#!/usr/bin/perl
#
# PIX Logging Architecture
# [ Kristof Philipsen ]
#
# This file is part of PIX Logging Architecture
#
# PIX Logging Architecture is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PIX Logging Architecture is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Foobar; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

                                                                                                                                                                                                  
use DBI;
use CGI;
                                                                                                                                                                                                  
#
# include configuration
#
require "conf.pl";      # General Configuration
require "subs.pl";      # Subroutines
                                                                                                                                                                                                  
#
# Make Database Connection
#
db_connect();
                                                                                                                                                                                                  
#
# Get CGI Parameters
#
$query = new CGI;
$year = $query->param("year");
$month = $query->param("month");
$day = $query->param("day");
$date="$year-$month-$day";
if (($year == "") || ($month=="") || ($date=="")) {
    $date=`date +%Y"-"%m"-"%d`;
    $date=~s/\n//g;
    $year=`date +%Y`;
    $month=`date +%m`;
    $day=`date +%d`;
    $month=~s///g;
    $year=~s///g;
    $day=~s///g;
}

#
# DB Parameters
# 
$getAllPackets = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$date\%\"";
$statement2 = $db_handle->prepare($getAllPackets) or die "Couldn't prepare query '$getAllPackets': $DBI::errstr\n";
$getAllPacketsMonth = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$year-$month\%\"";
$statement2a = $db_handle->prepare($getAllPacketsMonth) or die "Couldn't prepare query '$getAllPacketsMonth': $DBI::errstr\n";
$getAllPacketsYear = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$year\%\"";
$statement2b = $db_handle->prepare($getAllPacketsYear) or die "Couldn't prepare query '$getAllPacketsYear': $DBI::errstr\n";
$getTCPPackets = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$date\%\" and log_protocol LIKE \"TCP%\"";
$statement3 = $db_handle->prepare($getTCPPackets) or die "Couldn't prepare query '$getTCPPackets': $DBI::errstr\n";
$getTCPPacketsMonth = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$year-$month\%\" and log_protocol LIKE \"TCP%\"";
$statement3a = $db_handle->prepare($getTCPPacketsMonth) or die "Couldn't prepare query '$getTCPPacketsMonth': $DBI::errstr\n";
$getTCPPacketsYear = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$year\%\" and log_protocol LIKE \"TCP%\"";
$statement3b = $db_handle->prepare($getTCPPacketsYear) or die "Couldn't prepare query '$getTCPPacketsYear': $DBI::errstr\n";
$getICMPPackets = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$date\%\" and log_protocol LIKE \"ICMP%\"";
$statement4 = $db_handle->prepare($getICMPPackets) or die "Couldn't prepare query '$getICMPPackets': $DBI::errstr\n";
$getICMPPacketsMonth = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$year-$month\%\" and log_protocol LIKE \"ICMP%\"";
