diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 8ab1336698..daeaf3d9ba 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,14 @@ +2012-01-17 Ramon Novoa + + * include/functions_graph.php, include/functions_netflow.php, + godmode/netflow/nf_edit_form.php, pandoradb.sql, + pandoradb.postgreSQL.sql, pandoradb.oracle.sql: Added suport for + custom filters. Small fixes. + + * include/help/en/help_pcap_filter.php, + include/help/es/help_pcap_filter.php: Added to repository. Nfdump + filter syntax help files. + 2012-01-17 Juan Manuel Ramon * include/functions_api.php: Added new functions add_agent_policy, diff --git a/pandora_console/godmode/netflow/nf_edit_form.php b/pandora_console/godmode/netflow/nf_edit_form.php index 705f22d683..6626951e99 100644 --- a/pandora_console/godmode/netflow/nf_edit_form.php +++ b/pandora_console/godmode/netflow/nf_edit_form.php @@ -65,6 +65,7 @@ if ($id) { $src_port = $filter['src_port']; $aggregate = $filter['aggregate']; $output = $filter['output']; + $advanced_filter = $filter['advanced_filter']; } else { $name = ''; @@ -75,6 +76,7 @@ if ($id) { $src_port = ''; $aggregate = 'none'; $output = 'bytes'; + $advanced_filter = ''; } if ($update) { @@ -86,6 +88,7 @@ if ($update) { $ip_src = get_parameter('ip_src',''); $dst_port = get_parameter('dst_port',''); $src_port = get_parameter('src_port',''); + $advanced_filter = get_parameter('advanced_filter',''); if ($name == '') { ui_print_error_message (__('Not updated. Blank name')); @@ -99,6 +102,7 @@ if ($update) { 'ip_src' => $ip_src, 'dst_port' => $dst_port, 'src_port' => $src_port, + 'advanced_filter' => $advanced_filter, 'output' => $output), array ('id_sg' => $id)); @@ -117,6 +121,7 @@ if ($create){ $ip_src = get_parameter('ip_src',''); $dst_port = get_parameter('dst_port',''); $src_port = get_parameter('src_port',''); + $advanced_filter = (string) get_parameter('advanced_filter', ''); if($name == db_get_value('id_name', 'tnetflow_filter', 'id_name', $name)){ $result = false; @@ -129,6 +134,7 @@ if ($create){ 'dst_port'=>$dst_port, 'src_port'=>$src_port, 'aggregate'=>$aggregate, + 'advanced_filter'=>$advanced_filter, 'output'=>$output ); $result = db_process_sql_insert('tnetflow_filter', $values); @@ -157,8 +163,16 @@ $table->data[1][1] = html_print_select_groups($config['id_user'], "IW", $own_info['is_admin'], 'assign_group', $assign_group, '', '', -1, true, false, false); +if ($advanced_filter != '') { + $filter_type = 1; +} else { + $filter_type = 0; +} + $table->data[2][0] = ''.__('Filter:').''; - +$table->data[2][1] = __('Normal') . ' ' . html_print_radio_button_extended ('filter_type', 0, '', $filter_type, false, 'displayNormalFilter();', 'style="margin-right: 40px;"', true); +$table->data[2][1] .= __('Advanced') . ' ' . html_print_radio_button_extended ('filter_type', 1, '', $filter_type, false, 'displayAdvancedFilter();', 'style="margin-right: 40px;"', true); + $table->data[3][0] = __('Dst Ip'). ui_print_help_tip (__("Destination IP. A comma separated list of destination ip. If we leave the field blank, will show all ip. Example filter by ip:
25.46.157.214,160.253.135.249"), true); $table->data[3][1] = html_print_input_text ('ip_dst', $ip_dst, false, 40, 80, true); @@ -171,17 +185,19 @@ $table->data[5][1] = html_print_input_text ('dst_port', $dst_port, false, 40, 80 $table->data[6][0] = __('Src Port'). ui_print_help_tip (__("Source port. A comma separated list of source ports. If we leave the field blank, will show all ports. Example filter by ports 80 and 22:
80,22"), true); $table->data[6][1] = html_print_input_text ('src_port', $src_port, false, 40, 80, true); +$table->data[7][0] = ui_print_help_icon ('pcap_filter', true); +$table->data[7][1] = html_print_textarea ('advanced_filter', 4, 40, $advanced_filter, '', true); -$table->data[7][0] = ''.__('Aggregate by').''. ui_print_help_icon ('aggregate_by', true); +$table->data[8][0] = ''.__('Aggregate by').''. ui_print_help_icon ('aggregate_by', true); $aggregate_list = array(); $aggregate_list = array ('none' => __('None'), 'proto' => __('Protocol'), 'srcip' =>__('Src Ip Address'), 'dstip' =>__('Dst Ip Address'), 'srcport' =>__('Src Port'), 'dstport' =>__('Dst Port') ); -$table->data[7][1] = html_print_select ($aggregate_list, "aggregate", $aggregate, '', '', 0, true, false, true, '', false); +$table->data[8][1] = html_print_select ($aggregate_list, "aggregate", $aggregate, '', '', 0, true, false, true, '', false); -$table->data[8][0] = ''.__('Output format').''; +$table->data[9][0] = ''.__('Output format').''; $show_output = array(); -$show_output = array ('packets' => __('Packets'), 'bytes' => __('Bytes'), 'bps' =>__('Bits per second'), 'bpp' =>__('Bytes per packet')); -$table->data[8][1] = html_print_select ($show_output, 'output', $output, '', '', 0, true, false, true, '', false); +$show_output = array ('packets' => __('Packets'), 'bytes' => __('Bytes'), 'flows' =>__('Flows')); +$table->data[9][1] = html_print_select ($show_output, 'output', $output, '', '', 0, true, false, true, '', false); echo '
'; html_print_table ($table); @@ -198,4 +214,49 @@ echo ''; echo '
'; ?> + + + diff --git a/pandora_console/include/functions_graph.php b/pandora_console/include/functions_graph.php index fe07e52c59..4c7e92d25b 100755 --- a/pandora_console/include/functions_graph.php +++ b/pandora_console/include/functions_graph.php @@ -1996,8 +1996,8 @@ function graph_netflow_aggregate_area ($data, $period, $width, $height, $only_im $homeurl = ''; } - return area_graph($flash_chart, $chart, $width, $height, array (), $sources, - null, "images/image_problem.opaque.png", "", "", $homeurl, + return stacked_area_graph($flash_chart, $chart, $width, $height, null, $sources, + null, "images/image_problem.opaque.png", "", "", $config['homedir'] . "/images/logo_vertical_water.png", $config['fontpath'], $config['font_size'], ""); } diff --git a/pandora_console/include/functions_netflow.php b/pandora_console/include/functions_netflow.php index 0cbfcbd46e..aaef8e9e01 100644 --- a/pandora_console/include/functions_netflow.php +++ b/pandora_console/include/functions_netflow.php @@ -16,6 +16,7 @@ include_once("include/functions_users.php"); +include_once("include/functions_io.php"); // Date format for nfdump $nfdump_date_format = 'Y/m/d.H:i:s'; @@ -408,15 +409,12 @@ function netflow_get_stats ($start_date, $end_date, $command, $aggregate, $max, $values[$i]['agg'] = $val[4]; switch ($unit){ + case "flows": + $values[$i]['data'] = $val[5]; + break; case "packets": $values[$i]['data'] = $val[6]; break; - case "bps": - $values[$i]['data'] = $val[9]; - break; - case "bpp": - $values[$i]['data'] = $val[10]; - break; case "bytes": default: $values[$i]['data'] = $val[7]; @@ -447,9 +445,16 @@ function netflow_get_command ($filter) { if (isset($config['netflow_path']) && $config['netflow_path'] != '') { $command .= ' -R '.$config['netflow_path']; } - - // Filter options + + // Advanced filter $filter_args = ''; + if ($filter['advanced_filter'] != '') { + $filter_args = preg_replace('/"/','', io_safe_output ($filter['advanced_filter'])); + $command .= ' "(' . $filter_args . ')"'; + return $command; + } + + // Normal filter if ($filter['ip_dst'] != ''){ $filter_args .= ' "('; $val_ipdst = explode(',', $filter['ip_dst']); @@ -611,15 +616,15 @@ function netflow_parse_file ($start_date, $end_date, $file, &$values, $aggregate } switch ($unit) { + case "flows": + $flow['data'] = $val[6]; + break; case "packets": $flow['data'] = $val[7]; break; case "bytes": $flow['data'] = $val[8]; break; - case "flows": - $flow['data'] = $val[9]; - break; } $flow['timestamp'] = strtotime ($flow['date'] . " " . $flow['time']); $last_timestamp = $flow['timestamp']; diff --git a/pandora_console/include/help/en/help_pcap_filter.php b/pandora_console/include/help/en/help_pcap_filter.php new file mode 100644 index 0000000000..17af4da838 --- /dev/null +++ b/pandora_console/include/help/en/help_pcap_filter.php @@ -0,0 +1,40 @@ + +

Nfdump filter syntax

+ +The filter syntax is very similar to that of tcpdump. For example: + +