfailevents"]; {
$content["report_consdata"]["logonfail"]['cons_count'] = count($content["report_consdata"]["logonfail"]['cons_events']); $content["report_consdata"]["logonfail"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("529,530,531,532,533,534,535,536,537,4625,4626,4627,4628,4629,4630,4631,4632,4633" /* Include EventIDs for new and old Eventlog API*/, "ln_report_logonfailevents" /* Logoff Events */);
$content["report_consdata"]["logonfail"]['DataCaption'] = $content["ln_report_logonfailevents"];
$content["report_consdata"]["logonfail"]['cons_count'] = count($content["report_consdata"]["logonfail"]['cons_events']);
}
// --- // ---
// --- Process Audigpolicy changes // --- Process Audigpolicy changes
$content["report_consdata"]["auditpolchanged"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("617,618,619,643,4713,4714,4715,4719,4739" /* Include EventIDs for new and old Eventlog API*/, "ln_report_auditpolchangedevents" /* Logoff Events */); if ( $this->_events_policychangeevents == 1 )
$content["report_consdata"]["auditpolchanged"]['DataCaption'] = $content["ln_report_auditpolchangedevents"]; {
$content["report_consdata"]["auditpolchanged"]['cons_count'] = count($content["report_consdata"]["auditpolchanged"]['cons_events']); $content["report_consdata"]["auditpolchanged"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("617,618,619,643,4713,4714,4715,4719,4739" /* Include EventIDs for new and old Eventlog API*/, "ln_report_policychangeevents" /* Logoff Events */);
$content["report_consdata"]["auditpolchanged"]['DataCaption'] = $content["ln_report_policychangeevents"];
$content["report_consdata"]["auditpolchanged"]['cons_count'] = count($content["report_consdata"]["auditpolchanged"]['cons_events']);
}
// --- // ---
// --- Process Objectaccess // --- Process Objectaccess
$content["report_consdata"]["objectaccess"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("567,4663" /* Include EventIDs for new and old Eventlog API*/, "ln_report_objectaccessevents" /* Logoff Events */); if ( $this->_events_objectaccess == 1 )
$content["report_consdata"]["objectaccess"]['DataCaption'] = $content["ln_report_objectaccessevents"]; {
$content["report_consdata"]["objectaccess"]['cons_count'] = count($content["report_consdata"]["objectaccess"]['cons_events']); $content["report_consdata"]["objectaccess"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("567,4663" /* Include EventIDs for new and old Eventlog API*/, "ln_report_objectaccessevents" /* Object access Events */);
$content["report_consdata"]["objectaccess"]['DataCaption'] = $content["ln_report_objectaccessevents"];
$content["report_consdata"]["objectaccess"]['cons_count'] = count($content["report_consdata"]["objectaccess"]['cons_events']);
}
// --- // ---
// --- Process System events // --- Process System events
$content["report_consdata"]["systemevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("512,513,520,4108,4109,4616,4697" /* Include EventIDs for new and old Eventlog API*/, "ln_report_systemevents" /* Logoff Events */); if ( $this->_events_systemevents == 1 )
$content["report_consdata"]["systemevents"]['DataCaption'] = $content["ln_report_systemevents"]; {
$content["report_consdata"]["systemevents"]['cons_count'] = count($content["report_consdata"]["systemevents"]['cons_events']); $content["report_consdata"]["systemevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("512,513,520,4108,4109,4616,4697" /* Include EventIDs for new and old Eventlog API*/, "ln_report_systemevents" /* System Events */);
$content["report_consdata"]["systemevents"]['DataCaption'] = $content["ln_report_systemevents"];
$content["report_consdata"]["systemevents"]['cons_count'] = count($content["report_consdata"]["systemevents"]['cons_events']);
}
// --- // ---
// --- Process Host Session events // --- Process Host Session events
$content["report_consdata"]["hostsessionevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("682,683,4778,4779" /* Include EventIDs for new and old Eventlog API*/, "ln_report_hostsessionevents" /* Logoff Events */); if ( $this->_events_hostsessionevents == 1 )
$content["report_consdata"]["hostsessionevents"]['DataCaption'] = $content["ln_report_hostsessionevents"]; {
