tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2012-01-17 Ramon Novoa <rnovoa@artica.es> 

* include/functions_graph.php, include/functions_netflow.php,
	  godmode/netflow/nf_edit_form.php, pandoradb.sql,
	  pandoradb.postgreSQL.sql, pandoradb.oracle.sql: Added suport for
	  custom filters. Small fixes.

	* include/help/en/help_pcap_filter.php,
	  include/help/es/help_pcap_filter.php: Added to repository. Nfdump
	  filter syntax help files.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@5382 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
Ramon Novoa 2012-01-17 14:01:49 +00:00
parent 56b813d636
commit dcdd53a9fc
9 changed files with 194 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pandora_console/ChangeLog
View File

@ -1,3 +1,14 @@
2012-01-17 Ramon Novoa <rnovoa@artica.es>
* include/functions_graph.php, include/functions_netflow.php,
godmode/netflow/nf_edit_form.php, pandoradb.sql,
pandoradb.postgreSQL.sql, pandoradb.oracle.sql: Added suport for
custom filters. Small fixes.
* include/help/en/help_pcap_filter.php,
include/help/es/help_pcap_filter.php: Added to repository. Nfdump
filter syntax help files.
2012-01-17 Juan Manuel Ramon <juanmanuel.ramon@artica.es> 2012-01-17 Juan Manuel Ramon <juanmanuel.ramon@artica.es>
* include/functions_api.php: Added new functions add_agent_policy, * include/functions_api.php: Added new functions add_agent_policy,

