#!/usr/bin/perl
#
#
# PIX Logging Architecture
# [Kristof Philipsen]
#
# This file is part of PIX Logging Architecture
#
# PIX Logging Architecture is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PIX Logging Architecture is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PIX Logging Architecture; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                                                                                                                                                                                                  
use DBI;
use CGI;
                                                                                                                                                                                                  
#
# include configuration
#
require "conf.pl";      # General Configuration
require "subs.pl";      # Subroutines
                                                                                                                                                                                                  
#
# Make Database Connection
#
db_connect();
                                                                                                                                                                                                  
#
# Get CGI Parameters
#
$query = new CGI;
$id = clean_input($query->param("id"));
$datetime = clean_input($query->param("date"));
($date,$time) = split(" ",$datetime);

$matchdatabase = $query->param("showmatches");
$showmatches=$matchdatabase;
$showoptions = $query->param("showoptions");
$showgeneral = $query->param("showgeneral");
$showspecific = $query->param("showspecific");

if (length($showgeneral) < "1") {
    $showgeneral="1";
}

if (length($showspecific) < "1") {
    $showspecific="1";
}

if (length($showoptions) < "1") {
    $showoptions="0";
}

if (length($matchdatabase) < "1") {
    $matchdatabase="0";
    $showmatches="0";
}


#
# HTML SECTION
#
printtitle();

print <<EOF;
<span class='titlehead'><b>PIX IDS Logs > $date > Log ID: $id</b></span>
<br><br>
EOF
$getidall = "SELECT log_resource, log_time, log_protocol, log_src_ip, log_dst_ip, log_signature FROM ids_log WHERE log_id = \"$id\"";
$statement2 = $db_handle->prepare($getidall) or die "Couldn't prepare query '$getidall': $DBI::errstr\n";
$statement2->execute();
while (($log_resource,$log_time,$log_protocol,$log_src_ip,$log_dst_ip,$log_signature) = $statement2->fetchrow) {
my ($name, $altnames,$addrtype,$len,$packaddr,@bytes);
$log_src_ip =~ s/^\s+|\s+$//g; 
@bytes = split (/\./, $log_src_ip);
$packaddr = pack ("C4", @bytes);
if (!(($name, $altnames, $addrtype, $len, @addrlist) =gethostbyaddr ($packaddr, 2))) {
    $host_src_ip = "0";
}else{
    $host_src_ip = $name;
}
$log_dst_ip =~ s/^\s+|\s+$//g;
@bytes = split (/\./, $log_dst_ip);
$packaddr = pack ("C4", @bytes);
if (!(($name, $altnames, $addrtype, $len, @addrlist) =gethostbyaddr ($packaddr, 2))) {
    $host_dst_ip = "0";
}else{
    $host_dst_ip = $name;
}
print <<EOF;
<table width="70% bgcolor="#ffffff" cellpadding="0" cellspacing="0" border="0">
<td bgcolor="#5479d8"><span class="main"><font color="#ffffff"><b>PIX IDS ID: $id</b></font></span></td>
<td bgcolor="#5479d8" align="right" valign="top"><span class="main"></span></td>
<tr>
<td bgcolor="#000000" height="2"></td>
<td bgcolor="#000000" height="2"></td>
<tr>
<td bgcolor="#d9d9d9"></td>
<td align="right" valign="top" bgcolor="#d9d9d9">
<a href="$pix_ids_id?id=$id&date=$datetime&showmatches=1&showoptions=1&showgeneral=1&showspecific=1" class="bodylink"><img src="images/pla_plus.gif" align="bottom" border="0"></img> expand all</a>
&nbsp;&nbsp;<a href="$pix_ids_id?id=$id&date=$datetime&showmatches=0&showoptions=0&showgeneral=0&showspecific=0" class="bodylink"><img src="images/pla_minus.gif" align="bottom" border="0"></img> collapse all</a>
</td>
<tr>
<td height="10"></td>
<td height="10"></td>
<tr>
EOF

if ($showgeneral eq "0") {
print <<EOF;
<td width="150" bgcolor="#5479d8">
&nbsp;<a href="$pix_ids_id?id=$id&date=$datetime&showmatches=$showmatches&showoptions=$showoptions&showgeneral=1&showspecific=$showspecific"><img src="images/pla_plus.gif" border="0"></img></a> <span class="button">General Log Details</span>
</td>
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
EOF
}




