X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Flogs.cgi%2Ffirewalllog.dat;h=e67a40a9f506d4712c3ac1255c38b4e54f5938aa;hp=7525626668b6aa595b1a6dca0221a385032210b4;hb=00793c27c929b68a21c4ef07044fbbb68942a192;hpb=15847a8001e5adda6bf253f3c329fce11d5a05b1 diff --git a/html/cgi-bin/logs.cgi/firewalllog.dat b/html/cgi-bin/logs.cgi/firewalllog.dat index 7525626668..e67a40a9f5 100644 --- a/html/cgi-bin/logs.cgi/firewalllog.dat +++ b/html/cgi-bin/logs.cgi/firewalllog.dat @@ -13,7 +13,6 @@ # use strict; -use Geo::IP::PurePerl; use Getopt::Std; # enable only the following on debugging purpose @@ -21,6 +20,7 @@ use Getopt::Std; #use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/geoip-functions.pl"; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; @@ -40,11 +40,11 @@ my %logsettings=(); my $errormessage = ''; my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', - 'Sep', 'Oct', 'Nov', 'Dec' ); + 'Sep', 'Oct', 'Nov', 'Dec' ); my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, - $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, - $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, - $Lang::tr{'december'} ); + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); my @now = localtime(); my $dow = $now[6]; @@ -65,55 +65,55 @@ my $start = ($logsettings{'LOGVIEW_REVERSE'} eq 'on') ? 0x7FFFF000 : 0; #index o if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) { - my @temp = split(',',$ENV{'QUERY_STRING'}); - $start = $temp[0]; - $cgiparams{'MONTH'} = $temp[1]; - $cgiparams{'DAY'} = $temp[2]; + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; } if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || - !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) + !($cgiparams{'DAY'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) { - $cgiparams{'DAY'} = $now[3]; - $cgiparams{'MONTH'} = $now[4]; + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; } elsif($cgiparams{'ACTION'} eq '>>') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); - ## Retrieve the same time on the next day + - ## 86400 seconds in a day - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]+1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + if ($cgiparams{'DAY'}) { + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day + + ## 86400 seconds in a day + } else { + $temp_now[3] = 1; + $temp_now[4] = ($temp_now[4]+1) %12; + @temp_then = localtime(POSIX::mktime(@temp_now) ); + $temp_then[3] = 0; + } + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { - my @temp_then=(); - my @temp_now = localtime(time); - $temp_now[4] = $cgiparams{'MONTH'}; - $temp_now[3] = $cgiparams{'DAY'}; - if ($cgiparams{'DAY'}) { - @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); - ## Retrieve the same time on the next day - - ## 86400 seconds in a day - } else { - $temp_now[3] = 1; - $temp_now[4] = ($temp_now[4]-1) %12; - @temp_then = localtime(POSIX::mktime(@temp_now) ); - $temp_then[3] = 0; - } - $cgiparams{'MONTH'} = $temp_then[4]; - $cgiparams{'DAY'} = $temp_then[3]; + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + if ($cgiparams{'DAY'}) { + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + } else { + $temp_now[3] = 1; + $temp_now[4] = ($temp_now[4]-1) %12; + @temp_then = localtime(POSIX::mktime(@temp_now) ); + $temp_then[3] = 0; + } + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; } # Find in which file.gz is the log. Can be calculated because WEEKLY ROTATING of access.log @@ -121,104 +121,104 @@ my $gzindex; my $date = $cgiparams{'DAY'} == 0 ? '' : $cgiparams{'DAY'} <= 9 ? "0$cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; { - my $xday; - - # Calculate time. If future date, calculate for past year !!! - if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || - ( $cgiparams{'MONTH'} > $now[4] ) ) { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); - } else { - $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); - $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; - } - - # calculate end of active week (saturday 23H59) - my @then = (); - @then = localtime(time()); - my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); - $sunday += (6-$then[6]) * 86400; - - # Convert delta in second to full weeks - $gzindex = int (($sunday-$xday)/604800 ); + my $xday; + + # Calculate time. If future date, calculate for past year !!! + if (( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 ); + $date = "$longmonths[$cgiparams{'MONTH'}] $date, ". int($year-1); + } else { + $xday = POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 ); + $date = "$longmonths[$cgiparams{'MONTH'}] $date, $year"; + } + + # calculate end of active week (saturday 23H59) + my @then = (); + @then = localtime(time()); + my $sunday = POSIX::mktime( 0, 0, 0, @then[3], @then[4], @then[5]); + $sunday += (6-$then[6]) * 86400; + + # Convert delta in second to full weeks + $gzindex = int (($sunday-$xday)/604800 ); } - + my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; my $daystr = $cgiparams{'DAY'} == 0 ? '..' : $cgiparams{'DAY'} <= 9 ? " $cgiparams{'DAY'}" : "$cgiparams{'DAY'}"; - + my $lines = 0; my @log=(); my $loop = 1; my $filestr = 0; -my $lastdatetime; # for debug +my $lastdatetime; # for debug my $search_for_end = 0; - + while ($gzindex >=0 && $loop) { - # calculate file name - if ($gzindex == 0) { - $filestr = "/var/log/messages"; - } else { - $filestr = "/var/log/messages.