From c9b16f494a71532bbd78e391d82e9945f84a69a9 Mon Sep 17 00:00:00 2001
From: root <root@orion.zcu.cz>
Date: Mon, 9 Jul 2012 16:19:24 +0200
Subject: [PATCH] pridelani totalScale a tak ruzne
---
...graph_HostnameServiceTypeActivityScale.php | 70 +++++++++++++++++++
..._HostnameServiceTypeActivityScale_html.php | 57 +++++++++++++++
...graph_HostnameServiceTypeActivity_html.php | 2 +-
.../wardenweb/graph_TopTargetports.php | 7 +-
.../wardenweb/graph_TypeActivityScale.php | 65 +++++++++++++++++
.../graph_TypeActivityScale_html.php | 53 ++++++++++++++
.../wardenweb/graph_TypeActivity_html.php | 2 +-
.../show_HostnameServiceTypeActivity.php | 2 +-
src/warden-server/contrib/wardenweb/stats.php | 11 +++
.../wardenweb/table_HostnameServiceType.html | 6 +-
.../wardenweb/table_HostnameServiceType.php | 2 +-
.../contrib/wardenweb/table_TopSources.html | 6 +-
.../contrib/wardenweb/table_TopSources.php | 2 +-
.../wardenweb/table_TopTargetports.html | 6 +-
.../wardenweb/table_TopTargetports.php | 2 +-
15 files changed, 278 insertions(+), 15 deletions(-)
create mode 100644 src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale.php
create mode 100644 src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale_html.php
create mode 100644 src/warden-server/contrib/wardenweb/graph_TypeActivityScale.php
create mode 100644 src/warden-server/contrib/wardenweb/graph_TypeActivityScale_html.php
diff --git a/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale.php b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale.php
new file mode 100644
index 0000000..b89d6e2
--- /dev/null
+++ b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale.php
@@ -0,0 +1,70 @@
+<?
+include("db.php");
+
+
+if(!isset($_GET['per'])){$_GET['per']="hour";}
+switch( $_GET['per']) {
+ case "hour":
+ $agg = 1;
+ break;
+ case "day":
+ $agg = 24;
+ break;
+ case "month":
+ $agg = 24*30; // -30.5 ?
+ break;
+}
+
+#sqli todo
+#selector
+if(!IsSet($_GET['where'])) {
+ $where="detected>from_unixtime(0)";
+} else {
+ $where = base64_decode($_GET['where']);
+}
+
+$query_cols = "hostname,service,type";
+
+
+
+
+
+#seznam sloupcu ve vysledku, todo dyn
+$cols=array();
+$q = "SELECT concat_ws('-',$query_cols) as col FROM events WHERE $where GROUP BY $query_cols";
+#var_dump($q);
+$res = mysql_query($q, $db);
+for($i=0; $i<mysql_num_rows($res); $i++) {
+ $tmp = mysql_fetch_assoc($res);
+# var_dump($tmp);
+ $cols[ $tmp["col"] ]=$i;
+}
+#var_dump($cols);
+#print array_keys($cols);
+$count_cols=count($cols);
+
+
+
+
+
+#select data
+$data=array();
+#casova posloupnost
+# premapuju podle staticky alokovanych sloupcu, posilam to rovnou do grafu
+$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, sum(attack_scale) as totalScale FROM events WHERE $where GROUP BY $query_cols, t;";
+#var_dump($q);
+$res = mysql_query($q, $db);
+while ($tmp = mysql_fetch_assoc($res)) {
+ #var_dump($tmp);
+ $d=array_fill(0, $count_cols, 0);
+ $d[ $cols[ $tmp["col"] ] ] = (int)$tmp["totalScale"];
+ array_unshift($d, (int)$tmp["t"]);
+ array_push($data, $d);
+}
+
+
+#print json_encode($d);
+print json_encode(array("cols"=>array_keys($cols), "data"=>$data));
+
+?>
+
diff --git a/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale_html.php b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale_html.php
new file mode 100644
index 0000000..ed4c686
--- /dev/null
+++ b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivityScale_html.php
@@ -0,0 +1,57 @@
+<? if(!isset($_GET['per'])){$_GET['per']="day";} ?>
+<html>
+ <head>
+ <script type="text/javascript" language="javascript" src="datatables/media/js/jquery.js"></script>
+ <script type="text/javascript" src="https://www.google.com/jsapi"></script>
+ <script type="text/javascript">
