Rev 790 | Blame | Last modification | View Log
<?php
/*
* firewall Eyes
* Copyright (C) 2004 Creabilis
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
*/
// ***************** CONFIGURATION *********************
// activate authentication by IP
// $IPAuthentication=true|false;
$IPAuthentication=false;
// alowed clientIP
// one line by IP
// $allowedClientIP[]="127.0.0.1";
$allowedClientIP[]="127.0.0.1";
// logfiles to parse, default is first
// you can use file path like /etc/log/messages or nfs
// or http like http://www.host.com/messages
// or ftp like ftp://user:password@ftp.host.com/messages
// $logfiles[]="/var/log/messages";
//$logfiles[]="/var/log/messages";
//$logfiles[]="/var/log/messages.1";
//$logfiles[]="/var/log/messages.2";
//$logfiles[]="/var/log/messages.3";
//$logfiles[]="/var/log/messages.4";
$folder = "/var/log/firewall";
$dossier = opendir($folder);
$index=0;
while ($Fichier = readdir($dossier)) {
$exclusion = stripos ($Fichier, '.gz');
if ($Fichier != "." && $Fichier != ".." && $Fichier != " " && $exclusion == 0) {
$index ++;
$logfiles[]=$folder . "/" . $Fichier;
} # end if
} # end while
closedir($dossier);
rsort($logfiles,SORT_STRING);
// automatic submit
// automatic reload log display just after changing a display option (search strings, resolving, ...)
// $automaticSubmit=true|false;
$automaticSubmit=true;
// default number of lines to display
$configuration["displayedLines"]=50;
// resolv ip
$configuration["resolvIp"]=false;
// resolv service
$configuration["resolvService"]=true;
// read log file from the end
$configuration["readFromTheEnd"]=true;
// exact search
$configuration["exactSearch"]=false;
// automatic refresh page every x secondes
//$configuration["automaticRefresh"]=false|true;
$configuration["automaticRefresh"]=false;
// refresh interval in seconds
$automaticRefreshInterval=10;
// column array
// syntax : name, index in regexp, width in pixels, type, toolname
// type can be ip or service or protocol, used for resolution
// to hide a column, just comment it with //
$logFields[]=Array("date","1","60",null,null);
$logFields[]=Array("heure","2","60",null,null);
$logFields[]=Array("intf","5","50",null,null);
$logFields[]=Array("source","6","150","ip","iptools");
$logFields[]=Array("destination","7","150","ip","iptools");
$logFields[]=Array("protocol","8","60","protocol",null);
$logFields[]=Array("src port","9","60",null,null);
$logFields[]=Array("dst port","10","80","service","srvtools");
$logFields[]=Array("règle","3","80",null,null);
$logFields[]=Array("action","4","80",null,null);
// ip tools
// types are command or url
// use %originalParameter% for values like ip address
// use %transformedParameter% for values like dns address
$tools["iptools"]["ping"]= array("type"=>"command", "value"=>"ping -c 5 %p1%");
$tools["iptools"]["traceroute"]=array("type"=>"command", "value"=>"traceroute %p1%");
$tools["iptools"]["DNS lookup"]= array("type"=>"command", "value"=>"host %p1%");
$tools["iptools"]["whois"]= array("type"=>"command", "value"=>"whois %p1%","precompute"=>"extractdomain");
$tools["iptools"]["nmap"]= array("type"=>"command", "value"=>"nmap %p1%");
$tools["iptools"]["HTTP Test"]= array("type"=>"url", "value"=>"http://%p1%");
// service tool
$tools["srvtools"]["ISS Port db"]= array("type"=>"url", "value"=>"http://www.iss.net/security_center/advice/Exploits/Ports/%p1%/default.htm");
$tools["srvtools"]["IANA ports"]= array("type"=>"url", "value"=>"http://www.iana.org/assignments/port-numbers");
$tools["srvtools"]["Google"]= array("type"=>"url", "value"=>"http://www.google.com/search?hl=en&q=port+%p1%");
// regExp for detecting a firewall line
$detectLine="/RULE/S";
// regExp for line parsing
$LineRegExp="/(\w+\s+\d+)\s+(\S+)\s+\S+.*RULE (\S+).+-\s+(\S+).*IN=(\S+).*SRC=(\S+)\s+DST=(\S+).*PROTO=(\S+).*SPT=(\S+).*DPT=(\S+)/S";
//line sample :
//Sep 24 18:07:35 passerelle kernel: RULE 14 -- ACCEPT IN=eth1 OUT= MAC=00:04:e2:43:1c:c4:00:0b:cd:f9:f4:42:08:00 SRC=192.168.0.1 DST=172.31.0.253 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=11059 DF PROTO=TCP SPT=1537 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
?>