#!/usr/bin/perl
#
# PIX Logging Architecture
# [Kristof Philipsen]
#
# This file is part of PIX Logging Architecture
#
# PIX Logging Architecture is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PIX Logging Architecture is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PIX Logging Architecture; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                                                                                                                                                                                                  
use DBI;
use CGI;
use Date::Manip;
                                                                                                                                                                                                  
#
# include configuration
#
require "conf.pl";      # General Configuration
require "subs.pl";      # Subroutines
                                                                                                                                                                                                  
#
# Make Database Connection
#
db_connect();
#
# Get CGI Parameters
#
$query = new CGI;
$year = clean_input($query->param("year"));
$month = clean_input($query->param("month"));
$day = clean_input($query->param("day"));
$pager = clean_input($query->param("pager"));
$page = clean_input($query->param("page"));
$time_range = clean_input($query->param("time_range"));
$firewall = clean_input($query->param("firewall"));
$resolve = clean_input($query->param("resolve"));
$var_orient = clean_input($query->param("orientation"));
$var_sortby = clean_input($query->param("sortby"));
$date="$year-$month-$day";
if (($year == "") || ($month=="") || ($date=="")) {
    $date=`date +%Y"-"%m"-"%d`;
    $date=~s/\n//g;
}
$datetime=`date`;

$time_range = "All Day" unless $time_range;

if ($time_range eq "All Day") {
     $start_time = "00:00:00";
     $end_time = "00:00:00";
     $end_date = DateCalc($date,"+ 1 day",\$err);
     $end_date = UnixDate($end_date,"%Y-%m-%d");
} else {
    ($start_time,$end_time) = split(" to ",$time_range);
     $start_time="$start_time:00";
     $end_time="$end_time:59";
     $end_date = $date;
}

if ($page eq "") {
	$page="0";
	$next_page="1";
} else {
	$next_page=$page + 1;
	$prev_page=$page - 1;
}

if ($var_orient eq "") {
	$var_orient="asc";
}

if ($var_sortby eq "") {
	$var_sortby="log_id";
}

$pager = "50" unless $pager;
$var_count = $page * $pager;

#
# DB Parameters
#
$sql = "SELECT count(*) FROM traffic_log";
$statement = $db_handle->prepare($sql)
    or die "Couldn't prepare query '$sql': $DBI::errstr\n";

my %dnscache = ();                                                                                                                                                                                                  
#
# HTML SECTION
#
printtitle();
 
$statement->execute()
    or die "Couldn't execute query '$sql': $DBI::errstr\n";
while ($row_ref = $statement->fetchrow)
{

print <<EOF;
<span class='titlehead'><b>PIX Traffic Logs > $date</b></span> &nbsp;&nbsp;&nbsp;&nbsp; <span class='titlehead'>Database last queried: <b>$datetime</b> &nbsp;&nbsp;|&nbsp;&nbsp; Number of entries in traffic_log_db: <b>$row_ref</b>.</span>
&nbsp;&nbsp; <span class="titlehead"><b>Pager Setting:</b></span>
<select name="pager" onChange="MM_jumpMenu('parent',this,0)">
<option selected value="?orientation=$var_orient&sortby=$var_sortby&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=$page&pager=$pager">$pager
<option>
<option value="?orientation=$var_orient&sortby=$var_sortby&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=50">50
<option value="?orientation=$var_orient&sortby=$var_sortby&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=100">100
<option value="?orientation=$var_orient&sortby=$var_sortby&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=250">250
<option value="?orientation=$var_orient&sortby=$var_sortby&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=500">500
<option value="?orientation=$var_orient&sortby=$var_sortby&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=1000">1000
</select>
<br><br>
EOF



