From 3d1f1f86edcb86514a853d96f25deb97ff37d9c9 Mon Sep 17 00:00:00 2001 From: Fermin Date: Wed, 13 Mar 2019 19:16:21 +0100 Subject: [PATCH] [Netflow live] Removed agregate by none Former-commit-id: 4da1581da67c95f29b9b34eb70436e8f68706988 --- .../godmode/netflow/nf_edit_form.php | 5 +- pandora_console/include/functions_netflow.php | 299 +++++++----------- .../operation/netflow/nf_live_view.php | 1 - 3 files changed, 122 insertions(+), 183 deletions(-) diff --git a/pandora_console/godmode/netflow/nf_edit_form.php b/pandora_console/godmode/netflow/nf_edit_form.php index 80f88f709e..643d63f8c0 100644 --- a/pandora_console/godmode/netflow/nf_edit_form.php +++ b/pandora_console/godmode/netflow/nf_edit_form.php @@ -94,7 +94,7 @@ if ($id) { $ip_src = ''; $dst_port = ''; $src_port = ''; - $aggregate = 'none'; + $aggregate = 'dstip'; $output = 'bytes'; $advanced_filter = ''; } @@ -142,7 +142,7 @@ if ($update) { if ($create) { $name = (string) get_parameter('name'); $assign_group = (int) get_parameter('assign_group'); - $aggregate = get_parameter('aggregate', 'none'); + $aggregate = get_parameter('aggregate', 'dstip'); $output = get_parameter('output', 'bytes'); $ip_dst = get_parameter('ip_dst', ''); $ip_src = get_parameter('ip_src', ''); @@ -241,7 +241,6 @@ $table->data[7][1] = html_print_textarea('advanced_filter', 4, 40, $advanced_fil $table->data[8][0] = ''.__('Aggregate by').''.ui_print_help_icon('aggregate_by', true); $aggregate_list = [ - 'none' => __('None'), 'proto' => __('Protocol'), 'srcip' => __('Src Ip Address'), 'dstip' => __('Dst Ip Address'), diff --git a/pandora_console/include/functions_netflow.php b/pandora_console/include/functions_netflow.php index 6bb23ecc72..c5fa32541e 100644 --- a/pandora_console/include/functions_netflow.php +++ b/pandora_console/include/functions_netflow.php @@ -506,72 +506,68 @@ function netflow_get_data($start_date, $end_date, $interval_length, $filter, $ag } // If there is aggregation calculate the top n - if ($aggregate != 'none') { - $values['data'] = []; - $values['sources'] = []; + $values['data'] = []; + $values['sources'] = []; - // Get the command to call nfdump - $command = netflow_get_command($filter); + // Get the command to call nfdump + $command = netflow_get_command($filter); - // Suppress the header line and the statistics at the bottom and configure piped output - $command .= ' -q -o csv'; + // Suppress the header line and the statistics at the bottom and configure piped output + $command .= ' -q -o csv'; - // Call nfdump - $agg_command = $command." -n $max -s $aggregate/bytes -t ".date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date); - exec($agg_command, $string); + // Call nfdump + $agg_command = $command." -n $max -s $aggregate/bytes -t ".date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date); + exec($agg_command, $string); - // Remove the first line - $string[0] = ''; + // Remove the first line + $string[0] = ''; - // Parse aggregates - foreach ($string as $line) { - if ($line == '') { - continue; - } - - $val = explode(',', $line); - if ($aggregate == 'proto') { - $values['sources'][$val[3]] = 1; - } else { - $values['sources'][$val[4]] = 1; - } + // Parse aggregates + foreach ($string as $line) { + if ($line == '') { + continue; } - // Update the filter - switch ($aggregate) { - case 'proto': - $extra_filter = 'proto'; - break; - - default: - case 'srcip': - $extra_filter = 'ip_src'; - break; - case 'srcport': - $extra_filter = 'src_port'; - break; - - case 'dstip': - $extra_filter = 'ip_dst'; - break; - - case 'dstport': - $extra_filter = 'dst_port'; - break; + $val = explode(',', $line); + if ($aggregate == 'proto') { + $values['sources'][$val[3]] = 1; + } else { + $values['sources'][$val[4]] = 1; } - - if (isset($filter[$extra_filter]) && $filter[$extra_filter] != '') { - $filter[$extra_filter] .