tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2008-11-14 Evi Vanoost <vanooste@rcbi.rochester.edu> 

* operation/incidents/incident_detail.php, incident.php: Update ACL's
        to reflect IR rights instead of default AR

        * operation/events/events.php: Updated style and html for new
        functions. Fixes Bug #2267593

        * index.php: Put REMOTE_ADDR in $config as well. It's easier to
        globalize in functions.

        * include/functions_reporting.php: Updated event_reporting to accept
        any type of date. Style update. get_group_stats didn't need global

        * include/functions_html.php: Updated print_table documentation with
        pre-existing $table->id. Also added $table->headclass[] for classes
        in headers

        * include/functions_events.php: New-style function file to aggregate
        events functions.

        * include/functions_db.php: gime_idgroup_from_idevent is now in
        functions_events.php as get_events_group. Renamed get_events_in_group
        to get_group_events return_priority is now get_priority_name

        * include/functions.php: Added safe_int function to clean up and remove
        non-ints from either single values or arrays of values. Also has min
        and max limiters. Added $pagination in lieu of $config["block_size"]
        to pagination function. That way larger block sizes (eg in events)
        will display correctly. Added strtotime on format_datetime

        * godmode/db/db_event.php: After an ACL error, it's better to exit


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1244 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
guruevi 2008-11-14 15:37:32 +00:00
parent 0873a78a4f
commit 34ca6bff42
11 changed files with 500 additions and 396 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
pandora_console/ChangeLog
View File

@ -1,3 +1,36 @@
2008-11-14 Evi Vanoost <vanooste@rcbi.rochester.edu>
* operation/incidents/incident_detail.php, incident.php: Update ACL's
to reflect IR rights instead of default AR
* operation/events/events.php: Updated style and html for new
functions. Fixes Bug #2267593
* index.php: Put REMOTE_ADDR in $config as well. It's easier to
globalize in functions.
* include/functions_reporting.php: Updated event_reporting to accept
any type of date. Style update. get_group_stats didn't need global
* include/functions_html.php: Updated print_table documentation with
pre-existing $table->id. Also added $table->headclass[] for classes
in headers
* include/functions_events.php: New-style function file to aggregate
events functions.
* include/functions_db.php: gime_idgroup_from_idevent is now in
functions_events.php as get_events_group. Renamed get_events_in_group
to get_group_events return_priority is now get_priority_name
* include/functions.php: Added safe_int function to clean up and remove
non-ints from either single values or arrays of values. Also has min
and max limiters. Added $pagination in lieu of $config["block_size"]
to pagination function. That way larger block sizes (eg in events)
will display correctly. Added strtotime on format_datetime
* godmode/db/db_event.php: After an ACL error, it's better to exit
2008-11-14 Esteban Sanchez <estebans@artica.es>
* include/functions_reporting.php: Fixed an error when calculating

2
pandora_console/godmode/db/db_event.php
View File

@ -24,7 +24,7 @@ check_login ();
if (! give_acl ($config['id_user'], 0, "DM")) {
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation", "Trying to access Database Management Event");
require ("general/noaccess.php");
return;
exit;
}
# ADQUIRE DATA PASSED AS FORM PARAMETERS

