tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 08:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

2012-01-05 Ramon Novoa <rnovoa@artica.es>

Browse Source 
* include/functions_graph.php,
	  include/functions_netflow.php,
	  operation/netflow/nf_view.php: Fixed several netflow charts and
	  improved performance.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5327 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2012-01-05 17:56:27 +00:00
parent 4b68de312a
commit ab5c016cdc
4 changed files with 219 additions and 402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/ChangeLog
View File

@ -1,3 +1,10 @@
2012-01-05 Ramon Novoa <rnovoa@artica.es>
* include/functions_graph.php,
include/functions_netflow.php,
operation/netflow/nf_view.php: Fixed several netflow charts and
improved performance.
2012-01-05 Vanessa Gil <vanessa.gil@artica.es> 2012-01-05 Vanessa Gil <vanessa.gil@artica.es>
* include/functions_graph.php * include/functions_graph.php
include/functions_netflow.php include/functions_netflow.php

31
pandora_console/include/functions_graph.php
View File

@ -2073,41 +2073,12 @@ function grafico_netflow_total_area ($data, $period,$width, $height , $title, $u
$resolution = $config['graph_res'] * 50; //Number of points of the graph $resolution = $config['graph_res'] * 50; //Number of points of the graph
$interval = (int) ($period / $resolution); $interval = (int) ($period / $resolution);
/////////////////////////////////////////////////////////////////
// Set the title and time format
if ($period <= 3600) {
$time_format = 'G:i:s';
}
elseif ($period <= 86400) {
$time_format = 'G:i:s';
}
elseif ($period <= 604800) {
$time_format = 'M d H:i:s';
}
elseif ($period <= 2419200) {
$time_format = 'M d H\h';
}
else {
$time_format = 'M d H\h';
}
$timestamp_short = date($time_format, $date);
/////////////////////////////////////////////////////////////////
$aggs = array(); $aggs = array();
// Calculate data for each agg // Calculate data for each agg
$j = 0; $j = 0;
$chart = array(); $chart = array();
$long_index = array(); $long_index = array();
while (isset ($data[$j])) {
$date = $data[$j]['date'];
$time = $data[$j]['time'];
$datetime = strtotime ($date." ".$time);
$timestamp_short = date($time_format, $datetime);
$chart[$timestamp_short]['data'] = $data[$j]['data'];
$j++;
}
$flash_chart = $config['flash_charts']; $flash_chart = $config['flash_charts'];
if ($only_image) { if ($only_image) {
$flash_chart = false; $flash_chart = false;
@ -2115,7 +2086,7 @@ function grafico_netflow_total_area ($data, $period,$width, $height , $title, $u
$leyend = array(); $leyend = array();
$color = array(); $color = array();
return area_graph($flash_chart, $chart, $width, $height, $color, $leyend, return area_graph($flash_chart, $data, $width, $height, $color, $leyend,
$long_index, "images/image_problem.opaque.png", "", "", $homeurl, $long_index, "images/image_problem.opaque.png", "", "", $homeurl,
$config['homedir'] . "/images/logo_vertical_water.png", $config['homedir'] . "/images/logo_vertical_water.png",
$config['fontpath'], $config['font_size'], ""); $config['fontpath'], $config['font_size'], "");

4
pandora_console/include/functions_netflow.php
View File

@ -222,11 +222,11 @@ function netflow_show_total_period($data, $date_limit, $date_time, $show){
