633 lines
15 KiB
PHP
633 lines
15 KiB
PHP
<?php
|
|
|
|
// Pandora FMS - http://pandorafms.com
|
|
// ==================================================
|
|
// Copyright (c) 2005-2010 Artica Soluciones Tecnologicas
|
|
// Please see http://pandorafms.org for full contribution list
|
|
|
|
// This program is free software; you can redistribute it and/or
|
|
// modify it under the terms of the GNU Lesser General Public License
|
|
// as published by the Free Software Foundation; version 2
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
|
|
|
|
include_once("include/functions_users.php");
|
|
|
|
// Date format for nfdump
|
|
$nfdump_date_format = 'Y/m/d.H:i:s';
|
|
|
|
/**
|
|
* Selects all netflow filters (array (id_name => id_name)) or filters filtered
|
|
*
|
|
* @param mixed Array with filter conditions to retrieve filters or false.
|
|
*
|
|
* @return array List of all filters
|
|
*/
|
|
function netflow_get_filters ($filter = false) {
|
|
if ($filter === false) {
|
|
$filters = db_get_all_rows_in_table ("tnetflow_filter", "id_name");
|
|
}
|
|
else {
|
|
$filters = db_get_all_rows_filter ("tnetflow_filter", $filter);
|
|
}
|
|
$return = array ();
|
|
if ($filters === false) {
|
|
return $return;
|
|
}
|
|
foreach ($filters as $filter) {
|
|
$return[$filter["id_name"]] = $filter["id_name"];
|
|
}
|
|
return $return;
|
|
}
|
|
|
|
|
|
/**
|
|
* Selects all netflow reports (array (id_name => id_name)) or filters filtered
|
|
*
|
|
* @param mixed Array with filter conditions to retrieve filters or false.
|
|
*
|
|
* @return array List of all filters
|
|
*/
|
|
function netflow_get_reports ($filter = false) {
|
|
if ($filter === false) {
|
|
$filters = db_get_all_rows_in_table ("tnetflow_report", "id_name");
|
|
}
|
|
else {
|
|
$filters = db_get_all_rows_filter ("tnetflow_report", $filter);
|
|
}
|
|
$return = array ();
|
|
if ($filters === false) {
|
|
return $return;
|
|
}
|
|
foreach ($filters as $filter) {
|
|
$return[$filter["id_name"]] = $filter["id_name"];
|
|
}
|
|
return $return;
|
|
}
|
|
|
|
//permite validar si un filtro pertenece a un grupo permitido para el usuario
|
|
|
|
function netflow_check_filter_group ($id_sg) {
|
|
global $config;
|
|
|
|
$id_group = db_get_value('id_group', 'tnetflow_filter', 'id_sg', $id_sg);
|
|
// Get group list that user has access
|
|
$groups_user = users_get_groups ($config['id_user'], "IW", false, true);
|
|
$groups_id = array();
|
|
$has_permission = false;
|
|
|
|
foreach($groups_user as $key => $groups){
|
|
if ($groups['id_grupo'] == $id_group)
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
//permite validar si un informe pertenece a un grupo permitido para el usuario
|
|
|
|
function netflow_check_report_group ($id_report) {
|
|
global $config;
|
|
|
|
$id_group = db_get_value('id_group', 'tnetflow_report', 'id_report', $id_report);
|
|
// Get group list that user has access
|
|
$groups_user = users_get_groups ($config['id_user'], "IW", false, true);
|
|
$groups_id = array();
|
|
$has_permission = false;
|
|
|
|
foreach($groups_user as $key => $groups){
|
|
if ($groups['id_grupo'] == $id_group)
|
|
return true;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Get a filter.
|
|
*
|
|
* @param int filter id to be fetched.
|
|
* @param array Extra filter.
|
|
* @param array Fields to be fetched.
|
|
*
|
|
* @return array A netflow filter matching id and filter.
|
|
*/
|
|
function netflow_filter_get_filter ($id_sg, $filter = false, $fields = false) {
|
|
global $config;
|
|
|
|
/*
|
|
$id_group = db_get_value('id_group', 'tnetflow_filter', 'id_sg', $id_sg);
|
|
// Get group list that user has access
|
|
$groups_user = users_get_groups ($config['id_user'], "AR", false, true);
|
|
$groups_id = array();
|
|
$has_permission = false;
|
|
|
|
foreach($groups_user as $key => $groups){
|
|
if ($groups['id_grupo'] == $id_group)
|
|
$has_permission = true;
|
|
}
|
|
*/
|
|
|
|
//if ($has_permission) {
|
|
if (! is_array ($filter))
|
|
$filter = array ();
|
|
$filter['id_sg'] = (int) $id_sg;
|
|
|
|
return db_get_row_filter ('tnetflow_filter', $filter, $fields);
|
|
/*
|
|
} else {
|
|
return false;
|
|
}
|
|
*/
|
|
}
|
|
|
|
/**
|
|
* Get options.