$gzindex"; - $filestr = "$filestr.gz" if -f "$filestr.gz"; - } - # now read file if existing - if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { - #&General::log("reading $filestr"); - READ:while () { - my $line = $_; - if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { - # when standart viewing, just keep in memory the correct slice - # it starts a '$start' and size is $viewport - # If export, then keep all lines... - if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ - $log[$lines++] = "$line"; - } else { - if ($lines++ < ($start + $Header::viewsize)) { - push(@log,"$line"); - if (@log > $Header::viewsize) { - shift (@log); - } - #} else { dont do this optimisation, need to count lines ! - # $datetime = $maxtime; # we have read viewsize lines, stop main loop - # last READ; # exit read file - } - } - $search_for_end = 1; # we find the start of slice, can look for end now - } else { - if ($search_for_end == 1) { - #finish read files when date is over (test month equality only) - $line =~ /^(...) (..) ..:..:..*$/; - $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); - } - } - } - close (FILE); - } - $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped - # for a long time + # calculate file name + if ($gzindex == 0) { + $filestr = "/var/log/messages"; + } else { + $filestr = "/var/log/messages.$gzindex"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + # now read file if existing + if (open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr))) { + #&General::log("reading $filestr"); + READ:while () { + my $line = $_; + if ($line =~ /^${monthstr} ${daystr} ..:..:.. [\w\-]+ kernel:.*IN=.*$/) { + # when standart viewing, just keep in memory the correct slice + # it starts a '$start' and size is $viewport + # If export, then keep all lines... + if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}){ + $log[$lines++] = "$line"; + } else { + if ($lines++ < ($start + $Header::viewsize)) { + push(@log,"$line"); + if (@log > $Header::viewsize) { + shift (@log); + } + #} else { dont do this optimisation, need to count lines ! + # $datetime = $maxtime; # we have read viewsize lines, stop main loop + # last READ; # exit read file + } + } + $search_for_end = 1; # we find the start of slice, can look for end now + } else { + if ($search_for_end == 1) { + #finish read files when date is over (test month equality only) + $line =~ /^(...) (..) ..:..:..*$/; + $loop = 0 if ( ($1 ne $monthstr) || ( ($daystr ne '..') && ($daystr ne $2) ) ); + } + } + } + close (FILE); + } + $gzindex--; # will try next gz file eg 40,39,38,.... because it may have holes when ipcop stopped + # for a long time }# while # $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) { - print "Content-type: text/plain\n\n"; - print "IPFire firewall log\r\n"; - print "$Lang::{'date'}: $date\r\n\r\n"; - - if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } - - foreach $_ (@log) - { - /^... (..) (..:..:..) [\w\-]+ kernel:.*(IN=.*)$/; - my $day = $1; - $day =~ tr / /0/; - my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - print "$time $3\r\n"; - - } - exit 0; + print "Content-type: text/plain\n\n"; + print "IPFire firewall log\r\n"; + print "$Lang::{'date'}: $date\r\n\r\n"; + + if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } + + foreach $_ (@log) + { + /^... (..) (..:..:..) [\w\-]+ kernel:.*(IN=.*)$/; + my $day = $1; + $day =~ tr / /0/; + my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; + print "$time $3\r\n"; + + } + exit 0; } &Header::showhttpheaders(); @@ -228,9 +228,9 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'export'}) &Header::openbigbox('100%', 'left', '', $errormessage); if ($errormessage) { - &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); - print "$errormessage \n"; - &Header::closebox(); + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage \n"; + &Header::closebox(); } &Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); @@ -239,33 +239,35 @@ print < - - + - - + + - - - - - - - - + + + + + + + + END ; @@ -327,61 +329,74 @@ END $lines = 0; foreach $_ (@log) { - /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; - my $day = $1; - $day =~ tr / /0/; - my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; - my $comment = $3; - my $packet = $4; - - my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); - $iface=$1 if $packet =~ /IN=(\w+)/; - $srcaddr=$1 if $packet =~ /SRC=([\d\.]