#!/usr/bin/perl
#
# PIX Logging Architecture
# [ Kristof Philipsen ]
#
# This file is part of PIX Logging Architecture
#
# PIX Logging Architecture is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# PIX Logging Architecture is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Foobar; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

                                                                                                                                                                                                  
use DBI;
use CGI;
                                                                                                                                                                                                  
#
# include configuration
#
require "conf.pl";      # General Configuration
require "subs.pl";      # Subroutines
                                                                                                                                                                                                  
#
# Make Database Connection
#
db_connect();
                                                                                                                                                                                                  
#
# Get CGI Parameters
#
$query = new CGI;
$id = $query->param("id");
$datetime = $query->param("date");
($date,$time) = split(" ",$datetime);
                                                                                                                                                                                                  
#
# HTML SECTION
#
printtitle();
                                                                                                                                                                                                  
print <<EOF;
<span class='titlehead'><b>PIX Traffic Logs > $date > Log ID: $id</b></span>
<br><br>
EOF
$getidall = "SELECT log_resource, log_action, log_message, log_time, log_protocol, log_src_ip, log_src_pt, log_dst_ip, log_dst_pt, log_flags FROM traffic_log WHERE log_id = \"$id\"";
$statement2 = $db_handle->prepare($getidall) or die "Couldn't prepare query '$getidall': $DBI::errstr\n";
$statement2->execute();
while (($log_resource,$log_action,$log_message,$log_time,$log_protocol,$log_src_ip,$log_src_pt,$log_dst_ip,$log_dst_pt,$log_flags) = $statement2->fetchrow) {
my ($name, $altnames,$addrtype,$len,$packaddr,@bytes);
$log_src_ip =~ s/^\s+|\s+$//g; 
@bytes = split (/\./, $log_src_ip);
$packaddr = pack ("C4", @bytes);
if (!(($name, $altnames, $addrtype, $len, @addrlist) =gethostbyaddr ($packaddr, 2))) {
    $host_src_ip = "0";
}else{
    $host_src_ip = $name;
}
$log_dst_ip =~ s/^\s+|\s+$//g;
@bytes = split (/\./, $log_dst_ip);
$packaddr = pack ("C4", @bytes);
if (!(($name, $altnames, $addrtype, $len, @addrlist) =gethostbyaddr ($packaddr, 2))) {
    $host_dst_ip = "0";
}else{
    $host_dst_ip = $name;
}
$src_pt_name=getservbyport($log_src_pt,'tcp');
$dst_pt_name=getservbyport($log_dst_pt,'tcp');
print <<EOF;
<table width="70% bgcolor="#fffffff" cellpadding="0" cellspacing="0" border="0">
<td width="150" bgcolor="#5479d8">
<span class="button">General Log Details</span>
</td>
<tr>
<td width="150">
<span class="main">
Logging Resource:
</span>
</td>
<td>
<span class="main">
$log_resource
</span>
</td>
<tr>
<td width="150">
<span class="main">
Logging Date/Time:
</span>
</td>
<td>
<span class="main">
$log_time
</span>
</td>
<tr>
<td width="150">
<span class="main">
PIX Logging ID:
</span>
</td>
<td>
<span class="main">
$log_message
</span>
</td>
<tr>
<td width="150">
<span class="main">
Traffic Protocol:
</span>
</td>
<td>
<span class="main">
$log_protocol (Flags: $log_flags)
</span>
</td>
<tr>
<td width="150">
<span class="main">
Traffic Action:
</span>
</td>
<td>
<span class="main">
$log_action
</span>
</td>
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
<td width="150" bgcolor="#5479d8">
<span class="button">Specific Log Details</span>
</td>
<tr>
<td width="150">
<span class="main">
Source IP:
</span>
</td>
<td>
<span class="main">
$log_src_ip 
EOF
if ($host_src_ip ne "0") {
   print "(<i>$host_src_ip</i>)";
}
print <<EOF;
&nbsp;[ <a href="src-whois?ip=$log_src_ip"><span class="bodylink">whois</span></a> ]
</span>
</td>
EOF
if (($log_protocol eq "TCP") || ($log_protocol eq "UDP")) {
print <<EOF;
<tr>
<td width="150">
<span class="main">
Source Port:
</span>
</td>
<td>
<span class="main">
$log_src_pt
EOF
if ($src_pt_name ne "") {
   print "(<i>$src_pt_name</i>)";
}
print <<EOF;
</span>
</td>
EOF
}
print <<EOF;
<tr>
<td width="150">
<span class="main">
Dest. IP:
</span>
</td>
<td>
<span class="main">
$log_dst_ip 
EOF
if ($host_dst_ip ne "0") {
   print "(<i>$host_dst_ip</i>)";
}
print <<EOF;
&nbsp;[ <a href="src-whois?ip=$log_dst_ip"><span class="bodylink">whois</span></a> ]
</span>
</td>
EOF
if (($log_protocol eq "TCP") || ($log_protocol eq "UDP")) {
print <<EOF;
<tr>
<td width="150">
<span class="main">
Dest. Port:
</span>
</td>
<td>
<span class="main">
$log_dst_pt
EOF
if ($dst_pt_name ne "") {
   print "(<i>$dst_pt_name</i>)";
}
print <<EOF;