+ google.load("visualization", "1", {packages:["corechart"]});
+ google.setOnLoadCallback(fetchData);
+
+ function fetchData() {
+ <? #TODO: fuj
+ if(!isSet($_GET['where'])) { ?>
+ $.getJSON('graph_HostnameServiceTypeActivity.php?per=<? print $_GET['per'];?>', drawChart);
+ <? } else { ?>
+ $.getJSON('graph_HostnameServiceTypeActivity.php?per=<? print $_GET['per'];?>&where=<?print $_GET['where'];?>', drawChart);
+ <? } ?>
+ }
+
+ function drawChart(sdata) {
+ //console.log(sdata);
+ var data = new google.visualization.DataTable();
+ data.addColumn('datetime', 'Date');
+ //console.log(sdata.cols);
+ for (var i = 0; i < sdata.cols.length; i++) {
+ data.addColumn('number', sdata.cols[i]);
+ }
+
+ sdatalen=sdata.data.length;
+ if(sdatalen > 1000) {
+ alert("Too many rows:"+sdatalen);
+ sdatalen=1000;
+ }
+
+ for (var i = 0; i < sdatalen; i++) {
+ //for (var i = 0; i < 10; i++) {
+ sdata.data[i][0] = new Date(sdata.data[i][0]*1000);
+ //console.log(sdata.data[i]);
+ data.addRow(sdata.data[i]);
+ }
+ var options = {
+ vAxis: { logScale: true, title: "totalScale" },
+ interpolateNulls: true,
+ ___colors:['#008000','#ff0000','#FFA500','#FA8072','#AFEEEE','#00A5C6','#DEBDDE','#000000'],
+ chartArea: {'width': '80%', 'height': '90%'},
+ pointSize: 5
+ };
+
+ var chart = new google.visualization.LineChart(document.getElementById('chart_div'));
+ chart.draw(data, options);
+ }
+ </script>
+ </head>
+ <body>
+ <div id="chart_div" style="width: 100%; height: 95%;"></div>
+ </body>
+</html>
+
diff --git a/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivity_html.php b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivity_html.php
index a16d0e2..ef24b8d 100644
--- a/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivity_html.php
+++ b/src/warden-server/contrib/wardenweb/graph_HostnameServiceTypeActivity_html.php
@@ -38,7 +38,7 @@
data.addRow(sdata.data[i]);
}
var options = {
- vAxis: { logScale: true },
+ vAxis: { logScale: true, title: "events" },
interpolateNulls: true,
___colors:['#008000','#ff0000','#FFA500','#FA8072','#AFEEEE','#00A5C6','#DEBDDE','#000000'],
chartArea: {'width': '80%', 'height': '90%'},
diff --git a/src/warden-server/contrib/wardenweb/graph_TopTargetports.php b/src/warden-server/contrib/wardenweb/graph_TopTargetports.php
index 9833ba8..dd46337 100644
--- a/src/warden-server/contrib/wardenweb/graph_TopTargetports.php
+++ b/src/warden-server/contrib/wardenweb/graph_TopTargetports.php
@@ -9,19 +9,20 @@ include("db.php");
$cols=array();
$i=0;
$cols["target_port"]=$i++;
-$cols["count"]=$i++;
+$cols["totalScale"]=$i++;
$count_cols=count($cols);
#select data
$data=array();
-$q = "select target_port, count(*) as count from events where detected > from_unixtime(unix_timestamp(now())-3600*24*30) group by target_port order by count desc limit 300;";
+#$q = "select target_port, count(*) as count from events where detected > from_unixtime(unix_timestamp(now())-3600*24*30) group by target_port order by count desc limit 300;";
+$q = "select target_port, sum(attack_scale) as totalScale from events where detected > from_unixtime(unix_timestamp(now())-3600*24*30) group by target_port order by totalScale desc limit 300;";
#var_dump($q);
$res = mysql_query($q, $db);
while ($tmp = mysql_fetch_assoc($res)) {
#var_dump($tmp);
- array_push($data, array((int)$tmp['target_port'],(int)$tmp['count']));
+ array_push($data, array((int)$tmp['target_port'],(int)$tmp['totalScale']));
}
diff --git a/src/warden-server/contrib/wardenweb/graph_TypeActivityScale.php b/src/warden-server/contrib/wardenweb/graph_TypeActivityScale.php
new file mode 100644
index 0000000..c189c0f
--- /dev/null
+++ b/src/warden-server/contrib/wardenweb/graph_TypeActivityScale.php
@@ -0,0 +1,65 @@
+<?
