2008-09-03 Evi Vanoost <vanooste@rcbi.rochester.edu>
* reporting/fgraph.php: Fixed bug where a graph wouldn't return when free search was specified. Also made SQL safer against attacks since fgraph can be accessed by anyone. This should be fixed in later versions so there has to be no SQL query passed * operation/events/events_rss.php: Made RSS feed better. Now you can also pass a filter from events.php. Fixed direction of the links * operation/events/events.php: Added a filter on agent name. Updated for RSS feeds. Added filter on event id * install.php: A little bit of automatic field filling. Corrected some text for more correct English and update to the new URL specification git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@1077 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
parent
64db350841
commit
97af45b63a
|
@ -1,3 +1,19 @@
|
||||||
|
2008-09-03 Evi Vanoost <vanooste@rcbi.rochester.edu>
|
||||||
|
|
||||||
|
* reporting/fgraph.php: Fixed bug where a graph wouldn't return
|
||||||
|
when free search was specified. Also made SQL safer against
|
||||||
|
attacks since fgraph can be accessed by anyone. This should be
|
||||||
|
fixed in later versions so there has to be no SQL query passed
|
||||||
|
|
||||||
|
* operation/events/events_rss.php: Made RSS feed better. Now you can
|
||||||
|
also pass a filter from events.php. Fixed direction of the links
|
||||||
|
|
||||||
|
* operation/events/events.php: Added a filter on agent name. Updated
|
||||||
|
for RSS feeds. Added filter on event id
|
||||||
|
|
||||||
|
* install.php: A little bit of automatic field filling. Corrected some
|
||||||
|
text for more correct English and update to the new URL specification
|
||||||
|
|
||||||
2008-09-03 Esteban Sanchez <estebans@artica.es>
|
2008-09-03 Esteban Sanchez <estebans@artica.es>
|
||||||
|
|
||||||
* include/functions_html.php: Fixed a typo error in print_textarea
|
* include/functions_html.php: Fixed a typo error in print_textarea
|
||||||
|
|
|
@ -317,13 +317,13 @@ function install_step3() {
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
<input class='login' type='text' name='path' style='width: 190px;'
|
<input class='login' type='text' name='path' style='width: 190px;'
|
||||||
value='/var/www/pandora_console/'>
|
value='".dirname (__FILE__)."'>
|
||||||
|
|
||||||
<div>Full local URL to Pandora FMS Console<br>
|
<div>URL path to Pandora FMS Console<br>
|
||||||
<span class='f9b'>For example '/pandora_console'</span>
|
<span class='f9b'>For example '/pandora_console'</span>
|
||||||
</div>
|
</div>
|
||||||
<input class='login' type='text' name='url' style='width: 250px;'
|
<input class='login' type='text' name='url' style='width: 250px;'
|
||||||
value='/pandora_console'>
|
value='".dirname ($_SERVER['PHP_SELF'])."'>
|
||||||
|
|
||||||
<div align='right'>
|
<div align='right'>
|
||||||
<input type='image' src='images/arrow_next.png' value='Step #4' id='step4'>
|
<input type='image' src='images/arrow_next.png' value='Step #4' id='step4'>
|
||||||
|
@ -474,7 +474,7 @@ function install_step5() {
|
||||||
<h2>Installation complete</h2>
|
<h2>Installation complete</h2>
|
||||||
<p>You now must delete manually this installer ('<i>install.php</i>')
|
<p>You now must delete manually this installer ('<i>install.php</i>')
|
||||||
file for security before trying to access to your Pandora FMS console.
|
file for security before trying to access to your Pandora FMS console.
|
||||||
<p>Now you need to install Pandora FMS server before trying to monitor anything,
|
<p>You should also install the Pandora FMS Servers before trying to monitor anything,
|
||||||
please read documentation on how to install it.</p>
|
please read documentation on how to install it.</p>
|
||||||
<p>Don't forget to check <a href='http://pandorafms.com'>http://pandorafms.com</a>
|
<p>Don't forget to check <a href='http://pandorafms.com'>http://pandorafms.com</a>
|
||||||
for updates.
|
for updates.
