Ulog database query

Query:

Prefix:

Input interface: Output interface:

Protocol (name or number):

Source IP address: Destination IP address:

TCP source port: TCP destination port:

UDP source port: UDP destination port:

min date: max date:

Selection:

all
all_oob oob_time_sec oob_time_usec obb_prefix oob_mark oob_in oob_out
all_ip ip_saddr ip_daddr ip_protocol ip_tos ip_ttl ip_totlen ip_ihl ip_csum ip_id ip_fragoff
all_tcp tcp_sport tcp_dport tcp_seq tcp_ackseq tcp_window tcp_urg tcp_urgp tcp_ack tcp_psh tcp_rst tcp_syn tcp_fin
all_udp udp_sport udp_dport udp_len
all_icmp icmp_type icmp_code icmp_echoid icmp_echoseq icmp_gateway icmp_fragmtu
all_other id raw_mac pwsniff_user pwsniff_pass ahesp_spi

Options:

IP reverse name resolution (can increase processing time dramaticly !!!)

=" . $unix_min_date; } else { $where = "oob_time_sec>=" . $unix_min_date; } } if ($_POST["max_date"]) { $sepDate = explode(".", $_POST["max_date"]); $unix_max_date = mktime(0, 0, 0, $sepDate[1], $sepDate[0], $sepDate[2]); if ($where) { $where = $where . " AND oob_time_sec<=" . $unix_max_date; } else { $where = "oob_time_sec<=" . $unix_max_date; } } if ($_POST["c_all"]) { $select = "*,"; } else { if ($_POST["c_all_oob"]) { $select = "oob_time_sec,oob_time_usec,oob_prefix,oob_mark,oob_in,oob_out,"; } else { if ($_POST["c_oob_time_sec"]) $select = "oob_time_sec,"; if ($_POST["c_oob_time_usec"]) $select = $select."oob_time_usec,"; if ($_POST["c_oob_prefix"]) $select = $select."oob_prefix,"; if ($_POST["c_oob_mark"]) $select = $select."oob_mark,"; if ($_POST["c_oob_in"]) $select = $select."oob_in,"; if ($_POST["c_oob_out"]) $select = $select."oob_out,"; } if ($_POST["c_all_ip"]) { $select = $select."ip_saddr,ip_daddr,ip_protocol,ip_tos,ip_ttl,ip_totlen,ip_ihl,ip_csum,ip_id,ip_fragoff,"; } else { if ($_POST["c_ip_saddr"]) $select = $select."ip_saddr,"; if ($_POST["c_ip_daddr"]) $select = $select."ip_daddr,"; if ($_POST["c_ip_protocol"]) $select = $select."ip_protocol,"; if ($_POST["c_ip_tos"]) $select = $select."ip_tos,"; if ($_POST["c_ip_ttl"]) $select = $select."ip_ttl,"; if ($_POST["c_ip_totlen"]) $select = $select."ip_totlen,"; if ($_POST["c_ip_ihl"]) $select = $select."ip_ihl,"; if ($_POST["c_ip_csum"]) $select = $select."ip_csum,"; if ($_POST["c_ip_id"]) $select = $select."ip_id,"; if ($_POST["c_ip_fragoff"]) $select = $select."ip_fragoff,"; } if ($_POST["c_all_tcp"]) { $select = $select."tcp_sport,tcp_dport,tcp_seq,tcp_ackseq,tcp_window,tcp_urg,tcp_urgp,tcp_ack,tcp_psh,tcp_rst,tcp_syn,tcp_fin,"; } else { if ($_POST["c_tcp_sport"]) $select = $select."tcp_sport,"; if ($_POST["c_tcp_dport"]) $select = $select."tcp_dport,"; if ($_POST["c_tcp_seq"]) $select = $select."tcp_seq,"; if ($_POST["c_tcp_ackseq"]) $select = $select."tcp_ackseq,"; if ($_POST["c_tcp_window"]) $select = $select."tcp_window,"; if ($_POST["c_tcp_urg"]) $select = $select."tcp_urg,"; if ($_POST["c_tcp_urgp"]) $select = $select."tcp_urgp,"; if ($_POST["c_tcp_ack"]) $select = $select."tcp_ack,"; if ($_POST["c_tcp_psh"]) $select = $select."tcp_psh,"; if ($_POST["c_tcp_rst"]) $select = $select."tcp_rst,"; if ($_POST["c_tcp_syn"]) $select = $select."tcp_syn,"; if ($_POST["c_tcp_fin"]) $select = $select."tcp_fin,"; } if ($_POST["c_all_udp"]) { $select = $select."udp_sport,udp_dport,udp_len,"; } else { if ($_POST["c_udp_sport"]) $select = $select."udp_sport,"; if ($_POST["c_udp_dport"]) $select = $select."udp_dport,"; if ($_POST["c_udp_len"]) $select = $select."udp_len,"; } if ($_POST["c_all_icmp"]) { $select = $select."icmp_type,icmp_code,icmp_echoid,icmp_echoseq,icmp_gateway,icmp_fragmtu,"; } else { if ($_POST["c_icmp_type"]) $select = $select."icmp_type,"; if ($_POST["c_icmp_code"]) $select = $select."icmp_code,"; if ($_POST["c_icmp_echoid"]) $select = $select."icmp_echoid,"; if ($_POST["c_icmp_echoseq"]) $select = $select."icmp_echoseq,"; if ($_POST["c_icmp_gateway"]) $select = $select."icmp_gateway,"; if ($_POST["c_icmp_fragmtu"]) $select = $select."icmp_fragmtu,"; } if ($_POST["c_all_other"]) { $select = $select."id,raw_mac,pwsniff_user,pwsniff_pass,ahesp_spi,"; } else { if ($_POST["c_id"]) $select = $select."id,"; if ($_POST["c_raw_mac"]) $select = $select."raw_mac,"; if ($_POST["c_pwsniff_user"]) $select = $select."pwsniff_user,"; if ($_POST["c_pwsniff_pass"]) $select = $select."pwsniff_pass,"; if ($_POST["c_ahesp_spi"]) $select = $select."ahesp_spi,"; } } /* end else c_all */ if ($select) { $link = mysql_connect("HOST", "USER", "PASSWD") or die("No database connection possible!"); mysql_select_db("ulog") or die("Database selection failed!"); $select{strlen($select)-1}=" "; $query = "SELECT ".$select." FROM ulog"; if ($where) $query = $query . " WHERE " . $where; //debugging output: echo "
Select: $select"; //debugging output: echo "