if (!isset($values[$agg])){ if (!isset($values[$agg])){
$values[$agg] = $data[$j]['data']; $values[$agg] = $data[$j]['data'];
$table->data[$x][0] = $agg; $table->data[$x][0] = $agg;
$table->data[$x][1] = $data[$j]['data'].' '.$show; $table->data[$x][1] = format_numeric ($data[$j]['data']) .' '.$show;
} else { } else {
$values[$agg] += $data[$j]['data']; $values[$agg] += $data[$j]['data'];
$table->data[$x][0] = $agg; $table->data[$x][0] = $agg;
$table->data[$x][1] = $data[$j]['data'].' '.$show; $table->data[$x][1] = format_numeric ($data[$j]['data']) .' '.$show;
} }
$j++; $j++;
$x++; $x++;

475
pandora_console/operation/netflow/nf_view.php
View File

@ -30,54 +30,113 @@ if (! check_acl ($config["id_user"], 0, "AR")) {
return; return;
} }
// Returns 1 if the given address is a network address
function is_net ($address) {
if (strpos ($address, '/') !== FALSE) {
return 1;
}
return 0;
}
function exec_command ($start_date, $end_date, $command, $show){ function exec_command ($start_date, $end_date, $command, $show){
$command .= ' -t '.$start_date.'-'.$end_date.' -N'; global $time_format;
global $config;
$values = array(); // Execute nfdump and save its output in a temporary file
exec($command, $string); $command .= ' -t '.date($time_format, $start_date).'-'.date($time_format, $end_date);
$temp_file = $config["attachment_store"] . "/netflow_" . rand (0, getrandmax()) . ".data";
exec("$command > $temp_file", $string);
// Open the temporary file
$fh = fopen ($temp_file, "r");
if ($fh === FALSE) {
return;
}
// Calculate the number of intervals
$num_intervals = $config['graph_res'] * 50;
$period = $end_date - $start_date;
$interval_length = (int) ($period / $num_intervals);
// Set the title and time format
if ($period <= 21600) {
$chart_time_format = 'H:i:s';
}
elseif ($period < 86400) {
$chart_time_format = 'H:i';
}
elseif ($period < 1296000) {
$chart_time_format = 'M d H:i';
}
elseif ($period < 2592000) {
$chart_time_format = 'M d H\h';
}
else {
$chart_time_format = 'M d H\h';
}
// Parse flow data
$read_flag = 1;
$values = array ();
$flow = array ();
for ($i = 0; $i < $num_intervals; $i++) {
$timestamp = $start_date + ($interval_length * $i);
$interval_total = 0;
$interval_count = 0;
do {
if ($read_flag == 1) {
$read_flag = 0;
$line = fgets($fh, 4096);
if ($line === false) {
$read_flag = 1;
break;
}
$i = 0;
if(isset($string) && is_array($string)&&($string!=null)){
foreach($string as $line){
$line = preg_replace('/\s+/',' ',$line); $line = preg_replace('/\s+/',' ',$line);
$val = explode(' ',$line); $val = explode(' ',$line);
$values[$i]['date'] = $val[0]; $flow['date'] = $val[0];
$values[$i]['time'] = $val[1]; $flow['time'] = $val[1];
$values[$i]['duration'] = $val[2]; switch ($show) {
$values[$i]['proto'] = $val[3];
$values[$i]['srcip:port'] = $val[4];
$val2 = explode(':', $val[4]);
$values[$i]['srcip'] = $val2[0];
// campo para mostrar grafica de tarta
$values[$i]['agg'] = $val2[0];
$values[$i]['srcport'] = $val2[1];
$values[$i]['dstip:port'] = $val[6];
$val2 = explode(':', $val[6]);
$values[$i]['dstip'] = $val2[0];
$values[$i]['dstport'] = $val2[1];
switch ($show){
case "packets": case "packets":
$values[$i]['data'] = $val[7]; $flow['data'] = $val[7];
break; break;
case "bytes": case "bytes":
$values[$i]['data'] = $val[8]; $flow['data'] = $val[8];
break; break;
case "flows": case "flows":