|
||||||
|
|
|
@ -164,13 +164,14 @@ if (isset ($_POST["updatebt"])) {
|
||||||
|
|
||||||
// Get data
|
// Get data
|
||||||
|
|
||||||
$offset = get_parameter ( "offset",0);
|
$offset = (int) get_parameter ( "offset",0);
|
||||||
$ev_group = get_parameter ("ev_group", 0); // group
|
$ev_group = (int) get_parameter ("ev_group", 0); // group
|
||||||
$search = get_parameter ("search", ""); // free search
|
$search = get_parameter ("search", ""); // free search
|
||||||
$event_type = get_parameter ("event_type", ''); // 0 all
|
$event_type = get_parameter ("event_type", ''); // 0 all
|
||||||
$severity = get_parameter ("severity", -1); // -1 all
|
$severity = (int) get_parameter ("severity", -1); // -1 all
|
||||||
$status = get_parameter ("status", 0); // -1 all, 0 only red, 1 only green
|
$status = (int) get_parameter ("status", 0); // -1 all, 0 only red, 1 only green
|
||||||
$id_agent = get_parameter ("id_agent", -1);
|
$id_agent = (int) get_parameter ("id_agent", -1);
|
||||||
|
$id_event = (int) get_parameter ("id_event", -1);
|
||||||
|
|
||||||
$sql_post = "";
|
$sql_post = "";
|
||||||
if ($ev_group > 1)
|
if ($ev_group > 1)
|
||||||
|
@ -184,10 +185,13 @@ if ($search != "")
|
||||||
if ($event_type != "")
|
if ($event_type != "")
|
||||||
$sql_post .= " AND event_type = '$event_type'";
|
$sql_post .= " AND event_type = '$event_type'";
|
||||||
if ($severity != -1)
|
if ($severity != -1)
|
||||||
$sql_post .= " AND criticity >= $severity";
|
$sql_post .= " AND criticity >= ".$severity;
|
||||||
if ($id_agent != -1)
|
if ($id_agent != -1)
|
||||||
$sql_post .= " AND id_agente = $id_agent";
|
$sql_post .= " AND id_agente = ".$id_agent;
|
||||||
$url = "index.php?sec=eventos&sec2=operation/events/events&search=$search&event_type=$event_type&severity=$severity&status=$status&ev_group=$ev_group&refr=60&id_agent=$id_agent";
|
if ($id_event != -1)
|
||||||
|
$sql_post .= " AND id_evento = ".$id_event;
|
||||||
|
|
||||||
|
$url = "index.php?sec=eventos&sec2=operation/events/events&search=$search&event_type=$event_type&severity=$severity&status=$status&ev_group=$ev_group&refr=60&id_agent=$id_agent&id_event=$id_event";
|
||||||
|
|
||||||
echo "<h2>".__('Events')." > ".__('Main event view'). " ";
|
echo "<h2>".__('Events')." > ".__('Main event view'). " ";
|
||||||
|
|
||||||
|
@ -250,7 +254,24 @@ echo "</td></tr><tr>";
|
||||||
// Free search
|
// Free search
|
||||||
echo "<td>".__('Free search')."</td><td>";
|
echo "<td>".__('Free search')."</td><td>";
|
||||||
print_input_text ('search', $search, '', 15);
|
print_input_text ('search', $search, '', 15);
|
||||||
echo "</td><td colspan=2>";
|
|
||||||
|
//Agent search
|
||||||
|
echo "</td><td>".__('Agent search')."</td><td>";
|
||||||
|
$sql = "SELECT DISTINCT(id_agente) FROM tevento WHERE 1=1 ".$sql_post;
|
||||||
|
$result = get_db_all_rows_sql ($sql);
|
||||||
|
if ($result === false)
|
||||||
|
$result = array();
|
||||||
|
$agents = array(-1 => "All");
|
||||||
|
|
||||||
|
foreach ($result as $id_row) {
|
||||||
|
$agents[$id_row[0]] = dame_nombre_agente ($id_row[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
print_select ($agents, 'id_agent', $id_agent, 'javascript:this.form.submit();', '', '');
|
||||||
|
echo "</td></tr>";
|
||||||
|
|
||||||
|
//The buttons
|
||||||
|
echo '<tr><td colspan="2"><!-- Empty cell --></td><td colspan="2">';
|
||||||