$statement4a = $db_handle->prepare($getICMPPacketsMonth) or die "Couldn't prepare query '$getICMPPacketsMonth': $DBI::errstr\n";
$getICMPPacketsYear = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$year\%\" and log_protocol LIKE \"ICMP%\"";
$statement4b = $db_handle->prepare($getICMPPacketsYear) or die "Couldn't prepare query '$getICMPPacketsYear': $DBI::errstr\n";
$getAllIDS = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$date\%\"";
$statement5 = $db_handle->prepare($getAllIDS) or die "Couldn't prepare query '$getAllIDS': $DBI::errstr\n";
$getAllIDSMonth = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$year-$month\%\"";
$statement5a = $db_handle->prepare($getAllIDSMonth) or die "Couldn't prepare query '$getAllIDSMonth': $DBI::errstr\n";
$getAllIDSYear = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$year\%\"";
$statement5b = $db_handle->prepare($getAllIDSYear) or die "Couldn't prepare query '$getAllIDSYear': $DBI::errstr\n";
$getIPIDS = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$date\%\" and log_protocol LIKE \"IP%\"";
$statement6 = $db_handle->prepare($getIPIDS) or die "Couldn't prepare query '$getIPIDS': $DBI::errstr\n";
$getIPIDSMonth = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$year-$month\%\" and log_protocol LIKE \"IP%\"";
$statement6a = $db_handle->prepare($getIPIDSMonth) or die "Couldn't prepare query '$getIPIDSMonth': $DBI::errstr\n";
$getIPIDSYear = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$year\%\" and log_protocol LIKE \"IP%\"";
$statement6b = $db_handle->prepare($getIPIDSYear) or die "Couldn't prepare query '$getIPIDSYear': $DBI::errstr\n";
$getICMPIDS = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$date\%\" and log_protocol LIKE \"ICMP%\"";
$statement7 = $db_handle->prepare($getICMPIDS) or die "Couldn't prepare query '$getICMPIDS': $DBI::errstr\n";
$getICMPIDSMonth = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$year-$month\%\" and log_protocol LIKE \"ICMP%\"";
$statement7a = $db_handle->prepare($getICMPIDSMonth) or die "Couldn't prepare query '$getICMPIDSMonth': $DBI::errstr\n";
$getICMPIDSYear = "SELECT count(*) FROM ids_log WHERE log_time LIKE \"$year\%\" and log_protocol LIKE \"ICMP%\"";
$statement7b = $db_handle->prepare($getICMPIDSYear) or die "Couldn't prepare query '$getICMPIDSYear': $DBI::errstr\n";
$getUDPPackets = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$date\%\" and log_protocol LIKE \"UDP%\"";
$statement8 = $db_handle->prepare($getUDPPackets) or die "Couldn't prepare query '$getTCPPackets': $DBI::errstr\n";
$getUDPPacketsMonth = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$year-$month\%\" and log_protocol LIKE \"UDP%\"";
$statement8a = $db_handle->prepare($getUDPPacketsMonth) or die "Couldn't prepare query '$getTCPPacketsMonth': $DBI::errstr\n";
$getUDPPacketsYear = "SELECT count(*) FROM traffic_log WHERE log_time LIKE \"$year\%\" and log_protocol LIKE \"UDP%\"";
$statement8b = $db_handle->prepare($getUDPPacketsYear) or die "Couldn't prepare query '$getTCPPacketsYear': $DBI::errstr\n";
$getSig = "select log_signature, log_protocol, count(*) from ids_log where log_time like \"$date%\" group by log_signature";
$statement9 = $db_handle->prepare($getSig) or die "Couldn't prepare query '$getSig': $DBI::errstr\n";
$getTraf = "select log_flags, log_protocol, count(*) from traffic_log where log_time like \"$date%\" group by log_flags";
$statement10 = $db_handle->prepare($getTraf) or die "Couldn't prepare query '$getTraf': $DBI::errstr\n";