86
pandora_console/include/functions.php
View File

@ -55,6 +55,36 @@ function safe_input ($value) {
return htmlentities (utf8_decode ($value), ENT_QUOTES);
}
/**
* Cleans an object or an array and casts all values as integers
*
* @param value String or array of strings to be cleaned
* @param min If value is smaller than min it will return false
* @param max if value is larger than max it will return false
*
* @return The cleaned string. If an array was passed, the invalid values will have been removed
*/
function safe_int ($value, $min = false, $max = false) {
if (is_array ($value)) {
foreach ($value as $key => $check) {
$check = safe_int ($check, $min, $max);
if ($check !== false) {
$value[$key] = $check;
} else {
unset ($value[$key]);
}
}
} else {
$value = (int) $value; //Cast as integer
if (($min !== false && $value < $min) || ($max !== false && $value > $max)) {
//If it's smaller than min or larger than max return false
return false;
}
}
return $value;
}
/**
* Pandora debug functions.
*
@ -206,7 +236,7 @@ function no_permission () {
* @param error Aditional error string to be shown. Blank by default
*/
function unmanaged_error ($error = "") {
require("config.php");
require_once ("config.php");
echo "<h3 class='error'>".__('Unmanaged error')."</h3>";
echo "<img src='images/error.png' alt='error'><br><br>";
echo "<table width=550>";
@ -268,12 +298,17 @@ function list_files ($directory, $stringSearch, $searchHandler, $return) {
* @param count Number of elements in the collection.
* @param url URL of the pagination links. It must include all form values as GET form.
* @param offset Current offset for the pagination
* @param pagination Current pagination size. If a user requests a larger pagination than config["block_size"]
*
* @return It returns nothing, it prints the pagination.
*/
function pagination ($count, $url, $offset) {
function pagination ($count, $url, $offset, $pagination = 0) {
global $config;
if (empty ($pagination)) {
$pagination = $config["block_size"];
}
/* URL passed render links with some parameter
&offset - Offset records passed to next page
&counter - Number of items to be blocked
@ -282,12 +317,12 @@ function pagination ($count, $url, $offset) {
*/
$block_limit = 15; // Visualize only $block_limit blocks
if ($count <= $config["block_size"]) {
if ($count <= $pagination) {
return;
}
// If exists more registers than I can put in a page, calculate index markers
$index_counter = ceil($count/$config["block_size"]); // Number of blocks of block_size with data
$index_page = ceil($offset/$config["block_size"])-(ceil($block_limit/2)); // block to begin to show data;
$index_counter = ceil($count/$pagination); // Number of blocks of block_size with data
$index_page = ceil($offset/$pagination)-(ceil($block_limit/2)); // block to begin to show data;
if ($index_page < 0)
$index_page = 0;
@ -317,7 +352,7 @@ function pagination ($count, $url, $offset) {
echo '<a href="'.$url.'&offset=0"><img src="images/control_start_blue.png" class="bot" /></a>&nbsp;';
// Show PREVIOUS button
if ($index_page > 0){
$index_page_prev= ($index_page-(floor($block_limit/2)))*$config["block_size"];
$index_page_prev= ($index_page-(floor($block_limit/2)))*$pagination;
if ($index_page_prev < 0)
$index_page_prev = 0;
echo '<a href="'.$url.'&offset='.$index_page_prev.'"><img src="images/control_rewind_blue.png" class="bot" /></a>';
@ -326,10 +361,10 @@ function pagination ($count, $url, $offset) {
// Draw blocks markers
// $i stores number of page
for ($i = $inicio_pag; $i < $index_limit; $i++) {
$inicio_bloque = ($i * $config["block_size"]);
$final_bloque = $inicio_bloque + $config["block_size"];
$inicio_bloque = ($i * $pagination);
$final_bloque = $inicio_bloque + $pagination;
if ($final_bloque > $count){ // if upper limit is beyond max, this shouldnt be possible !
$final_bloque = ($i-1)*$config["block_size"] + $count-(($i-1) * $config["block_size"]);
$final_bloque = ($i-1) * $pagination + $count-(($i-1) * $pagination);
}
echo "<span>";
@ -348,9 +383,9 @@ function pagination ($count, $url, $offset) {
// Show NEXT PAGE (fast forward)
// Index_counter stores max of blocks
if (($paginacion_maxima == 1) AND (($index_counter - $i) > 0)) {
$prox_bloque = ($i+ceil($block_limit/2))*$config["block_size"];
$prox_bloque = ($i + ceil ($block_limit / 2)) * $pagination;
if ($prox_bloque > $count)
$prox_bloque = ($count -1) - $config["block_size"];
$prox_bloque = ($count -1) - $pagination;
echo '<a href="'.$url.'&offset='.$prox_bloque.'"><img class="bot" src="images/control_fastforward_blue.png" /></a>';
$i = $index_counter;
}
@ -358,8 +393,8 @@ function pagination ($count, $url, $offset) {
// get offset for index calculation
// Draw "last" block link, ajust for last block will be the same
// as painted in last block (last integer block).
if (($count - $config["block_size"]) > 0){
$myoffset = floor(($count-1)/ $config["block_size"])* $config["block_size"];
if (($count - $pagination) > 0){
$myoffset = floor(($count-1) / $pagination) * $pagination;
echo '<a href="'.$url.'&offset='.$myoffset.'"><img class="bot" src="images/control_end_blue.png" /></a>';
}
// End div and layout
@ -381,6 +416,11 @@ function pagination ($count, $url, $offset) {
function format_datetime ($timestamp, $alt_format = "") {
global $config;
if (!is_int ($timestamp)) {
//Make function format agnostic
$timestamp = strtotime ($timestamp);
}
if ($alt_format == "")
$alt_format = $config["date_format"];
@ -1152,11 +1192,13 @@ function get_priorities () {
}
/**
* Get priority value from priority name.
* Get priority name from priority value.
*
* @param priority Priority name.
* @param priority value (integer) as stored eg. in database.
*
* @return priority string.
*/
function return_priority ($priority) {
function get_priority_name ($priority) {
global $config;
switch ($priority) {
@ -1177,7 +1219,8 @@ function return_priority ($priority) {
/**
* Avoid magic_quotes protection
*
* Deprecated by get_parameter functions and safe_input funcitons
* Magic Quotes are deprecated in PHP5 and will be removed in PHP6
* @param string Text string to be stripped of magic_quotes protection
*/
@ -1187,12 +1230,21 @@ function unsafe_string ($string) {
return $string;
}
/**
* Deprecated by get_parameter functions and safe_input funcitons
* Magic Quotes are deprecated in PHP5 and will be removed in PHP6
*/
function safe_sql_string ($string) {
if (get_magic_quotes_gpc () == 0)
$string = mysql_escape_string ($string);
return $string;
}
/**
* enterprise functions
*/
function enterprise_hook ($function_name, $parameters = false) {
if (function_exists ($function_name)) {
if (!is_array ($parameters))

15
pandora_console/include/functions_db.php
View File

@ -360,17 +360,6 @@ function return_event_description ($id_event) {
return (string) get_db_value ('evento', 'tevento', 'id_evento', (int) $id_event);
}
/**
* Get group id of an event.
*
* @param id_event Event id
*
* @return Group id of the given event.
*/
function gime_idgroup_from_idevent ($id_event) {
return (int) get_db_value ('id_grupo', 'tevento', 'id_evento', (int) $id_event);
}
/**
* Get name of an agent.
*
@ -580,7 +569,7 @@ function get_monitors_in_group ($id_group) {
*
* @return An array with all the events happened.
*/
function get_events_in_group ($id_group, $period, $date) {
function get_group_events ($id_group, $period, $date) {
$datelimit = $date - $period;
if ($id_group == 1) {
@ -2111,7 +2100,7 @@ function smal_event_table ($filter = "", $limit = 10, $width = 440) {
$tdclass = "datos_grey";
}
$criticity_label = return_priority ($event["criticity"]);
$criticity_label = get_priority_name ($event["criticity"]);
/* Colored box */
echo "<tr><td class='$tdclass' title='$criticity_label' align='center'>";
if ($event["estado"] == 0) {