if ($showgeneral eq "1") {
print <<EOF;
<td width="150" bgcolor="#5479d8">
&nbsp;<a href="$pix_ids_id?id=$id&date=$datetime&showmatches=$showmatches&showoptions=$showoptions&showgeneral=0&showspecific=$showspecific"><img src="images/pla_minus.gif" border="0"></a> <span class="button">General Log Details</span>
</td>
<td>
<br>
</td>
<tr>
<td height="2" bgcolor="#000000"></td>
<td height="2" bgcolor="#000000"></td>
<tr>
<td width="150">
<span class="main">
<img src="images/pla_blank.gif" align="middle"> Logging Resource:
</span>
</td>
<td>
<span class="main">
<img src="images/pix_device.png" align="top"></img> $log_resource
</span>
</td>
<tr>
<td width="150">
<span class="main">
<img src="images/pla_blank.gif" align="middle">  Logging Date/Time:
</span>
</td>
<td>
<span class="main">
$log_time
</span>
</td>
<tr>
<td width="150">
<span class="main">
<img src="images/pla_blank.gif" align="middle">  IDS Log Signature:
</span>
</td>
<td>
<span class="main">
$log_signature
</span>
</td>
<tr>
<td width="150">
<span class="main">
<img src="images/pla_blank.gif" align="middle">  Traffic Protocol:
</span>
</td>
<td>
<span class="main">
EOF

if ($log_protocol eq "TCP") {
print <<EOF;
<img src="images/tcp_service.png" align="top"></img> $log_protocol
EOF
}

if ($log_protocol eq "UDP") {
print <<EOF;
<img src="images/udp_service.png" align="top"></img> $log_protocol
EOF
}

if ($log_protocol eq "ICMP") {
print <<EOF;
<img src="images/icmp_service.png" align="top"></img> $log_protocol
EOF
}

print <<EOF;
</span>
</td>
<tr>
<td><td></td>
<td><br></td>
<tr>
<td></td>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
EOF
}

if ($showspecific eq "0") {

print <<EOF;
<td width="150" bgcolor="#5479d8">
&nbsp;<a href="$pix_ids_id?id=$id&date=$datetime&showmatches=$showmatches&showoptions=$showoptions&showgeneral=$showgeneral&showspecific=1"><img src="images/pla_plus.gif" border="0"> <span class="button">Specific Log Details</span>
</td>
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
EOF

}


if ($showspecific eq "1") {

print <<EOF;
<td width="150" bgcolor="#5479d8">
&nbsp;<a href="$pix_ids_id?id=$id&date=$datetime&showmatches=$showmatches&showoptions=$showoptions&showgeneral=$showgeneral&showspecific=0"><img src="images/pla_minus.gif" border="0"></a> <span class="button">Specific Log Details</span>
</td>
<td>
<br>
</td>
<tr>
<td height="2" bgcolor="#000000"></td>
<td height="2" bgcolor="#000000"></td>
<tr>
<td height="2"></td>
<td height="2"></td>
<tr>
<td width="150">
<span class="main">
<img src="images/pla_blank.gif" align="middle">  Source IP:
</span>
</td>
<td>
<span class="main">
$log_src_ip
EOF
if ($host_src_ip ne "0") {
   print "(<i>$host_src_ip</i>)";
}
print <<EOF;
&nbsp;[ <a href="src-whois?ip=$log_src_ip" class="bodylink">whois</span></a> ]
</span>
</td>
<tr>
<td width="150">
<span class="main">
<img src="images/pla_blank.gif" align="middle"> Dest. IP:
</span>
</td>
<td>
<span class="main">
$log_dst_ip
EOF
if ($host_dst_ip ne "0") {
   print "(<i>$host_dst_ip</i>)";
}
print <<EOF;
&nbsp;[ <a href="src-whois?ip=$log_dst_ip" class="bodylink">whois</span></a> ]
</span>
</td>
</span>
</td>
<tr>
<td><td></td>
<td><br></td>
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
EOF