print_submit_button (__('Update'), '', false, $attributes = 'class="sub upd"');
|
print_submit_button (__('Update'), '', false, $attributes = 'class="sub upd"');
|
||||||
|
|
||||||
// CSV
|
// CSV
|
||||||
|
@ -260,7 +281,7 @@ echo '
|
||||||
// Marquee
|
// Marquee
|
||||||
echo " <a target='_top' href='operation/events/events_marquee.php'><img src='images/heart.png' title='".__('Marquee display')."'></a>";
|
echo " <a target='_top' href='operation/events/events_marquee.php'><img src='images/heart.png' title='".__('Marquee display')."'></a>";
|
||||||
// RSS
|
// RSS
|
||||||
echo " <a target='_top' href='operation/events/events_rss.php'><img src='images/transmit.png' title='".__('RSS Events')."'></a>";
|
echo ' <a target="_top" href="operation/events/events_rss.php?ev_group='.$ev_group.'&event_type='.$event_type.'&search='.$search.'&severity='.$severity.'&status='.$status.'&id_agent='.$id_agent.'"><img src="images/transmit.png" title="'.__('RSS Events').'"></a>';
|
||||||
|
|
||||||
|
|
||||||
echo "</td></tr></table>";
|
echo "</td></tr></table>";
|
||||||
|
|
|
@ -16,54 +16,82 @@
|
||||||
// along with this program; if not, write to the Free Software
|
// along with this program; if not, write to the Free Software
|
||||||
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
|
||||||
error_reporting(E_ALL);
|
|
||||||
|
|
||||||
require "../../include/config.php";
|
require "../../include/config.php";
|
||||||
require "../../include/functions.php";
|
require "../../include/functions.php";
|
||||||
require_once "../../include/functions_db.php";
|
require_once "../../include/functions_db.php";
|
||||||
|
|
||||||
$constraints = "";
|
$ev_group = get_parameter ("ev_group", 0); // group
|
||||||
|
$search = get_parameter ("search", ""); // free search
|
||||||
|
$event_type = get_parameter ("event_type", ''); // 0 all
|
||||||
|
$severity = (int) get_parameter ("severity", -1); // -1 all
|
||||||
|
$status = (int) get_parameter ("status", 0); // -1 all, 0 only red, 1 only green
|
||||||
|
$id_agent = (int) get_parameter ("id_agent", -1);
|
||||||
|
$id_event = (int) get_parameter ("id_event", -1); //This will allow to select only 1 event (eg. RSS)
|
||||||
|
|
||||||
|
$sql_post = "";
|
||||||
|
if ($ev_group > 1)
|
||||||
|
$sql_post .= " AND `tevento`.`id_grupo` = $ev_group";
|
||||||
|
if ($status == 1)
|
||||||
|
$sql_post .= " AND `tevento`.`estado` = 1";
|
||||||
|
if ($status == 0)
|
||||||
|
$sql_post .= " AND `tevento`.`estado` = 0";
|
||||||
|
if ($search != "")
|
||||||
|
$sql_post .= " AND `tevento`.`evento` LIKE '%$search%'";
|
||||||
|
if ($event_type != "")
|
||||||
|
$sql_post .= " AND `tevento`.`event_type` = '$event_type'";
|
||||||
|
if ($severity != -1)
|
||||||
|
$sql_post .= " AND `tevento`.`criticity` >= ".$severity;
|
||||||
|
if ($id_agent != -1)
|
||||||
|
$sql_post .= " AND `tevento`.`id_agente` = ".$id_agent;
|
||||||
|
if ($id_event != -1)
|
||||||
|
$sql_post .= " AND id_evento = ".$id_event;
|
||||||
|
|
||||||
|
$sql="SELECT `tevento`.`id_evento` AS event_id,
|
||||||
|
`tagente`.`nombre` AS agent_name,
|
||||||
|
`tevento`.`id_usuario` AS validated_by,
|
||||||
|
`tevento`.`estado` AS validated,
|
||||||
|
`tevento`.`evento` AS event_descr,
|
||||||
|
`tevento`.`utimestamp` AS unix_timestamp
|
||||||
|
FROM tevento, tagente
|
||||||
|
WHERE `tevento`.`id_agente` = `tagente`.`id_agente` ".$sql_post."