+include("db.php");
+
+
+if(!isset($_GET['per'])){$_GET['per']="hour";}
+switch( $_GET['per']) {
+ case "hour":
+ $agg = 1;
+ break;
+ case "day":
+ $agg = 24;
+ break;
+ case "month":
+ $agg = 24*30; // -30.5 ?
+ break;
+}
+
+#sqli todo
+#selector
+$where="detected>from_unixtime(0)";
+$query_cols = "type";
+
+
+
+
+
+#seznam sloupcu ve vysledku, todo dyn
+$cols=array();
+$q = "SELECT concat_ws('-',$query_cols) as col FROM events WHERE $where GROUP BY $query_cols";
+#var_dump($q);
+$res = mysql_query($q, $db);
+for($i=0; $i<mysql_num_rows($res); $i++) {
+ $tmp = mysql_fetch_assoc($res);
+# var_dump($tmp);
+ $cols[ $tmp["col"] ]=$i;
+}
+#var_dump($cols);
+#print array_keys($cols);
+$count_cols=count($cols);
+
+
+
+
+
+#select data
+$data=array();
+#casova posloupnost
+# premapuju podle staticky alokovanych sloupcu, posilam to rovnou do grafu
+$q = "SELECT unix_timestamp(detected)-(unix_timestamp(detected)%(3600*$agg)) as t, concat_ws('-',$query_cols) as col, sum(attack_scale) as totalScale FROM events WHERE $where GROUP BY $query_cols, t;";
+#var_dump($q);
+$res = mysql_query($q, $db);
+while ($tmp = mysql_fetch_assoc($res)) {
+ #var_dump($tmp);
+ $d=array_fill(0, $count_cols, 0);
+ $d[ $cols[ $tmp["col"] ] ] = (int)$tmp["totalScale"];
+ array_unshift($d, (int)$tmp["t"]);
+ array_push($data, $d);
+}
+
+
+#print json_encode($d);
+print json_encode(array("cols"=>array_keys($cols), "data"=>$data));
+
+?>
+
diff --git a/src/warden-server/contrib/wardenweb/graph_TypeActivityScale_html.php b/src/warden-server/contrib/wardenweb/graph_TypeActivityScale_html.php
new file mode 100644
index 0000000..7b32c0f
--- /dev/null
+++ b/src/warden-server/contrib/wardenweb/graph_TypeActivityScale_html.php
@@ -0,0 +1,53 @@
+<? if(!isset($_GET['per'])){$_GET['per']="day";} ?>
+<html>
+ <head>
+ <script type="text/javascript" language="javascript" src="datatables/media/js/jquery.js"></script>
+ <script type="text/javascript" src="https://www.google.com/jsapi"></script>
+ <script type="text/javascript">
+ google.load("visualization", "1", {packages:["corechart"]});
+ google.setOnLoadCallback(fetchData);
+
+ function fetchData() {
+ $.getJSON('graph_TypeActivityScale.php?per=<? print $_GET['per'];?>', drawChart);
+ }
+
+ function drawChart(sdata) {
+ console.log(sdata);
+ var data = new google.visualization.DataTable();
+ data.addColumn('datetime', 'Date');
+ console.log(sdata.cols);
+ for (var i = 0; i < sdata.cols.length; i++) {
+ data.addColumn('number', sdata.cols[i]);
+ }
+
+ sdatalen=sdata.data.length;
+ if(sdatalen > 1000) {
+ alert("Too many rows:"+sdatalen);
+ sdatalen=1000;
+ }
+
+ for (var i = 0; i < sdatalen; i++) {
+ //for (var i = 0; i < 10; i++) {
+ sdata.data[i][0] = new Date(sdata.data[i][0]*1000);
+ console.log(sdata.data[i]);
+ data.addRow(sdata.data[i]);
+ }
+ var options = {
+ vAxis: { logScale: true, title: "totalScale" },
+ interpolateNulls: true,
+ ___colors:['#008000','#ff0000','#FFA500','#FA8072','#AFEEEE','#00A5C6','#DEBDDE','#000000'],
+ chartArea: {'width': '85%', 'height': '85%'},
+ legend: {'position': 'top'},
+ pointSize: 5
+ };
+
+ var chart = new google.visualization.LineChart(document.getElementById('chart_div'));
+ chart.draw(data, options);
+ }
+ </script>
+ </head>
+ <body>
+ <div id="chart_div" style="width: 100%; height: 100%;"></div>
+ </body>
+</html>
+