#
# HTML SECTION
#
printtitle();
                                                                                                                                                                                                  
print <<EOF;
<span class='titlehead'><b>PIX Statistics > $date</b></span>
<br><br>
<form action="/log-fws/external/pix/pix_stats" method="post">
<select name="year">
<option selected>-year-
<option>
<option value="2000">2000
<option value="2001">2001
<option value="2002">2002
<option value="2003">2003
<option value="2004">2004
<option value="2005">2005
<option value="2006">2006
<option value="2007">2007
<option value="2008">2008
<option value="2009">2009
<option value="2010">2010
</select>
<select name="month">
<option selected>-month-
<option>
<option value="01">Jan
<option value="02">Feb
<option value="03">Mar
<option value="04">Apr
<option value="05">May
<option value="06">Jun
<option value="07">Jul
<option value="08">Aug
<option value="09">Sep
<option value="10">Oct
<option value="11">Nov
<option value="12">Dec
</select>
<select name="day">
<option selected>-day-
<option>
<option value="01">01
<option value="02">02
<option value="03">03
<option value="04">04
<option value="05">05
<option value="06">06
<option value="07">07
<option value="08">08
<option value="09">09
<option value="10">10
<option value="11">11
<option value="12">12
<option value="13">13
<option value="14">14
<option value="15">15
<option value="16">16
<option value="17">17
<option value="18">18
<option value="19">19
<option value="20">20
<option value="21">21
<option value="22">22
<option value="23">23
<option value="24">24
<option value="25">25
<option value="26">26
<option value="27">27
<option value="28">28
<option value="29">29
<option value="30">30
<option value="31">31
</select>
<INPUT type="submit" value="GO"> 
</form>
<br>
<table width="70% bgcolor="#fffffff" cellpadding="0" cellspacing="0" border="0">
<td width="250" bgcolor="#5479d8">
<span class="button">General PIX Log Statistics</span>
</td>
<tr>
<td width="250">
<br>
</td>
<tr>
<td width="250" bgcolor="#5479d8">
<span class="button">PIX Traffic Log Statistics (Day: $date)</span>
</td>
<td width="10">
</td>
<td width="250" bgcolor="#5479d8">
<span class="button">PIX Traffic Log Statistics (Month: $year-$month)</span>
</td>
<td width="10">
<td width="250" bgcolor="#5479d8">
<span class="button">PIX Traffic Log Statistics (Year: $year)</span>
</td>
<tr>
EOF
$statement2->execute();
while ($allPackets = $statement2->fetchrow) {
$allPacketsPercent = $allPackets;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged Events: $allPackets<br>
</span>
</td>
<td width="10">
</td>
EOF
}
$statement2a->execute();
while ($allPacketsMonth = $statement2a->fetchrow) {
$allPacketsPercentMonth = $allPacketsMonth;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged Events: $allPacketsMonth<br>
</span>
</td>
<td width="10">
</td>
EOF
}
$statement2b->execute();
while ($allPacketsYear = $statement2b->fetchrow) {
$allPacketsPercentYear = $allPacketsYear;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged Events: $allPacketsYear<br>
</span>
</td>
<tr>
EOF
}

$statement3->execute();
while ($TCPPackets = $statement3->fetchrow) {
$tcpPercent = $TCPPackets / $allPacketsPercent;
$tcpPercentAll = int $tcpPercent * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged TCP Events: $TCPPackets (<b>$tcpPercentAll%</b>)
</span>
</td>
<td width="10"></td>
EOF
}

$statement3a->execute();
while ($TCPPacketsMonth = $statement3a->fetchrow) {
$tcpPercentMonth = $TCPPacketsMonth / $allPacketsPercentMonth;
$tcpPercentAllMonth = int $tcpPercentMonth * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged TCP Events: $TCPPacketsMonth (<b>$tcpPercentAllMonth%</b>)
</span>
</td>
<td width="10"></td>
EOF
}

$statement3b->execute();
while ($TCPPacketsYear = $statement3b->fetchrow) {
$tcpPercentYear = $TCPPacketsYear / $allPacketsPercentYear;
$tcpPercentAllYear = int $tcpPercentYear * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged TCP Events: $TCPPacketsYear (<b>$tcpPercentAllYear%</b>)
</span>
</td>
<td width="10"></td>
<tr>
EOF
}

                                                                                                                                                                                                  
$statement8->execute();
while ($UDPPackets = $statement8->fetchrow) {
$udpPercent = $UDPPackets / $allPacketsPercent;
$udpPercentAll = int $udpPercent * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged UDP Events: $UDPPackets (<b>$udpPercentAll%</b>)
</span>
</td>
<td width="10"></td>
EOF
}
                                                                                                                                                                                                  
$statement8a->execute();
while ($UDPPacketsMonth = $statement8a->fetchrow) {
$udpPercentMonth = $UDPPacketsMonth / $allPacketsPercentMonth;
$udpPercentAllMonth = int $udpPercentMonth * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged UDP Events: $UDPPacketsMonth (<b>$udpPercentAllMonth%</b>)
</span>
</td>
<td width="10"></td>
EOF
}
                                                                                                                                                                                                  
