1<?php 2 3// Pandora FMS - http://pandorafms.com 4// ================================================== 5// Copyright (c) 2005-2011 Artica Soluciones Tecnologicas 6// Please see http://pandorafms.org for full contribution list 7 8// This program is free software; you can redistribute it and/or 9// modify it under the terms of the GNU General Public License 10// as published by the Free Software Foundation; version 2 11 12// This program is distributed in the hope that it will be useful, 13// but WITHOUT ANY WARRANTY; without even the implied warranty of 14// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15// GNU General Public License for more details. 16 17 18global $config; 19 20require_once ($config["homedir"] . '/include/functions_graph.php'); 21 22check_login (); 23 24$enterprise_include = enterprise_include_once('godmode/admin_access_logs.php'); 25 26if (! check_acl ($config['id_user'], 0, "PM")) { 27 db_pandora_audit( "ACL Violation", 28 "Trying to access event viewer"); 29 require ("general/noaccess.php"); 30 exit; 31} 32 33ui_print_page_header (__('Pandora audit')." » ".__('Review Logs'), "images/gm_log.png", false, "", true ); 34 35$offset = get_parameter ("offset", 0); 36$tipo_log = get_parameter ("tipo_log", 'all'); 37$user_filter = get_parameter('user_filter', 'all'); 38$filter_text = get_parameter('filter_text', ''); 39$filter_hours_old = get_parameter('filter_hours_old', 24); 40$filter_ip = get_parameter('filter_ip', ''); 41 42echo "<table width='100%' border='0' cellspacing='4' cellpadding='4' class='databox filters'>"; 43echo '<tr><td class="datost">'; 44echo '<div style="float: left; width: 400px;">'; 45echo '<b>'.__('Filter').'</b><br><br>'; 46 47$rows = db_get_all_rows_sql ("SELECT DISTINCT(accion) 48 FROM tsesion"); 49if (empty ($rows)) { 50 $rows = array (); 51} 52$actions = array (); 53 54foreach ($rows as $row) { 55 $actions[$row["accion"]] = $row["accion"]; 56} 57echo '<form name="query_sel" method="post" action="index.php?sec=glog&sec2=godmode/admin_access_logs">'; 58$table = null; 59$table->width = '100%'; 60$table->data = array(); 61$table->data[0][0] = __('Action'); 62$table->data[0][1] = html_print_select ($actions, 'tipo_log', $tipo_log, '', __('All'), 'all', true); 63$table->data[1][0] = __('User'); 64$table->data[1][1] = html_print_select_from_sql('SELECT id_user, id_user AS text FROM tusuario', 'user_filter', $user_filter, '', __('All'), 'all', true); 65$table->data[2][0] = __('Free text for search (*)'); 66$table->data[2][1] = html_print_input_text('filter_text', $filter_text, __('Free text for search (*)'), 20, 40, true); 67$table->data[3][0] = __('Max. hours old'); 68$table->data[3][1] = html_print_input_text('filter_hours_old', $filter_hours_old, __('Max. hours old'), 3, 6, true); 69$table->data[4][0] = __('IP'); 70$table->data[4][1] = html_print_input_text('filter_ip', $filter_ip, __('IP'), 15, 15, true); 71$table->data[5][0] = ''; 72$table->data[5][1] = html_print_submit_button(__('Filter'), 'filter', false, 'class="sub search" style="float: right;"', true); 73html_print_table($table); 74echo '</form>'; 75echo '</div>'; 76echo '<div style="float: right; width: 300px;">'; 77 78echo graphic_user_activity(300, 140); 79 80echo '</div>'; 81echo '<div style="clear:both;"> </div>'; 82echo '</td></tr></table>'; 83 84 85 86$filter = 'WHERE 1 = 1'; 87 88if ($tipo_log != 'all') { 89 $filter .