105
pandora_console/include/functions_events.php Normal file
View File

@ -0,0 +1,105 @@
<?php
// Pandora FMS - the Flexible Monitoring System
// ============================================
// Copyright (c) 2008 Evi Vanoost, <vanooste@rcbi.rochester.edu>
// Please see http://pandora.sourceforge.net for full contribution list
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation for version 2.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
function delete_event ($id_event) {
global $config;
$id_event = (array) safe_int ($id_event, 1); //Cleans up the selection for all unwanted values also casts any single values as an array
process_sql ("SET AUTOCOMMIT = 0;");
process_sql ("START TRANSACTION;");
$errors = 0;
foreach ($id_event as $event) {
$sql = sprintf ("DELETE FROM tevento WHERE id_evento = %d", $event);
$ret = process_sql ($sql);
if (give_acl ($config["id_user"], get_event_group ($event), "IM") == 0) {
//Check ACL
audit_db ($config["id_user"], $config["remote_addr"], "ACL Violation", "Attempted deleting event #".$event);
} elseif ($ret !== false) {
//ACL didn't fail nor did return
continue;
}
$errors++;
}
if ($errors > 1) {
process_sql ("ROLLBACK;");
process_sql ("SET AUTOCOMMIT = 1;");
return false;
} else {
foreach ($id_event as $event) {
audit_db ($config["id_user"], $config["remote_addr"], "Event deleted", "Deleted event #".$event);
}
process_sql ("COMMIT;");
process_sql ("SET AUTOCOMMIT = 1;");
return true;
}
}
function process_event_validate ($id_event) {
global $config;
$id_event = (array) safe_int ($id_event, 1); //Cleans up the selection for all unwanted values also casts any single values as an array
process_sql ("SET AUTOCOMMIT = 0;");
process_sql ("START TRANSACTION;");
$errors = 0;
foreach ($id_event as $event) {
$sql = sprintf ("UPDATE tevento SET estado = 1, id_usuario = '%s' WHERE id_evento = %d", $config['id_user'], $event);
$ret = process_sql ($sql);
if (give_acl ($config["id_user"], get_event_group ($event), "IW") == 0) {
//Check ACL
audit_db ($config["id_user"], $config["remote_addr"], "ACL Violation", "Attempted updating event #".$event);
} elseif ($ret !== false) {
//ACL didn't fail nor did return
continue;
}
$errors++;
}
if ($errors > 1) {
process_sql ("ROLLBACK;");
process_sql ("SET AUTOCOMMIT = 1;");
return false;
} else {
foreach ($id_event as $event) {
audit_db ($config["id_user"], $config["remote_addr"], "Event validated", "Validated event #".$event);
}
process_sql ("COMMIT;");
process_sql ("SET AUTOCOMMIT = 1;");
return true;
}
}
/**
* Get group id of an event.
*
* @param id_event Event id
*
* @return Group id of the given event.
*/
function get_event_group ($id_event) {
return (int) get_db_value ('id_grupo', 'tevento', 'id_evento', (int) $id_event);
}
?>

8
pandora_console/include/functions_html.php
View File

@ -297,6 +297,8 @@ function print_textarea ($name, $rows, $columns, $value = '', $attributes = '',
* $table->cellpadding - Padding on each cell
* $table->cellspacing - Spacing between cells
* $table->class - CSS table class
* $table->id - Table ID (useful in JavaScript)
* $table->headclass[] - An array of classes for each heading
* @param bool $return whether to return an output string or echo now
*/
function print_table (&$table, $return = false) {
@ -397,8 +399,10 @@ function print_table (&$table, $return = false) {
if (!isset ($align[$key])) {
$align[$key] = '';
}
$output .= '<th class="header c'.$key.'" scope="col">'. $heading .'</th>';
if (!isset ($table->headclass[$key])) {
$table->headclass[$key] = 'header c'.$key;
}
$output .= '<th class="'.$table->headclass[$key].'" scope="col">'. $heading .'</th>';
}
$output .= '</tr></thead>'."\n";
}

27
pandora_console/include/functions_reporting.php
View File

@ -121,9 +121,7 @@ function get_agent_module_sla ($id_agent_module, $period, $min_value, $max_value
* @return
*/
function get_group_stats ($id_group) {
global $config;
$groups = array_keys (get_user_groups ($config["id_user"]));
$groups = array_keys (get_user_groups ());
if ($id_group > 0 && in_array ($groups, $id_group)) {
//If a group is selected, and we have permissions to it then we don't need to look for them
$groups = array ();
@ -288,16 +286,17 @@ function get_group_stats ($id_group) {
*
* @param id_group Group id to get the report.
* @param period Period of time to get the report.
* @param date Beginning date of the report in UNIX time (current date by default).
* @param date Beginning date of the report
* @param return Flag to return or echo the report table (echo by default).
*
* @return A table object if return variable is true.
*/
function event_reporting ($id_group, $period, $date = 0, $return = false) {
global $config;
if (! $date)
if (empty ($date)) {
$date = time ();
} elseif (!is_int ($date)) {
$date = strtotime ($date);
}
$table->data = array ();
$table->head = array ();
@ -306,25 +305,23 @@ function event_reporting ($id_group, $period, $date = 0, $return = false) {
$table->head[2] = __('User ID');
$table->head[3] = __('Timestamp');
$events = get_events_in_group ($id_group, $period, $date);
if ($events === false) {
if (!$return)
print_table ($table);
return $table;
$events = get_group_events ($id_group, $period, $date);
if (empty ($events)) {
$events = array ();
}
foreach ($events as $event) {
$data = array ();
if ($event["estado"] == 0)
$data[0] = '<img src="images/dot_red.png">';
$data[0] = '<img src="images/dot_red.png" />';
else
$data[0] = '<img src="images/dot_green.png">';
$data[0] = '<img src="images/dot_green.png" />';
$data[1] = $event['evento'];
$data[2] = $event['id_usuario'] != '0' ? $event['id_usuario'] : '';
$data[3] = $event["timestamp"];
array_push ($table->data, $data);
}
if (!$return)
if (empty ($return))
print_table ($table);
return $table;
}

1
pandora_console/index.php
View File

@ -134,6 +134,7 @@ if ($config["pure"] == 0) {
}
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
$config["remote_addr"] = $_SERVER['REMOTE_ADDR'];
// Login process
if (! isset ($_SESSION['id_usuario']) && isset ($_GET["login"])) {

