]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | #!/usr/bin/perl |
2 | # | |
3 | # SmoothWall CGIs | |
4 | # | |
5 | # This code is distributed under the terms of the GPL | |
6 | # | |
7 | # (c) The SmoothWall Team | |
8 | # | |
9 | # $Id: firewalllog.dat,v 1.4.2.18 2005/08/23 12:01:50 eoberlander Exp $ | |
10 | # | |
11 | # July 28, 2003 - Darren Critchley - darren@kdi.ca | |
71dfc4b7 | 12 | # - added source mac adapter to layout |
cd1a2927 MT |
13 | # |
14 | use strict; | |
15 | ||
dace10b5 MT |
16 | use Geo::IP::PurePerl; |
17 | use Getopt::Std; | |
18 | ||
cd1a2927 MT |
19 | # enable only the following on debugging purpose |
20 | #use warnings; | |
21 | #use CGI::Carp 'fatalsToBrowser'; | |
22 | ||
986e08d9 | 23 | require '/var/ipfire/general-functions.pl'; |
cd1a2927 MT |
24 | require "${General::swroot}/lang.pl"; |
25 | require "${General::swroot}/header.pl"; | |
26 | ||
f2fdd0c1 CS |
27 | my %color = (); |
28 | my %mainsettings = (); | |
29 | &General::readhash("${General::swroot}/main/settings", \%mainsettings); | |
30 | &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); | |
31 | ||
cd1a2927 MT |
32 | use POSIX(); |
33 | ||
34 | #workaround to suppress a warning when a variable is used only once | |
35 | my @dummy = ( ${Header::table2colour} ); | |
36 | undef (@dummy); | |
37 | ||
38 | my %cgiparams=(); | |
39 | my %logsettings=(); | |
40 | my $errormessage = ''; | |
41 | ||
42 | my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', | |
71dfc4b7 | 43 | 'Sep', 'Oct', 'Nov', 'Dec' ); |
cd1a2927 | 44 | my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, |
71dfc4b7 CS |
45 | $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, |
46 | $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, | |
47 | $Lang::tr{'december'} ); | |
cd1a2927 MT |
48 | |
49 | my @now = localtime(); | |
50 | my $dow = $now[6]; | |
51 | my $doy = $now[7]; | |
52 | my $tdoy = $now[7]; | |
53 | my $year = $now[5]+1900; | |
54 | ||
55 | $cgiparams{'DAY'} = $now[3]; | |
56 | $cgiparams{'MONTH'} = $now[4]; | |
57 | $cgiparams{'ACTION'} = ''; | |
58 | ||
59 | &Header::getcgihash(\%cgiparams); | |
60 | $logsettings{'LOGVIEW_REVERSE'} = 'off'; | |
61 | &General::readhash("${General::swroot}/logging/settings", \%logsettings); | |
62 | ${Header::viewsize} = defined ($logsettings{'LOGVIEW_VIEWSIZE'}) ? $logsettings{'LOGVIEW_VIEWSIZE'} : 150; | |
63 | ||
64 | my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index of firts line number to display | |
65 | ||
66 | if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) | |
67 | { | |
71dfc4b7 CS |
68 | my @temp = split(',',$ENV{'QUERY_STRING'}); |
69 | $start = $temp[0]; | |
70 | $cgiparams{'MONTH'} = $temp[1]; | |
71 | $cgiparams{'DAY'} = $temp[2]; | |
cd1a2927 MT |
72 | } |
73 | ||
74 | if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || | |
71dfc4b7 | 75 | !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) |
cd1a2927 | 76 | { |
71dfc4b7 CS |
77 | $cgiparams{'DAY'} = $now[3]; |
78 | $cgiparams{'MONTH'} = $now[4]; | |
cd1a2927 MT |
79 | } |
80 | elsif($cgiparams{'ACTION'} eq '>>') | |
81 | { | |
82 | my @temp_then=(); | |
83 | my @temp_now = localtime(time); | |
84 | $temp_now[4] = $cgiparams{'MONTH'}; | |
85 | $temp_now[3] = $cgiparams{'DAY'}; | |
71dfc4b7 | 86 | if ($cgiparams{'DAY'}) { |
cd1a2927 | 87 | @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); |
71dfc4b7 CS |
88 | ## Retrieve the same time on the next day + |
89 | ## 86400 seconds in a day | |
90 | } else { | |
91 | $temp_now[3] = 1; | |
92 | $temp_now[4] = ($temp_now[4]+1) %12; | |
93 | @temp_then = localtime(POSIX::mktime(@temp_now) ); | |
94 | $temp_then[3] = 0; | |
95 | } | |
cd1a2927 MT |
96 | $cgiparams{'MONTH'} = $temp_then[4]; |
97 | $cgiparams{'DAY'} = $temp_then[3]; | |
98 | } | |
99 | elsif($cgiparams{'ACTION'} eq '<<') | |
100 | { | |
101 | my @temp_then=(); | |
102 | my @temp_now = localtime(time); | |
103 | $temp_now[4] = $cgiparams{'MONTH'}; | |
104 | $temp_now[3] = $cgiparams{'DAY'}; | |