= sprintf (" AND accion = '%s'", $tipo_log); 90} 91switch ($config['dbtype']) { 92 case "mysql": 93 if ($user_filter != 'all') { 94 $filter .= sprintf(' AND id_usuario = "%s"', $user_filter); 95 } 96 97 $filter .= ' AND (accion LIKE "%' . $filter_text . '%" OR descripcion LIKE "%' . $filter_text . '%")'; 98 99 if ($filter_ip != '') { 100 $filter .= sprintf(' AND ip_origen LIKE "%s"', $filter_ip); 101 } 102 break; 103 case "postgresql": 104 case "oracle": 105 if ($user_filter != 'all') { 106 $filter .= sprintf(' AND id_usuario = \'%s\'', $user_filter); 107 } 108 109 $filter .= ' AND (accion LIKE \'%' . $filter_text . '%\' OR descripcion LIKE \'%' . $filter_text . '%\')'; 110 111 if ($filter_ip != '') { 112 $filter .= sprintf(' AND ip_origen LIKE \'%s\'', $filter_ip); 113 } 114 break; 115} 116 117if ($filter_hours_old != 0) { 118 switch ($config["dbtype"]) { 119 case "mysql": 120 $filter .= ' AND fecha >= DATE_ADD(NOW(), INTERVAL -' . $filter_hours_old . ' HOUR)'; 121 break; 122 case "postgresql": 123 $filter .= ' AND fecha >= NOW() - INTERVAL \'' . $filter_hours_old . ' HOUR \''; 124 break; 125 case "oracle": 126 $filter .= ' AND fecha >= (SYSTIMESTAMP - INTERVAL \'' . $filter_hours_old . '\' HOUR)'; 127 break; 128 } 129} 130 131$sql = "SELECT COUNT(*) FROM tsesion " . $filter; 132$count = db_get_sql ($sql); 133$url = "index.php?sec=godmode&sec2=godmode/admin_access_logs&tipo_log=".$tipo_log."&user_filter=".$user_filter."&filter_text=".$filter_text."&filter_hours_old=".$filter_hours_old."&filter_ip=".$filter_ip; 134 135ui_pagination ($count, $url); 136 137switch ($config["dbtype"]) { 138 case "mysql": 139 $sql = sprintf ("SELECT * 140 FROM tsesion 141 %s 142 ORDER BY fecha DESC 143 LIMIT %d, %d", $filter, $offset, $config["block_size"]); 144 break; 145 case "postgresql": 146 $sql = sprintf ("SELECT * 147 FROM tsesion 148 %s 149 ORDER BY fecha DESC 150 LIMIT %d OFFSET %d", $filter, $config["block_size"], $offset); 151 break; 152 case "oracle": 153 $set = array(); 154 $set['limit'] = $config["block_size"]; 155 $set['offset'] = $offset; 156 $sql = sprintf ("SELECT * 157 FROM tsesion 158 %s 159 ORDER BY fecha DESC", $filter); 160 $result = oracle_recode_query ($sql, $set); 161 break; 162} 163 164$result = db_get_all_rows_sql ($sql); 165 166// Delete rnum row generated by oracle_recode_query() function 167if (($config["dbtype"] == 'oracle') && ($result !== false)) { 168 for ($i=0; $i < count($result); $i++) { 169 unset($result[$i]['rnum']); 170 } 171} 172 173if (empty ($result)) { 174 $result = array (); 175} 176 177$table = new stdClass(); 178$table->cellpadding = 4; 179$table->cellspacing = 4; 180$table->width = '100%'; 181$table->class = "databox data"; 182$table->size = array (); 183$table->data = array (); 184$table->head = array (); 185$table->align = array(); 186$table->rowclass = array(); 187 188$table->head[0] = __('User'); 189$table->head[1] = __('Action'); 190$table->head[2] = __('Date'); 191$table->head[3] = __('Source IP'); 192$table->head[4] = __('Comments'); 193if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 194 $table->head[5] = enterprise_hook('tableHeadEnterpriseAudit', array('title1')); 195} 196 197if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 198 $table->head[6] = enterprise_hook('tableHeadEnterpriseAudit', array('title2')); 199} 200 