$values[$i]['data'] = $val[9]; $flow['data'] = $val[9];
break; break;
} }
$i++; $flow['timestamp'] = strtotime ($flow['date'] . " " . $flow['time']);
} }
if ($flow['timestamp'] >= $timestamp && $flow['timestamp'] <= $timestamp + $interval_length) {
$read_flag = 1;
$interval_total += $flow['data'];
$interval_count += 1;
}
} while ($read_flag == 1);
$interval_date = date ($chart_time_format, $timestamp);
if ($interval_count == 0) {
$values[$interval_date]['data'] = 0;
} else {
$values[$interval_date]['data'] = (int) ($interval_total / $interval_count);
}
}
fclose ($fh);
unlink ($temp_file);
return $values; return $values;
}
} }
function exec_command_aggregate ($start_date, $end_date, $command, $show){ function exec_command_aggregate ($start_date, $end_date, $command, $show){
$command .= ' -t '.$start_date.'-'.$end_date.' -N'; global $time_format;
$command .= ' -t '.date($time_format, $start_date).'-'.date($time_format, $end_date);
$values = array(); $values = array();
exec($command, $string); exec($command, $string);
@ -86,8 +145,8 @@ function exec_command_aggregate ($start_date, $end_date, $command, $show){
foreach($string as $line){ foreach($string as $line){
if ($line=='') if ($line=='')
break; break;
$line = preg_replace ('/\(\s*\S+\)/', '', $line); $line = preg_replace('/\(\s*\S+\)/','',$line);
$line = preg_replace ('/\s+/', ' ', $line); $line = preg_replace('/\s+/',' ',$line);
$val = explode(' ',$line); $val = explode(' ',$line);
$values[$i]['date'] = $val[0]; $values[$i]['date'] = $val[0];
@ -98,9 +157,9 @@ function exec_command_aggregate ($start_date, $end_date, $command, $show){
$time = $val[1]; $time = $val[1];
$date_time = strtotime ($date." ".$time); $date_time = strtotime ($date." ".$time);
$values[$i]['datetime'] = $date_time; $values[$i]['datetime'] = $date_time;
///
$values[$i]['duration'] = $val[2]; //$values[$i]['duration'] = $val[2];
$values[$i]['proto'] = $val[3]; //$values[$i]['proto'] = $val[3];
$values[$i]['agg'] = $val[4]; $values[$i]['agg'] = $val[4];
switch ($show){ switch ($show){
@ -123,107 +182,6 @@ function exec_command_aggregate ($start_date, $end_date, $command, $show){
} }
} }
function get_aggregate ($start_date, $end_date, $command, $show,$filt, $aggregate, $max, $order){
//$command .= ' -t '.$start_date.'-'.$end_date.' -N';
$command_1 = $command.' -n '.$max;
$command_1 .= $order;
//html_debug_print($aggregate);
$values = array();
exec($command_1, $string);
$i = 0;
$aggs = array();
$ag ='';
if(isset($string) && is_array($string)&&($string!=null)){
foreach($string as $line) {
if ($line=='')
break;
$line = preg_replace ('/\s+/', ' ', $line);
$val = explode(' ',$line);
switch ($aggregate){
case "proto":
$aggs[$val[3]] = $val[3];
break;
case "srcip":
$val2 = explode(':', $val[4]);
$aggs[$val2[0]] = $val2[0];
break;
case "srcport":
$val2 = explode(':', $val[4]);
$aggs[$val2[1]] = $val2[1];
break;
case "dstip":
$val2 = explode(':', $val[6]);
$aggs[$val2[0]] = $val2[0];
break;
case "dstport":
$val2 = explode(':', $val[6]);
$aggs[$val2[1]] = $val2[1];
break;
}
}
//html_debug_print($aggs);
return $aggs;
}
}
function exec_command_prueba ($start_date, $end_date, $command, $show, $aggs, $aggregate){
//$command .= ' -t '.$start_date.'-'.$end_date.' -N';
$values = array();
$ag = 'src ip';
$count_agg = count($aggs);
$command .= ' "';
$i = 0;
foreach($aggs as $agg){
