diff --git a/pandora_console/godmode/netflow/nf_edit_form.php b/pandora_console/godmode/netflow/nf_edit_form.php
index 80f88f709e..643d63f8c0 100644
--- a/pandora_console/godmode/netflow/nf_edit_form.php
+++ b/pandora_console/godmode/netflow/nf_edit_form.php
@@ -94,7 +94,7 @@ if ($id) {
$ip_src = '';
$dst_port = '';
$src_port = '';
- $aggregate = 'none';
+ $aggregate = 'dstip';
$output = 'bytes';
$advanced_filter = '';
}
@@ -142,7 +142,7 @@ if ($update) {
if ($create) {
$name = (string) get_parameter('name');
$assign_group = (int) get_parameter('assign_group');
- $aggregate = get_parameter('aggregate', 'none');
+ $aggregate = get_parameter('aggregate', 'dstip');
$output = get_parameter('output', 'bytes');
$ip_dst = get_parameter('ip_dst', '');
$ip_src = get_parameter('ip_src', '');
@@ -241,7 +241,6 @@ $table->data[7][1] = html_print_textarea('advanced_filter', 4, 40, $advanced_fil
$table->data[8][0] = ''.__('Aggregate by').''.ui_print_help_icon('aggregate_by', true);
$aggregate_list = [
- 'none' => __('None'),
'proto' => __('Protocol'),
'srcip' => __('Src Ip Address'),
'dstip' => __('Dst Ip Address'),
diff --git a/pandora_console/include/functions_netflow.php b/pandora_console/include/functions_netflow.php
index 6bb23ecc72..c5fa32541e 100644
--- a/pandora_console/include/functions_netflow.php
+++ b/pandora_console/include/functions_netflow.php
@@ -506,72 +506,68 @@ function netflow_get_data($start_date, $end_date, $interval_length, $filter, $ag
}
// If there is aggregation calculate the top n
- if ($aggregate != 'none') {
- $values['data'] = [];
- $values['sources'] = [];
+ $values['data'] = [];
+ $values['sources'] = [];
- // Get the command to call nfdump
- $command = netflow_get_command($filter);
+ // Get the command to call nfdump
+ $command = netflow_get_command($filter);
- // Suppress the header line and the statistics at the bottom and configure piped output
- $command .= ' -q -o csv';
+ // Suppress the header line and the statistics at the bottom and configure piped output
+ $command .= ' -q -o csv';
- // Call nfdump
- $agg_command = $command." -n $max -s $aggregate/bytes -t ".date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date);
- exec($agg_command, $string);
+ // Call nfdump
+ $agg_command = $command." -n $max -s $aggregate/bytes -t ".date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date);
+ exec($agg_command, $string);
- // Remove the first line
- $string[0] = '';
+ // Remove the first line
+ $string[0] = '';
- // Parse aggregates
- foreach ($string as $line) {
- if ($line == '') {
- continue;
- }
-
- $val = explode(',', $line);
- if ($aggregate == 'proto') {
- $values['sources'][$val[3]] = 1;
- } else {
- $values['sources'][$val[4]] = 1;
- }
+ // Parse aggregates
+ foreach ($string as $line) {
+ if ($line == '') {
+ continue;
}
- // Update the filter
- switch ($aggregate) {
- case 'proto':
- $extra_filter = 'proto';
- break;
-
- default:
- case 'srcip':
- $extra_filter = 'ip_src';
- break;
- case 'srcport':
- $extra_filter = 'src_port';
- break;
-
- case 'dstip':
- $extra_filter = 'ip_dst';
- break;
-
- case 'dstport':
- $extra_filter = 'dst_port';
- break;
+ $val = explode(',', $line);
+ if ($aggregate == 'proto') {
+ $values['sources'][$val[3]] = 1;
+ } else {
+ $values['sources'][$val[4]] = 1;
}
-
- if (isset($filter[$extra_filter]) && $filter[$extra_filter] != '') {
- $filter[$extra_filter] .= ',';
- }
-
- $filter[$extra_filter] = implode(
- ',',
- array_keys($values['sources'])
- );
- } else {
- $values = [];
}
+ // Update the filter
+ switch ($aggregate) {
