Snort Statistics On-Line

Summary

\\1\\2", "\\1\\2\\3", "\\1" ); if(!isset($ip1)) { //init for the first time the page is loaded $ip1='128'; $ip2='2'; $ip3='84'; $ip4='43'; /* Change this to the IP you want to watch! */ } $Selstr="SELECT COUNT(event.cid),MIN(event.timestamp),MAX(event.timestamp) FR OM event"; $Selstr2="SELECT DISTINCT signature FROM event"; $Selstr3="SELECT ip_src0,ip_src1,ip_src2,ip_src3 FROM iphdr GROUP BY ip_src0, ip_src1,ip_src2,ip_src3"; $Selstr4="SELECT ip_dst0,ip_dst1,ip_dst2,ip_dst3 FROM iphdr GROUP BY ip_dst0, ip_dst1,ip_dst2,ip_dst3"; //details of each type of events $Selstr5="SELECT count(sid) from icmphdr"; $Selstr6="SELECT count(sid) from tcphdr"; $Selstr7="SELECT count(sid) from udphdr"; $Result=pg_exec($pg_connection,$Selstr); $Result2=pg_exec($pg_connection,$Selstr2); $Result3=pg_exec($pg_connection,$Selstr3); $Result4=pg_exec($pg_connection,$Selstr4); //details $Result5=pg_exec($pg_connection,$Selstr5); $Result6=pg_exec($pg_connection,$Selstr6); $Result7=pg_exec($pg_connection,$Selstr7); if (pg_NumRows($Result2) != 0) { $tot_sig = pg_NumRows($Result2); } else { $tot_sig = 0; } if (pg_NumRows($Result3) != 0) { $tot_dip = pg_NumRows($Result3); } else { $tot_dip = 0; } if (pg_NumRows($Result4) != 0) { $tot_sip = pg_NumRows($Result4); } else { $tot_sip = 0; } $icmp = pg_result($Result5, 0, 0); $tcp = pg_result($Result6, 0, 0); $udp = pg_result($Result7, 0, 0); if (pg_NumRows($Result) != 0) { $row = pg_fetch_row($Result,0); print "Total events: $row[0] (icmp : $icmp, udp : $udp, tcp : $tcp)
\n Timestamp begins at: $row[1]
\n Timestamp ends at: $row[2]
\n Total signatures: $tot_sig
\n Total Destination IP observed: $tot_dip
\n Total Source IP observed: $tot_sip
\n"; } else { print "Nothing Here\n"; } pg_freeresult($Result); pg_freeresult($Result2); pg_freeresult($Result3); pg_freeresult($Result4); ?>