= ','; - } - - $filter[$extra_filter] = implode( - ',', - array_keys($values['sources']) - ); - } else { - $values = []; } + // Update the filter + switch ($aggregate) { + case 'proto': + $extra_filter = 'proto'; + break; + + default: + case 'srcip': + $extra_filter = 'ip_src'; + break; + case 'srcport': + $extra_filter = 'src_port'; + break; + + case 'dstip': + $extra_filter = 'ip_dst'; + break; + + case 'dstport': + $extra_filter = 'dst_port'; + break; + } + + if (isset($filter[$extra_filter]) && $filter[$extra_filter] != '') { + $filter[$extra_filter] .= ','; + } + + $filter[$extra_filter] = implode( + ',', + array_keys($values['sources']) + ); + // Address resolution start $get_hostnames = false; if ($address_resolution && ($aggregate == 'srcip' || $aggregate == 'dstip')) { @@ -605,89 +601,59 @@ function netflow_get_data($start_date, $end_date, $interval_length, $filter, $ag $interval_end = $intervals[($k + 1)]; - if ($aggregate == 'none') { - $data = netflow_get_summary($interval_start, $interval_end, $filter, $connection_name); - if (! isset($data['totalbytes'])) { - $values[$interval_start]['data'] = 0; + // Set default values + foreach ($values['sources'] as $source => $discard) { + $values['data'][$interval_end][$source] = 0; + } + + $data = netflow_get_stats( + $interval_start, + $interval_end, + $filter, + $aggregate, + $max, + $unit, + $connection_name + ); + + foreach ($data as $line) { + // Address resolution start + if ($get_hostnames) { + if (!isset($hostnames[$line['agg']])) { + $hostname = false; + // Trying to get something like an IP from the description + if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $line['agg'], $matches) + || preg_match( + "/(((?=(?>.*?(::))(?!.+\3)))\3?|([\dA-F]{1,4}(\3|:?)|\2))(?4){5}((?4){2}|(25[0-5]| + (2[0-4]|1\d|[1-9])?\d)(\.(?7)){3})/i", + $line['agg'], + $matches + ) + ) { + if ($matches[0]) { + $hostname = gethostbyaddr($line['agg']); + } + } + + if ($hostname !== false) { + $hostnames[$line['agg']] = $hostname; + $line['agg'] = $hostname; + } + } else { + $line['agg'] = $hostnames[$line['agg']]; + } + } + + // Address resolution end + if (! isset($values['sources'][$line['agg']])) { continue; } - switch ($unit) { - case 'megabytes': - $values[$interval_start]['data'] = ($data['totalbytes'] / 1048576); - break; - - case 'megabytespersecond': - $values[$interval_start]['data'] = ($data['avgbps'] / 1048576 / 8); - break; - - case 'kilobytes': - $values[$interval_start]['data'] = ($data['totalbytes'] / 1024); - break; - - case 'kilobytespersecond': - $values[$interval_start]['data'] = ($data['avgbps'] / 1024 / 8); - break; - - default: - $values[$interval_start]['data'] = $data['totalbytes']; - break; - } - } else { - // Set default values - foreach ($values['sources'] as $source => $discard) { - $values['data'][$interval_end][$source] = 0; - } - - $data = netflow_get_stats( - $interval_start, - $interval_end, - $filter, - $aggregate, - $max, - $unit, - $connection_name - ); - - foreach ($data as $line) { - // Address resolution start - if ($get_hostnames) { - if (!isset($hostnames[$line['agg']])) { - $hostname = false; - // Trying to get something like an IP from the description - if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $line['agg'], $matches) - || preg_match( - "/(((?=(?>.*?(::))(?!.+\3)))\3?|([\dA-F]{1,4}(\3|:?)|\2))(?4){5}((?4){2}|(25[0-5]| - (2[0-4]|1\d|[1-9])?\d)(\.(?7)){3})/i", - $line['agg'], - $matches - ) - ) { - if ($matches[0]) { - $hostname = gethostbyaddr($line['agg']); - } - } - - if ($hostname !