613
pandora_console/operation/events/events.php
View File

@ -15,155 +15,41 @@
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
?>
<script language="JavaScript" type="text/javascript">
<!--
function CheckAll () {
for (var i = 0; i < document.eventtable.elements.length; i++) {
var e = document.eventtable.elements[i];
if (e.type == 'checkbox' && e.name != 'allbox')
e.checked = 1;
}
}
function OpConfirm (text, conf) {
for (var i = 0; i < document.pageform.elements.length; i++) {
var e = document.pageform.elements[i];
if (e.type == 'checkbox' && e.name != 'allbox' && e.checked == 1) {
if (conf) {
return confirm (text);
} else {
return 1;
}
}
}
return false;
}
/* Function to hide/unhide a specific Div id */
function toggleDiv (divid){
if (document.getElementById(divid).style.display == 'none'){
document.getElementById(divid).style.display = 'block';
} else {
document.getElementById(divid).style.display = 'none';
}
}
//-->
</script>
<?php
// Load global vars
require("include/config.php");
require_once ("include/config.php");
require_once ("include/functions_events.php"); //Event processing functions
check_login ();
if (! give_acl ($config["id_user"], 0, "AR")) {
if (! give_acl ($config["id_user"], 0, "IR")) {
audit_db ($config["id_user"], $REMOTE_ADDR, "ACL Violation",
"Trying to access event viewer");
require ("general/noaccess.php");
return;
exit;
}
$accion = "";
// OPERATIONS
// Delete Event (only incident management access).
if (isset ($_GET["delete"])) {
//safe input
$id_evento = get_parameter_get ("delete");
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent ($id_evento);
if (give_acl ($config['id_user'], $id_group, "IM")) {
$descr = return_event_description ($id_evento); //Get description before it gets deleted
$sql = "DELETE FROM tevento WHERE id_evento =".$id_evento;
$result = process_sql ($sql);
if ($result !== false) {
echo '<h3 class="suc">'.__('Event successfully deleted').'</h3>';
audit_db ($config['id_user'], $REMOTE_ADDR,
"Event deleted","Deleted event: ".$descr);
} else {
echo '<h3 class="error">'.__('Error deleting event').'</h3>';
}
} else {
audit_db ($config['id_user'], $REMOTE_ADDR, "ACL Violation",
"Trying to delete event ID".$id_evento);
}
}
// Check Event (only incident write access).
if (isset ($_GET["check"])) {
$id_evento = get_parameter_get ("check");
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent ($id_evento);
if (give_acl ($config["id_user"], $id_group, "IW") ==1){
$sql = "UPDATE tevento SET estado = 1, id_usuario = '".$config["id_user"]."' WHERE id_evento = ".$id_evento;
$result = process_sql ($sql);
if ($result !== false) {
echo '<h3 class="suc">'.__('Event successfully validated').'</h3>';
audit_db($config["id_user"],$REMOTE_ADDR, "Event validated","Validate event: ".return_event_description ($id_evento));
} else {
echo '<h3 class="error">'.__('Error validating event').'</h3>';
}
} else {
audit_db ($config['id_user'],$REMOTE_ADDR, "ACL Violation",
"Trying to checkout event ".return_event_description ($id_evento));
}
}
// Mass-process DELETE
if (isset ($_POST["deletebt"])){
$count=0;
while ($count <= $config["block_size"]) {
if (isset ($_POST["eventid".$count])) {
$event_id = get_parameter_post ("eventid".$count);
$descr = return_event_description ($event_id); //Get description before it gets deleted
// Look for event_id following parameters: id_group.
$id_group = gime_idgroup_from_idevent ($event_id);
if (give_acl ($config['id_user'], $id_group, "IM")) {
process_sql ("DELETE FROM tevento WHERE id_evento = ".$event_id);
audit_db ($config['id_user'], $REMOTE_ADDR,
"Event deleted","Deleted event: ".$descr);
} else {
audit_db ($config['id_user'], $REMOTE_ADDR,
"ACL Violation","Trying to delete event: ".$descr);
}
}
$count++;
}
$delete = get_parameter ("delete");
$validate = get_parameter ("validate");
//Process deletion (pass array or single value)
if (!empty ($delete)) {
$eventid = (array) get_parameter ("eventid", -1);
$return = delete_event ($eventid); //This function handles both single values as well arrays and cleans up before deleting
print_error_message ($return, __('Events successfully deleted'), __('There was an error deleting events'));
}
// Mass-process UPDATE
if (isset ($_POST["updatebt"])) {
$count = 0;
while ($count <= $config["block_size"]) {
if (isset ($_POST["eventid".$count])) {
$id_evento = get_parameter_post ("eventid".$count);
$id_group = gime_idgroup_from_idevent($id_evento);
if (give_acl ($config['id_user'], $id_group, "IW")) {
$sql = "UPDATE tevento SET estado=1, id_usuario = '".$config['id_user']."' WHERE estado = 0 AND id_evento = ".$id_evento;
$result = process_sql ($sql);
audit_db ($config['id_user'], $REMOTE_ADDR,
"Event validated","Validate event: ".return_event_description ($id_evento));
} else {
audit_db ($config['id_user'], $REMOTE_ADDR,
"ACL Violation","Trying to checkout event ID".$id_evento);
}
}
$count++;
}
//Process validation (pass array or single value)
if (!empty ($validate)) {
$eventid = (array) get_parameter ("eventid", -1);
$return = process_event_validate ($eventid);
print_error_message ($return, __('Events successfully validated'), __('There was an error validating events'));
}
// ***********************************************************************
// Main code form / page
// ***********************************************************************
// Get data
$offset = (int) get_parameter ( "offset",0);
$ev_group = (int) get_parameter ("ev_group", 1); //1 = all
$search = get_parameter ("search", ""); // free search
@ -173,10 +59,9 @@ $status = (int) get_parameter ("status", 0); // -1 all, 0 only red, 1 only green
$id_agent = (int) get_parameter ("id_agent", -1); //-1 all, 0 system
$id_event = (int) get_parameter ("id_event", -1);
$pagination = (int) get_parameter ("pagination", $config["block_size"]);
$config["block_size"] = $pagination;
$groups = get_user_groups ($config["id_user"]);
//Group selection
$groups = get_user_groups ($config["id_user"], "IR");
//Group selection
if ($ev_group > 1 && in_array ($ev_group, array_keys ($groups))) {
//If a group is selected and it's in the groups allowed
$sql_post = " AND id_grupo = $ev_group";
@ -206,7 +91,7 @@ if ($id_agent != -1)
if ($id_event != -1)
$sql_post .= " AND id_evento = ".$id_event;
$url = "index.php?sec=eventos&sec2=operation/events/events&search=$search&event_type=$event_type&severity=$severity&status=$status&ev_group=$ev_group&refr=60&id_agent=$id_agent&id_event=$id_event";
