#!/usr/bin/perl
#
# PIX Logging Architecture
# [ Kristof Philipsen ]
#
# This file is part of PIX Logging Architecture
#
# PIX Logging Architecture is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PIX Logging Architecture is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Foobar; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

                                                                                                                                                                    
use DBI;
use CGI;
                                                                                                                                                                                                  
#
# include configuration
#
require "conf.pl";      # General Configuration
require "subs.pl";      # Subroutines
                                                                                                                                                                                                  
#
# Make Database Connection
#
db_connect();
                                                                                                                                                                                                  
#
# Get CGI Parameters
#
$query = new CGI;
$id = $query->param("id");
$datetime = $query->param("date");
($date,$time) = split(" ",$datetime);

#
# HTML SECTION
#
printtitle();

print <<EOF;
<span class='titlehead'><b>PIX IDS Logs > $date > Log ID: $id</b></span>
<br><br>
EOF
$getidall = "SELECT log_resource, log_time, log_protocol, log_src_ip, log_dst_ip, log_signature FROM ids_log WHERE log_id = \"$id\"";
$statement2 = $db_handle->prepare($getidall) or die "Couldn't prepare query '$getidall': $DBI::errstr\n";
$statement2->execute();
while (($log_resource,$log_time,$log_protocol,$log_src_ip,$log_dst_ip,$log_signature) = $statement2->fetchrow) {
my ($name, $altnames,$addrtype,$len,$packaddr,@bytes);
$log_src_ip =~ s/^\s+|\s+$//g; 
@bytes = split (/\./, $log_src_ip);
$packaddr = pack ("C4", @bytes);
if (!(($name, $altnames, $addrtype, $len, @addrlist) =gethostbyaddr ($packaddr, 2))) {
    $host_src_ip = "0";
}else{
    $host_src_ip = $name;
}
$log_dst_ip =~ s/^\s+|\s+$//g;
@bytes = split (/\./, $log_dst_ip);
$packaddr = pack ("C4", @bytes);
if (!(($name, $altnames, $addrtype, $len, @addrlist) =gethostbyaddr ($packaddr, 2))) {
    $host_dst_ip = "0";
}else{
    $host_dst_ip = $name;
}
print <<EOF;
<table width="70% bgcolor="#fffffff" cellpadding="0" cellspacing="0" border="0">
<td width="150" bgcolor="#5479d8">
<span class="button">General Log Details</span>
</td>
<tr>
<td width="150">
<span class="main">
Logging Resource:
</span>
</td>
<td>
<span class="main">
$log_resource
</span>
</td>
<tr>
<td width="150">
<span class="main">
Logging Date/Time:
</span>
</td>
<td>
<span class="main">
$log_time
</span>
</td>
<tr>
<td width="150">
<span class="main">
Traffic Protocol:
</span>
</td>
<td>
<span class="main">
$log_protocol
</span>
</td>
<tr>
<td width="150">
<span class="main">
Traffic IDS Signature:
</span>
</td>
<td>
<span class="main">
$log_signature
</span>
</td>
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
<td width="150" bgcolor="#5479d8">
<span class="button">Specific Log Details</span>
</td>
<tr>
<td width="150">
<span class="main">
Source IP:
</span>
</td>
<td>
<span class="main">
$log_src_ip 
EOF
if ($host_src_ip ne "0") {
   print "(<i>$host_src_ip</i>)";
}
print <<EOF;
&nbsp;[ <a href="src-whois?ip=$log_src_ip"><span class="bodylink">whois</span></a> ]
</span>
</td>
<tr>
<td width="150">
<span class="main">
Dest. IP:
</span>
</td>
<td>
<span class="main">
$log_dst_ip 
EOF
if ($host_dst_ip ne "0") {
   print "(<i>$host_dst_ip</i>)";
}
print <<EOF;
&nbsp;[ <a href="src-whois?ip=$log_dst_ip"><span class="bodylink">whois</span></a> ]
</span>
</td>
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
<td width="150" bgcolor="#5479d8">
<span class="button">Database Matches</span>
</td>
<tr>
EOF
$dbMatch1="SELECT count(*) FROM ids_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_dst_ip LIKE  \"$log_dst_ip\" ";
$dbMatch1_bis = $db_handle->prepare($dbMatch1);
$dbMatch1_bis->execute();
while ($dbMatch1_result = $dbMatch1_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_ids?src_ip=$log_src_ip&dst_ip=$log_dst_ip"><span class="bodylink">$dbMatch1_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) to DEST IP ($log_dst_ip).
</span>
</td>
<tr>
EOF

$dbMatch2="SELECT count(*) FROM ids_log WHERE log_src_ip LIKE \"$log_src_ip\" ";
$dbMatch2_bis = $db_handle->prepare($dbMatch2);
$dbMatch2_bis->execute();
while ($dbMatch2_result = $dbMatch2_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_ids?src_ip=$log_src_ip"><span class="bodylink">$dbMatch2_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) to ANY IP.
</span>
</td>
<tr>
EOF

$dbMatch3="SELECT count(*) FROM ids_log WHERE log_dst_ip LIKE \"$log_dst_ip\" ";
$dbMatch3_bis = $db_handle->prepare($dbMatch3);
$dbMatch3_bis->execute();
while ($dbMatch3_result = $dbMatch3_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_ids?dst_ip=$log_dst_ip"><span class="bodylink">$dbMatch3_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For ANY IP to DEST IP ($log_dst_ip).
</span>
</td>
</table>
<br><br>
<a href="./pix_event_id_add?id=$id&type=ids"><span class="bodylink">Relate this PIX Log ID to an incident.</span></a>
EOF
}
$db_handle->disconnect();