71dfc4b7 | 105 | if ($cgiparams{'DAY'}) { |
cd1a2927 | 106 | @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); |
71dfc4b7 CS |
107 | ## Retrieve the same time on the next day - |
108 | ## 86400 seconds in a day | |
109 | } else { | |
110 | $temp_now[3] = 1; | |
111 | $temp_now[4] = ($temp_now[4]-1) %12; | |
112 | @temp_then = localtime(POSIX::mktime(@temp_now) ); | |
113 | $temp_then[3] = 0; | |
114 | } | |
cd1a2927 MT |
115 | $cgiparams{'MONTH'} = $temp_then[4]; |
116 | $cgiparams{'DAY'} = $temp_then[3]; | |
117 | } | |
118 | ||
119 | # Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log | |
120 | my $gzindex; | |
121 | my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; | |
122 | ||
123 | { | |
124 | my $xday; | |
125 | ||
126 | # Calculate time. If future date, calculate for past year !!! | |
127 | if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || | |
128 | ( $cgiparams{'MONTH'} > $now[4] ) ) { | |
129 | $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); | |
130 | $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); | |
131 | } else { | |
132 | $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); | |
133 | $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; | |
134 | } | |
135 | ||
136 | # calculate end of active week (saturday 23H59) | |
137 | my @then = (); | |
138 | @then = localtime(time()); | |
139 | my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); | |
140 | $sunday += (6-$then[6]) * 86400; | |
141 | ||
142 | # Convert delta in second to full weeks | |
71dfc4b7 | 143 | $gzindex = int (($sunday-$xday)/604800 ); |
cd1a2927 | 144 | } |
71dfc4b7 | 145 | |
cd1a2927 MT |
146 | my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; |
147 | my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; | |
148 | ||
149 | my $lines = 0; | |
150 | my @log=(); | |
151 | ||
152 | my $loop = 1; | |
153 | my $filestr = 0; | |
154 | my $lastdatetime; # for debug | |
155 | my $search_for_end = 0; | |
71dfc4b7 | 156 | |
cd1a2927 MT |
157 | while ($gzindex >=0 && $loop) { |
158 | # calculate file name | |
159 | if ($gzindex == 0) { | |
160 | $filestr = "/var/log/messages"; | |
161 | } else { | |
162 | $filestr = "/var/log/messages.$gzindex"; | |
71dfc4b7 | 163 | $filestr = "$filestr.gz" if -f "$filestr.gz"; |
cd1a2927 | 164 | } |
71dfc4b7 CS |
165 | # now read file if existing |
166 | if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { | |
167 | #&General::log("reading $filestr"); | |
168 | READ:while (<FILE>) { | |
169 | my $line = $_; | |
170 | if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { | |
171 | # when standart viewing, just keep in memory the correct slice | |
172 | # it starts a '$start' and size is $viewport | |
173 | # If export, then keep all lines... | |
174 | if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ | |
175 | $log[$lines++] = "$line"; | |
176 | } else { | |
177 | if ($lines++ < ($start + $Header::viewsize)) { | |
178 | push(@log,"$line"); | |
179 | if (@log > $Header::viewsize) { | |
180 | shift (@log); | |
181 | } | |
182 | #} else { dont do this optimisation, need to count lines ! | |
183 | # $datetime = $maxtime; # we have read viewsize lines, stop main loop | |
184 | # last READ; # exit read file | |
185 | } | |
186 | } | |
187 | $search_for_end = 1; # we find the start of slice, can look for end now | |
188 | } else { | |
189 | if ($search_for_end == 1) { | |
190 | #finish read files when date is over (test month equality only) | |
191 | $line =~ /^(...) (..) ..:..:..*$/; | |
192 | $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); | |
193 | } | |
194 | } | |
195 | } | |
196 | close (FILE); | |
197 | } | |
198 | $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped | |
199 | # for a long time | |
cd1a2927 MT |
200 | }# while |
201 | ||
202 | # $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; | |
203 | ||
204 | if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) | |
205 | { | |
71dfc4b7 CS |
206 | print "Content-type: text/plain\n\n"; |
