#!/usr/bin/perl
#
# PIX Logging Architecture
# [ Kristof Philipsen ]
#
# This file is part of PIX Logging Architecture
#
# PIX Logging Architecture is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PIX Logging Architecture is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Foobar; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

 
use DBI;
use CGI;
 
#
# include configuration
#
require "conf.pl";      # General Configuration
require "subs.pl";      # Subroutines
 
#
# Make Database Connection
#
db_connect();
 
#
# Get CGI Parameters
#
$query = new CGI;
$resource = $query->param("resource");
$src_ip = $query->param("src_ip");
$dst_ip = $query->param("dst_ip");
$start_year = $query->param("start_year");
$start_month = $query->param("start_month");
$start_day = $query->param("start_day");
$start_hour = $query->param("start_hour");
$start_min = $query->param("start_min");
$start_sec = $query->param("start_sec");
$end_year = $query->param("end_year");
$end_month = $query->param("end_month");
$end_day = $query->param("end_day");
$end_hour = $query->param("end_hour");
$end_min = $query->param("end_min");
$end_sec = $query->param("end_sec");
                                                                                                                                                                                                  
$start_date = "$start_year-$start_month-$start_day $start_hour:$start_min:$start_sec";
$end_date = "$end_year-$end_month-$end_day $end_hour:$end_min:$end_sec";
                                                                                                                                                                                                  
if (length($resource) < "1") {
    $resource="\%";
}
                                                                                                                                                                                                  
if (length($src_ip) < "1") {
    $src_ip="\%";
}
                                                                                                                                                                                                  
if (length($dst_ip) < "1") {
    $dst_ip="\%";
}

#
# DB Query
#

if (length($start_year) < "1") {
$searchQuery = "select log_id, log_time, log_protocol, log_src_ip, log_dst_ip, log_signature FROM ids_log WHERE log_resource like \"$resource\" and log_src_ip like \"$src_ip\" and log_dst_ip like \"$dst_ip\"";
} else {
$searchQuery = "select log_id, log_time, log_protocol, log_src_ip, log_dst_ip, log_signature FROM ids_log WHERE log_time >= \"$start_date\" and log_time <= \"$end_date\" and log_resource like \"$resource\" and log_src_ip like \"$src_ip\" and log_dst_ip like \"$dst_ip\"";
}
$searchResults=$db_handle->prepare("$searchQuery");

#
# HTML SECTION
#
printtitle();
 
print <<EOF;
<span class='titlehead'><b>PIX IDS Logs > Search Results</b></span>
<br><br>
</form>
<br>


<table width="80%" cellpadding="0" cellspacing="0" border="0">
<td bgcolor="#5479d8"><b><span class="button">Log ID</span></b></td>
<td bgcolor="#5479d8"><b><span class="button">Time</span></b></td>
<td bgcolor="#5479d8"><b><span class="button">Protocol</b></span></td>
<td bgcolor="#5479d8"><b><span class="button">SRC</b></font></td>
<td bgcolor="#5479d8"><b><span class="button">DST</b></font></td>
<td bgcolor="#5479d8"><b><span class="button">IDS Signature</b></font></td>
<tr>
EOF
$searchResults->execute();
while (($log_id,$log_time,$log_protocol,$log_src_ip,$log_dst_ip,$log_signature) = $searchResults->fetchrow) {
if ($log_protocol eq "Large") {
    $log_protocol="ICMP";
}
print <<EOF;
<td><a href="pix_ids_id?id=$log_id&date=$log_time"><span class="table">$log_id</span></td>
<td><span class="table">$log_time</span></td>
<td><span class="table">$log_protocol</span></font></td>
<td><span class="table">$log_src_ip</span></td>
<td><span class="table">$log_dst_ip</span></td>
<td><span class="table">$log_signature</span></a></td>
<tr>
EOF
}
print <<EOF;
</table>
EOF
$db_handle->disconnect();