|
||||||
|
ORDER BY utimestamp DESC LIMIT 0 , 30";
|
||||||
|
|
||||||
$sql="SELECT `tevento`.`id_evento` AS event_id, `tagente`.`nombre` AS agent_name, `tevento`.`id_usuario` AS validated_by , `tevento`.`estado` AS validated, `tevento`.`evento` AS event_descr , `tevento`.`utimestamp` AS unix_timestamp, `tgrupo`.`nombre` AS group_name, `tgrupo`.`icon` AS group_icon
|
$result= get_db_all_rows_sql ($sql);
|
||||||
FROM tevento, tagente, tgrupo
|
|
||||||
WHERE `tevento`.`id_agente` = `tagente`.`id_agente` AND `tevento`.`id_grupo` = `tgrupo`.`id_grupo` $constraints
|
|
||||||
ORDER BY utimestamp DESC
|
|
||||||
LIMIT 0 , 30";
|
|
||||||
|
|
||||||
$result=mysql_query($sql);
|
|
||||||
|
|
||||||
//$url = "https://".$_SERVER['HTTP_HOST']."/pandora_console";
|
//$url = "https://".$_SERVER['HTTP_HOST']."/pandora_console";
|
||||||
|
|
||||||
$url = 'http://'.$_SERVER['HTTP_HOST'].$config["homeurl"];
|
$url = 'http://'.$_SERVER['HTTP_HOST'].$config["homeurl"];
|
||||||
|
$selfurl = 'http://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'];
|
||||||
|
$rss_feed = '<?xml version="1.0" encoding="utf-8" ?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">';
|
||||||
|
$rss_feed .= '<channel><title>Pandora RSS Feed</title><description>Latest events on Pandora</description>';
|
||||||
|
$rss_feed .= '<lastBuildDate>'.date(DATE_RFC822, $result[0]['unix_timestamp']).'</lastBuildDate>';
|
||||||
|
$rss_feed .= '<link>'.$url.'</link>';
|
||||||
|
$rss_feed .= '<atom:link href="'.htmlentities ($selfurl).'" rel="self" type="application/rss+xml" />';
|
||||||
|
|
||||||
$rss_feed = '<?xml version="1.0" ?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel>
|
if ($result === false) {
|
||||||
<title>Pandora RSS Feed</title>
|
$result = array();
|
||||||
<description>Latest events on Pandora</description>
|
$rss_feed .= '<item><guid>'.$url.'/index.php?sec=eventos&sec2=operation/events/events</guid><title>No results</title>';
|
||||||
<link>' . $url . '</link>
|
$rss_feed .= '<description>There are no results. Click on the link to see all Pending events</description>';
|
||||||
<atom:link href="' . $url . '/operation/events/events_rss.php" rel="self" type="application/rss+xml" />';
|
$rss_feed .= '<link>'.$url.'/index.php?sec=eventos&sec2=operation/events/events</link></item>';
|
||||||
|
}
|
||||||
|
|
||||||
while($row=mysql_fetch_array($result,MYSQL_ASSOC)) {
|
foreach ($result as $row) {
|
||||||
//This is mandatory
|
//This is mandatory
|
||||||
$rss_feed .= '<item><guid>';
|
$rss_feed .= '<item><guid>';
|
||||||
$rss_feed .= $url . "/operation/events/view_event?id=" . $row['event_id'];
|
$rss_feed .= htmlentities ($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row['event_id']);
|
||||||
$rss_feed .= '</guid><title>';
|
$rss_feed .= '</guid><title>';
|
||||||
$rss_feed .= htmlentities($row['agent_name']);
|
$rss_feed .= htmlentities ($row['agent_name']);
|
||||||
$rss_feed .= '</title><description>';
|
$rss_feed .= '</title><description>';
|
||||||
$rss_feed .= htmlentities($row['event_descr']);
|
$rss_feed .= htmlentities ($row['event_descr']);
|
||||||
if($row['validated'] == 1) {
|
if($row['validated'] == 1) {
|
||||||