</span>
</td>
EOF
}
print <<EOF;
<tr>
<td width="150">
<span class="main">
<br>
</span>
</td>
<td>
<span class="main">
<br>
</span>
</td>
<tr>
<td width="150" bgcolor="#5479d8">
<span class="button">Database Matches</span>
</td>
<tr>
EOF
if (($log_protocol eq "TCP") || ($log_protocol eq "UDP")) {
$dbMatch1="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_src_pt LIKE \"$log_src_pt\" and log_dst_ip LIKE  \"$log_dst_ip\" and log_dst_pt LIKE \"$log_dst_pt\" ";
$dbMatch1_bis = $db_handle->prepare($dbMatch1);
$dbMatch1_bis->execute();
while ($dbMatch1_result = $dbMatch1_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip&src_pt=$log_src_pt&dst_ip=$log_dst_ip&dst_pt=$log_dst_pt"><span class="bodylink">$dbMatch1_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) from SOURCE PORT ($log_src_pt) to DEST IP ($log_dst_ip) on DEST PORT ($log_dst_pt).
</span>
</td>
<tr>
EOF
$dbMatch2="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_src_pt LIKE \"$log_src_pt\" and log_dst_ip LIKE  \"$log_dst_ip\" ";
$dbMatch2_bis = $db_handle->prepare($dbMatch2);
$dbMatch2_bis->execute();
while ($dbMatch2_result = $dbMatch2_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip&src_pt=$log_src_pt&dst_ip=$log_dst_ip"><span class="bodylink">$dbMatch2_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) from SOURCE PORT ($log_src_pt) to DEST IP ($log_dst_ip) on ANY PORT.
</span>
</td>
<tr>
EOF
$dbMatch3="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_src_pt LIKE \"$log_src_pt\" ";
$dbMatch3_bis = $db_handle->prepare($dbMatch3);
$dbMatch3_bis->execute();
while ($dbMatch3_result = $dbMatch3_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip&src_pt=$log_src_pt"><span class="bodylink">$dbMatch3_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) from SOURCE PORT ($log_src_pt) to ANY IP on ANY PORT.
</span>
</td>
<tr>
EOF
$dbMatch4="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_dst_ip LIKE \"$log_dst_ip\"  and log_dst_pt LIKE \"$log_dst_pt\"";
$dbMatch4_bis = $db_handle->prepare($dbMatch4);
$dbMatch4_bis->execute();
while ($dbMatch4_result = $dbMatch4_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip&dst_ip=$log_dst_ip&dst_pt=$log_dst_pt"><span class="bodylink">$dbMatch4_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) from ANY PORT to DEST IP ($log_dst_ip) on DEST PORT ($log_dst_pt).
</span>
</td>
<tr>
EOF
$dbMatch5="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" ";
$dbMatch5_bis = $db_handle->prepare($dbMatch5);
$dbMatch5_bis->execute();
while ($dbMatch5_result = $dbMatch5_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip"><span class="bodylink">$dbMatch5_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) from ANY PORT to ANY IP on ANY PORT.
</span>
</td>
<tr>
EOF

$dbMatch6="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_src_pt LIKE \"$log_src_pt\" and log_dst_pt LIKE  \"$log_dst_pt\"";
$dbMatch6_bis = $db_handle->prepare($dbMatch6);
$dbMatch6_bis->execute();
while ($dbMatch6_result = $dbMatch6_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip&src_pt=$log_src_pt&dst_pt=$log_dst_pt"><span class="bodylink">$dbMatch6_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) from SOURCE PORT ($log_src_pt) to ANY on DEST PORT ($log_dst_pt).
</span>
</td>
<tr>
EOF