$statement8b->execute();
while ($UDPPacketsYear = $statement8b->fetchrow) {
$udpPercentYear = $UDPPacketsYear / $allPacketsPercentYear;
$udpPercentAllYear = int $udpPercentYear * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged UDP Events: $UDPPacketsYear (<b>$udpPercentAllYear%</b>)
</span>
</td>
<td width="10"></td>
<tr>
EOF
}


$statement4->execute();
while ($ICMPPackets = $statement4->fetchrow) {
$icmpPercent = $ICMPPackets / $allPacketsPercent;
$icmpPercentAll = int $icmpPercent * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged ICMP Events: $ICMPPackets (<b>$icmpPercentAll%</b>)
</span>
</td>
<td width="10"</td>
EOF
}

$statement4a->execute();
while ($ICMPPacketsMonth = $statement4a->fetchrow) {
$icmpPercentMonth = $ICMPPacketsMonth / $allPacketsPercentMonth;
$icmpPercentAllMonth = int $icmpPercentMonth * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged ICMP Events: $ICMPPacketsMonth (<b>$icmpPercentAllMonth%</b>)
</span>
</td>
<td width="10"</td>
EOF
}

$statement4b->execute();
while ($ICMPPacketsYear = $statement4b->fetchrow) {
$icmpPercentYear = $ICMPPacketsYear / $allPacketsPercentYear;
$icmpPercentAllYear = int $icmpPercentYear * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged ICMP Events: $ICMPPacketsYear (<b>$icmpPercentAllYear%</b>)
</span>
</td>
<td width="10"</td>
<tr>
EOF
}
print <<EOF;
<td height="15"></td>
<tr>
<td width="250" bgcolor="#5479d8">
<span class="button">PIX IDS Log Statistics (Day: $date)</span>
</td>
<td width="10">
</td>
<td width="250" bgcolor="#5479d8">
<span class="button">PIX IDS Log Statistics (Month: $year-$month)</span>
</td>
<td width="10">
<td width="250" bgcolor="#5479d8">
<span class="button">PIX IDS Log Statistics (Year: $year)</span>
</td>
<tr>
EOF
$statement5->execute();
while ($allIDS = $statement5->fetchrow) {
$allIDSPercent = $allIDS;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged Events: $allIDS<br>
</span>
</td>
<td width="10">
</td>
EOF
}
$statement5a->execute();
while ($allIDSMonth = $statement5a->fetchrow) {
$allIDSPercentMonth = $allIDSMonth;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged Events: $allIDSMonth<br>
</span>
</td>
<td width="10">
</td>
EOF
}
$statement5b->execute();
while ($allIDSYear = $statement5b->fetchrow) {
$allIDSPercentYear = $allIDSYear;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged Events: $allIDSYear<br>
</span>
</td>
<td width="10">
</td>
<tr>
EOF
}

$statement6->execute();
while ($IPIDS = $statement6->fetchrow) {
$IPIDSPercent = $IPIDS / $allIDSPercent;
$IPIDSPercentAll = int $IPIDSPercent * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged IP Events: $IPIDS (<b>$IPIDSPercentAll%</b>)
</span>
</td>
<td width="10"</td>
EOF
}
                                                                                                                                                   
$statement6a->execute();
while ($IPIDSMonth = $statement6a->fetchrow) {
$IPIDSPercentMonth = $IPIDSMonth / $allIDSPercentMonth;
$IPIDSPercentAllMonth = int $IPIDSPercentMonth * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged IP Events: $IPIDSMonth (<b>$IPIDSPercentAllMonth%</b>)
</span>
</td>
<td width="10"</td>
EOF
}

$statement6b->execute();
while ($IPIDSYear = $statement6b->fetchrow) {
$IPIDSPercentYear = $IPIDSYear / $allIDSPercentYear;
$IPIDSPercentAllYear = int $IPIDSPercentYear * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged IP Events: $IPIDSYear (<b>$IPIDSPercentAllYear%</b>)
</span>
</td>
<td width="10"</td>
<tr>
EOF
}