$url = "index.php?sec=eventos&sec2=operation/events/events&search=$search&event_type=$event_type&severity=$severity&status=$status&ev_group=$ev_group&refr=60&id_agent=$id_agent&id_event=$id_event&pagination=$pagination";
echo "<h2>".__('Events')." &gt; ".__('Main event view'). "&nbsp";
@ -217,57 +102,51 @@ if ($config["pure"] == 1) {
echo "<a target='_top' href='$url&pure=1'><img src='images/monitor.png' title='".__('Full screen')."'></a>";
}
echo "</h2>";
echo '<a href="javascript::" onmousedown="toggleDiv(\'event_control\');">';
echo "<b>".__('Event control filter')." ".'<img src="images/wand.png" /></a></b>';
echo '<a href="#" id="tgl_event_control"><b>'.__('Event control filter').'</b>&nbsp;'.'<img src="images/wand.png" /></a>';
if ($config["pure"] == 1) {
echo "<div id='event_control' style='display:none'>";
echo '<div id="event_control" style="display:none">';
} else {
echo "<div id='event_control' style='display:block'>"; //There is no value all to property display
echo '<div id="event_control" style="display:block">'; //There is no value all to property display
}
// Table who separate control and graph
echo "<table width=99% cellpadding=0 cellspacing=2 border=0>";
echo "<tr><td width=500>";
// Table for filter controls
echo "<form method='post' action='index.php?sec=eventos&sec2=operation/events/events&refr=60&pure=".$config["pure"]."'>";
echo "<table width=500 cellpadding=4 cellspacing=4 class=databox>";
echo "<tr>";
echo '<form method="post" action="index.php?sec=eventos&sec2=operation/events/events&refr=60&pure='.$config["pure"].'">';
echo '<table style="width:500px; float:left;" cellpadding="4" cellspacing="4" class="databox"><tr>';
// Group combo
echo "<td>".__('Group')."</td>";
echo "<td>";
echo "<td>".__('Group')."</td><td>";
print_select ($groups, 'ev_group', $ev_group, 'javascript:this.form.submit();', '', 0, false, false, false, 'w130');
echo "</td>";
// Event type
echo "<td>".__('Event type')."</td>";
echo "<td>";
echo "<td>".__('Event type')."</td><td>";
print_select (get_event_types (), 'event_type', $event_type, '', __('All'), '');
echo "</td></tr><tr>";
// Severity
echo "<td>".__('Severity')."</td>";
echo "<td>";
echo "<td>".__('Severity')."</td><td>";
print_select (get_priorities (), "severity", $severity, '', __('All'), '-1');
echo '</td>';
// Status
echo "</td><td>".__('Event status')."</td>";
echo "<td>";
echo "<td>".__('Event status')."</td><td>";
$fields = array ();
$fields[-1] = __('All event');
$fields[1] = __('Only validated');
$fields[0] = __('Only pending');
print_select ($fields, 'status', $status, 'javascript:this.form.submit();', '', '');
//NEW LINE
echo "</td></tr><tr>";
// Free search
echo "<td>".__('Free search')."</td><td>";
print_input_text ('search', $search, '', 15);
echo '</td>';
//Agent search
echo "</td><td>".__('Agent search')."</td><td>";
echo "<td>".__('Agent search')."</td><td>";
$sql = "SELECT DISTINCT(id_agente) FROM tevento WHERE 1=1 ".$sql_post;
$result = get_db_all_rows_sql ($sql);
if ($result === false)
@ -294,14 +173,14 @@ echo "</td></tr>";
echo '<tr><td>';
echo __('Block size for pagination');
echo '</td>';
$lpagination[25]=25;
$lpagination[50]=50;
$lpagination[100]=100;
$lpagination[200]=200;
$lpagination[500]=500;
$lpagination[25] = 25;
$lpagination[50] = 50;
$lpagination[100] = 100;
$lpagination[200] = 200;
$lpagination[500] = 500;
echo "<td>";
print_select ($lpagination, "pagination", $pagination, '', __('Default'), $config["block_size"]);
print_select ($lpagination, "pagination", $pagination, 'javascript:this.form.submit();', __('Default'), $config["block_size"]);
echo "</td>";
//The buttons
@ -311,207 +190,251 @@ print_submit_button (__('Update'), '', false, 'class="sub upd"');
// CSV
echo '&nbsp;&nbsp;&nbsp;
<a href="operation/events/export_csv.php?ev_group='.$ev_group.'&event_type='.$event_type.'&search='.$search.'&severity='.$severity.'&status='.$status.'&id_agent='.$id_agent.'">
<img src="images/disk.png" title="Export to CSV file"></a>';
<img src="images/disk.png" title="Export to CSV file" /></a>';
// Marquee
echo "&nbsp;<a target='_top' href='operation/events/events_marquee.php'><img src='images/heart.png' title='".__('Marquee display')."'></a>";
echo '&nbsp;<a target="_top" href="operation/events/events_marquee.php"><img src="images/heart.png" title="'.__('Marquee display').'" /></a>';
// RSS
echo '&nbsp;<a target="_top" href="operation/events/events_rss.php?ev_group='.$ev_group.'&event_type='.$event_type.'&search='.$search.'&severity='.$severity.'&status='.$status.'&id_agent='.$id_agent.'"><img src="images/transmit.png" title="'.__('RSS Events').'"></a>';
echo '&nbsp;<a target="_top" href="operation/events/events_rss.php?ev_group='.$ev_group.'&event_type='.$event_type.'&search='.$search.'&severity='.$severity.'&status='.$status.'&id_agent='.$id_agent.'"><img src="images/transmit.png" title="'.__('RSS Events').'" /></a>';
echo "</td></tr></table></form>";
echo '<td><img src="reporting/fgraph.php?tipo=group_events&width=250&height=180&url='.rawurlencode($sql_post).'" border="0">'; //Don't rely on browsers to do this correctly
echo "</td></tr></table></div>";
echo "</td></tr></table></form>"; //This is the internal table
echo '<div style="width:250px; float:left;"><img src="reporting/fgraph.php?tipo=group_events&width=250&height=180&url='.rawurlencode ($sql_post).'" border="0"></div>';
echo '</div><div style="clear:both">&nbsp;</div>';
$sql = "SELECT * FROM tevento WHERE 1=1 ".$sql_post." ORDER BY utimestamp DESC LIMIT ".$offset.",".$config["block_size"];
$sql = "SELECT * FROM tevento WHERE 1=1 ".$sql_post." ORDER BY utimestamp DESC LIMIT ".$offset.",".$pagination;
$result = get_db_all_rows_sql ($sql);
$sql = "SELECT COUNT(id_evento) FROM tevento WHERE 1=1 ".$sql_post;
$total_events = get_db_sql ($sql);
if (empty ($result)) {
$result = array ();
}
if (empty ($total_events)) {
$total_events = 0;
}
// Show pagination header
if ($total_events > 0) {
$offset = get_parameter ("offset", 0);
pagination ($total_events, $url."&pure=".$config["pure"], $offset, $pagination);
$offset = get_parameter ("offset",0);
pagination ($total_events, $url."&pure=".$config["pure"], $offset);
// Show data.
echo "<br>";
echo "<br>";
if ($config["pure"] == 0) {
echo "<table cellpadding='4' cellspacing='4' width='765' class='databox'>";
// If pure, table width takes more space
if ($config["pure"] != 0) {
$table->width = 765;
} else {
$table->width = 750;
}
$table->id = "eventtable";
$table->cellpadding = 4;
$table->cellspacing = 4;