+)/; - $dstaddr=$1 if $packet =~ /DST=([\d\.]+)/; - $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; - $proto=$1 if $packet =~ /PROTO=(\w+)/; - $srcport=$1 if $packet =~ /SPT=(\d+)/; - $dstport=$1 if $packet =~ /DPT=(\d+)/; - - my $gi = Geo::IP::PurePerl->new(); - my $ccode = $gi->country_code_by_name($srcaddr); - my $fcode = lc($ccode); - - my $servi = uc(getservbyport($srcport, lc($proto))); - if ($servi ne '' && $srcport < 1024) { - $srcport = "$srcport($servi)"; } - $servi = uc(getservbyport($dstport, lc($proto))); - if ($servi ne '' && $dstport < 1024) { - $dstport = "$dstport($servi)";} - my @mactemp = split(/:/,$macaddr); - $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]"; - my $col=""; - if ($lines % 2) { - print ""; - $col="bgcolor='$color{'color20'}'"; } - else { - print ""; - $col="bgcolor='$color{'color22'}'"; } - print <$time - - - - - + # If ipv6 uses a bridge, PHYSIN= contains the relevant iface information + # otherwise use IN= + my $packet = ''; + if ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)(PHYSIN=.*)$/) { $packet = $5; } + elsif ($_ =~ /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/) { $packet = $4; } + my $day = $1; + $day =~ tr / /0/; + my $time = $cgiparams{'DAY'} ? "$2" : "$day/$2" ; + my $chain = $3; + + my ($iface, $srcaddr, $dstaddr, $macaddr, $proto, $srcport, $dstport); + if ($packet =~ /PHYSIN=(\w+)/) { $iface=$1; } elsif ($packet =~ /IN=(\w+)/) { $iface = $1; } + # Identify whether ipv4 or ipv6. Both are mutally exclusive. + if ($packet =~ /SRC\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $srcaddr=$1; } + if ($packet =~ /SRC\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $srcaddr=$1; } + if ($packet =~ /DST\=(([\d]{1,3})(\.([\d]{1,3})){3})/) { $dstaddr=$1; } + if ($packet =~ /DST\=(([0-9a-fA-F]{0,4})(\:([0-9a-fA-F]{0,4})){2,7})/) { $dstaddr=$1; } + $macaddr=$1 if $packet =~ /MAC=([\w+\:]+)/; + $proto=$1 if $packet =~ /PROTO=(\w+)/; + $srcport=$1 if $packet =~ /SPT=(\d+)/; + $dstport=$1 if $packet =~ /DPT=(\d+)/; + + my $ccode = &GeoIP::lookup($srcaddr); + + my $servi = uc(getservbyport($srcport, lc($proto))); + if ($servi ne '' && $srcport < 1024) { + $srcport = "$srcport($servi)"; + } + $servi = uc(getservbyport($dstport, lc($proto))); + if ($servi ne '' && $dstport < 1024) { + $dstport = "$dstport($servi)"; + } + my @mactemp = split(/:/,$macaddr); + $macaddr = "$mactemp[6]:$mactemp[7]:$mactemp[8]:$mactemp[9]:$mactemp[10]:$mactemp[11]"; + my $col=""; + if ($lines % 2) { + print ""; + $col="bgcolor='$color{'color20'}'"; + } + else { + print ""; + $col="bgcolor='$color{'color22'}'"; + } + print <$time + + + + + END -; - if ( $fcode ne "" ){ - print "";} - else { - print "";} - print <$macaddr - + ; + # Get flag icon for of the country. + my $flag_icon = &GeoIP::get_flag_icon($ccode); + + if ( $flag_icon) { + print ""; + } else { + print ""; + } + + print <$macaddr + END - ; - $lines++; + ; + $lines++; } print "
$Lang::tr{'month'}:  - $Lang::tr{'month'}:  +  $Lang::tr{'day'}:  - +  $Lang::tr{'day'}:  +
$Lang::tr{'time'}$Lang::tr{'chain'}$Lang::tr{'iface'}$Lang::tr{'proto'}$Lang::tr{'source'}
$Lang::tr{'destination'}		$Lang::tr{'src port'}
$Lang::tr{'dst port'}		$Lang::tr{'country'}$Lang::tr{'mac address'}$Lang::tr{'time'}$Lang::tr{'chain'}$Lang::tr{'iface'}$Lang::tr{'proto'}$Lang::tr{'source'}
$Lang::tr{'destination'}		$Lang::tr{'src port'}
$Lang::tr{'dst port'}		$Lang::tr{'country'}$Lang::tr{'mac address'}
$comment$iface$proto$srcaddr
$dstaddr		$srcport
$dstport
$chain$iface$proto$srcaddr
$dstaddr		$srcport
$dstport		$ccode
$ccode
"; @@ -396,32 +411,36 @@ print ""; sub oldernewer { -print < - + print < + END -; - -print ""; -if ($prev != -1) { - print "$Lang::tr{'first'} "; - print "$Lang::tr{'older'}"; } -else { - print "$Lang::tr{'first'} $Lang::tr{'older'}"; } -print "\n"; - -print ""; -if ($next >= 0) { - print "$Lang::tr{'newer'} "; - print "$Lang::tr{'last'}"; } -else { - print "$Lang::tr{'newer'} $Lang::tr{'last'} "; } -print "\n"; - -print < - + ; + + print ""; + if ($prev != -1) { + print "$Lang::tr{'first'} "; + print "$Lang::tr{'older'}"; + } + else { + print "$Lang::tr{'first'} $Lang::tr{'older'}"; + } + print "\n"; + + print ""; + if ($next >= 0) { + print "$Lang::tr{'newer'} "; + print "$Lang::tr{'last'}"; + } + else { + print "$Lang::tr{'newer'} $Lang::tr{'last'} "; + } + print "\n"; + + print < + END -; + ; }