if ($i==0)
$command .= $ag.' '.$agg;
else
$command .= ' or '.$ag.' '.$agg;
$i++;
}
$command .= '"';
exec($command, $result);
//html_debug_print($result);
$i = 0;
if(isset($result) && is_array($result)&&($result!=null)){
foreach($result as $line) {
if ($line=='')
break;
$line = preg_replace ('/\s+/', ' ', $line);
$val = explode(' ',$line);
$values[$i]['date'] = $val[0];
$values[$i]['time'] = $val[1];
//create field to sort array
$date = $val[0];
$time = $val[1];
$date_time = strtotime ($date." ".$time);
$values[$i]['datetime'] = $date_time;
///
$values[$i]['duration'] = $val[2];
$values[$i]['proto'] = $val[3];
switch ($show){
case "packets":
$values[$i]['data'] = $val[7];
break;
case "bytes":
$values[$i]['data'] = $val[8];
break;
}
$i++;
}
}
return $values;
}
$id = get_parameter('id'); $id = get_parameter('id');
$period = get_parameter('period', '86400'); $period = get_parameter('period', '86400');
$date_= get_parameter('date', date ("Y/m/d", get_system_time ())); $date_= get_parameter('date', date ("Y/m/d", get_system_time ()));
@ -316,11 +274,8 @@ if ($id!=''){
$interval ='86400'; $interval ='86400';
} }
$date = strtotime ($date." ".$time); $date = strtotime ($date." ".$time);
$date_time = date($time_format, $date);
$limit = $date - $interval; $limit = $date - $interval;
$date_limit = date ($time_format, $limit);
$sql = "SELECT * FROM tnetflow_filter WHERE id_name = '".$name_filter."'"; $sql = "SELECT * FROM tnetflow_filter WHERE id_name = '".$name_filter."'";
$result = db_get_row_sql($sql,false,true); $result = db_get_row_sql($sql,false,true);
@ -335,28 +290,14 @@ if ($id!=''){
$show_bps = $result['show_bps']; $show_bps = $result['show_bps'];
$show_bpp = $result['show_bpp']; $show_bpp = $result['show_bpp'];
$dst_net = false;
$src_net = false;
if(isset($ip_dst)){ if(isset($ip_dst)){
$net = preg_match('/\//',$ip_dst);
//html_debug_print(var_dump($net));
if ($net != 0) {
$dst_net = true;
} else {
$val_ipdst = explode(',',$ip_dst); $val_ipdst = explode(',',$ip_dst);
$count_ipdst = count($val_ipdst); $count_ipdst = count($val_ipdst);
} }
}
if(isset($ip_src)){ if(isset($ip_src)){
$net = preg_match('/\//',$ip_src);
if ($net != 0) {
$src_net = true;
} else {
$val_ipsrc = explode(',',$ip_src); $val_ipsrc = explode(',',$ip_src);
$count_ipsrc = count($val_ipsrc); $count_ipsrc = count($val_ipsrc);
} }
}
if(isset($dst_port)&&($dst_port!='0')){ if(isset($dst_port)&&($dst_port!='0')){
$val_dstport = explode(',',$dst_port); $val_dstport = explode(',',$dst_port);
$count_dstport = count($val_dstport); $count_dstport = count($val_dstport);
@ -366,125 +307,86 @@ if ($id!=''){
$count_srcport = count($val_srcport); $count_srcport = count($val_srcport);
} }
//// Build command line // Build command line
$command = 'nfdump -q'; $command = 'nfdump -q -N -m';
if (isset($config['netflow_path'])) if (isset($config['netflow_path']))
$command .= ' -R '.$config['netflow_path']; $command .= ' -R '.$config['netflow_path'];
/*
if (isset($aggregate)&&($aggregate!='none')){ if (isset($aggregate)&&($aggregate!='none')){
$command .= ' -s '.$aggregate; $command .= ' -s '.$aggregate;
if (isset($max_val)) if (isset($max_val)) {
$command .= ' -n '.$max_val; $command .= ' -n '.$max_val;
} }
*/ }
//filter options // Filter options
if (isset($ip_dst)&&($ip_dst!='')&&($dst_net == false)){ $filter = '';