$table->class = "databox";
$table->head = array ();
$table->data = array ();
$table->head[0] = '';
$table->head[1] = __('Type');
$table->headclass[1] = 'f9';
$table->head[2] = __('Event name');
//$table->headclass[2] = 'f9';
$table->head[3] = __('Agent name');
//$table->headclass[3] = 'f9';
$table->head[4] = __('Source');
//$table->headclass[4] = 'f9';
$table->head[5] = __('Group');
//$table->headclass[5] = 'f9';
$table->head[6] = __('User ID');
//$table->headclass[6] = 'f9';
$table->head[7] = __('Timestamp');
//$table->headclass[7] = 'f9';
$table->head[8] = __('Action');
//$table->headclass[8] = 'f9';
$table->head[9] = print_checkbox ("allbox", "1", false, true);
//$table->headclass[9] = 'p10';
//Arrange data. We already did ACL's in the query
foreach ($result as $row) {
$data = array ();
//First pass along the class of this row
switch ($row["criticity"]) {
case 0:
$table->rowclass[] = "datos_blue";
break;
case 1:
$table->rowclass[] = "datos_grey";
break;
case 2:
$table->rowclass[] = "datos_green";
break;
case 3:
$table->rowclass[] = "datos_yellow";
break;
case 4:
$table->rowclass[] = "datos_red";
break;
default:
$table->rowclass[] = "datos_grey";
}
// Colored box
if ($row["estado"] == 0) {
$data[0] = '<img src="images/pixel_red.png" width="20" height="35" title="'.get_priority_name ($row["criticity"]).'" />';
} else {
echo "<table cellpadding='4' cellspacing='4' class='databox'>";
$data[0] = '<img src="images/pixel_green.png" width="20" height="35" title="'.get_priority_name ($row["criticity"]).'" />';
}
echo "<tr>";
echo "<th class=f9>".__('St')."</th>";
echo "<th class=f9>".__('Type')."</th>";
echo "<th class=f9>".__('Event name')."</th>";
echo "<th class=f9>".__('Agent name')."</th>";
echo "<th class=f9>".__('Source')."</th>";
echo "<th class=f9>".__('Group')."</th>";
echo "<th class=f9>".__('User ID')."</th>";
echo "<th class=f9>".__('Timestamp')."</th>";
echo "<th class=f9>".__('Action')."</th>";
echo "<th class='p10'>";
echo "<label for='checkbox' class='p21'>".__('All')." </label>";
echo '<input type="checkbox" class="chk" name="allbox" onclick="CheckAll();"></th>';
echo "<form name='eventtable' method='POST' action='$url&pure=".$config["pure"]."'>";
$id_evento = 0;
$offset_counter=0;
// Make query for data (all data, not only distinct).
foreach ($result as $row2) {
$id_grupo = $row2["id_grupo"];
if (give_acl($config["id_user"], $id_grupo, "AR") == 1) // Only incident read access to view data !
$id_group = $row2["id_grupo"];
switch ($row2["criticity"]) {
case 0:
$tdclass = "datos_blue";
switch ($row["event_type"]) {
case "alert_recovered":
$data[1] = '<img src="images/error.png" title="'.__('Alert Recovered').'" />';
break;
case "alert_manual_validation":
$data[1] = '<img src="images/eye.png" title="'.__('Manual Alert Validation').'" />';
break;
case "monitor_up":
$data[1] = '<img src="images/lightbulb.png" title="'.__('Monitor Up').'" />';
break;
case "monitor_down":
$data[1] = '<img src="images/lightbulb_off.png" title="'.__('Monitor Down').'" />';
break;
case "alert_fired":
$data[1] = '<img src="images/bell.png" title="'.__('Alert Fired').'" />';
break;
case "system";
$data[1] = '<img src="images/cog.png" title="'.__('System').'" />';
break;
case "recon_host_detected";
$data[1] = '<img src="images/network.png" title="'.__('Host Detected (Recon)').'" />';
break;
case "new_agent";
$data[1] = '<img src="images/wand.png" title="'.__('New Agent').'" />';
break;
case "unknown":
default:
$data[1] = '<img src="images/err.png" title="'.__('Unknown type').': '.$row["event_type"].'" />';
break;
case 1:
$tdclass = "datos_grey";
break;
case 2:
$tdclass = "datos_green";
break;
case 3:
$tdclass = "datos_yellow";
break;
case 4:
$tdclass = "datos_red";
break;
default:
$tdclass = "datos_grey";
}
$criticity_label = return_priority ($row2["criticity"]);
// Colored box
echo "<tr><td class='$tdclass' title='$criticity_label' align='center'>";
if ($row2["estado"] == 0) {
echo "<img src='images/pixel_red.png' width=20 height=35>";
} else {
echo "<img src='images/pixel_green.png' width=20 height=35>";
}
// Event type
echo "<td class='".$tdclass."' title='".$row2["event_type"]."'>";
switch ($row2["event_type"]) {
case "unknown":
echo "<img src='images/err.png'>";
break;
case "alert_recovered":
echo "<img src='images/error.png'>";
break;
case "alert_manual_validation":
echo "<img src='images/eye.png'>";
break;
case "monitor_up":
echo "<img src='images/lightbulb.png'>";
break;
case "monitor_down":
echo "<img src='images/lightbulb_off.png'>";
break;
case "alert_fired":
echo "<img src='images/bell.png'>";
break;
case "system";
echo "<img src='images/cog.png'>";
break;
case "recon_host_detected";
echo "<img src='images/network.png'>";
break;
case "new_agent";
echo "<img src='images/wand.png'>";
break;
}
// Event description
$event_title = safe_input ($row2["evento"]);
echo "<td class='".$tdclass."f9' title='$event_title'>";
echo substr($row2["evento"],0,45);
if (strlen($row2["evento"]) > 45)
echo "..";
if ($row2["id_agente"] > 0) {
// Agent name
$agent_name = dame_nombre_agente ($row2["id_agente"]);
echo "<td class='".$tdclass."f9' title='$agent_name'><a href='$url&pure=".$config["pure"]."&id_agent=".$row2["id_agente"]."'><b>";
echo substr($agent_name, 0, 14);
if (strlen($agent_name) > 14)
echo "..";
echo "</b></a>";
// Module name / Alert
echo "<td class='$tdclass'>";
if ($row2["id_agentmodule"] != 0)
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$row2["id_agente"]."&tab=data'><img src='images/bricks.png' border=0></A>";
echo "&nbsp;";
if ($row2["id_alert_am"] != 0)
echo "<a href='index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente=".$row2["id_agente"]."&tab=alert'><img src='images/bell.png' border=0></a>";
// Group icon
$group_name = (string) get_db_value ('nombre', 'tgrupo', 'id_grupo', $id_group);
echo "<td class='$tdclass' align='center'><img src='images/groups_small/".show_icon_group($id_group).".png' title='$group_name' class='bot'></td>";
// for System or SNMP generated alerts
} elseif ($row2["event_type"] == "system") {
echo "<td class='$tdclass' colspan=3>".__('System');
} else {
echo "<td class='$tdclass' colspan=3>".__('Alert')."SNMP";
}
// User who validated event
echo "<td class='$tdclass'>";
if ($row2["estado"] <> 0)
echo "<a href='index.php?sec=usuario&sec2=operation/users/user_edit&ver=".$row2["id_usuario"]."'>".substr($row2["id_usuario"],0,8)."<a href='#' class='tip'> <span>".dame_nombre_real($row2["id_usuario"])."</span></a></a>";