207 | print "IPFire firewall log\r\n"; | |
208 | print "$Lang::{'date'}: $date\r\n\r\n"; | |
209 | ||
210 | if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } | |
211 | ||
212 | foreach $_ (@log) | |
213 | { | |
214 | /^... (..) (..:..:..) [\w\-]+ kernel:.*(IN=.*)$/; | |
215 | my $day = $1; | |
216 | $day =~ tr / /0/; | |
217 | my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; | |
218 | print "$time $3\r\n"; | |
219 | ||
220 | } | |
221 | exit 0; | |
cd1a2927 MT |
222 | } |
223 | ||
224 | &Header::showhttpheaders(); | |
225 | ||
226 | &Header::openpage($Lang::tr{'firewall log'}, 1, ''); | |
227 | ||
228 | &Header::openbigbox('100%', 'left', '', $errormessage); | |
229 | ||
230 | if ($errormessage) { | |
71dfc4b7 CS |
231 | &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); |
232 | print "<font class='base'>$errormessage </font>\n"; | |
233 | &Header::closebox(); | |
cd1a2927 MT |
234 | } |
235 | ||
236 | &Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); | |
237 | ||
238 | print <<END | |
239 | <form method='post' action='$ENV{'SCRIPT_NAME'}'> | |
240 | <table width='100%'> | |
241 | <tr> | |
71dfc4b7 CS |
242 | <td width='10%' class='base'>$Lang::tr{'month'}: </td> |
243 | <td width='10%'> | |
244 | <select name='MONTH'> | |
cd1a2927 MT |
245 | END |
246 | ; | |
247 | for (my $month = 0; $month < 12; $month++) | |
248 | { | |
71dfc4b7 CS |
249 | print "\t<option "; |
250 | if ($month == $cgiparams{'MONTH'}) { | |
251 | print "selected='selected' "; } | |
252 | print "value='$month'>$longmonths[$month]</option>\n"; | |
cd1a2927 MT |
253 | } |
254 | print <<END | |
71dfc4b7 CS |
255 | </select> |
256 | </td> | |
257 | <td width='10%' class='base' align='right'> $Lang::tr{'day'}: </td> | |
258 | <td width='40%'> | |
259 | <select name='DAY'> | |
cd1a2927 MT |
260 | END |
261 | ; | |
262 | print "<option value='0'>$Lang::tr{'all'}</option>\n"; | |
263 | for (my $day = 1; $day <= 31; $day++) | |
264 | { | |
71dfc4b7 CS |
265 | print "\t<option "; |
266 | if ($day == $cgiparams{'DAY'}) { | |
267 | print "selected='selected' "; } | |
268 | print "value='$day'>$day</option>\n"; | |
cd1a2927 MT |
269 | } |
270 | print <<END | |
271 | </select> | |
272 | </td> | |
273 | <td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day before'}' value='<<' /></td> | |
274 | <td width='5%' align='center'><input type='submit' name='ACTION' title='$Lang::tr{'day after'}' value='>>' /></td> | |
275 | <td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'update'}' /></td> | |
276 | <td width='10%' align='center'><input type='submit' name='ACTION' value='$Lang::tr{'export'}' /></td> | |
277 | </tr> | |
278 | </table> | |
279 | </form> | |
280 | END | |
281 | ; | |
282 | ||
283 | &Header::closebox(); | |
284 | ||
285 | &Header::openbox('100%', 'left', $Lang::tr{'log'}); | |
286 | print "<p><b>$Lang::tr{'firewall hits'} $date: $lines</b></p>"; | |
287 | ||
288 | $start = $lines - ${Header::viewsize} if ($start >= $lines - ${Header::viewsize}); | |
289 | $start = 0 if ($start < 0); | |
290 | ||
291 | my $prev; | |
292 | if ($start == 0) { | |
71dfc4b7 | 293 | $prev = -1; |
cd1a2927 | 294 | } else { |
71dfc4b7 CS |
295 | $prev = $start - ${Header::viewsize}; |
296 | $prev = 0 if ( $prev < 0); | |
cd1a2927 | 297 | } |
71dfc4b7 | 298 | |
cd1a2927 MT |
299 | my $next; |
300 | if ($start == $lines - ${Header::viewsize}) { | |
301 | $next = -1; | |
302 | } else { | |
303 | $next = $start + ${Header::viewsize}; | |
304 | $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); | |
305 | } | |
306 | ||
307 | if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } | |
308 | if ($lines != 0) { &oldernewer(); } | |
309 | ||
310 | print <<END | |
311 | <table width='100%'> | |
312 | <tr> | |
71dfc4b7 CS |
313 | <td align='center' class='boldbase'><b>$Lang::tr{'time'}</b></td> |
314 | <td align='center' class='boldbase'><b>$Lang::tr{'chain'}</b></td> | |
315 | <td align='center' class='boldbase'><b>$Lang::tr{'iface'}</b></td> | |