201$table->size[0] = 80; 202$table->size[2] = 130; 203$table->size[3] = 100; 204$table->size[4] = 200; 205if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 206 $table->size[5] = enterprise_hook('tableHeadEnterpriseAudit', array('size1')); 207} 208if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 209 $table->size[6] = enterprise_hook('tableHeadEnterpriseAudit', array('size2')); 210} 211 212 213if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 214 $table->align[5] = enterprise_hook('tableHeadEnterpriseAudit', array('align')); 215} 216if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 217 $table->align[6] = enterprise_hook('tableHeadEnterpriseAudit', array('align2')); 218} 219 220$table->colspan = array(); 221$table->rowstyle = array(); 222 223 224$rowPair = true; 225$iterator = 0; 226 227// Get data 228foreach ($result as $row) { 229 if ($rowPair) 230 $table->rowclass[$iterator] = 'rowPair'; 231 else 232 $table->rowclass[$iterator] = 'rowOdd'; 233 $rowPair = !$rowPair; 234 $iterator++; 235 236 $data = array (); 237 switch ($config['dbtype']) { 238 case "mysql": 239 case "postgresql": 240 $data[0] = $row["id_usuario"]; 241 break; 242 case "oracle": 243 $data[0] = $row["id_usuario"]; 244 break; 245 } 246 $data[1] = ui_print_session_action_icon ($row['accion'], true); 247 $data[1] .= $row["accion"]; 248 $data[2] = ui_print_help_tip($row['fecha'], true) . human_time_comparation($row['utimestamp']); 249 switch ($config['dbtype']) { 250 case "mysql": 251 case "postgresql": 252 $data[3] = $row["ip_origen"]; 253 break; 254 case "oracle": 255 $data[3] = $row["ip_origen"]; 256 break; 257 } 258 $data[4] = io_safe_output($row["descripcion"]); 259 if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 260 switch ($config['dbtype']) { 261 case "mysql": 262 case "postgresql": 263 $data[5] = enterprise_hook('cell1EntepriseAudit', array($row['id_sesion'])); 264 break; 265 case "oracle": 266 $data[5] = enterprise_hook('cell1EntepriseAudit', array($row['id_sesion'])); 267 break; 268 } 269 } 270 if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 271 switch ($config['dbtype']) { 272 case "mysql": 273 case "postgresql": 274 $data[6] = enterprise_hook('cell2EntepriseAudit', array($row['id_sesion'])); 275 break; 276 case "oracle": 277 $data[6] = enterprise_hook('cell2EntepriseAudit', array($row['id_sesion'])); 278 break; 279 } 280 } 281 array_push ($table->data, $data); 282 283 284 if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 285 switch ($config['dbtype']) { 286 case "mysql": 287 case "postgresql": 288 rowEnterpriseAudit($table, $iterator, $row['id_sesion']); 289 break; 290 case "oracle": 291 rowEnterpriseAudit($table, $iterator, $row['id_sesion']); 292 break; 293 } 294 } 295} 296 297html_print_table ($table); 298 299echo '<div style="width: '.$table->width.'" class="action-buttons">'; 300echo '<a href="' . 301 ui_get_full_url(false, false, false, false) . 'godmode/audit_log_csv.php?tipo_log='.$tipo_log.'&user_filter='.$user_filter.'&filter_text='.$filter_text.'&filter_hours_old='.$filter_hours_old.'&filter_ip='.$filter_ip.'"'. 302 'target="_new">' . 303 html_print_button (__('Export to CSV '), 'export_csv', false, '', 'class=sub upd', true, false). '</a>'; 304echo '</div>'; 305 306if ($enterprise_include !== ENTERPRISE_NOT_HOOK) { 307 enterprise_hook('enterpriseAuditFooter'); 308} 309?> 310