// Timestamp
echo "<td class='".$tdclass."f9' title='".$row2["timestamp"]."'>";
echo human_time_comparation ($row2["timestamp"]);
echo "</td>";
// Several options grouped here
echo "<td class='$tdclass' align='right'>";
// Validate event
if (($row2["estado"] == 0) and (give_acl ($config["id_user"], $id_group,"IW") ==1))
echo "<a href='$url&check=".$row2["id_evento"]."&pure=".$config["pure"]."'>
<img src='images/ok.png' border='0'></a> ";
// Delete event
if (give_acl ($config["id_user"], $id_group,"IM") ==1)
echo "<a href='$url&delete=".$row2["id_evento"]."&pure=".$config["pure"]."'>
<img src='images/cross.png' border=0></a> ";
// Create incident from this event
if (give_acl ($config["id_user"], $id_group,"IW") == 1)
echo "<a href='index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form&from_event=".$row2["id_evento"]."'><img src='images/page_lightning.png' border=0></a>";
echo "</td>";
// Checbox
echo "<td class='$tdclass' align='center'>";
echo "<input type='checkbox' class='chk' name='eventid".$offset_counter."'
value='".$row2["id_evento"]."'>";
echo "</td></tr>";
$offset_counter++;
}
echo "</table>";
echo "<table width='750'><tr><td align='right'>";
echo "<input class='sub ok' type='submit' name='updatebt' value='".__('Validate')."'> ";
// Event description
$data[2] = '<span title="'.$row["evento"].'" class="f9">';
if (strlen ($row["evento"]) > 39) {
$data[2] .= substr ($row["evento"], 0, 37)."...";
} else {
$data[2] .= $row["evento"];
}
$data[2] .= '</span>';
if ($row["event_type"] == "system") {
$data[3] = __('System');
} elseif ($row["id_agente"] > 0) {
// Agent name
$agent_name = dame_nombre_agente ($row["id_agente"]);
$data[3] = '<a href='.$url.'&pure='.$config["pure"].'&id_agent='.$row["id_agente"].'" title="'.$agent_name.'" class="f9"><b>';
if (strlen ($agent_name) > 16) {
$data[3] .= substr ($agent_name, 0, 14)."...";
} else {
$data[3] .= $agent_name;
}
$data[3] .= '</b></a>';
} else {
$data[3] = __('Alert').__('SNMP');
}
$data[4] = '';
if ($row["id_agentmodule"] != 0) {
$data[4] .= '<a href="index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='.$row["id_agente"].'&tab=data"><img src="images/bricks.png" border="0" /></a>&nbsp;';
}
if ($row["id_alert_am"] != 0) {
$data[4] .= '<a href="index.php?sec=estado&sec2=operation/agentes/ver_agente&id_agente='.$row["id_agente"].'&tab=alert"><img src="images/bell.png" border="0" /></a>';
}
if (!empty ($row["id_grupo"])) {
$data[5] = '<img src="images/groups_small/'.show_icon_group ($row["id_grupo"]).'.png" title="'.dame_nombre_grupo ($row["id_grupo"]).'" class="bot" />';
} else {
$data[5] = '';
}
if (!empty ($row["estado"])) {
$data[6] = '<a href="index.php?sec=usuario&sec2=operation/user/user_edit&ver='.$row["id_usuario"].'" title="'.dame_nombre_real ($row["id_usuario"]).'">'.substr ($row["id_usuario"],0,8).'</a>';
} else {
$data[6] = '';
}
//Time
$data[7] = '<span class="f9" title="'.format_datetime ($row["timestamp"]).'">'.human_time_comparation ($row["timestamp"]).'</span>';
//Actions
$data[8] = '';
// Validate event
if (($row["estado"] == 0) and (give_acl ($config["id_user"], $row["id_grupo"], "IW") == 1)) {
$data[8] .= '<a href="'.$url.'&validate=1&eventid='.$row["id_evento"].'&pure='.$config["pure"].'"><img src="images/ok.png" border="0" /></a>';
}
// Delete event
if (give_acl ($config["id_user"], $row["id_grupo"], "IM") == 1) {
$data[8] .= '<a href="'.$url.'&delete=1&eventid='.$row["id_evento"].'&pure='.$config["pure"].'"><img src="images/cross.png" border="0" /></a>';
}
// Create incident from this event
if (give_acl ($config["id_user"], $row["id_grupo"], "IW") == 1) {
$data[8] .= '<a href="index.php?sec=incidencias&sec2=operation/incidents/incident_detail&insert_form&from_event='.$row["id_evento"].'"><img src="images/page_lightning.png" border="0" /></a>';
}
//Checkbox
$data[9] = print_checkbox_extended ("eventid[]", $row["id_evento"], false, false, false, 'class="chk"', true);
array_push ($table->data, $data);
}
if (!empty ($table->data)) {
echo '<form method="post" action="'.$url.'&pure='.$config["pure"].'">';
print_table ($table);
echo '<div style="width:750px; text-align:right">';
if (give_acl ($config["id_user"], 0, "IW") == 1) {
print_submit_button (__('Validate'), 'validate', false, 'class="sub ok"');
}
if (give_acl ($config["id_user"], 0,"IM") == 1) {
echo "<input class='sub delete' type='submit' name='deletebt' value='".__('Delete')."'>";
print_submit_button (__('Delete'), 'delete', false, 'class="sub delete"');
}
echo "</form></table>";
echo "<table>";
echo "<tr>";
echo "<td rowspan='4' class='f9' style='padding-left: 30px; line-height: 17px; vertical-align: top;'>";
echo "<h3>".__('Status')."</h3>";
echo "<img src='images/dot_green.png'> - ".__('Validated event');
echo "<br>";
echo "<img src='images/dot_red.png'> - ".__('Not validated event');
echo "</td>";
echo "<td rowspan='4' class='f9' style='padding-left: 30px; line-height: 17px; vertical-align: top;'>";
echo "<h3>".__('Action')."</h3>";
echo "<img src='images/ok.png'> - ".__('Validate event');
echo "<br>";
echo "<img src='images/cross.png'> - ".__('Delete event');
echo "<br>";
echo "<img src='images/page_lightning.png'> - ".__('Create incident');
echo "</td></tr></table>";
} // no events to show
echo '</div></form>';
} else {
echo '<div class="error">'.__('No events').'</div>';
}
unset ($table);
echo '<div style="padding-left:30px; width:150px; float:left; line-height:17px;">';
echo '<h3>'.__('Status').'</h3>';
echo '<img src="images/dot_green.png" /> - '.__('Validated event');
echo '<br />';
echo '<img src="images/dot_red.png" /> - '.__('Not validated event');
echo '</div><div style="padding-left:30px; width:150px; float:left; line-height:17px;">';
echo '<h3>'.__('Action').'</h3>';
echo '<img src="images/ok.png" /> - '.__('Validate event');
echo '<br />';
echo '<img src="images/cross.png" /> - '.__('Delete event');
echo '<br />';
echo '<img src="images/page_lightning.png" /> - '.__('Create incident');
echo '</div><div style="clear:both;">&nbsp;</div>';
?>
<script type="text/javascript" src="include/javascript/jquery.js"></script>
<script language="JavaScript" type="text/javascript">
$(document).ready( function() {
$("INPUT[name='allbox']").click( function() {
$("INPUT[name='eventid[]']").each( function() {
$(this).attr('checked', !$(this).attr('checked'));
});
return !(this).attr('checked');
});
$("#tgl_event_control").click( function () {
$("#event_control").slideToggle ("slow");
});
});
</script>