Query: $query
"; $result = mysql_query($query) or die("
$query
Selection failed!"); print "\n"; $colums = mysql_num_fields($result); $saddr_col=$daddr_col=$proto_col=$ob_time=-1; print "\t\n"; for ($i=0; $i < $colums; $i++) { $colum_name = mysql_field_name($result, $i); print "\t\t\n"; if ($colum_name=="ip_saddr") { $saddr_col = $i; } elseif ($colum_name=="ip_daddr") { $daddr_col = $i; } elseif ($colum_name=="ip_protocol") { $proto_col = $i; } elseif ($colum_name=="oob_time_sec") { $ob_time = $i; } } print "\t\n"; while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { print "\t\n"; $j = 0; foreach ($line as $col_value) { if ($j==$ob_time) { if ($col_value > 0) $pck_date = date("d\.m\.y\ H\:i\:s", $col_value); else $pck_date = 0; print "\t\t\n"; } elseif ($j==$saddr_col or $j==$daddr_col) { settype($col_value, "double"); $host_name = long2ip($col_value); if ($_POST["dns"]=="on") $host_name = gethostbyaddr($host_name); print "\t\t\n"; } elseif ($j==$proto_col) { $proto = getprotobynumber($col_value); print "\t\t\n"; } else { print "\t\t\n"; } $j++; } print "\t\n"; } print "
$colum_name
$pck_date $host_name $proto $col_value
\n"; print "

$colum_name
$pck_date	$host_name	$proto	$col_value

".mysql_num_rows($result)." packet(s) selected

"; mysql_free_result($result); mysql_close($link); } ?>