|
|
*
|
|
* @param int filter id to be fetched.
|
|
* @param array Extra filter.
|
|
* @param array Fields to be fetched.
|
|
*
|
|
* @return array A netflow filter matching id and filter.
|
|
*/
|
|
function netflow_reports_get_reports ($id_report, $filter = false, $fields = false) {
|
|
if (empty ($id_report))
|
|
return false;
|
|
if (! is_array ($filter))
|
|
$filter = array ();
|
|
$filter['id_report'] = (int) $id_report;
|
|
|
|
return db_get_row_filter ('tnetflow_report', $filter, $fields);
|
|
}
|
|
|
|
function netflow_reports_get_content ($id_rc, $filter = false, $fields = false){
|
|
if (empty ($id_rc))
|
|
return false;
|
|
if (! is_array ($filter))
|
|
$filter = array ();
|
|
$filter['id_rc'] = (int) $id_rc;
|
|
|
|
return db_get_row_filter ('tnetflow_report_content', $filter, $fields);
|
|
}
|
|
|
|
/**
|
|
* Compare two flows according to the 'data' column.
|
|
*
|
|
* @param array a First flow.
|
|
* @param array b Second flow.
|
|
*
|
|
* @return Result of the comparison.
|
|
*/
|
|
function compare_flows ($a, $b) {
|
|
return $a['data']>$b['data'];
|
|
}
|
|
|
|
/**
|
|
* Sort netflow data according to the 'data' column.
|
|
*
|
|
* @param array netflow_data Netflow data array.
|
|
*
|
|
*/
|
|
function sort_netflow_data ($netflow_data) {
|
|
usort($netflow_data, "compare_flows");
|
|
}
|
|
|
|
function netflow_stat_table ($data, $start_date, $end_date, $show){
|
|
global $nfdump_date_format;
|
|
|
|
$start_date = date ($nfdump_date_format, $start_date);
|
|
$end_date = date ($nfdump_date_format, $end_date);
|
|
$values = array();
|
|
$table->width = '50%';
|
|
$table->class = 'databox';
|
|
$table->data = array();
|
|
$title = "Desde $start_date hasta $end_date";
|
|
$j = 0;
|
|
$x = 1;
|
|
|
|
echo"<h4>Suma por periodo ($show)</h4>";
|
|
$table->data[0][0] = '<b>'.__('Rango').'</b>';
|
|
$table->data[0][1] = '<b>'.$title.'</b>';
|
|
|
|
while (isset ($data[$j])) {
|
|
$agg = $data[$j]['agg'];
|
|
if (!isset($values[$agg])){
|
|
$values[$agg] = $data[$j]['data'];
|
|
$table->data[$x][0] = $agg;
|
|
$table->data[$x][1] = format_numeric ($data[$j]['data']) .' '.$show;
|
|
} else {
|
|
$values[$agg] += $data[$j]['data'];
|
|
$table->data[$x][0] = $agg;
|
|
$table->data[$x][1] = format_numeric ($data[$j]['data']) .' '.$show;
|
|
}
|
|
$j++;
|
|
$x++;
|
|
}
|
|
html_print_table($table);
|
|
}
|
|
|
|
/**
|
|
* Show a table with netflow statistics.
|
|
*
|
|
* @param array data Statistic data.
|
|
* @param string start_date Start date.
|
|
* @param string end_date End date.
|
|
* @param string unit Unit to display.
|
|
*
|
|
* @return The statistics table.