Table Of Contents

"; echo ""; echo ""; echo ""; } else { echo "
Click to see Dest ip\n
"; echo ""; echo ""; echo ""; } echo "
Click to remove Dest ip\n
"; // $show_dest = 1; ?>
"; if(isset($show_dest)) { echo "10 mos t recent TCP probe reports"; echo "TimestampSource IPS ource PortDest IPDest PortSignature"; } else { echo "10 mos t recent TCP probe reports"; echo "TimestampSource IPS ource PortDest PortSignature"; } if (pg_NumRows($Result) != 0) { for ($i = 0; $i < pg_NumRows($Result); $i++ ) { $row = pg_fetch_row($Result,$i); $row[0]=preg_replace($pattern,$replace,$row[0]); if(isset($show_dest)) { print "$row[1]\n $row[2].$row[3].$row[4].$row[5]\n $row[10]\n $row[6].$row[7].$row[8].$row[9]\n $row[11]\n $row[0]\n"; } else { print "$row[1]\n $row[2].$row[3].$row[4].$row[5]\n $row[6]\n $row[7]\n $row[0]\n"; } } } else { if(isset($show_dest)) print "Nothing there!\ n"; else print "Nothing there!\ n"; } pg_freeresult($Result); ?> Top
"; echo ""; } else { echo ""; echo ""; } if (pg_NumRows($Result) != 0) { for ($i = 0; $i < pg_NumRows($Result); $i++ ) { $row = pg_fetch_row($Result,$i); $row[0]=preg_replace($pattern,$replace,$row[0]); if(isset($show_dest)) { print "\n \n \n \n \n \n"; } else { print "\n \n \n \n \n"; } } } else { if(isset($show_dest)) print "\ n"; else print "\ n"; } pg_freeresult($Result); ?>
10 most rec ent UDP probe reports
TimestampSource IPSource PortDest IPDest PortSignature
10 mos t recent UDP probe reports
TimestampSource IPSourc e PortDest PortSignature
$row[1]$row[2].$row[3].$row[4].$row[5]$row[10]$row[6].$row[7].$row[8].$row[9]$row[11]$row[0]
$row[1]$row[2].$row[3].$row[4].$row[5]$row[6]$row[7]$row[0]
Nothing there!
Nothing there!
Top
"; echo ""; } else { echo ""; echo ""; } if (pg_NumRows($Result) != 0) { for ($i = 0; $i < pg_NumRows($Result); $i++ ) { $row = pg_fetch_row($Result,$i); $row[0] = preg_replace($pattern,$replace,$row[0]); if(isset($show_dest)) { print "\n \n \n \n \n \n"; } else { print "\n \n \n \n \n"; } } } else { if(isset($show_dest)) print "\n"; else print "\n"; } pg_freeresult($Result); ?>
10 mos t recent ICMP probe reports
TimestampSource IPDest IPTypeCodeSignature
10 mos t recent ICMP probe reports
TimestampSource IPType< /TD>CodeSignature
$row[1]$row[2].$row[3].$row[4].$row[5]$row[6].$row[7].$row[8].$row[9]$row[10]$row[11]$row[0]
$row[1]$row[2].$row[3].$row[4].$row[5]$row[6]$row[7]$row[0]
Nothing there!
Nothing there!
Top
\n \n "; } } else { print "\n"; } pg_freeresult($Result); ?>
# of Reports on each signature
NumbersSignatureLa test Timestamp
$row[1]$row[0]$row[2]
Nothing there!
Top
\n \n \n \n \n \n"; } } else { print "\n"; } pg_freeresult($Result); ?>
From the sam e source IP with the same signature
ReportsSource IPSignatureFrequencyFirst TimestampLatest Timestamp
$row[4]$row[0].$row[1].$row[2].$row[3]$row[5]Once every $freq seconds$row[7]$row[6]
Nothing there!
Top
"; echo "Type the ip adress of a computer to see details :\n"; echo "
"; echo "."; echo "."; echo "."; echo ""; echo ""; echo "
"; //to be sure that the type is integer, so the value will be 0 if the user's inp ut is not an int $ip1 = intval($ip1); $ip2 = intval($ip2); $ip3 = intval($ip3); $ip4 = intval($ip4); if( (($ip1<=0)||($ip1>255)) || (($ip2<=0)||($ip2>255)) || (($ip3<=0)||($ip3>255)) || (($ip4<=0)||($ip4>255)) ) { echo "

ERROR

"; echo "

Please use integer between 0 and 255

"; } else { $Selstr="SELECT event.signature,MIN(event.timestamp),MAX(event.timestamp),iphdr.ip_src0,iphdr .ip_src1,iphdr.ip_src2,iphdr.ip_src3,COUNT(iphdr.cid) as total, AGE(MAX(event.timestamp), MIN(event.timestamp)) FROM event,iphdr WHERE iphdr.ip_src0 = $ip1 AND iphdr.ip_src1 = $ip2 AND iphdr.ip_src2 = $ip3 AND iph dr.ip_src3 = $ip4 AND event.sid = iphdr.sid AND event.cid=iphdr.cid GROUP BY ip hdr.ip_src0,iphdr.ip_src1,iphdr.ip_src2,iphdr.ip_src3,event.signature ORDER BY total DESC LIMIT 30"; $Result=pg_exec($pg_connection,$Selstr); } ?> " ?> \n \n \n \n \n \n"; } ?>
SCANS to the specified IP ($name)
Reportsstarted ats ource IPlast recorded timestampSignatureFrequency
$row[7]$row[1]$row[3].$row[4].$row[5].$row[6]$row[2]$row[0]Once every $freq seconds\n"; } } else { print "
Nothing there!
Top
Yen-Ming Chen
Last modified: $Date: 2000/07/25 11:34:43 $