}

if ($pager_type eq "next") {
    $start_pgr = $pager_end;
    $end_pgr = "2000000000000";
}

if ($pager_type eq "previous") {
    $start_pgr = $pager_start;
    $end_pgr = $pager_end;
}

if (length($firewall) >= "1") {
$getdate = "select high_priority traffic_log.log_id, traffic_log.log_time, traffic_log.log_resource, traffic_log.log_action, traffic_log.log_protocol, traffic_log.log_src_ip, traffic_log.log_src_pt, traffic_log.log_dst_ip, traffic_log.log_dst_pt, log_flags from traffic_log left join log_filter on (traffic_log.log_resource like log_filter.log_resource and traffic_log.log_action like log_filter.log_action and traffic_log.log_protocol like log_filter.log_protocol and traffic_log.log_src_ip like log_filter.log_src_ip and traffic_log.log_src_pt like log_filter.log_src_pt and traffic_log.log_dst_ip like log_filter.log_dst_ip and traffic_log.log_dst_pt like log_filter.log_dst_pt and log_filter.filter_state like \"active\") where traffic_log.log_time > \"$date $start_time\" and traffic_log.log_time < \"$end_date $end_time\" and traffic_log.log_resource=\"$firewall\"  and (log_filter.log_resource) is null and (log_filter.log_action) is null and (log_filter.log_protocol) is null and (log_filter.log_src_ip) is null and (log_filter.log_src_pt) is null and (log_filter.log_dst_ip) is null and (log_filter.log_dst_pt) is null and (log_filter.filter_state) is null order by $var_sortby $var_orient limit $var_count,$pager";
} else {
$getdate = "select high_priority traffic_log.log_id, traffic_log.log_time, traffic_log.log_resource, traffic_log.log_action, traffic_log.log_protocol, traffic_log.log_src_ip, traffic_log.log_src_pt, traffic_log.log_dst_ip, traffic_log.log_dst_pt, log_flags from traffic_log left join log_filter on (traffic_log.log_resource like log_filter.log_resource and traffic_log.log_action like log_filter.log_action and traffic_log.log_protocol like log_filter.log_protocol and traffic_log.log_src_ip like log_filter.log_src_ip and traffic_log.log_src_pt like log_filter.log_src_pt and traffic_log.log_dst_ip like log_filter.log_dst_ip and traffic_log.log_dst_pt like log_filter.log_dst_pt and log_filter.filter_state like \"active\") where traffic_log.log_time > \"$date $start_time\" and traffic_log.log_time < \"$end_date $end_time\" and (log_filter.log_resource) is null and (log_filter.log_action) is null and (log_filter.log_protocol) is null and (log_filter.log_src_ip) is null and (log_filter.log_src_pt) is null and (log_filter.log_dst_ip) is null and (log_filter.log_dst_pt) is null and (log_filter.filter_state) is null order by $var_sortby $var_orient limit $var_count,$pager";
}
$statement2 = $db_handle->prepare($getdate) or die "Couldn't prepare query '$gettoday': $DBI::errstr\n";
print <<EOF;

<SCRIPT LANGUAGE="JavaScript" SRC="images/CalendarPopup.js"></SCRIPT>
<SCRIPT LANGUAGE="JavaScript">document.write(getCalendarStyles());</SCRIPT>

<SCRIPT LANGUAGE="JavaScript" ID="jssdateset">
var sdateset = new CalendarPopup("testdiv1");
sdateset.setReturnFunction("setMultipleValues2");
function setMultipleValues2(y,m,d) {
     document.forms[0].year.value=y;
     document.forms[0].month.value=LZ(m);
     document.forms[0].day.value=LZ(d);
     }

</SCRIPT>
<form action="pix_traffic_logs" method="post">
<A HREF="#" onClick="sdateset.showCalendar('anchor10'); return false;"  class="bodylink">Date:</a>
<select name="year" onClick="sdateset.showCalendar('anchor10'); return false;">
<option selected>-year-
<option>
<option value="2000">2000
<option value="2001">2001
<option value="2002">2002
<option value="2003">2003
<option value="2004">2004
<option value="2005">2005
<option value="2006">2006
<option value="2007">2007
<option value="2008">2008
<option value="2009">2009
<option value="2010">2010
</select>
<select name="month" onClick="sdateset.showCalendar('anchor10'); return false;">
<option selected>-month-
<option>
<option value="01">Jan
<option value="02">Feb
<option value="03">Mar
<option value="04">Apr
<option value="05">May
<option value="06">Jun
<option value="07">Jul
<option value="08">Aug
<option value="09">Sep
<option value="10">Oct
<option value="11">Nov
<option value="12">Dec
</select>
<select name="day" onClick="sdateset.showCalendar('anchor10'); return false;">
<option selected>-day-
<option>
<option value="01">01
<option value="02">02
<option value="03">03
<option value="04">04
<option value="05">05
<option value="06">06
<option value="07">07
<option value="08">08
<option value="09">09
<option value="10">10
<option value="11">11
<option value="12">12
<option value="13">13
<option value="14">14
<option value="15">15
<option value="16">16
<option value="17">17
<option value="18">18
<option value="19">19
<option value="20">20
<option value="21">21
<option value="22">22
<option value="23">23
<option value="24">24
<option value="25">25
<option value="26">26
<option value="27">27
<option value="28">28
<option value="29">29
<option value="30">30
<option value="31">31
</select>