73
pandora_console/godmode/netflow/nf_edit_form.php
View File

@ -65,6 +65,7 @@ if ($id) {
$src_port = $filter['src_port']; $src_port = $filter['src_port'];
$aggregate = $filter['aggregate']; $aggregate = $filter['aggregate'];
$output = $filter['output']; $output = $filter['output'];
$advanced_filter = $filter['advanced_filter'];
} else { } else {
$name = ''; $name = '';
@ -75,6 +76,7 @@ if ($id) {
$src_port = ''; $src_port = '';
$aggregate = 'none'; $aggregate = 'none';
$output = 'bytes'; $output = 'bytes';
$advanced_filter = '';
} }
if ($update) { if ($update) {
@ -86,6 +88,7 @@ if ($update) {
$ip_src = get_parameter('ip_src',''); $ip_src = get_parameter('ip_src','');
$dst_port = get_parameter('dst_port',''); $dst_port = get_parameter('dst_port','');
$src_port = get_parameter('src_port',''); $src_port = get_parameter('src_port','');
$advanced_filter = get_parameter('advanced_filter','');
if ($name == '') { if ($name == '') {
ui_print_error_message (__('Not updated. Blank name')); ui_print_error_message (__('Not updated. Blank name'));
@ -99,6 +102,7 @@ if ($update) {
'ip_src' => $ip_src, 'ip_src' => $ip_src,
'dst_port' => $dst_port, 'dst_port' => $dst_port,
'src_port' => $src_port, 'src_port' => $src_port,
'advanced_filter' => $advanced_filter,
'output' => $output), 'output' => $output),
array ('id_sg' => $id)); array ('id_sg' => $id));
@ -117,6 +121,7 @@ if ($create){
$ip_src = get_parameter('ip_src',''); $ip_src = get_parameter('ip_src','');
$dst_port = get_parameter('dst_port',''); $dst_port = get_parameter('dst_port','');
$src_port = get_parameter('src_port',''); $src_port = get_parameter('src_port','');
$advanced_filter = (string) get_parameter('advanced_filter', '');
if($name == db_get_value('id_name', 'tnetflow_filter', 'id_name', $name)){ if($name == db_get_value('id_name', 'tnetflow_filter', 'id_name', $name)){
$result = false; $result = false;
@ -129,6 +134,7 @@ if ($create){
'dst_port'=>$dst_port, 'dst_port'=>$dst_port,
'src_port'=>$src_port, 'src_port'=>$src_port,
'aggregate'=>$aggregate, 'aggregate'=>$aggregate,
'advanced_filter'=>$advanced_filter,
'output'=>$output 'output'=>$output
); );
$result = db_process_sql_insert('tnetflow_filter', $values); $result = db_process_sql_insert('tnetflow_filter', $values);
@ -157,8 +163,16 @@ $table->data[1][1] = html_print_select_groups($config['id_user'], "IW",
$own_info['is_admin'], 'assign_group', $assign_group, '', '', -1, true, $own_info['is_admin'], 'assign_group', $assign_group, '', '', -1, true,
false, false); false, false);
if ($advanced_filter != '') {
$filter_type = 1;
} else {
$filter_type = 0;
}
$table->data[2][0] = '<b>'.__('Filter:').'</b>'; $table->data[2][0] = '<b>'.__('Filter:').'</b>';
$table->data[2][1] = __('Normal') . ' ' . html_print_radio_button_extended ('filter_type', 0, '', $filter_type, false, 'displayNormalFilter();', 'style="margin-right: 40px;"', true);
$table->data[2][1] .= __('Advanced') . ' ' . html_print_radio_button_extended ('filter_type', 1, '', $filter_type, false, 'displayAdvancedFilter();', 'style="margin-right: 40px;"', true);
$table->data[3][0] = __('Dst Ip'). ui_print_help_tip (__("Destination IP. A comma separated list of destination ip. If we leave the field blank, will show all ip. Example filter by ip:<br>25.46.157.214,160.253.135.249"), true); $table->data[3][0] = __('Dst Ip'). ui_print_help_tip (__("Destination IP. A comma separated list of destination ip. If we leave the field blank, will show all ip. Example filter by ip:<br>25.46.157.214,160.253.135.249"), true);
$table->data[3][1] = html_print_input_text ('ip_dst', $ip_dst, false, 40, 80, true); $table->data[3][1] = html_print_input_text ('ip_dst', $ip_dst, false, 40, 80, true);
@ -171,17 +185,19 @@ $table->data[5][1] = html_print_input_text ('dst_port', $dst_port, false, 40, 80
$table->data[6][0] = __('Src Port'). ui_print_help_tip (__("Source port. A comma separated list of source ports. If we leave the field blank, will show all ports. Example filter by ports 80 and 22:<br>80,22"), true); $table->data[6][0] = __('Src Port'). ui_print_help_tip (__("Source port. A comma separated list of source ports. If we leave the field blank, will show all ports. Example filter by ports 80 and 22:<br>80,22"), true);
$table->data[6][1] = html_print_input_text ('src_port', $src_port, false, 40, 80, true); $table->data[6][1] = html_print_input_text ('src_port', $src_port, false, 40, 80, true);
$table->data[7][0] = ui_print_help_icon ('pcap_filter', true);
$table->data[7][1] = html_print_textarea ('advanced_filter', 4, 40, $advanced_filter, '', true);
$table->data[7][0] = '<b>'.__('Aggregate by').'</b>'. ui_print_help_icon ('aggregate_by', true); $table->data[8][0] = '<b>'.__('Aggregate by').'</b>'. ui_print_help_icon ('aggregate_by', true);
$aggregate_list = array(); $aggregate_list = array();
$aggregate_list = array ('none' => __('None'), 'proto' => __('Protocol'), 'srcip' =>__('Src Ip Address'), 'dstip' =>__('Dst Ip Address'), 'srcport' =>__('Src Port'), 'dstport' =>__('Dst Port') ); $aggregate_list = array ('none' => __('None'), 'proto' => __('Protocol'), 'srcip' =>__('Src Ip Address'), 'dstip' =>__('Dst Ip Address'), 'srcport' =>__('Src Port'), 'dstport' =>__('Dst Port') );
$table->data[7][1] = html_print_select ($aggregate_list, "aggregate", $aggregate, '', '', 0, true, false, true, '', false); $table->data[8][1] = html_print_select ($aggregate_list, "aggregate", $aggregate, '', '', 0, true, false, true, '', false);
$table->data[8][0] = '<b>'.__('Output format').'</b>'; $table->data[9][0] = '<b>'.__('Output format').'</b>';
$show_output = array(); $show_output = array();
$show_output = array ('packets' => __('Packets'), 'bytes' => __('Bytes'), 'bps' =>__('Bits per second'), 'bpp' =>__('Bytes per packet')); $show_output = array ('packets' => __('Packets'), 'bytes' => __('Bytes'), 'flows' =>__('Flows'));
$table->data[8][1] = html_print_select ($show_output, 'output', $output, '', '', 0, true, false, true, '', false); $table->data[9][1] = html_print_select ($show_output, 'output', $output, '', '', 0, true, false, true, '', false);
echo '<form method="post" action="index.php?sec=netf&sec2=godmode/netflow/nf_edit_form">'; echo '<form method="post" action="index.php?sec=netf&sec2=godmode/netflow/nf_edit_form">';
html_print_table ($table); html_print_table ($table);
@ -198,4 +214,49 @@ echo '</div>';
echo '</form>'; echo '</form>';
?> ?>
<script type="text/javascript">
function displayAdvancedFilter () {
// Erase the normal filter
document.getElementById("text-ip_dst").value = '';
document.getElementById("text-ip_src").value = '';
document.getElementById("text-dst_port").value = '';
document.getElementById("text-src_port").value = '';
// Hide the normal filter
document.getElementById("table1-3").style.display = 'none';
document.getElementById("table1-4").style.display = 'none';
document.getElementById("table1-5").style.display = 'none';
document.getElementById("table1-6").style.display = 'none';
// Show the advanced filter
document.getElementById("table1-7").style.display = '';
};
function displayNormalFilter () {
// Erase the advanced filter
document.getElementById("textarea_advanced_filter").value = '';
// Hide the advanced filter
document.getElementById("table1-7").style.display = 'none';
// Show the normal filter
document.getElementById("table1-3").style.display = '';
document.getElementById("table1-4").style.display = '';
document.getElementById("table1-5").style.display = '';
document.getElementById("table1-6").style.display = '';
};
var filter_type = <?php echo $filter_type ?>;
if (filter_type == 0) {
displayNormalFilter ();
} else {
displayAdvancedFilter ();
}
</script>