diff --git a/src/warden-server/contrib/wardenweb/graph_TypeActivity_html.php b/src/warden-server/contrib/wardenweb/graph_TypeActivity_html.php
index b2461a1..018fe97 100644
--- a/src/warden-server/contrib/wardenweb/graph_TypeActivity_html.php
+++ b/src/warden-server/contrib/wardenweb/graph_TypeActivity_html.php
@@ -33,7 +33,7 @@
data.addRow(sdata.data[i]);
}
var options = {
- vAxis: { logScale: true },
+ vAxis: { logScale: true, title: "events" },
interpolateNulls: true,
___colors:['#008000','#ff0000','#FFA500','#FA8072','#AFEEEE','#00A5C6','#DEBDDE','#000000'],
chartArea: {'width': '85%', 'height': '85%'},
diff --git a/src/warden-server/contrib/wardenweb/show_HostnameServiceTypeActivity.php b/src/warden-server/contrib/wardenweb/show_HostnameServiceTypeActivity.php
index 2105580..18c12cb 100644
--- a/src/warden-server/contrib/wardenweb/show_HostnameServiceTypeActivity.php
+++ b/src/warden-server/contrib/wardenweb/show_HostnameServiceTypeActivity.php
@@ -123,7 +123,7 @@ if( IsSet($_POST["btnSubmit"])) {
<?
if( IsSet($_POST["btnSubmit"]) and !empty($where)) {
- print("<iframe src=\"graph_HostnameServiceTypeActivity_html.php?per=hour&where=".base64_encode($where)."\" style=\"width:100%; height:500\"></iframe>");
+ print("<iframe src=\"graph_HostnameServiceTypeActivity_html.php?per=day&where=".base64_encode($where)."\" style=\"width:100%; height:500\"></iframe>");
}
?>
diff --git a/src/warden-server/contrib/wardenweb/stats.php b/src/warden-server/contrib/wardenweb/stats.php
index 58e27df..210f9bf 100644
--- a/src/warden-server/contrib/wardenweb/stats.php
+++ b/src/warden-server/contrib/wardenweb/stats.php
@@ -44,6 +44,17 @@ if(isset($_GET['c']))
</tr>
<tr>
+<td width="50%">
+<iframe src="graph_TypeActivityScale_html.php" style="width:100%; height:400"></iframe>
+</td>
+
+<td>
+<iframe src="graph_HostnameServiceTypeActivityScale_html.php" style="width:100%; height:400"></iframe>
+</td>
+
+</tr>
+<tr>
+
<td colspan=2>
<iframe src="table_HostnameServiceType.html" style="width:100%; height:600"></iframe>
</td>
diff --git a/src/warden-server/contrib/wardenweb/table_HostnameServiceType.html b/src/warden-server/contrib/wardenweb/table_HostnameServiceType.html
index 6e2e1f5..046876f 100644
--- a/src/warden-server/contrib/wardenweb/table_HostnameServiceType.html
+++ b/src/warden-server/contrib/wardenweb/table_HostnameServiceType.html
@@ -16,7 +16,8 @@ $(document).ready(function() {
{ "mDataProp": "hostname" },
{ "mDataProp": "service" },
{ "mDataProp": "type" },
- { "mDataProp": "count" },
+ { "mDataProp": "events" },
+ { "mDataProp": "totalScale" },
{ "mDataProp": "lastdetected" },
{ "mDataProp": "lastreceived" }
]
@@ -32,7 +33,8 @@ $(document).ready(function() {
<th>hostname</th>
<th>service</th>
<th>type</th>
- <th>count</th>
+ <th>events</th>
+ <th>totalScale</th>
<th>lastdetected</th>
<th>lastreceived</th>
</thead>
diff --git a/src/warden-server/contrib/wardenweb/table_HostnameServiceType.php b/src/warden-server/contrib/wardenweb/table_HostnameServiceType.php
index 3df0cb0..c817447 100644
--- a/src/warden-server/contrib/wardenweb/table_HostnameServiceType.php
+++ b/src/warden-server/contrib/wardenweb/table_HostnameServiceType.php
@@ -2,7 +2,7 @@
include("db.php");
-$q = "SELECT hostname,service,type,count(*) as count, max(detected) as lastdetected,max(received) as lastreceived FROM `events` group by hostname,service,type;";
