X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Flogs.cgi%2Ffirewalllog.dat;h=361bf0432740e7b74b1395f1470fdca0e6efbcbd;hb=07e42be9783ddfe2c6e49d98676fcdb7f2dfecd7;hp=3857f7d8e8ed6f231805eef80b9925655e64dc01;hpb=986e08d996eadd906ecbe6c9ac8ad48aa78bd854;p=ipfire-2.x.git diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index 3857f7d8e8..361bf04327 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -9,11 +9,10 @@ # $Id: firewalllog.dat,v 1.4.2.18 2005/08/23 12:01:50 eoberlander Exp $ # # July 28, 2003 - Darren Critchley - darren@kdi.ca -# - added source mac adapter to layout +# - added source mac adapter to layout # use strict; -use Geo::IP::PurePerl; use Getopt::Std; # enable only the following on debugging purpose @@ -21,9 +20,15 @@ use Getopt::Std; #use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/location-functions.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + use POSIX(); #workaround to suppress a warning when a variable is used only once @@ -74,41 +79,41 @@ if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day + - ## 86400 seconds in a day + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day + + ## 86400 seconds in a day } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]+1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; + $temp_now[3] = 1; + $temp_now[4] = ($temp_now[4]+1) %12; + @temp_then = localtime(POSIX::mktime(@temp_now) ); + $temp_then[3] = 0; } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]-1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; + $temp_now[3] = 1; + $temp_now[4] = ($temp_now[4]-1) %12; + @temp_then = localtime(POSIX::mktime(@temp_now) ); + $temp_then[3] = 0; } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } # Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log @@ -116,82 +121,82 @@ my $gzindex; my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; { - my $xday; - - # Calculate time. If future date, calculate for past year !!! - if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); - } else { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; - } - - # calculate end of active week (saturday 23H59) - my @then = (); - @then = localtime(time()); - my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); - $sunday += (6-$then[6]) * 86400; - - # Convert delta in second to full weeks + my $xday; + + # Calculate time. If future date, calculate for past year !!! + if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); + $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); + } else { + $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); + $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; + } + + # calculate end of active week (saturday 23H59) + my @then = (); + @then = localtime(time()); + my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); + $sunday += (6-$then[6]) * 86400; + + # Convert delta in second to full weeks $gzindex = int (($sunday-$xday)/604800 ); } - + my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - + my $lines = 0; my @log=(); my $loop = 1; my $filestr = 0; -my $lastdatetime; # for debug +my $lastdatetime; # for debug my $search_for_end = 0; - + while ($gzindex >=0 && $loop) { - # calculate file name - if ($gzindex == 0) { - $filestr = "/var/log/messages"; - } else { - $filestr = "/var/log/messages.$gzindex"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } + # calculate file name + if ($gzindex == 0) { + $filestr = "/var/log/messages"; + } else { + $filestr = "/var/log/messages.$gzindex"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } # now read file if existing if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { - #&General::log("reading $filestr"); - READ:while () { - my $line = $_; - if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { - # when standart viewing, just keep in memory the correct slice - # it starts a '$start' and size is $viewport - # If export, then keep all lines... - if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ - $log[$lines++] = "$line"; - } else { - if ($lines++ < ($start + $Header::viewsize)) { - push(@log,"$line"); - if (@log > $Header::viewsize) { - shift (@log); - } - #} else { dont do this optimisation, need to count lines ! - # $datetime = $maxtime; # we have read viewsize lines, stop main loop - # last READ; # exit read file + #&General::log("reading $filestr"); + READ:while () { + my $line = $_; + if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { + # when standart viewing, just keep in memory the correct slice + # it starts a '$start' and size is $viewport + # If export, then keep all lines... + if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ + $log[$lines++] = "$line"; + } else { + if ($lines++ < ($start + $Header::viewsize)) { + push(@log,"$line"); + if (@log > $Header::viewsize) { + shift (@log); + } + #} else { dont do this optimisation, need to count lines ! + # $datetime = $maxtime; # we have read viewsize lines, stop main loop + # last READ; # exit read file + } + } + $search_for_end = 1; # we find the start of slice, can look for end now + } else { + if ($search_for_end == 1) { + #finish read files when date is over (test month equality only) + $line =~ /^(...) (..) ..:..:..