$dbMatch7="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_dst_ip LIKE  \"$log_dst_ip\"";
$dbMatch7_bis = $db_handle->prepare($dbMatch7);
$dbMatch7_bis->execute();
while ($dbMatch7_result = $dbMatch7_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip&dst_ip=$log_dst_ip"><span class="bodylink">$dbMatch7_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) from ANY PORT to DEST IP ($log_dst_ip) on ANY PORT.
</span>
</td>
<tr>
EOF

$dbMatch8="SELECT count(*) FROM traffic_log WHERE log_dst_ip LIKE \"$log_dst_ip\" and log_dst_pt LIKE  \"$log_dst_pt\"";
$dbMatch8_bis = $db_handle->prepare($dbMatch8);
$dbMatch8_bis->execute();
while ($dbMatch8_result = $dbMatch8_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?dst_ip=$log_dst_ip&dst_pt=$log_dst_pt"><span class="bodylink">$dbMatch8_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For ANY IP from ANY PORT to DEST IP ($log_dst_ip) on DEST PORT ($log_dst_pt).
</span>
</td>
<tr>
EOF

$dbMatch9="SELECT count(*) FROM traffic_log WHERE log_src_pt LIKE \"$log_src_pt\" and log_dst_ip LIKE \"$log_dst_ip\" and log_dst_pt LIKE  \"$log_dst_pt\"";
$dbMatch9_bis = $db_handle->prepare($dbMatch9);
$dbMatch9_bis->execute();
while ($dbMatch9_result = $dbMatch9_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_pt=$log_src_pt&dst_ip=$log_dst_ip&dst_pt=$log_dst_pt"><span class="bodylink">$dbMatch9_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For ANY IP from SOURCE PORT ($log_src_pt) to DEST IP ($log_dst_ip) on DEST PORT ($log_dst_pt).
</span>
</td>
<tr>
EOF

$dbMatch10="SELECT count(*) FROM traffic_log WHERE log_src_pt LIKE \"$log_src_pt\" and log_dst_pt LIKE  \"$log_dst_pt\"";
$dbMatch10_bis = $db_handle->prepare($dbMatch10);
$dbMatch10_bis->execute();
while ($dbMatch10_result = $dbMatch10_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_pt=$log_src_pt&dst_pt=$log_dst_pt"><span class="bodylink">$dbMatch10_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For ANY IP from SOURCE PORT ($log_src_pt) to ANY IP on DEST PORT ($log_dst_pt).
</span>
</td>
<tr>
EOF
}
if ($log_protocol eq "ICMP") {
$dbMatch1="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" and log_dst_ip LIKE  \"$log_dst_ip\" ";
$dbMatch1_bis = $db_handle->prepare($dbMatch1);
$dbMatch1_bis->execute();
while ($dbMatch1_result = $dbMatch1_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip&dst_ip=$log_dst_ip"><span class="bodylink">$dbMatch1_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) to DEST IP ($log_dst_ip).
</span>
</td>
<tr>
EOF
$dbMatch2="SELECT count(*) FROM traffic_log WHERE log_src_ip LIKE \"$log_src_ip\" ";
$dbMatch2_bis = $db_handle->prepare($dbMatch2);
$dbMatch2_bis->execute();
while ($dbMatch2_result = $dbMatch2_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?src_ip=$log_src_ip"><span class="bodylink">$dbMatch2_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For SOURCE IP ($log_src_ip) to ANY IP.
</span>
</td>
<tr>
EOF
$dbMatch3="SELECT count(*) FROM traffic_log WHERE log_dst_ip LIKE \"$log_dst_ip\" ";
$dbMatch3_bis = $db_handle->prepare($dbMatch3);
$dbMatch3_bis->execute();
while ($dbMatch3_result = $dbMatch3_bis->fetchrow) {
print <<EOF;
<td width="150">
<span class="main">
Matches: <a href="./pix_search_result_traffic?dst_ip=$log_dst_ip"><span class="bodylink">$dbMatch3_result</span></a>
</span>
</td>
EOF
}
print <<EOF;
<td>
<span class="main">
For ANY IP to DEST IP ($log_dst_ip).
</span>
</td>
<tr>
EOF


}
print <<EOF;
</table>
<br><br>
<a href="./pix_event_id_add?id=$id&type=traffic"><span class="bodylink">Relate this PIX Log ID to an incident.</span></a>
EOF
}
$db_handle->disconnect();

