tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Netflow live] Removed agregate by none 

Former-commit-id: 4da1581da67c95f29b9b34eb70436e8f68706988
This commit is contained in:
Fermin 2019-03-13 19:16:21 +01:00
parent 8a336d6cfe
commit 3d1f1f86ed
3 changed files with 122 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_console/godmode/netflow/nf_edit_form.php
View File

@ -94,7 +94,7 @@ if ($id) {
$ip_src = ''; $ip_src = '';
$dst_port = ''; $dst_port = '';
$src_port = ''; $src_port = '';
$aggregate = 'none'; $aggregate = 'dstip';
$output = 'bytes'; $output = 'bytes';
$advanced_filter = ''; $advanced_filter = '';
} }
@ -142,7 +142,7 @@ if ($update) {
if ($create) { if ($create) {
$name = (string) get_parameter('name'); $name = (string) get_parameter('name');
$assign_group = (int) get_parameter('assign_group'); $assign_group = (int) get_parameter('assign_group');
$aggregate = get_parameter('aggregate', 'none'); $aggregate = get_parameter('aggregate', 'dstip');
$output = get_parameter('output', 'bytes'); $output = get_parameter('output', 'bytes');
$ip_dst = get_parameter('ip_dst', ''); $ip_dst = get_parameter('ip_dst', '');
$ip_src = get_parameter('ip_src', ''); $ip_src = get_parameter('ip_src', '');
@ -241,7 +241,6 @@ $table->data[7][1] = html_print_textarea('advanced_filter', 4, 40, $advanced_fil
$table->data[8][0] = '<b>'.__('Aggregate by').'</b>'.ui_print_help_icon('aggregate_by', true); $table->data[8][0] = '<b>'.__('Aggregate by').'</b>'.ui_print_help_icon('aggregate_by', true);
$aggregate_list = [ $aggregate_list = [
'none' => __('None'),
'proto' => __('Protocol'), 'proto' => __('Protocol'),
'srcip' => __('Src Ip Address'), 'srcip' => __('Src Ip Address'),
'dstip' => __('Dst Ip Address'), 'dstip' => __('Dst Ip Address'),