$command .= ' "'; if (isset($ip_dst)&&($ip_dst!='')){
$filter .= ' "(';
for($i=0;$i<$count_ipdst;$i++){ for($i=0;$i<$count_ipdst;$i++){
if ($i==0) if ($i > 0) {
$command .= 'dst ip '.$val_ipdst[$i]; $filter .= ' or ';
else
$command .= ' or dst ip '.$val_ipdst[$i];
} }
if (isset($ip_src)&&($ip_src!='')&&($src_net == false)){
$command .= ' and (';
for($i=0;$i<$count_ipsrc;$i++){ if (is_net ($val_ipdst[$i]) == 0) {
if ($i==0) $filter .= 'dst ip '.$val_ipdst[$i];
$command .= 'src ip '.$val_ipsrc[$i]; } else {
else $filter .= 'dst net '.$val_ipdst[$i];
$command .= ' or src ip '.$val_ipsrc[$i];
} }
$command .= ')'; }
$filter .= ')';
}
if (isset($ip_src)&&($ip_src!='')){
if ($filter == '') {
$filter .= ' "(';
} else {
$filter .= ' and (';
}
for($i=0;$i<$count_ipsrc;$i++){
if ($i > 0) {
$filter .= ' or ';
}
if (is_net ($val_ipsrc[$i]) == 0) {
$filter .= 'src ip '.$val_ipsrc[$i];
} else {
$filter .= 'src net '.$val_ipsrc[$i];
}
}
$filter .= ')';
} }
if (isset($dst_port)&&($dst_port!='')&&($dst_port!='0')){ if (isset($dst_port)&&($dst_port!='')&&($dst_port!='0')){
$command .= ' and ('; if ($filter == '') {
for($i=0;$i<$count_dstport;$i++){ $filter .= ' "(';
if ($i==0) } else {
$command .= 'dst port '. $val_dstport[$i]; $filter .= ' and (';
else
$command .= ' or dst port '.$val_dstport[$i];
} }
$command .= ')'; for($i=0;$i<$count_dstport;$i++){
if ($i > 0) {
$filter .= ' or ';
}
$filter .= 'dst port '.$val_dstport[$i];
}
$filter .= ')';
} }
if (isset($src_port)&&($src_port!='')&&($src_port!='0')){ if (isset($src_port)&&($src_port!='')&&($src_port!='0')){
$command .= ' and ('; if ($filter == '') {
for($i=0;$i<$count_srcport;$i++){ $filter .= ' "(';
if ($i==0)
$command .= 'src port '. $val_srcport[$i];
else
$command .= ' or src port '.$val_srcport[$i];
}
$command .= ')';
}
$command .= '"';
} else if (isset($ip_src)&&($ip_src!='')&&($src_net == false)) {
$command .= ' "';
for($i=0;$i<$count_ipsrc;$i++){
if ($i==0)
$command .= 'src ip '.$val_ipsrc[$i];
else
$command .= ' or src ip '.$val_ipsrc[$i];
}
if (isset($dst_port)&&($dst_port!='')&&($dst_port!='0')){
$command .= ' and (';
for($i=0;$i<$count_dstport;$i++){
if ($i==0)
$command .= 'dst port '. $val_dstport[$i];
else
$command .= ' or dst port '.$val_dstport[$i];
}
$command .= ')';
}
if (isset($src_port)&&($src_port!='')&&($src_port!='0')){
$command .= ' and (';
for($i=0;$i<$count_srcport;$i++){
if ($i==0)
$command .= 'src port '. $val_srcport[$i];
else
$command .= ' or src port '.$val_srcport[$i];
}
$command .= ')';
} else { } else {
$command .= '"'; $filter .= ' and (';
} }
for($i=0;$i<$count_ipdst;$i++){
} else if (isset($dst_port)&&($dst_port!='')&&($dst_port!='0')){ if ($i > 0) {
$command .= ' "'; $filter .= ' or ';
for($i=0;$i<$count_dstport;$i++){
if ($i==0)
$command .= 'dst port '.$val_dstport[$i];
else
$command .= ' or dst port '.$val_dstport[$i];
} }
if (isset($src_port)&&($src_port!='')&&($src_port!='0')){ $filter .= 'dst ip '.$val_ipdst[$i];
$command .= ' and (';
for($i=0;$i<$count_srcport;$i++){
if ($i==0)
$command .= 'src port '. $val_srcport[$i];
else
$command .= ' or src port '.$val_srcport[$i];
} }
$command .= ')'; $filter .= ')';
} else {
$command .= '"';
}
} else {
if (isset($src_port)&&($src_port!='')&&($src_port!='0')&&($src_net == false)&&($dst_net == false)){
$command .= ' "(';
for($i=0;$i<$count_srcport;$i++){
if ($i==0)