+ case 'proto':
+ $extra_filter = 'proto';
+ break;
+
+ default:
+ case 'srcip':
+ $extra_filter = 'ip_src';
+ break;
+ case 'srcport':
+ $extra_filter = 'src_port';
+ break;
+
+ case 'dstip':
+ $extra_filter = 'ip_dst';
+ break;
+
+ case 'dstport':
+ $extra_filter = 'dst_port';
+ break;
+ }
+
+ if (isset($filter[$extra_filter]) && $filter[$extra_filter] != '') {
+ $filter[$extra_filter] .= ',';
+ }
+
+ $filter[$extra_filter] = implode(
+ ',',
+ array_keys($values['sources'])
+ );
+
// Address resolution start
$get_hostnames = false;
if ($address_resolution && ($aggregate == 'srcip' || $aggregate == 'dstip')) {
@@ -605,89 +601,59 @@ function netflow_get_data($start_date, $end_date, $interval_length, $filter, $ag
$interval_end = $intervals[($k + 1)];
- if ($aggregate == 'none') {
- $data = netflow_get_summary($interval_start, $interval_end, $filter, $connection_name);
- if (! isset($data['totalbytes'])) {
- $values[$interval_start]['data'] = 0;
+ // Set default values
+ foreach ($values['sources'] as $source => $discard) {
+ $values['data'][$interval_end][$source] = 0;
+ }
+
+ $data = netflow_get_stats(
+ $interval_start,
+ $interval_end,
+ $filter,
+ $aggregate,
+ $max,
+ $unit,
+ $connection_name
+ );
+
+ foreach ($data as $line) {
+ // Address resolution start
+ if ($get_hostnames) {
+ if (!isset($hostnames[$line['agg']])) {
+ $hostname = false;
+ // Trying to get something like an IP from the description
+ if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $line['agg'], $matches)
+ || preg_match(
+ "/(((?=(?>.*?(::))(?!.+\3)))\3?|([\dA-F]{1,4}(\3|:?)|\2))(?4){5}((?4){2}|(25[0-5]|
+ (2[0-4]|1\d|[1-9])?\d)(\.(?7)){3})/i",
+ $line['agg'],
+ $matches
+ )
+ ) {
+ if ($matches[0]) {
+ $hostname = gethostbyaddr($line['agg']);
+ }
+ }
+
+ if ($hostname !== false) {
+ $hostnames[$line['agg']] = $hostname;
+ $line['agg'] = $hostname;
+ }
+ } else {
+ $line['agg'] = $hostnames[$line['agg']];
+ }
+ }
+
+ // Address resolution end
+ if (! isset($values['sources'][$line['agg']])) {
continue;
}
- switch ($unit) {
- case 'megabytes':
- $values[$interval_start]['data'] = ($data['totalbytes'] / 1048576);
- break;
-
- case 'megabytespersecond':
- $values[$interval_start]['data'] = ($data['avgbps'] / 1048576 / 8);
- break;
-
- case 'kilobytes':
- $values[$interval_start]['data'] = ($data['totalbytes'] / 1024);
- break;
-
- case 'kilobytespersecond':
- $values[$interval_start]['data'] = ($data['avgbps'] / 1024 / 8);
- break;
-
- default:
- $values[$interval_start]['data'] = $data['totalbytes'];
- break;
- }
- } else {
- // Set default values
- foreach ($values['sources'] as $source => $discard) {
- $values['data'][$interval_end][$source] = 0;
- }
-
- $data = netflow_get_stats(
- $interval_start,
- $interval_end,
- $filter,
- $aggregate,
- $max,
- $unit,
- $connection_name
- );
-
- foreach ($data as $line) {
- // Address resolution start
- if ($get_hostnames) {
- if (!isset($hostnames[$line['agg']])) {
- $hostname = false;
- // Trying to get something like an IP from the description
- if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $line['agg'], $matches)
- || preg_match(
- "/(((?=(?>.*?(::))(?!.+\3)))\3?|([\dA-F]{1,4}(\3|:?)|\2))(?4){5}((?4){2}|(25[0-5]|
- (2[0-4]|1\d|[1-9])?\d)(\.(?7)){3})/i",
- $line['agg'],
- $matches
- )
- ) {
- if ($matches[0]) {
- $hostname = gethostbyaddr($line['agg']);
- }
- }
-
- if ($hostname !== false) {
- $hostnames[$line['agg']] = $hostname;
- $line['agg'] = $hostname;
- }
- } else {
- $line['agg'] = $hostnames[$line['agg']];
- }
- }
-
- // Address resolution end