$content["report_consdata"]["hostsessionevents"]['cons_count'] = count($content["report_consdata"]["hostsessionevents"]['cons_events']); $content["report_consdata"]["hostsessionevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("682,683,4778,4779" /* Include EventIDs for new and old Eventlog API*/, "ln_report_hostsessionevents" /* Host session Events */);
$content["report_consdata"]["hostsessionevents"]['DataCaption'] = $content["ln_report_hostsessionevents"];
$content["report_consdata"]["hostsessionevents"]['cons_count'] = count($content["report_consdata"]["hostsessionevents"]['cons_events']);
}
// --- // ---
// --- Process User Account Changes events // --- Process User Account Changes events
$content["report_consdata"]["useraccchangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("642," /* Include EventIDs for new and old Eventlog API*/, "ln_report_useraccchangeevents" /* Logoff Events */); if ( $this->_events_useraccchangeevents == 1 )
$content["report_consdata"]["useraccchangeevents"]['DataCaption'] = $content["ln_report_useraccchangeevents"]; {
$content["report_consdata"]["useraccchangeevents"]['cons_count'] = count($content["report_consdata"]["useraccchangeevents"]['cons_events']); $content["report_consdata"]["useraccchangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("642" /* Include EventIDs for new and old Eventlog API*/, "ln_report_useraccchangeevents" /* User Account Changes */);
$content["report_consdata"]["useraccchangeevents"]['DataCaption'] = $content["ln_report_useraccchangeevents"];
$content["report_consdata"]["useraccchangeevents"]['cons_count'] = count($content["report_consdata"]["useraccchangeevents"]['cons_events']);
}
// --- // ---
// --- Process Audit policy changes events // --- Process Audit policy changes events
$content["report_consdata"]["auditpolicychangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("612, 807, 4719, 4912" /* Include EventIDs for new and old Eventlog API*/, "ln_report_auditpolicychangeevents" /* Logoff Events */); if ( $this->_events_auditpolicychangesevents == 1 )
$content["report_consdata"]["auditpolicychangeevents"]['DataCaption'] = $content["ln_report_auditpolicychangeevents"]; {
$content["report_consdata"]["auditpolicychangeevents"]['cons_count'] = count($content["report_consdata"]["auditpolicychangeevents"]['cons_events']); $content["report_consdata"]["auditpolicychangeevents"]['cons_events'] = $this->ConsolidateAuditSummaryByIDs("612, 807, 4719, 4912" /* Include EventIDs for new and old Eventlog API*/, "ln_report_auditpolicychangeevents" /* Logoff Events */);
$content["report_consdata"]["auditpolicychangeevents"]['DataCaption'] = $content["ln_report_auditpolicychangeevents"];
$content["report_consdata"]["auditpolicychangeevents"]['cons_count'] = count($content["report_consdata"]["auditpolicychangeevents"]['cons_events']);
}
// --- // ---
// --- Individual User Actions // --- Individual User Actions
$content["report_detaildata_users"] = $this->ConsolidateAuditSummaryByField( SYSLOG_EVENT_USER, "ln_report_individualuseractions" /* User Actions */); if ( $this->_events_useractions == 1 )
$content["report_detaildata_users_caption"] = $content["ln_report_individualuseractions"]; {
$content["report_detaildata_users_cons_count"] = count($content["report_detaildata_users"]); $content["report_detaildata_users"] = $this->ConsolidateAuditSummaryByField( SYSLOG_EVENT_USER, "ln_report_individualuseractions" /* User Actions */);
$content["report_detaildata_users_caption"] = $content["ln_report_individualuseractions"];
$content["report_detaildata_users_cons_count"] = count($content["report_detaildata_users"]);
}
// --- // ---
// --- Individual Host Actions // --- Individual Host Actions
$content["report_detaildata_hosts"] = $this->ConsolidateAuditSummaryByField( SYSLOG_HOST, "ln_report_individualhostactions" /* Host Actions */); if ( $this->_events_hostactions == 1 )
$content["report_detaildata_hosts_caption"] = $content["ln_report_individualhostactions"]; {
$content["report_detaildata_hosts_cons_count"] = count($content["report_detaildata_hosts"]); $content["report_detaildata_hosts"] = $this->ConsolidateAuditSummaryByField( SYSLOG_HOST, "ln_report_individualhostactions" /* Host Actions */);
$content["report_detaildata_hosts_caption"] = $content["ln_report_individualhostactions"];
$content["report_detaildata_hosts_cons_count"] = count($content["report_detaildata_hosts"]);
}
// --- // ---
// Start Postprocessing // Start Postprocessing