<A HREF="#" onClick="sdateset.showCalendar('anchor10'); return false;"  NAME="anchor10" ID="anchor10" class="bodylink"><font color="#ffffff"> - </a> &nbsp;&nbsp;&nbsp;

<span class="titlehead"><b>Time Range:</b></span> 
<select name="time_range">
<option selected value="$time_range">$time_range
<option>
<option value="All Day">All Day
<option value="00:00 to 03:00">00:00 to 03:00
<option value="03:00 to 06:00">03:00 to 06:00
<option value="06:00 to 09:00">06:00 to 09:00
<option value="09:00 to 12:00">09:00 to 12:00
<option value="12:00 to 15:00">12:00 to 15:00
<option value="15:00 to 18:00">15:00 to 18:00
<option value="18:00 to 21:00">18:00 to 21:00
<option value="21:00 to 23:59">21:00 to 23:59
</select>


<input type="hidden" name="pager" value="$pager">
<select name="firewall" style="background-color: #ffffff">
<option selected value="">All Firewalls
<option value="">
EOF
$getAllResources="SELECT high_priority distinct log_resource from traffic_log group by log_resource";
$AllResources = $db_handle->prepare($getAllResources) or die "Couldn't prepare query '$getAllResources': $DBI::errstr\n";
$AllResources->execute();
while ($log_resource = $AllResources->fetchrow) {
print <<EOF;
<option value="$log_resource"> $log_resource
EOF
}


print <<EOF;
</select>
<span class="titlehead">
<b>Resolve Hostnames: 
<input type=radio name="resolve" value="true">Yes
<input type=radio name="resolve" value="false" checked>No</b>
</span>
&nbsp;&nbsp;<INPUT type="image" src="images/pla_go.gif" align="middle" value="submit"> 
</form>

<script language="JavaScript">
<!-- Original script borrowed from http://web.uvic.ca/atrsweb/vikes/default.html -->
<!-- Implemented at Kwantlen 26 June 2000 DMH -->
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
if (restore) selObj.selectedIndex=0;
}
//-->
</script>