- if (! isset($values['sources'][$line['agg']])) {
- continue;
- }
-
- $values['data'][$interval_end][$line['agg']] = $line['data'];
- }
+ $values['data'][$interval_end][$line['agg']] = $line['data'];
}
}
- if (($aggregate != 'none') && (empty($values['data']))) {
+ if (empty($values['data'])) {
return [];
}
@@ -1207,55 +1173,30 @@ function netflow_draw_item($start_date, $end_date, $interval_length, $type, $fil
break;
}
- if ($aggregate != 'none') {
- if ($output == 'HTML') {
- $html = ''.__('Unit').': '.netflow_format_unit($unit);
- $html .= ' '.__('Aggregate').': '.netflow_format_aggregate($aggregate);
- if ($interval_length != 0) {
- $html .= ' '._('Resolution').": $interval_length ".__('seconds');
- }
-
- $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 1, false, $end_date);
- return $html;
- } else if ($output == 'PDF') {
- $html = ''.__('Unit').': '.netflow_format_unit($unit);
- $html .= ' '.__('Aggregate').': '.netflow_format_aggregate($aggregate);
- if ($interval_length != 0) {
- $html .= ' '._('Resolution').": $interval_length ".__('seconds');
- }
-
- $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 2, true, $end_date);
- return $html;
- } else if ($output == 'XML') {
- $xml = "$unit\n";
- $xml .= "$aggregate\n";
- $xml .= "$interval_length\n";
- $xml .= netflow_aggregate_area_xml($data);
- return $xml;
+ if ($output == 'HTML') {
+ $html = ''.__('Unit').': '.netflow_format_unit($unit);
+ $html .= ' '.__('Aggregate').': '.netflow_format_aggregate($aggregate);
+ if ($interval_length != 0) {
+ $html .= ' '._('Resolution').": $interval_length ".__('seconds');
}
- } else {
- if ($output == 'HTML') {
- $html = ''.__('Unit').': '.netflow_format_unit($unit);
- if ($interval_length != 0) {
- $html .= ' '._('Resolution').": $interval_length ".__('seconds');
- }
- $html .= graph_netflow_total_area($data, $interval, 660, 320, netflow_format_unit($unit));
- return $html;
- } else if ($output == 'PDF') {
- $html = ''.__('Unit').': '.netflow_format_unit($unit);
- if ($interval_length != 0) {
- $html .= ' '._('Resolution').": $interval_length ".__('seconds');
- }
-
- $html .= graph_netflow_total_area($data, $interval, 660, 320, netflow_format_unit($unit), 2, true);
- return $html;
- } else if ($output == 'XML') {
- $xml = "$unit\n";
- $xml .= "$interval_length\n";
- $xml .= netflow_total_area_xml($data);
- return $xml;
+ $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 1, false, $end_date);
+ return $html;
+ } else if ($output == 'PDF') {
+ $html = ''.__('Unit').': '.netflow_format_unit($unit);
+ $html .= ' '.__('Aggregate').': '.netflow_format_aggregate($aggregate);
+ if ($interval_length != 0) {
+ $html .= ' '._('Resolution').": $interval_length ".__('seconds');
}
+
+ $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 2, true, $end_date);
+ return $html;
+ } else if ($output == 'XML') {
+ $xml = "$unit\n";
+ $xml .= "$aggregate\n";
+ $xml .= "$interval_length\n";
+ $xml .= netflow_aggregate_area_xml($data);
+ return $xml;
}
break;
diff --git a/pandora_console/operation/netflow/nf_live_view.php b/pandora_console/operation/netflow/nf_live_view.php
index f8c27b5954..b3b9687552 100644
--- a/pandora_console/operation/netflow/nf_live_view.php
+++ b/pandora_console/operation/netflow/nf_live_view.php
@@ -310,7 +310,6 @@ if (is_metaconsole()) {
echo '| '.__('Aggregate by').''.ui_print_help_icon('aggregate_by', true).' | ';
$aggregate_list = [];
$aggregate_list = [
- 'none' => __('None'),
'proto' => __('Protocol'),
'srcip' => __('Src Ip Address'),
'dstip' => __('Dst Ip Address'),