|
|
*/
|
|
function netflow_data_table ($data, $start_date, $end_date, $unit){
|
|
global $nfdump_date_format;
|
|
|
|
$period = $end_date - $start_date;
|
|
$start_date = date ($nfdump_date_format, $start_date);
|
|
$end_date = date ($nfdump_date_format, $end_date);
|
|
|
|
// Set the format
|
|
if ($period <= 21600) {
|
|
$time_format = 'H:i:s';
|
|
}
|
|
elseif ($period < 86400) {
|
|
$time_format = 'H:i';
|
|
}
|
|
elseif ($period < 1296000) {
|
|
$time_format = 'M d H:i';
|
|
}
|
|
elseif ($period < 2592000) {
|
|
$time_format = 'M d H\h';
|
|
}
|
|
else {
|
|
$time_format = 'M d H\h';
|
|
}
|
|
|
|
$values = array();
|
|
//$table->size = array ('50%');
|
|
$table->class = 'databox';
|
|
$table->data = array();
|
|
|
|
echo"<h4>Tabla de valores ($unit)</h4>";
|
|
$table->data[0][0] = '<b>'.__('Rango').'</b>';
|
|
|
|
$j = 0;
|
|
$source_index = array ();
|
|
$source_count = 0;
|
|
foreach ($data['sources'] as $source => $null) {
|
|
$table->data[0][$j+1] = $source;
|
|
$source_index[$j] = $source;
|
|
$source_count++;
|
|
$j++;
|
|
}
|
|
|
|
$i = 1;
|
|
foreach ($data['data'] as $timestamp => $values) {
|
|
$table->data[$i][0] = date ($time_format, $timestamp);
|
|
for ($j = 0; $j < $source_count; $j++) {
|
|
if (isset ($values[$source_index[$j]])) {
|
|
$table->data[$i][$j+1] = format_numeric ($values[$source_index[$j]]);
|
|
} else {
|
|
$table->data[$i][$j+1] = 0;
|
|
}
|
|
}
|
|
$i++;
|
|
}
|
|
|
|
html_print_table($table);
|
|
}
|
|
|
|
/**
|
|
* Returns 1 if the given address is a network address.
|
|
*
|
|
* @param string address Host or network address.
|
|
*
|
|
* @return 1 if the address is a network address, 0 otherwise.
|
|
*
|
|
*/
|
|
function netflow_is_net ($address) {
|
|
if (strpos ($address, '/') !== FALSE) {
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* Returns netflow data for the given period in an array.
|
|
*
|
|
* @param string start_date Period start date.
|
|
* @param string end_date Period end date.
|
|
* @param string command Command used to retrieve netflow data.
|
|
* @param string aggregate Aggregate field.
|
|
* @param int max Maximum number of aggregates.
|
|
* @param string unit Unit to show.
|
|
*
|
|
* @return An array with netflow stats.
|
|
*
|
|
*/
|
|
function netflow_get_data ($start_date, $end_date, $command, $aggregate, $max, $unit){
|
|
global $nfdump_date_format;
|
|
global $config;
|
|
|
|
// If there is aggregation calculate the top n
|
|
$sources = array ();
|
|
if ($aggregate != 'none') {
|
|
$agg_command = $command . " -s $aggregate -n $max -t ".date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date);
|
|
exec($agg_command, $string);
|
|
foreach($string as $line){
|
|
if ($line=='') {
|
|
continue;
|
|
}
|
|
$line = preg_replace('/\(\s*\S+\)/','',$line);
|
|
$line = preg_replace('/\s+/',' ',$line);
|
|
$val = explode(' ',$line);
|
|
$sources[$val[4]] = 1;
|
|
}
|
|
}
|
|
|
|
// Execute nfdump and save its output in a temporary file
|
|
$command .= ' -t '.date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date);
|
|
$temp_file = $config["attachment_store"] . "/netflow_" . rand (0, getrandmax()) . ".data";
|
|
exec("$command > $temp_file");
|
|
|
|
// Open the temporary file
|
|
$fh = fopen ($temp_file, "r");