4
pandora_console/include/functions_graph.php
View File

@ -1996,8 +1996,8 @@ function graph_netflow_aggregate_area ($data, $period, $width, $height, $only_im
$homeurl = ''; $homeurl = '';
} }
return area_graph($flash_chart, $chart, $width, $height, array (), $sources, return stacked_area_graph($flash_chart, $chart, $width, $height, null, $sources,
null, "images/image_problem.opaque.png", "", "", $homeurl, null, "images/image_problem.opaque.png", "", "",
$config['homedir'] . "/images/logo_vertical_water.png", $config['homedir'] . "/images/logo_vertical_water.png",
$config['fontpath'], $config['font_size'], ""); $config['fontpath'], $config['font_size'], "");
} }

27
pandora_console/include/functions_netflow.php
View File

@ -16,6 +16,7 @@
include_once("include/functions_users.php"); include_once("include/functions_users.php");
include_once("include/functions_io.php");
// Date format for nfdump // Date format for nfdump
$nfdump_date_format = 'Y/m/d.H:i:s'; $nfdump_date_format = 'Y/m/d.H:i:s';
@ -408,15 +409,12 @@ function netflow_get_stats ($start_date, $end_date, $command, $aggregate, $max,
$values[$i]['agg'] = $val[4]; $values[$i]['agg'] = $val[4];
switch ($unit){ switch ($unit){
case "flows":
$values[$i]['data'] = $val[5];
break;
case "packets": case "packets":
$values[$i]['data'] = $val[6]; $values[$i]['data'] = $val[6];
break; break;
case "bps":
$values[$i]['data'] = $val[9];
break;
case "bpp":
$values[$i]['data'] = $val[10];
break;
case "bytes": case "bytes":
default: default:
$values[$i]['data'] = $val[7]; $values[$i]['data'] = $val[7];
@ -447,9 +445,16 @@ function netflow_get_command ($filter) {
if (isset($config['netflow_path']) && $config['netflow_path'] != '') { if (isset($config['netflow_path']) && $config['netflow_path'] != '') {
$command .= ' -R '.$config['netflow_path']; $command .= ' -R '.$config['netflow_path'];
} }
// Filter options // Advanced filter
$filter_args = ''; $filter_args = '';
if ($filter['advanced_filter'] != '') {
$filter_args = preg_replace('/"/','', io_safe_output ($filter['advanced_filter']));
$command .= ' "(' . $filter_args . ')"';
return $command;
}
// Normal filter
if ($filter['ip_dst'] != ''){ if ($filter['ip_dst'] != ''){
$filter_args .= ' "('; $filter_args .= ' "(';
$val_ipdst = explode(',', $filter['ip_dst']); $val_ipdst = explode(',', $filter['ip_dst']);
@ -611,15 +616,15 @@ function netflow_parse_file ($start_date, $end_date, $file, &$values, $aggregate
} }
switch ($unit) { switch ($unit) {
case "flows":
$flow['data'] = $val[6];
break;
case "packets": case "packets":
$flow['data'] = $val[7]; $flow['data'] = $val[7];
break; break;
case "bytes": case "bytes":
$flow['data'] = $val[8]; $flow['data'] = $val[8];
break; break;
case "flows":
$flow['data'] = $val[9];
break;
} }
$flow['timestamp'] = strtotime ($flow['date'] . " " . $flow['time']); $flow['timestamp'] = strtotime ($flow['date'] . " " . $flow['time']);
$last_timestamp = $flow['timestamp']; $last_timestamp = $flow['timestamp'];

40
pandora_console/include/help/en/help_pcap_filter.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/**
* @package Include/help/en
*/
?>
<h1>Nfdump filter syntax</h1>
The filter syntax is very similar to that of tcpdump. For example:
<ul>
<li>Capture traffic to or from 192.168.0.1:</li>
<pre>
host 192.168.0.1
</pre>
<ul>
<li>Capture traffic to 192.168.0.1:</li>
<pre>
dst host 192.168.0.1
</pre>
<li>Capture traffic from 192.168.0.0/24:</li>
<pre>
src net 192.168.0.0/24
</pre>
<li>Capture HTTP and HTTPS traffic:</li>
<pre>
(port 80) or (port 443)
</pre>
<li>Capture all traffic except DNS:</li>
<pre>
port not 53
</pre>
<li>Capture SSH traffic to 192.168.0.1:</li>
<pre>
(port 22) and (dst host 192.168.0.1)
</pre>