}

if ($matchdatabase ne "1") {
print <<EOF;
<td width="150" bgcolor="#5479d8">
&nbsp;<a href="$pix_ids_id?id=$id&date=$datetime&showmatches=1&showoptions=$showoptions&showgeneral=$showgeneral&showspecific=$showspecific"><img src="images/pla_plus.gif" border="0"></a> <span class="button">Database Matches</span>
</td>
<td></td>
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
EOF

}

if ($matchdatabase eq "1") {

print <<EOF;

<td width="150" bgcolor="#5479d8">
&nbsp;<a href="$pix_traffic_id?id=$id&date=$datetime&showmatches=0&showoptions=$showoptions&showgeneral=$showgeneral&showspecific=$showspecific"><img src="images/pla_minus.gif" border="0"></a> <span class="button">Database Matches</span>
</td>
<tr>
<td height="2" bgcolor="#000000"></td>
<td height="2" bgcolor="#000000"></td>
<tr>
<td height="2"></td>
<td height="2"></td>
<tr>
EOF

$dbMatch1="SELECT count(*) FROM ids_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_dst_ip LIKE  \"$log_dst_ip\" ";
$dbMatch1_bis = $db_handle->prepare($dbMatch1);
$dbMatch1_bis->execute();
while ($dbMatch1_result = $dbMatch1_bis->fetchrow) {
print <<EOF;
<td width="150">
<img src="images/pla_blank.gif" align="middle"> <b>>></b>
<span class="main">
Matches: <a href="./pix_search_result_ids?src_ip=$log_src_ip&dst_ip=$log_dst_ip" class="bodylink">$dbMatch1_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) to DEST IP ($log_dst_ip).
</span>
</td>
<tr>
EOF

$dbMatch2="SELECT count(*) FROM ids_log WHERE log_src_ip LIKE \"$log_src_ip\" ";
$dbMatch2_bis = $db_handle->prepare($dbMatch2);
$dbMatch2_bis->execute();
while ($dbMatch2_result = $dbMatch2_bis->fetchrow) {
print <<EOF;
<td width="150">
<img src="images/pla_blank.gif" align="middle"> <b>>></b>
<span class="main">
Matches: <a href="./pix_search_result_ids?src_ip=$log_src_ip" class="bodylink">$dbMatch2_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) to ANY IP.
</span>
</td>
<tr>
EOF

$dbMatch3="SELECT count(*) FROM ids_log WHERE log_dst_ip LIKE \"$log_dst_ip\" ";
$dbMatch3_bis = $db_handle->prepare($dbMatch3);
$dbMatch3_bis->execute();
while ($dbMatch3_result = $dbMatch3_bis->fetchrow) {
print <<EOF;
<td width="150">
<img src="images/pla_blank.gif" align="middle"> <b>>></b>
<span class="main">
Matches: <a href="./pix_search_result_ids?dst_ip=$log_dst_ip" class="bodylink">$dbMatch3_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For ANY IP to DEST IP ($log_dst_ip).
</span>
</td>
<tr>
<td><td></td>
<td><br></td>
<tr>
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
EOF

}

if ($showoptions ne "1") {
print <<EOF;
<td width="150" bgcolor="#5479d8">
&nbsp;<a href="$pix_traffic_id?id=$id&date=$datetime&showmatches=$matchdatabase&showoptions=1&showgeneral=$showgeneral&showspecific=$showspecific"><img src="images/pla_plus.gif" border="0"></a> <span class="button">Options</span>
</td>
</table>
EOF
}


if ($showoptions eq "1") {


print <<EOF;
<td width="150" bgcolor="#5479d8">
&nbsp;<a href="$pix_traffic_id?id=$id&date=$datetime&showmatches=$matchdatabase&showoptions=0&showgeneral=$showgeneral&showspecific=$showspecific"><img src="images/pla_minus.gif" border="0"></a> <span class="button">Options</span>
</td>
<tr>
<td height="2" bgcolor="#000000"></td>
<td height="2" bgcolor="#000000"></td>
<tr>
<td height="2"></td>
<td height="2"></td>
<tr>
<td width="150">
<img src="images/pla_blank.gif" align="middle"> <img src="images/config_incident.gif" align="top"></img> <a href="./pix_event_id_add?i
d=$id&type=ids" class="bodylink">Incidents</a>
</td>
<td>
<span class="main">
Link PIX IDS ID to a predefined incident.
</td>
</table>
EOF
}

}
$db_handle->disconnect();