<br><br>
<table width="100%" bgcolor="white" cellpadding="0" cellspacing="0" border="0">
<td bgcolor="#000000" width="30%">&nbsp;<b><span class="main"><font color="white">PIX Traffic Logs > $date</font></span></b></td>
<td bgcolor="#ffffff" width="40%">
<center>
<a href="pix_traffic_logs?orientation=$var_orient&sortby=$var_sortby&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=$prev_page&pager=$pager" class="bodylink"><< Previous $pager Logs</a> <font color="#000000">|</font>
<a href="javascript:window.location.reload()" class="bodylink"><img src="images/reload.gif" align="bottom" border="0"> Refresh</img></a> <font color="#000000">|</font>
<a href="pix_traffic_logs?orientation=$var_orient&sortby=$var_sortby&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=$next_page&pager=$pager" class="bodylink">Next $pager Logs >></a>
</center>
</td>
<td bgcolor="#ffffff" width="30%" align="right">
<select name="sorter" onChange="MM_jumpMenu('parent',this,0)">
<option>Sort By: (Optional)
<option>
<option value="?orientation=asc&sortby=log_id&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Log Time (Ascending) [Default]
<option value="?orientation=desc&sortby=log_id&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Log Time (Descending)
<option value="?orientation=asc&sortby=log_resource&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Logging Resource (Ascending)
<option value="?orientation=desc&sortby=log_resource&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Logging Resource (Descending)
<option value="?orientation=asc&sortby=log_action&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Log Action (Ascending)
<option value="?orientation=desc&sortby=log_action&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Log Action (Descending)
<option value="?orientation=asc&sortby=log_protocol&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Log Protocol (Ascending)
<option value="?orientation=desc&sortby=log_protocol&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Log Protocol (Descending)
<option value="?orientation=asc&sortby=log_src_ip&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Source IP (Ascending)
<option value="?orientation=desc&sortby=log_src_ip&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Source IP (Descending)
<option value="?orientation=asc&sortby=log_src_pt&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Source Port (Ascending)
<option value="?orientation=desc&sortby=log_src_pt&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Source Port (Descending)
<option value="?orientation=asc&sortby=log_dst_ip&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Destination IP (Ascending)
<option value="?orientation=desc&sortby=log_dst_ip&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Destination IP (Descending)
<option value="?orientation=asc&sortby=log_dst_pt&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Destination Port (Ascending)
<option value="?orientation=desc&sortby=log_dst_pt&time_range=$time_range&day=$day&month=$month&year=$year&firewall=$firewall&resolve=$resolve&page=0&pager=$pager">Destination Port (Descending)
</select>
&nbsp;&nbsp; <span class="bodylink"><b>[ Page $next_page ]</b></span></td>
<tr>
<td bgcolor="#a7a7a7" align="left" valign="top" height="3"></td>
<td bgcolor="#a7a7a7" align="left" valign="top" height="3"></td>
<td bgcolor="#a7a7a7" align="left" valign="top" height="3"></td>
</table>
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<td bgcolor="#5479d8"><b><span class="button">Time</span></b></td>
<td bgcolor="#5479d8"><b><span class="button">Logging Resource</span></b></td>
<td bgcolor="#5479d8"><b><span class="button">Action</span></b></td>
<td bgcolor="#5479d8"><b><span class="button">Protocol</b></span></td>
<td bgcolor="#5479d8"><b><span class="button">Source</b></font></td>
<td bgcolor="#5479d8"><b><span class="button">Src Port</b></font></td>
<td bgcolor="#5479d8"><b><span class="button">Destination</b></font></td>
<td bgcolor="#5479d8"><b><span class="button">Dst Port</b></font></td>
<td bgcolor="#5479d8"><b><span class="button">Flags</b></font></td>
EOF

$statement2->execute();
while (($log_id,$log_time,$log_resource,$log_action,$log_protocol,$log_src_ip,$log_src_pt,$log_dst_ip,$log_dst_pt,$log_flags) = $statement2->fetchrow) {

$pager_count++;

if ($pager_count eq "1") { $pager_start=$log_id; }

if ($log_src_pt eq "n/a") {
    $log_src_pt="-";
}
if ($log_dst_pt eq "n/a") {
     $log_dst_pt="-";
}
if ($log_flags eq "n/a") {
     $log_flags="-";
}
if ($resolve eq "true") {
    $log_src_ip =~ s/^\s+|\s+$//g;
    @bytes = split (/\./, $log_src_ip);
    $packaddr = pack ("C4", @bytes);
    if (exists $dnscache{$log_src_ip}) {
       $host_src_ip=$dnscache{$log_src_ip};
    } else {
       if (!(($name, $altnames, $addrtype, $len, @addrlist) =gethostbyaddr ($packaddr, 2))) {
          $host_src_ip = "$log_src_ip";
          $dnscache{$log_src_ip} = $log_src_ip;
       } else {
           $host_src_ip = $name;
           $dnscache{$log_src_ip} = $name;
       }
    }
    $log_dst_ip =~ s/^\s+|\s+$//g;
    @bytes = split (/\./, $log_dst_ip);
    $packaddr = pack ("C4", @bytes);
    if (exists $dnscache{$log_dst_ip}) {
       $host_dst_ip = $dnscache{$log_dst_ip};
    } else {
      if (!(($name, $altnames, $addrtype, $len, @addrlist) =gethostbyaddr ($packaddr, 2))) {
         $host_dst_ip = "$log_dst_ip";
         $dnscache{$log_dst_ip} = $log_dst_ip;
      } else {
         $host_dst_ip = $name;
         $dnscache{$log_dst_ip} = $name;
      }
    }
    $src_pt_name=getservbyport($log_src_pt,'tcp');
    if ($src_pt_name eq "") {
        $src_pt_name="$log_src_pt";
    }
    $dst_pt_name=getservbyport($log_dst_pt,'tcp');
    if ($dst_pt_name eq "") {
        $dst_pt_name="$log_dst_pt";
    }
print <<EOF;
<tr OnMouseOver="this.bgColor='#d9d9d9'" OnMouseOut="this.bgColor='#ffffff'" onClick="location.href='pix_traffic_id?id=$log_id&date=$log_time'">
<td><span class="table">$log_time</span></td>
<td><span class="table"><img src="images/pix_device.png" align="middle"></img> $log_resource</span></td>
EOF
if ($log_action eq "ACCEPT") {
print <<EOF;
<td><span class="table"><img src="images/accept.png" align="middle"></img></span></td>
EOF
}
if ($log_action eq "DROP") {
print <<EOF;
<td><span class="table"><img src="images/drop.png" align="middle"></img></span></td>
EOF
}