316 | <td align='center' class='boldbase'><b>$Lang::tr{'proto'}</b></td> | |
317 | <td align='center' class='boldbase'><b>$Lang::tr{'source'}<br/>$Lang::tr{'destination'}</b></td> | |
318 | <td align='center' class='boldbase'><b>$Lang::tr{'src port'}<br />$Lang::tr{'dst port'}</b></td> | |
319 | <td align='center' class='boldbase'><b>Flag</b></td> | |
320 | <td align='center' class='boldbase'><b>$Lang::tr{'mac address'}</b></td> | |
cd1a2927 MT |
321 | </tr> |
322 | END | |
323 | ; | |
324 | ||
325 | ||
326 | $lines = 0; | |
327 | foreach $_ (@log) | |
328 | { | |
71dfc4b7 CS |
329 | /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; |
330 | my $day = $1; | |
331 | $day =~ tr / /0/; | |
332 | my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; | |
333 | my $comment = $3; | |
334 | my $packet = $4; | |
335 | ||
24614d7d | 336 | $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} |
71dfc4b7 CS |
337 | $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; |
338 | $packet =~ /DST=([\d\.]+)/; my $dstaddr=$1; | |
339 | $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1; | |
340 | $packet =~ /PROTO=(\w+)/; my $proto=$1; | |
341 | $packet =~ /SPT=(\d+)/; my $srcport=$1; | |
342 | $packet =~ /DPT=(\d+)/; my $dstport=$1; | |
343 | ||
344 | my $gi = Geo::IP::PurePerl->new(); | |
345 | my $ccode = $gi->country_code_by_name($srcaddr); | |
346 | my $fcode = lc($ccode); | |
347 | ||
348 | my $servi = uc(getservbyport($srcport, lc($proto))); | |
349 | if ($servi ne '' && $srcport < 1024) { | |
350 | $srcport = "$srcport($servi)"; } | |
351 | $servi = uc(getservbyport($dstport, lc($proto))); | |
352 | if ($servi ne '' && $dstport < 1024) { | |
353 | $dstport = "$dstport($servi)";} | |
354 | my @mactemp = split(/:/,$macaddr); | |
355 | $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]"; | |
356 | if ($lines % 2) { | |
f2fdd0c1 | 357 | print "<tr bgcolor='$color{'color20'}'>\n"; } |
71dfc4b7 | 358 | else { |
f2fdd0c1 | 359 | print "<tr bgcolor='$color{'color22'}'>\n"; } |
71dfc4b7 CS |
360 | print <<END |
361 | ||
362 | <td align='center'>$time</td> | |
363 | <td align='center'>$comment</td> | |
364 | <td align='center'>$iface</td> | |
365 | <td align='center'>$proto</td> | |
366 | <td align='center'><a href='/cgi-bin/ipinfo.cgi?ip=$srcaddr'>$srcaddr</a><br /><a href='/cgi-bin/ipinfo.cgi?ip=$dstaddr'>$dstaddr</a></td> | |
367 | <td align='center'>$srcport<br/>$dstport</td> | |
8c384f97 CS |
368 | END |
369 | ; | |
370 | if ( $fcode ne "" ){ | |
371 | print "<td align='center'><a href='../country.cgi#$fcode'><img src='/images/flags/$fcode.png' border='0' align='absmiddle' alt='$ccode'></a></td>";} | |
372 | else { | |
373 | print "<td align='center'></td>";} | |
374 | print <<END | |
71dfc4b7 | 375 | <td align='center'>$macaddr</td> |
cd1a2927 MT |
376 | </tr> |
377 | END | |
71dfc4b7 CS |
378 | ; |
379 | $lines++; | |
cd1a2927 MT |
380 | } |
381 | ||
382 | print "</table>"; | |
383 | ||
384 | &oldernewer(); | |
385 | ||
386 | &Header::closebox(); | |
387 | ||
388 | &Header::closebigbox(); | |
389 | ||
390 | &Header::closepage(); | |
391 | ||
392 | sub oldernewer | |
393 | { | |
394 | print <<END | |
395 | <table width='100%'> | |
396 | <tr> | |
397 | END | |
398 | ; | |
399 | ||
400 | print "<td align='center' width='50%'>"; | |
401 | if ($prev != -1) { | |
71dfc4b7 | 402 | print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'older'}</a>"; } |
cd1a2927 | 403 | else { |
71dfc4b7 | 404 | print "$Lang::tr{'older'}"; } |
cd1a2927 MT |
405 | print "</td>\n"; |
406 | ||
407 | print "<td align='center' width='50%'>"; | |
408 | if ($next >= 0) { | |
71dfc4b7 | 409 | print "<a href='/cgi-bin/logs.cgi/firewalllog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'}'>$Lang::tr{'newer'}</a>"; } |
cd1a2927 | 410 | else { |
71dfc4b7 | 411 | print "$Lang::tr{'newer'}"; } |
cd1a2927 MT |
412 | print "</td>\n"; |
413 | ||
414 | print <<END | |
415 | </tr> | |
416 | </table> | |
417 | END | |
418 | ; | |
419 | } | |
71dfc4b7 | 420 |