*$/; + $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); + } } - } - $search_for_end = 1; # we find the start of slice, can look for end now - } else { - if ($search_for_end == 1) { - #finish read files when date is over (test month equality only) - $line =~ /^(...) (..) ..:..:..*$/; - $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); - } } - } - close (FILE); + close (FILE); } $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped - # for a long time + # for a long time }# while # $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; @@ -228,7 +233,7 @@ if ($errormessage) { &Header::closebox(); } -&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); +&Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); print < @@ -243,7 +248,8 @@ for (my $month = 0; $month < 12; $month++) { print "\t\n"; } print <$day\n"; } print <$Lang::tr{'firewall hits'} $date: $lines

"; -$start = $lines - ${Header::viewsize} if ($start >= $lines - ${Header::viewsize}); +my $lastPageIndex = $lines - ${Header::viewsize}; +$start = $lastPageIndex if ($start >= $lastPageIndex); $start = 0 if ($start < 0); my $prev; - if ($start == 0) { +if ($start == 0) { $prev = -1; - } else { +} else { $prev = $start - ${Header::viewsize}; $prev = 0 if ( $prev < 0); - } - +} + my $next; - if ($start == $lines - ${Header::viewsize}) { - $next = -1; - } else { - $next = $start + ${Header::viewsize}; - $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); - } +if ($start == $lastPageIndex) { + $next = -1; +} else { + $next = $start + ${Header::viewsize}; + $next = $lines - ${Header::viewsize} if ($next >= $lines - ${Header::viewsize}); +} if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } if ($lines != 0) { &oldernewer(); } print < + - - - - - - - - - - + + + + + + + + END ; @@ -323,54 +329,72 @@ END $lines = 0; foreach $_ (@log) { - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information + # otherwise use IN= + my $packet = ''; + if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; } + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) { $packet = $4; } my $day = $1; $day =~ tr / /0/; my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - my $comment = $3; - my $packet = $4; - - $packet =~ /IN=(\w+)/; my $iface=$1; - $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; - $packet =~ /DST=([\d\.]+)/; my $dstaddr=$1; - $packet =~ /MAC=([\w+\:]+)/; my $macaddr=$1; - $packet =~ /PROTO=(\w+)/; my $proto=$1; - $packet =~ /SPT=(\d+)/; my $srcport=$1; - $packet =~ /DPT=(\d+)/; my $dstport=$1; - - my $gi = Geo::IP::PurePerl->new(); - my $ccode = $gi->country_code_by_name($srcaddr); - my $fcode = lc($ccode); + my $chain = $3; + + my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } + # Identify whether ipv4 or ipv6. Both are mutally exclusive. + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; } + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; } + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; } + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; } + $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; + $proto=$1 if $packet =~ /PROTO=(\w+)/; + $srcport=$1 if $packet =~ /SPT=(\d+)/; + $dstport=$1 if $packet =~ /DPT=(\d+)/; + + # Get the country code. + my $ccode = &Location::Functions::lookup_country_code($srcaddr); my $servi = uc(getservbyport($srcport, lc($proto))); if ($servi ne '' && $srcport < 1024) { - $srcport = "$srcport($servi)"; } + $srcport = "$srcport($servi)"; + } $servi = uc(getservbyport($dstport, lc($proto))); if ($servi ne '' && $dstport < 1024) { - $dstport = "$dstport($servi)";} + $dstport = "$dstport($servi)"; + } my @mactemp = split(/:/,$macaddr); $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]"; + my $col=""; if ($lines % 2) { - print "\n"; } + print ""; + $col="bgcolor='$color{'color20'}'"; + } else { - print "\n"; } + print ""; + $col="bgcolor='$color{'color22'}'"; + } print <$time - - - - - - - - - - + + + + + + +END + ; + # Get flag icon for of the country. + my $flag_icon = &Location::Functions::get_flag_icon($ccode); + + if ( $flag_icon) { + print ""; + } else { + print ""; + } + + print <$macaddr + END ; $lines++; @@ -388,29 +412,36 @@ print "
$Lang::tr{'time'}$Lang::tr{'chain'}$Lang::tr{'iface'}$Lang::tr{'proto'}$Lang::tr{'source'}Flag$Lang::tr{'src port'}$Lang::tr{'mac address'}$Lang::tr{'destination'}$Lang::tr{'dst port'}$Lang::tr{'time'}$Lang::tr{'chain'}$Lang::tr{'iface'}$Lang::tr{'proto'}$Lang::tr{'source'}
$Lang::tr{'destination'}		$Lang::tr{'src port'}
$Lang::tr{'dst port'}		$Lang::tr{'country'}$Lang::tr{'mac address'}
$comment$iface$proto$srcaddr$ccode$srcport$macaddr - - -
$dstaddr
- 		$dstport
$time$chain$iface$proto$srcaddr
$dstaddr		$srcport
$dstport		$ccode
"; sub oldernewer { -print < - + print < + END -; + ; -print ""; -if ($prev != -1) { - print "$Lang::tr{'older'}"; } -else { - print "$Lang::tr{'older'}"; } -print "\n"; + print ""; + if ($prev != -1) { + print "$Lang::tr{'first'} "; + print "$Lang::tr{'older'}"; + } + else { + print "$Lang::tr{'first'} $Lang::tr{'older'}"; + } + print "\n"; -print ""; -if ($next >= 0) { - print "$Lang::tr{'newer'}"; } -else { - print "$Lang::tr{'newer'}"; } -print "\n"; + print ""; + if ($next >= 0) { + print "$Lang::tr{'newer'} "; + print "$Lang::tr{'last'}"; + } + else { + print "$Lang::tr{'newer'} $Lang::tr{'last'} "; + } + print "\n"; -print < - + print < + END -; + ; } +