$rss_feed .= '<br /><br />Validated by ' . $row['validated_by'];
|
$rss_feed .= '<br /><br />Validated by ' . $row['validated_by'];
|
||||||
}
|
}
|
||||||
$rss_feed .= '</description><link>';
|
$rss_feed .= '</description><link>';
|
||||||
$rss_feed .= $url . "/operation/events/view_event?id=" . $row["event_id"];
|
$rss_feed .= htmlentities ($url . "/index.php?sec=eventos&sec2=operation/events/events&id_event=" . $row["event_id"]);
|
||||||
$rss_feed .= '</link>';
|
$rss_feed .= '</link>';
|
||||||
|
|
||||||
//The rest is optional
|
//The rest is optional
|
||||||
$rss_feed .= '<pubDate>' . date(DATE_RFC822, $row['unix_timestamp']) . '</pubDate>';
|
$rss_feed .= '<pubDate>' . date(DATE_RFC822, $row['unix_timestamp']) . '</pubDate>';
|
||||||
$rss_feed .= '<image>';
|
|
||||||
$rss_feed .= '<link>' . $url . '</link>';
|
|
||||||
$rss_feed .= '<title>' . $row['group_name'] . '</title>';
|
|
||||||
$rss_feed .= '<url>' . $url . '/images/groups_small/' . $row['group_icon'] . '.png</url>';
|
|
||||||
$rss_feed .= '</image>';
|
|
||||||
|
|
||||||
//This is mandatory again
|
//This is mandatory again
|
||||||
$rss_feed .= '</item>';
|
$rss_feed .= '</item>';
|
||||||
|
|
|
@ -1325,7 +1325,7 @@ function graph_event_module ($width = 300, $height = 200, $id_agent) {
|
||||||
$data = array();
|
$data = array();
|
||||||
$legend = array();
|
$legend = array();
|
||||||
|
|
||||||
$sql = "SELECT DISTINCT(id_agentmodule) AS id_agentmodule, id_grupo, COUNT(id_agentmodule) AS count FROM tevento WHERE id_agente = ".$id_agent." GROUP BY id_agentmodule";
|
$sql = sprintf ("SELECT DISTINCT(id_agentmodule) AS id_agentmodule, id_grupo, COUNT(id_agentmodule) AS count FROM tevento WHERE id_agente = %d GROUP BY id_agentmodule",$id_agent);
|
||||||
$result = get_db_all_rows_sql ($sql);
|
$result = get_db_all_rows_sql ($sql);
|
||||||
if ($result === false)
|
if ($result === false)
|
||||||
$result = array();
|
$result = array();
|
||||||
|
@ -1359,10 +1359,13 @@ function graph_event_module ($width = 300, $height = 200, $id_agent) {
|
||||||
function grafico_eventos_grupo ($width = 300, $height = 200, $url = "") {
|
function grafico_eventos_grupo ($width = 300, $height = 200, $url = "") {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
$url = rawurldecode ($url); //It was urlencoded, so we urldecode it
|
$url = html_entity_decode (rawurldecode ($url),ENT_QUOTES); //It was urlencoded, so we urldecode it
|
||||||
$data = array();
|
$data = array();
|
||||||
$legend = array();
|
$legend = array();
|
||||||
|
|
||||||
|
$badstrings = array (";", "SELECT ", "DELETE ", "UPDATE ", "INSERT ");
|
||||||
|
$url = str_ireplace ($badstrings,"",$url); //remove bad strings from the query so queries like ; DELETE FROM don't pass
|
||||||
|
|
||||||
//This will give the distinct id_agente, give the id_grupo that goes
|
//This will give the distinct id_agente, give the id_grupo that goes
|
||||||
//with it and then the number of times it occured. GROUP BY statement
|
//with it and then the number of times it occured. GROUP BY statement
|
||||||
//is required if both DISTINCT() and COUNT() are in the statement
|
//is required if both DISTINCT() and COUNT() are in the statement
|
||||||
|
|
Loading…
Reference in New Issue