if ($log_protocol eq "TCP") {
print <<EOF;
<td><span class="table"><img src="images/tcp_service.png" align="middle"></img></span></td>
EOF
}

if ($log_protocol eq "UDP") {
print <<EOF;
<td><span class="table"><img src="images/udp_service.png" align="middle"></img></span></td>
EOF
}

if ($log_protocol eq "ICMP") {
print <<EOF;
<td><span class="table"><img src="images/icmp_service.png" align="middle"></img></span></td>
EOF
}

print <<EOF;
<td><span class="table">$host_src_ip</span></td>
<td><span class="table">$src_pt_name</span></td>
<td><span class="table">$host_dst_ip</span></td>
<td><span class="table">$dst_pt_name</span></td>
<td><span class="table">$log_flags</span></a></td>
EOF
} else {
print <<EOF;
<tr OnMouseOver="this.bgColor='#d9d9d9'" OnMouseOut="this.bgColor='#ffffff'" onClick="location.href='pix_traffic_id?id=$log_id&date=$log_time'">
<td><span class="table">$log_time</span></td>
<td><span class="table"><img src="images/pix_device.png"></img> $log_resource</span></td>
EOF
if ($log_action eq "ACCEPT") {
print <<EOF;
<td><span class="table"><img src="images/accept.png" align="middle"></img></span></td>
EOF
}
if ($log_action eq "DROP") {
print <<EOF;
<td><span class="table"><img src="images/drop.png" align="middle"></img></span></td>
EOF
}

if ($log_protocol eq "TCP") {
print <<EOF;
<td><span class="table"><img src="images/tcp_service.png" align="middle"></img></span></td>
EOF
}
                                                                                                                                                                                
if ($log_protocol eq "UDP") {
print <<EOF;
<td><span class="table"><img src="images/udp_service.png" align="middle"></img></span></td>
EOF
}
                                                                                                                                                                                
if ($log_protocol eq "ICMP") {
print <<EOF;
<td><span class="table"><img src="images/icmp_service.png" align="middle"></img></span></td>
EOF
}

print <<EOF;
<td><span class="table">$log_src_ip</span></td>
<td><span class="table">$log_src_pt</span></td>
<td><span class="table">$log_dst_ip</span></td>
<td><span class="table">$log_dst_pt</span></td>
<td><span class="table">$log_flags</span></a></td>
EOF
}
$pager_end = $log_id;
}

print <<EOF;
<tr>
<td bgcolor="#5479d8" height="10"></td>
<td bgcolor="#5479d8" height="10"></td>
<td bgcolor="#5479d8" height="10"></td>
<td bgcolor="#5479d8" height="10"></td>
<td bgcolor="#5479d8" height="10"></td>
<td bgcolor="#5479d8" height="10"></td>
<td bgcolor="#5479d8" height="10"></td>
<td bgcolor="#5479d8" height="10"></td>
<td bgcolor="#5479d8" height="10"></td>
</table>
<br><br>

<DIV ID="testdiv1" STYLE="position:absolute;visibility:hidden;background-color:white;layer-background-color:white;"></DIV>

EOF

$db_handle->disconnect();