299
pandora_console/include/functions_netflow.php
View File

@ -506,72 +506,68 @@ function netflow_get_data($start_date, $end_date, $interval_length, $filter, $ag
} }
// If there is aggregation calculate the top n // If there is aggregation calculate the top n
if ($aggregate != 'none') { $values['data'] = [];
$values['data'] = []; $values['sources'] = [];
$values['sources'] = [];
// Get the command to call nfdump // Get the command to call nfdump
$command = netflow_get_command($filter); $command = netflow_get_command($filter);
// Suppress the header line and the statistics at the bottom and configure piped output // Suppress the header line and the statistics at the bottom and configure piped output
$command .= ' -q -o csv'; $command .= ' -q -o csv';
// Call nfdump // Call nfdump
$agg_command = $command." -n $max -s $aggregate/bytes -t ".date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date); $agg_command = $command." -n $max -s $aggregate/bytes -t ".date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date);
exec($agg_command, $string); exec($agg_command, $string);
// Remove the first line // Remove the first line
$string[0] = ''; $string[0] = '';
// Parse aggregates // Parse aggregates
foreach ($string as $line) { foreach ($string as $line) {
if ($line == '') { if ($line == '') {
continue; continue;
}
$val = explode(',', $line);
if ($aggregate == 'proto') {
$values['sources'][$val[3]] = 1;
} else {
$values['sources'][$val[4]] = 1;
}
} }
// Update the filter $val = explode(',', $line);
switch ($aggregate) { if ($aggregate == 'proto') {
case 'proto': $values['sources'][$val[3]] = 1;
$extra_filter = 'proto'; } else {
break; $values['sources'][$val[4]] = 1;
default:
case 'srcip':
$extra_filter = 'ip_src';
break;
case 'srcport':
$extra_filter = 'src_port';
break;
case 'dstip':
$extra_filter = 'ip_dst';
break;
case 'dstport':
$extra_filter = 'dst_port';
break;
} }
if (isset($filter[$extra_filter]) && $filter[$extra_filter] != '') {
$filter[$extra_filter] .= ',';
}
$filter[$extra_filter] = implode(
',',
array_keys($values['sources'])
);
} else {
$values = [];
} }
// Update the filter
switch ($aggregate) {
case 'proto':
$extra_filter = 'proto';
break;
default:
case 'srcip':
$extra_filter = 'ip_src';
break;
case 'srcport':
$extra_filter = 'src_port';
break;
case 'dstip':
$extra_filter = 'ip_dst';
break;
case 'dstport':
$extra_filter = 'dst_port';
break;
}
if (isset($filter[$extra_filter]) && $filter[$extra_filter] != '') {
$filter[$extra_filter] .= ',';
}
$filter[$extra_filter] = implode(
',',
array_keys($values['sources'])
);
// Address resolution start // Address resolution start
$get_hostnames = false; $get_hostnames = false;
if ($address_resolution && ($aggregate == 'srcip' || $aggregate == 'dstip')) { if ($address_resolution && ($aggregate == 'srcip' || $aggregate == 'dstip')) {
@ -605,89 +601,59 @@ function netflow_get_data($start_date, $end_date, $interval_length, $filter, $ag
$interval_end = $intervals[($k + 1)]; $interval_end = $intervals[($k + 1)];
if ($aggregate == 'none') { // Set default values
$data = netflow_get_summary($interval_start, $interval_end, $filter, $connection_name); foreach ($values['sources'] as $source => $discard) {
if (! isset($data['totalbytes'])) { $values['data'][$interval_end][$source] = 0;
$values[$interval_start]['data'] = 0; }
$data = netflow_get_stats(
$interval_start,
$interval_end,
$filter,
$aggregate,
$max,
$unit,
$connection_name
);
foreach ($data as $line) {
// Address resolution start
if ($get_hostnames) {
if (!isset($hostnames[$line['agg']])) {
$hostname = false;
// Trying to get something like an IP from the description
if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $line['agg'], $matches)
|| preg_match(
"/(((?=(?>.*?(::))(?!.+\3)))\3?|([\dA-F]{1,4}(\3|:?)|\2))(?4){5}((?4){2}|(25[0-5]|
(2[0-4]|1\d|[1-9])?\d)(\.(?7)){3})/i",
$line['agg'],
$matches
)
) {
if ($matches[0]) {
$hostname = gethostbyaddr($line['agg']);
}
}
if ($hostname !== false) {
$hostnames[$line['agg']] = $hostname;
$line['agg'] = $hostname;
}
} else {
$line['agg'] = $hostnames[$line['agg']];
}
}
// Address resolution end
if (! isset($values['sources'][$line['agg']])) {
continue; continue;
} }
switch ($unit) { $values['data'][$interval_end][$line['agg']] = $line['data'];
case 'megabytes':
$values[$interval_start]['data'] = ($data['totalbytes'] / 1048576);
break;
case 'megabytespersecond':
$values[$interval_start]['data'] = ($data['avgbps'] / 1048576 / 8);
break;
case 'kilobytes':
$values[$interval_start]['data'] = ($data['totalbytes'] / 1024);
break;
case 'kilobytespersecond':
$values[$interval_start]['data'] = ($data['avgbps'] / 1024 / 8);
break;
default:
$values[$interval_start]['data'] = $data['totalbytes'];
break;