$command .= 'src port '.$val_srcport[$i];
else
$command .= ' or src port '.$val_srcport[$i];
}
$command .= ' )"';
} }
if ($filter != '') {
$filter .= '"';
$command .= $filter;
} }
if ($show_packets) if ($show_packets)
@ -496,95 +398,32 @@ if ($id!=''){
if ($show_bpp) if ($show_bpp)
$show = 'bpp'; $show = 'bpp';
//create interval to divide command execution
$inter = $config['graph_res'] * 50;
/*
if ($aggregate!='none')
$inter = 1;
*/
$fecha_limite = date ($time_format, $limit);
$res = $interval/$inter;
$aggs = array();
if ($aggregate!='none'){
$command = 'nfdump -q -R /home/vanessa/netflow/netflow/ -t 2011/11/29.14:53:17-2011/12/30.20:53:17 -N';
$filt='';
$order = ' -s record/'.$show;
$j = 0;
$aggs = get_aggregate($date_limit, $date_time, $command, $show,$filt,$aggregate, $max_val, $order);
}
// Data iterator // Data iterator
$j = 0; $j = 0;
$values = array(); $values = array();
// Calculate interval date
for ($i = 0; $i < $inter; $i++) {
$timestamp = $limit + ($res * $i);
$timestamp_short = date($time_format, $timestamp);
$end_date = $timestamp + $res;
$end = date ($time_format, $end_date);
if($aggregate!='none'){
$result = exec_command_prueba($timestamp_short, $end, $command, $show, $aggs);
/*
//$result = orderMultiDimensionalArray($result, 'datetime');
html_debug_print($aggs);
foreach ($aggs as $agg) {
$command = 'nfdump -q -R /home/vanessa/netflow/netflow/ -t 2011/11/29.14:53:17-2011/12/30.20:53:17 -N "src ip '.$agg.'"';
$result = exec_command_prueba($timestamp_short, $end, $command, $show,$filt,$aggregate, $max_val, $order);
}
*/
} else {
$result = exec_command($timestamp_short, $end, $command, $show);
}
$total = 0;
$count = 0;
if(!empty($result)){
$previous_data = 0;
foreach($result as $data){
$dates = $data['date'];
$times = $data['time'];
$total += $data['data'];
$count++;
}
$values[$j]['date'] = $dates;
$values[$j]['time'] = $times;
if ($count > 0) {
$values[$j]['data'] = $total / $count;
$previous_data = $values[$j]['data'];
} else {
$values[$j]['data'] = $previous_data;
}
$j++;
}
}
if($aggregate!='none'){ if($aggregate!='none'){
$result = exec_command_aggregate($limit, $date, $command, $show);
$result = orderMultiDimensionalArray($result, 'data', true);
switch ($element){ switch ($element){
case '0': case '0':
echo grafico_netflow_aggregate_area($result, $interval, 880, 540, '', '','','',$date); echo grafico_netflow_aggregate_area($result, $interval, 880, 540, '', '','','',$date);
break; break;
case '1': case '1':
//echo grafico_netflow_aggregate_pie($result); echo grafico_netflow_aggregate_pie($result);
break; break;
case '2': case '2':
//echo netflow_show_table_values($result, $date_limit, $date_time, $show); echo netflow_show_table_values($result, date ($time_format, $limit), date ($time_format, $date), $show);
break; break;
case '3': case '3':
//echo netflow_show_total_period($result, $date_limit, $date_time, $show); echo netflow_show_total_period($result, date ($time_format, $limit), date ($time_format, $date), $show);
break; break;
} }
}else{ }else{
$result = exec_command($limit, $date, $command, $show);
switch ($element){ switch ($element){
case '0': case '0':
echo grafico_netflow_total_area($values, $interval, 660, 320, '', '','','',$date); echo grafico_netflow_total_area($result, ($date - $limit), 660, 320, '', '','','',$date);
break; break;
} }
} }