2
pandora_console/operation/incidents/incident.php
View File

@ -141,7 +141,7 @@ if ($prioridad != -1) //-1 = All
$filter .= sprintf (" AND prioridad = %d", $prioridad);
$offset = (int) get_parameter ("offset", 0);
$groups = get_user_groups ($config["id_user"]);
$groups = get_user_groups ($config["id_user"], "IR");
//Select incidencts where the user has access to ($groups from

4
pandora_console/operation/incidents/incident_detail.php
View File

@ -281,9 +281,9 @@ echo '</td><td class="datos2"><b>'.__('Group').'</b></td><td class="datos2">';
// Group combo
if ((give_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($usuario == $config["id_user"])) {
print_select (get_user_groups (), "grupo_form", $id_grupo, '', '', '', false, false, false, 'w135');
print_select (get_user_groups ($config["id_user"], "IR"), "grupo_form", $id_grupo, '', '', '', false, false, false, 'w135');
} else {
print_select (get_user_groups (), "grupo_form", $id_grupo, '', '', '', false, false, true, 'w135', true);
print_select (get_user_groups ($config["id_user"], "IR"), "grupo_form", $id_grupo, '', '', '', false, false, true, 'w135', true);
}
echo '</td></tr><tr><td class="datos"><b>'.__('Priority').'</b></td><td class="datos">';