== false) { - $hostnames[$line['agg']] = $hostname; - $line['agg'] = $hostname; - } - } else { - $line['agg'] = $hostnames[$line['agg']]; - } - } - - // Address resolution end - if (! isset($values['sources'][$line['agg']])) { - continue; - } - - $values['data'][$interval_end][$line['agg']] = $line['data']; - } + $values['data'][$interval_end][$line['agg']] = $line['data']; } } - if (($aggregate != 'none') && (empty($values['data']))) { + if (empty($values['data'])) { return []; } @@ -1207,55 +1173,30 @@ function netflow_draw_item($start_date, $end_date, $interval_length, $type, $fil break; } - if ($aggregate != 'none') { - if ($output == 'HTML') { - $html = ''.__('Unit').': '.netflow_format_unit($unit); - $html .= ' '.__('Aggregate').': '.netflow_format_aggregate($aggregate); - if ($interval_length != 0) { - $html .= ' '._('Resolution').": $interval_length ".__('seconds'); - } - - $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 1, false, $end_date); - return $html; - } else if ($output == 'PDF') { - $html = ''.__('Unit').': '.netflow_format_unit($unit); - $html .= ' '.__('Aggregate').': '.netflow_format_aggregate($aggregate); - if ($interval_length != 0) { - $html .= ' '._('Resolution').": $interval_length ".__('seconds'); - } - - $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 2, true, $end_date); - return $html; - } else if ($output == 'XML') { - $xml = "$unit\n"; - $xml .= "$aggregate\n"; - $xml .= "$interval_length\n"; - $xml .= netflow_aggregate_area_xml($data); - return $xml; + if ($output == 'HTML') { + $html = ''.__('Unit').': '.netflow_format_unit($unit); + $html .= ' '.__('Aggregate').': '.netflow_format_aggregate($aggregate); + if ($interval_length != 0) { + $html .= ' '._('Resolution').": $interval_length ".__('seconds'); } - } else { - if ($output == 'HTML') { - $html = ''.__('Unit').': '.netflow_format_unit($unit); - if ($interval_length != 0) { - $html .= ' '._('Resolution').": $interval_length ".__('seconds'); - } - $html .= graph_netflow_total_area($data, $interval, 660, 320, netflow_format_unit($unit)); - return $html; - } else if ($output == 'PDF') { - $html = ''.__('Unit').': '.netflow_format_unit($unit); - if ($interval_length != 0) { - $html .= ' '._('Resolution').": $interval_length ".__('seconds'); - } - - $html .= graph_netflow_total_area($data, $interval, 660, 320, netflow_format_unit($unit), 2, true); - return $html; - } else if ($output == 'XML') { - $xml = "$unit\n"; - $xml .= "$interval_length\n"; - $xml .= netflow_total_area_xml($data); - return $xml; + $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 1, false, $end_date); + return $html; + } else if ($output == 'PDF') { + $html = ''.__('Unit').': '.netflow_format_unit($unit); + $html .= ' '.__('Aggregate').': '.netflow_format_aggregate($aggregate); + if ($interval_length != 0) { + $html .= ' '._('Resolution').": $interval_length ".__('seconds'); } + + $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 2, true, $end_date); + return $html; + } else if ($output == 'XML') { + $xml = "$unit\n"; + $xml .= "$aggregate\n"; + $xml .= "$interval_length\n"; + $xml .= netflow_aggregate_area_xml($data); + return $xml; } break; diff --git a/pandora_console/operation/netflow/nf_live_view.php b/pandora_console/operation/netflow/nf_live_view.php index f8c27b5954..b3b9687552 100644 --- a/pandora_console/operation/netflow/nf_live_view.php +++ b/pandora_console/operation/netflow/nf_live_view.php @@ -310,7 +310,6 @@ if (is_metaconsole()) { echo ''.__('Aggregate by').''.ui_print_help_icon('aggregate_by', true).''; $aggregate_list = []; $aggregate_list = [ - 'none' => __('None'), 'proto' => __('Protocol'), 'srcip' => __('Src Ip Address'), 'dstip' => __('Dst Ip Address'),