|
|
if ($fh === FALSE) {
|
|
return;
|
|
}
|
|
|
|
// Calculate the number of intervals
|
|
$num_intervals = $config['graph_res'] * 50;
|
|
$period = $end_date - $start_date;
|
|
$interval_length = (int) ($period / $num_intervals);
|
|
|
|
// Parse flow data
|
|
$read_flag = 1;
|
|
$values = array ();
|
|
$flow = array ();
|
|
for ($i = 0; $i < $num_intervals; $i++) {
|
|
$timestamp = $start_date + ($interval_length * $i);
|
|
|
|
if ($aggregate != 'none') {
|
|
$interval_total = array ();
|
|
$interval_count = array ();
|
|
} else {
|
|
$interval_total = 0;
|
|
$interval_count = 0;
|
|
}
|
|
|
|
do {
|
|
if ($read_flag == 1) {
|
|
$read_flag = 0;
|
|
$line = fgets($fh, 4096);
|
|
if ($line === false) {
|
|
$read_flag = 1;
|
|
break;
|
|
}
|
|
|
|
$line = preg_replace('/\s+/',' ',$line);
|
|
$val = explode(' ',$line);
|
|
if (! isset ($val[6])) {
|
|
$read_flag = 1;
|
|
break;
|
|
}
|
|
|
|
$flow['date'] = $val[0];
|
|
$flow['time'] = $val[1];
|
|
|
|
switch ($aggregate){
|
|
case "proto":
|
|
$flow['agg'] = $val[3];
|
|
break;
|
|
case "srcip":
|
|
$val2 = explode(':', $val[4]);
|
|
$flow['agg'] = $val2[0];
|
|
break;
|
|
case "srcport":
|
|
$val2 = explode(':', $val[4]);
|
|
$flow['agg'] = $val2[1];
|
|
break;
|
|
case "dstip":
|
|
$val2 = explode(':', $val[6]);
|
|
$flow['agg'] = $val2[0];
|
|
break;
|
|
case "dstport":
|
|
$val2 = explode(':', $val[6]);
|
|
$flow['agg'] = $val2[1];
|
|
break;
|
|
}
|
|
|
|
switch ($unit) {
|
|
case "packets":
|
|
$flow['data'] = $val[7];
|
|
break;
|
|
case "bytes":
|
|
$flow['data'] = $val[8];
|
|
break;
|
|
case "flows":
|
|
$flow['data'] = $val[9];
|
|
break;
|
|
}
|
|
$flow['timestamp'] = strtotime ($flow['date'] . " " . $flow['time']);
|
|
}
|
|
if ($flow['timestamp'] >= $timestamp && $flow['timestamp'] <= $timestamp + $interval_length) {
|
|
$read_flag = 1;
|
|
if ($aggregate != 'none') {
|
|
if (isset ($sources[$flow['agg']])) {
|
|
if (! isset ($interval_total[$flow['agg']])) {
|
|
$interval_total[$flow['agg']] = 0;
|
|
$interval_count[$flow['agg']] = 0;
|
|
}
|
|
$interval_total[$flow['agg']] += $flow['data'];
|
|
$interval_count[$flow['agg']] += 1;
|
|
}
|
|
} else {
|
|
$interval_total += $flow['data'];
|
|
$interval_count += 1;
|
|
}
|
|
}
|
|
} while ($read_flag == 1);
|
|
|
|
if ($aggregate != 'none') {
|
|
foreach ($interval_total as $agg => $val) {
|
|
if ($interval_count[$agg] != 0) {
|
|
$values['data'][$timestamp][$agg] = (int) ($interval_total[$agg] / $interval_count[$agg]);
|
|
$values['sources'][$agg] = 1;
|
|
}
|
|
}
|
|
} else {
|
|
if ($interval_count == 0) {
|
|
$values[$timestamp]['data'] = 0;
|
|
} else {
|
|
$values[$timestamp]['data'] = (int) ($interval_total / $interval_count);
|
|
}
|
|
}
|
|
}
|
|
|
|
fclose ($fh);
|
|
unlink ($temp_file);
|
|
|
|
return $values;
|
|
}
|
|
|
|
/**
|
|
* Returns netflow stats for the given period in an array.
|
|
*
|
|
* @param string start_date Period start date.
|
|
* @param string end_date Period end date.
|
|
* @param string command Command used to retrieve netflow data.
|
|
* @param string aggregate Aggregate field.
|
|
* @param int max Maximum number of aggregates.
|
|
* @param string unit Unit to show.
|
|
*
|
|
* @return An array with netflow stats.