26
src/classes/reports/report.eventlog.auditsummary/report.eventlog.auditsummary.lang.en.php
View File

@ -42,7 +42,7 @@ $content['ln_report_consolidated_summary'] = "Summary of Audit Events";
$content['ln_report_logonevents'] = "Logon Events"; $content['ln_report_logonevents'] = "Logon Events";
$content['ln_report_logoffevents'] = "Logoff Events"; $content['ln_report_logoffevents'] = "Logoff Events";
$content['ln_report_logonfailevents'] = "Login Failures"; $content['ln_report_logonfailevents'] = "Login Failures";
$content['ln_report_auditpolchangedevents'] = "Audit policy changes"; $content['ln_report_policychangeevents'] = "Policy changes";
$content['ln_report_objectaccessevents'] = "Object Access"; $content['ln_report_objectaccessevents'] = "Object Access";
$content['ln_report_systemevents'] = "System events"; $content['ln_report_systemevents'] = "System events";
$content['ln_report_hostsessionevents'] = "Host Sessions"; $content['ln_report_hostsessionevents'] = "Host Sessions";
@ -51,6 +51,30 @@ $content['ln_report_auditpolicychangeevents'] = "Audit policy changes";
$content['ln_report_individualuseractions'] = "Individual User Actions"; $content['ln_report_individualuseractions'] = "Individual User Actions";
$content['ln_report_detailactions'] = "Detailed Actions"; $content['ln_report_detailactions'] = "Detailed Actions";
$content['ln_report_individualhostactions'] = "Individual Host Actions"; $content['ln_report_individualhostactions'] = "Individual Host Actions";
$content['ln_report_events_logon_displayname'] = "Include Logon Events";
$content['ln_report_events_logon_description'] = "This option will include logon events with Event IDs: 528,4624";
$content['ln_report_events_logoff_displayname'] = "Include Logoff Events";
$content['ln_report_events_logoff_description'] = "This option will include logoff events with Event IDs: 538,4634";
$content['ln_report_events_logonfail_displayname'] = "Include Logon failures Events";
$content['ln_report_events_logonfail_description'] = "This option will include logon failures with Event IDs: 529,530,531,532,533,534,535,536,537, 4625,4626,4627,4628,4629,4630,4631,4632,4633";
$content['ln_report_events_policychangeevents_displayname'] = "Include Policy Changeevents";
$content['ln_report_events_policychangeevents_description'] = "This option will include logoff events with Event IDs: 617,618,619,643,4713,4714,4715,4719,4739";
$content['ln_report_events_objectaccess_displayname'] = "Include Object access Events";
$content['ln_report_events_objectaccess_description'] = "This option will include logoff events with Event IDs: 567,4663";
$content['ln_report_events_systemevents_displayname'] = "Include System Events";
$content['ln_report_events_systemevents_description'] = "This option will include logoff events with Event IDs: 512,513,520,4108,4109,4616,4697";
$content['ln_report_events_hostsessionevents_displayname'] = "Include Host session Events";
$content['ln_report_events_hostsessionevents_description'] = "This option will include logoff events with Event IDs: 682,683,4778,4779";
$content['ln_report_events_useraccchangeevents_displayname'] = "Include User Account changes";
$content['ln_report_events_useraccchangeevents_description'] = "This option will include logoff events with Event IDs: 642";
$content['ln_report_events_auditpolicychangesevents_displayname'] = "Include Audit policy Changeevents";
$content['ln_report_events_auditpolicychangesevents_description'] = "This option will include logoff events with Event IDs: 612, 807, 4719, 4912";
$content['ln_report_events_useractions_displayname'] = "Include individual User actions";
$content['ln_report_events_useractions_description'] = "This option will include all security events consolidated by user";
$content['ln_report_events_hostactions_displayname'] = "Include individual Host actions";
$content['ln_report_events_hostactions_description'] = "This option will include all security events consolidated by host";
$content['ln_report_'] = "";
$content['ln_report_'] = "";
$content['ln_report_'] = ""; $content['ln_report_'] = "";
$content['ln_report_'] = ""; $content['ln_report_'] = "";

1
src/include/constants_logstream.php
View File

@ -83,6 +83,7 @@ define('MISC_CHECKSUM', 'misc_checksum');
define('FILTER_TYPE_STRING', 0); define('FILTER_TYPE_STRING', 0);
define('FILTER_TYPE_NUMBER', 1); define('FILTER_TYPE_NUMBER', 1);
define('FILTER_TYPE_DATE', 2); define('FILTER_TYPE_DATE', 2);
define('FILTER_TYPE_BOOL', 3);
define('FILTER_TYPE_UNKNOWN', 99); define('FILTER_TYPE_UNKNOWN', 99);
// Define possible alignments // Define possible alignments

14
src/templates/admin/admin_reports.html
View File

@ -444,12 +444,20 @@
</tr> </tr>
<!-- BEGIN CUSTOMFILTERS --> <!-- BEGIN CUSTOMFILTERS -->
<tr> <tr>
<td align="left" class="{colcssclass}" width="350"> <!-- IF filtertype="1" -->
<td align="left" class="{colcssclass}" width="400">
<b>{fieldcaption}</b><br/>(<I>{fielddescription}</I>) <b>{fieldcaption}</b><br/>(<I>{fielddescription}</I>)
</td> </td>
<td align="left" class="{colcssclass}" width="200"> <td align="left" class="{colcssclass}" width="150">
<input type="text" name="{fieldname}" size="40" maxlength="255" value="{fieldvalue}"> <input type="text" name="{fieldname}" size="30" maxlength="255" value="{fieldvalue}">
</td> </td>
<!-- ENDIF filtertype="1" -->
<!-- IF filtertype="3" -->
<td align="left" class="{colcssclass}" colspan="2">
<input type="checkbox" name="{fieldname}" value="1" {fieldvalue_selected}>
<b>{fieldcaption}</b> &nbsp; (<I>{fielddescription}</I>)
</td>
<!-- ENDIF filtertype="3" -->
</tr> </tr>
<!-- END CUSTOMFILTERS --> <!-- END CUSTOMFILTERS -->
</table> </table>