$statement7->execute();
while ($ICMPIDS = $statement7->fetchrow) {
$ICMPIDSPercent = $ICMPIDS / $allIDSPercent;
$ICMPIDSPercentAll = int $ICMPIDSPercent * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged ICMP Events: $ICMPIDS (<b>$ICMPIDSPercentAll%</b>)
</span>
</td>
<td width="10"</td>
EOF
}
                                                                                                                                                   
$statement7a->execute();
while ($ICMPIDSMonth = $statement7a->fetchrow) {
$ICMPIDSPercentMonth = $ICMPIDSMonth / $allIDSPercentMonth;
$ICMPIDSPercentAllMonth = int $ICMPIDSPercentMonth * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged ICMP Events: $ICMPIDSMonth (<b>$ICMPIDSPercentAllMonth%</b>)
</span>
</td>
<td width="10"</td>
EOF
}
                                                                                                                                                   
$statement7b->execute();
while ($ICMPIDSYear = $statement7b->fetchrow) {
$ICMPIDSPercentYear = $ICMPIDSYear / $allIDSPercentYear;
$ICMPIDSPercentAllYear = int $ICMPIDSPercentYear * 100;
print <<EOF;
<td width="250" bgcolor="#d9d9d9">
<span class="main">
Number of Logged ICMP Events: $ICMPIDSYear (<b>$ICMPIDSPercentAllYear%</b>)
</span>
</td>
<td width="10"</td>
<tr>
EOF
}

print <<EOF;
</table>
<br>
<table width="50% bgcolor="#fffffff" cellpadding="0" cellspacing="0" border="0">
<tr>
<td width="100" bgcolor="#5479d8">
<span class="button">Detailed PIX IDS Log Statistics</span>
</td>
<tr>
<td width="100">
<br>
</td>
<tr>
<td width="100" bgcolor="#5479d8">
<span class="button">Protocol</span>
</td>
<td width="100" bgcolor="#5479d8">
<span class="button">Signature</span>
</td>
<td width="100" bgcolor="#5479d8">
<span class="button">Count</span>
</td>
<tr>
EOF

$statement9->execute();
while (($log_signature,$log_protocol,$ids_count) = $statement9->fetchrow) {
if ($log_protocol eq "Large") {
    $log_protocol="ICMP";
}
print <<EOF;
<td width="100" bgcolor="#d9d9d9">
<span class="main">
$log_protocol
</span>
</td>
<td width="100" bgcolor="#d9d9d9">
<span class="main">
$log_signature
</span>
</td>
<td width="100" bgcolor="#d9d9d9">
<span class="main">
$ids_count
</span>
</td>
<tr>
EOF
}

print <<EOF;
</table>
<br>
<table width="50% bgcolor="#fffffff" cellpadding="0" cellspacing="0" border="0">
<tr>
<td width="100" bgcolor="#5479d8">
<span class="button">Detailed PIX Traffic Statistics</span>
</td>
<tr>
<td width="100">
<br>
</td>
<tr>
<td width="100" bgcolor="#5479d8">
<span class="button">Protocol</span>
</td>
<td width="100" bgcolor="#5479d8">
<span class="button">Flags</span>
</td>
<td width="100" bgcolor="#5479d8">
<span class="button">Count</span>
</td>
<tr>
EOF

$statement10->execute();
while (($log_flags,$log_protocol,$traffic_count) = $statement10->fetchrow) {
print <<EOF;
<td width="100" bgcolor="#d9d9d9">
<span class="main">
$log_protocol
</span>
</td>
<td width="100" bgcolor="#d9d9d9">
<span class="main">
$log_flags
</span>
</td>
<td width="100" bgcolor="#d9d9d9">
<span class="main">
$traffic_count
</span>
</td>
<tr>
EOF
}

print <<EOF;
</table>
EOF

$db_handle->disconnect();