}
} else {
// Set default values
foreach ($values['sources'] as $source => $discard) {
$values['data'][$interval_end][$source] = 0;
}
$data = netflow_get_stats(
$interval_start,
$interval_end,
$filter,
$aggregate,
$max,
$unit,
$connection_name
);
foreach ($data as $line) {
// Address resolution start
if ($get_hostnames) {
if (!isset($hostnames[$line['agg']])) {
$hostname = false;
// Trying to get something like an IP from the description
if (preg_match('/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/', $line['agg'], $matches)
|| preg_match(
"/(((?=(?>.*?(::))(?!.+\3)))\3?|([\dA-F]{1,4}(\3|:?)|\2))(?4){5}((?4){2}|(25[0-5]|
(2[0-4]|1\d|[1-9])?\d)(\.(?7)){3})/i",
$line['agg'],
$matches
)
) {
if ($matches[0]) {
$hostname = gethostbyaddr($line['agg']);
}
}
if ($hostname !== false) {
$hostnames[$line['agg']] = $hostname;
$line['agg'] = $hostname;
}
} else {
$line['agg'] = $hostnames[$line['agg']];
}
}
// Address resolution end
if (! isset($values['sources'][$line['agg']])) {
continue;
}
$values['data'][$interval_end][$line['agg']] = $line['data'];
}
} }
} }
if (($aggregate != 'none') && (empty($values['data']))) { if (empty($values['data'])) {
return []; return [];
} }
@ -1207,55 +1173,30 @@ function netflow_draw_item($start_date, $end_date, $interval_length, $type, $fil
break; break;
} }
if ($aggregate != 'none') { if ($output == 'HTML') {
if ($output == 'HTML') { $html = '<b>'.__('Unit').':</b> '.netflow_format_unit($unit);
$html = '<b>'.__('Unit').':</b> '.netflow_format_unit($unit); $html .= '&nbsp;<b>'.__('Aggregate').':</b> '.netflow_format_aggregate($aggregate);
$html .= '&nbsp;<b>'.__('Aggregate').':</b> '.netflow_format_aggregate($aggregate); if ($interval_length != 0) {
if ($interval_length != 0) { $html .= '&nbsp;<b>'._('Resolution').":</b> $interval_length ".__('seconds');
$html .= '&nbsp;<b>'._('Resolution').":</b> $interval_length ".__('seconds');
}
$html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 1, false, $end_date);
return $html;
} else if ($output == 'PDF') {
$html = '<b>'.__('Unit').':</b> '.netflow_format_unit($unit);
$html .= '&nbsp;<b>'.__('Aggregate').':</b> '.netflow_format_aggregate($aggregate);
if ($interval_length != 0) {
$html .= '&nbsp;<b>'._('Resolution').":</b> $interval_length ".__('seconds');
}
$html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 2, true, $end_date);
return $html;
} else if ($output == 'XML') {
$xml = "<unit>$unit</unit>\n";
$xml .= "<aggregate>$aggregate</aggregate>\n";
$xml .= "<resolution>$interval_length</resolution>\n";
$xml .= netflow_aggregate_area_xml($data);
return $xml;
} }
} else {
if ($output == 'HTML') {
$html = '<b>'.__('Unit').':</b> '.netflow_format_unit($unit);
if ($interval_length != 0) {
$html .= '&nbsp;<b>'._('Resolution').":</b> $interval_length ".__('seconds');
}
$html .= graph_netflow_total_area($data, $interval, 660, 320, netflow_format_unit($unit)); $html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 1, false, $end_date);
return $html; return $html;
} else if ($output == 'PDF') { } else if ($output == 'PDF') {
$html = '<b>'.__('Unit').':</b> '.netflow_format_unit($unit); $html = '<b>'.__('Unit').':</b> '.netflow_format_unit($unit);
if ($interval_length != 0) { $html .= '&nbsp;<b>'.__('Aggregate').':</b> '.netflow_format_aggregate($aggregate);
$html .= '&nbsp;<b>'._('Resolution').":</b> $interval_length ".__('seconds'); if ($interval_length != 0) {
} $html .= '&nbsp;<b>'._('Resolution').":</b> $interval_length ".__('seconds');
$html .= graph_netflow_total_area($data, $interval, 660, 320, netflow_format_unit($unit), 2, true);
return $html;
} else if ($output == 'XML') {
$xml = "<unit>$unit</unit>\n";
$xml .= "<resolution>$interval_length</resolution>\n";
$xml .= netflow_total_area_xml($data);
return $xml;
} }
$html .= graph_netflow_aggregate_area($data, $interval, $width, $height, netflow_format_unit($unit), 2, true, $end_date);
return $html;
} else if ($output == 'XML') {
$xml = "<unit>$unit</unit>\n";
$xml .= "<aggregate>$aggregate</aggregate>\n";
$xml .= "<resolution>$interval_length</resolution>\n";
$xml .= netflow_aggregate_area_xml($data);
return $xml;
} }
break; break;

1
pandora_console/operation/netflow/nf_live_view.php
View File

@ -310,7 +310,6 @@ if (is_metaconsole()) {
echo '<td><b>'.__('Aggregate by').'</b>'.ui_print_help_icon('aggregate_by', true).'</td>'; echo '<td><b>'.__('Aggregate by').'</b>'.ui_print_help_icon('aggregate_by', true).'</td>';
$aggregate_list = []; $aggregate_list = [];
$aggregate_list = [ $aggregate_list = [
'none' => __('None'),
'proto' => __('Protocol'), 'proto' => __('Protocol'),
'srcip' => __('Src Ip Address'), 'srcip' => __('Src Ip Address'),
'dstip' => __('Dst Ip Address'), 'dstip' => __('Dst Ip Address'),