|
|
*/
|
|
function netflow_get_stats ($start_date, $end_date, $command, $aggregate, $max, $unit){
|
|
global $nfdump_date_format;
|
|
|
|
$command .= ' -s ' . $aggregate . ' -n ' . $max . ' -t '.date($nfdump_date_format, $start_date).'-'.date($nfdump_date_format, $end_date);
|
|
exec($command, $string);
|
|
|
|
if(! is_array($string)){
|
|
return array ();
|
|
}
|
|
|
|
$i = 0;
|
|
$values = array();
|
|
foreach($string as $line){
|
|
if ($line == '') {
|
|
break;
|
|
}
|
|
$line = preg_replace('/\(\s*\S+\)/','',$line);
|
|
$line = preg_replace('/\s+/',' ',$line);
|
|
$val = explode(' ',$line);
|
|
|
|
$values[$i]['date'] = $val[0];
|
|
$values[$i]['time'] = $val[1];
|
|
|
|
//create field to sort array
|
|
$date = $val[0];
|
|
$time = $val[1];
|
|
$end_date = strtotime ($date." ".$time);
|
|
$values[$i]['datetime'] = $end_date;
|
|
$values[$i]['agg'] = $val[4];
|
|
|
|
switch ($unit){
|
|
case "packets":
|
|
$values[$i]['data'] = $val[6];
|
|
break;
|
|
case "bps":
|
|
$values[$i]['data'] = $val[9];
|
|
break;
|
|
case "bpp":
|
|
$values[$i]['data'] = $val[10];
|
|
break;
|
|
case "bytes":
|
|
default:
|
|
$values[$i]['data'] = $val[7];
|
|
break;
|
|
}
|
|
$i++;
|
|
}
|
|
|
|
sort_netflow_data ($values);
|
|
return $values;
|
|
}
|
|
|
|
/**
|
|
* Returns the command needed to run nfdump for the given filter.
|
|
*
|
|
* @param array filter Netflow filter.
|
|
*
|
|
* @return Command to run.
|
|
*
|
|
*/
|
|
function netflow_get_command ($filter) {
|
|
global $config;
|
|
|
|
// Build command
|
|
$command = 'nfdump -q -N -m';
|
|
|
|
// Netflow data path
|
|
if (isset($config['netflow_path']) && $config['netflow_path'] != '') {
|
|
$command .= ' -R '.$config['netflow_path'];
|
|
}
|
|
|
|
// Filter options
|
|
$filter_args = '';
|
|
if ($filter['ip_dst'] != ''){
|
|
$filter_args .= ' "(';
|
|
$val_ipdst = explode(',', $filter['ip_dst']);
|
|
for($i = 0; $i < count ($val_ipdst); $i++){
|
|
if ($i > 0) {
|
|
$filter_args .= ' or ';
|
|
}
|
|
|
|
if (netflow_is_net ($val_ipdst[$i]) == 0) {
|
|
$filter_args .= 'dst ip '.$val_ipdst[$i];
|
|
} else {
|
|
$filter_args .= 'dst net '.$val_ipdst[$i];
|
|
}
|
|
}
|
|
$filter_args .= ')';
|
|
}
|
|
if ($filter['ip_src'] != ''){
|
|
if ($filter_args == '') {
|
|
$filter_args .= ' "(';
|
|
} else {
|
|
$filter_args .= ' and (';
|
|
}
|
|
$val_ipsrc = explode(',', $filter['ip_src']);
|
|
for($i = 0; $i < count ($val_ipsrc); $i++){
|
|
if ($i > 0) {
|
|
$filter_args .= ' or ';
|
|
}
|
|
|
|
if (netflow_is_net ($val_ipsrc[$i]) == 0) {
|
|
$filter_args .= 'src ip '.$val_ipsrc[$i];
|
|
} else {
|
|
$filter_args .= 'src net '.$val_ipsrc[$i];
|
|
}
|
|
}
|
|
$filter_args .= ')';
|
|
}
|
|
if ($filter['dst_port'] != 0) {
|
|
if ($filter_args == '') {
|
|
$filter_args .= ' "(';
|
|
} else {
|
|
$filter_args .= ' and (';
|
|
}
|
|
$val_dstport = explode(',', $filter['dst_port']);
|
|
for($i = 0; $i < count ($val_dstport); $i++){
|
|
if ($i > 0) {
|
|
$filter_args .= ' or ';
|
|
}
|
|
$filter_args .= 'dst port '.$val_dstport[$i];
|
|
}
|
|
$filter_args .= ')';
|
|
}
|
|
if ($filter['src_port'] != 0) {
|
|
if ($filter_args == '') {
|
|
$filter_args .= ' "(';
|
|
} else {
|
|
$filter_args .= ' and (';
|
|
}
|
|
$val_srcport = explode(',', $filter['src_port']);
|
|
for($i = 0; $i < count ($val_srcport); $i++){
|
|
if ($i > 0) {
|
|
$filter_args .= ' or ';
|
|
}
|
|
$filter_args .= 'src port '.$val_srcport[$i];
|
|
}
|
|
$filter_args .= ')';
|
|
}
|
|
if ($filter_args != '') {
|
|
$filter_args .= '"';
|
|
$command .= $filter_args;
|
|
}
|
|
|
|
return $command;
|
|
}
|
|
|
|
?>
|