40
pandora_console/include/help/es/help_pcap_filter.php Normal file
View File

@ -0,0 +1,40 @@
<?php
/**
* @package Include/help/en
*/
?>
<h1>Sintaxis de filtros de Nfdump</h1>
La sintaxis de filtros es muy parecida a la de tcpdump. Por ejemplo:
<ul>
<li>Capturar tráfico hacia o desde 192.168.0.1:</li>
<pre>
host 192.168.0.1
</pre>
<ul>
<li>Capturar tráfico hacia 192.168.0.1:</li>
<pre>
dst host 192.168.0.1
</pre>
<li>Capturar tráfico desde 192.168.0.0/24:</li>
<pre>
src net 192.168.0.0/24
</pre>
<li>Capturar tráfico HTTP y HTTPS:</li>
<pre>
(port 80) or (port 443)
</pre>
<li>Capturar todo el tráfico excepto DNS:</li>
<pre>
port not 53
</pre>
<li>Capturar el tráfico SSH hacia 192.168.0.1:</li>
<pre>
(port 22) and (dst host 192.168.0.1)
</pre>

11
pandora_console/pandoradb.oracle.sql
View File

@ -1482,12 +1482,13 @@ CREATE INDEX ttag_event_id_evento_idx ON ttag_event(id_evento);
CREATE TABLE tnetflow_filter ( CREATE TABLE tnetflow_filter (
id_sg NUMBER(10, 0) NOT NULL PRIMARY KEY, id_sg NUMBER(10, 0) NOT NULL PRIMARY KEY,
id_name VARCHAR2(100) NOT NULL, id_name VARCHAR2(600) NOT NULL,
id_group NUMBER(10, 0), id_group NUMBER(10, 0),
ip_dst VARCHAR2(100), ip_dst CLOB NOT NULL,
ip_src VARCHAR2(100), ip_src CLOB NOT NULL,
dst_port VARCHAR2(100), dst_port CLOB NOT NULL,
src_port VARCHAR2(100), src_port CLOB NOT NULL,
advanced_filter CLOB NOT NULL,
aggregate VARCHAR2(60), aggregate VARCHAR2(60),
output VARCHAR2(60) output VARCHAR2(60)
); );

11
pandora_console/pandoradb.postgreSQL.sql
View File

@ -1195,12 +1195,13 @@ CREATE INDEX "ttag_event_id_evento_idx" ON "ttag_event"("id_evento");
-- ----------------------------------------------------- -- -----------------------------------------------------
CREATE TABLE "tnetflow_filter" ( CREATE TABLE "tnetflow_filter" (
"id_sg" SERIAL NOT NULL PRIMARY KEY, "id_sg" SERIAL NOT NULL PRIMARY KEY,
"id_name" varchar(60) NOT NULL default '', "id_name" varchar(600) NOT NULL default '',
"id_group" INTEGER, "id_group" INTEGER,
"ip_dst" varchar(100), "ip_dst" TEXT NOT NULL,
"ip_src" varchar(100), "ip_src" TEXT NOT NULL,
"dst_port" varchar(100), "dst_port" TEXT NOT NULL,
"src_port" varchar(100), "src_port" TEXT NOT NULL,
"advanced_filter" TEXT NOT NULL,
"aggregate" varchar(60), "aggregate" varchar(60),
"output" varchar(60) "output" varchar(60)
); );

11
pandora_console/pandoradb.sql
View File

@ -1286,12 +1286,13 @@ CREATE TABLE IF NOT EXISTS `ttag_event` (
CREATE TABLE IF NOT EXISTS `tnetflow_filter` ( CREATE TABLE IF NOT EXISTS `tnetflow_filter` (
`id_sg` int(10) unsigned NOT NULL auto_increment, `id_sg` int(10) unsigned NOT NULL auto_increment,
`id_name` varchar(60) NOT NULL default '0', `id_name` varchar(600) NOT NULL default '0',
`id_group` int(10), `id_group` int(10),
`ip_dst` varchar(100), `ip_dst` TEXT NOT NULL,
`ip_src` varchar(100), `ip_src` TEXT NOT NULL,
`dst_port` varchar(100), `dst_port` TEXT NOT NULL,
`src_port` varchar(100), `src_port` TEXT NOT NULL,
`advanced_filter` TEXT NOT NULL,,
`aggregate` varchar(60), `aggregate` varchar(60),
`output` varchar(60), `output` varchar(60),
PRIMARY KEY (`id_sg`) PRIMARY KEY (`id_sg`)