+$q = "SELECT hostname,service,type,count(*) as events, sum(attack_scale) as totalScale, max(detected) as lastdetected,max(received) as lastreceived FROM `events` group by hostname,service,type;";
$res = mysql_query($q, $db);
if (mysql_num_rows($res) == 0) { die("nodata");}
diff --git a/src/warden-server/contrib/wardenweb/table_TopSources.html b/src/warden-server/contrib/wardenweb/table_TopSources.html
index 4c65de2..019764a 100644
--- a/src/warden-server/contrib/wardenweb/table_TopSources.html
+++ b/src/warden-server/contrib/wardenweb/table_TopSources.html
@@ -14,7 +14,8 @@ $(document).ready(function() {
"sAjaxSource": "table_TopSources.php",
"aoColumns": [
{ "mDataProp": "source" },
- { "mDataProp": "count" }
+ { "mDataProp": "events" },
+ { "mDataProp": "totalScale" }
]
} );
} );
@@ -26,7 +27,8 @@ $(document).ready(function() {
<table cellpadding="0" cellspacing="0" border="0" class="display" id="example" width="100%">
<thead>
<th>source</th>
- <th>count</th>
+ <th>events</th>
+ <th>totalScale</th>
</thead>
</table>
</body>
diff --git a/src/warden-server/contrib/wardenweb/table_TopSources.php b/src/warden-server/contrib/wardenweb/table_TopSources.php
index 6aa702e..ddf89db 100644
--- a/src/warden-server/contrib/wardenweb/table_TopSources.php
+++ b/src/warden-server/contrib/wardenweb/table_TopSources.php
@@ -2,7 +2,7 @@
include("db.php");
-$q = "select source, count(*) as count from events where detected > from_unixtime(unix_timestamp(now())-3600*24*30) group by source order by count desc limit 100;";
+$q = "select source, count(*) as events, sum(attack_scale) as totalScale from events where detected > from_unixtime(unix_timestamp(now())-3600*24*30) group by source order by totalScale desc limit 100;";
$res = mysql_query($q, $db);
if (mysql_num_rows($res) == 0) { die("nodata");}
diff --git a/src/warden-server/contrib/wardenweb/table_TopTargetports.html b/src/warden-server/contrib/wardenweb/table_TopTargetports.html
index c8c47c4..932241a 100644
--- a/src/warden-server/contrib/wardenweb/table_TopTargetports.html
+++ b/src/warden-server/contrib/wardenweb/table_TopTargetports.html
@@ -14,7 +14,8 @@ $(document).ready(function() {
"sAjaxSource": "table_TopTargetports.php",
"aoColumns": [
{ "mDataProp": "target_port" },
- { "mDataProp": "count" }
+ { "mDataProp": "events" },
+ { "mDataProp": "totalScale" }
]
} );
} );
@@ -26,7 +27,8 @@ $(document).ready(function() {
<table cellpadding="0" cellspacing="0" border="0" class="display" id="example" width="100%">
<thead>
<th>target_port</th>
- <th>count</th>
+ <th>events</th>
+ <th>totalScale</th>
</thead>
</table>
</body>
diff --git a/src/warden-server/contrib/wardenweb/table_TopTargetports.php b/src/warden-server/contrib/wardenweb/table_TopTargetports.php
index ce7d694..4de3b74 100644
--- a/src/warden-server/contrib/wardenweb/table_TopTargetports.php
+++ b/src/warden-server/contrib/wardenweb/table_TopTargetports.php
@@ -2,7 +2,7 @@
include("db.php");
-$q = "select target_port, count(*) as count from events where detected > from_unixtime(unix_timestamp(now())-3600*24*30) group by target_port order by count desc limit 300;";
+$q = "select target_port, count(*) as events, sum(attack_scale) as totalScale from events where detected > from_unixtime(unix_timestamp(now())-3600*24*30) group by target_port order by totalScale desc limit 300;";
$res = mysql_query($q, $db);
if (mysql_num_rows($res) == 0) { die("nodata");}
--
GitLab