Regle : filtrage des logs de proxy sur les hotes reconnus

par **elarifr** » 17 Juil 2004 22:15

j'ai commancé à bosser sur une solution de filtrage des log du proxy pour en eliminer les hotes sûrs ou authorisés et donc ne pas avoir à se poser de question trops de questions.....

je suis parti sur la base d'un ajout via une interface web (à la maniere Edition des Hosts) de la liste de sites connus (ip ou siteconnu.com) dont on ne veut pas tenir compte dans les logs

a partir de cette listes de sites trustés, à l'affichage les log du proxy concernant ces sites ne sont pas affichés ce qui reduit les log à voir et contrôler. j'ai prevu un choix filtrage actif ou non et la possibiltée sur chaque ligne de log d'ajouter l'hote dans la liste trustable.

avant de continuer plus avant je voulais savoir
- si il n'y a pas déjà une solution de ce type permettant un filtrage des log ?
- si ca semble interressant à developper ?

par **Franck78** » 17 Juil 2004 22:58

Il y a l'expression régulière absolument imbitable pour filtrer les logs. Si ton complément est fait justement pour l'éditer, c'est bien.

Si c'est correctement intégré dans la page cgi log de squid (je verrais bien un simple bouton à coté de l'expression "EDIT") tu pourrais soumettre ça à Gesp qui le soumettrait à son tour à Mark.

C'est à la fois trop petit pour justifier une entrée dans les menus et sans doute utile ! En plus ca ne touche pas à la stabilité de ipcop.

par **elarifr** » 18 Juil 2004 14:34

ce que t'appelle l'exp reguliere c'est le filtre existant pour les images gif | jpeg etc.... en haut de la page de proxylog.dat ? a savoir [.](gif|jpeg|jpg|png|css|js)$

c'est en effet une solution à laquelle je pensais en concatenant la liste des hosts surs
mais je ne sais pas si je ne risque pas d'avoir un pbr de taille genre limité à 256 octets pour l'expression ?

en fait je pense plutot à lire le fichier -> tableau et effectuer une comparaison sur chaque ligne à l'affichage.

sinon je ne vois pas le bouton edit dont tu parles ? mais c'est vrai qu'un simple bouton edition dans la page "journaux de serveur mandataire" serais plus efficace avec un second select pour appliquer ou non le filtrage etendu

j'ai egalement prevu de classer les hosts par tres surs / surs / moyen plus / moyen ce qui permettrais d'avoir un niveau de log + ou - detailles

les tres sur par exemple les dns, tes sites persos, les serveurs mail...

elari

par **elarifr** » 19 Juil 2004 15:01

voila le debut ....

fichier hoststrusted.conf a placer dans /var/ipcop/main chmod 755
(ca devrais être 644 proprio/group nobody mais ca marches pas donc 755 proprio root)

Code: Tout sélectionner: 0,ixus.net,for fun,4 1,ipcop.org,,4

maj 12 Aug 2004 - need to use .conf ext since using readhash

par **elarifr** » 19 Juil 2004 15:08

j'ai decide de ne pas modifer le header.pl donc normalement pas de menu d'appel direct à l'edition des hosts surs.

on y accederas donc par le journal de log mandataire qui paase en argument l'adresse choisie
ca serais sympa si qqun peut m'ecrire l'exp reg pour tronquer et ne garder que le domaine ....

toutefois pour ceux qui en ont envie, un appel direct peux être ajouté dans /var/ipcop/header.pl

aprés

Code: Tout sélectionner: ### Initialize language if ($language =~ /^(\w+)$/) {$language = $1;} require "${swroot}/langs/en.pl"; require "${swroot}/langs/${language}.pl";

ajouter

Code: Tout sélectionner: #elari to be moved to main language files $tr{'edit hosts trusted'} = "Configuration trusted hosts"; $tr{'host trusted configuration'} = "Trusted host";

et aprés

Code: Tout sélectionner: [ $tr{'log summary'} , '/cgi-bin/logs.cgi/summary.dat', "IPCop $tr{'log summary'}" ],

ajouter

Code: Tout sélectionner: [ $tr{'edit hosts trusted'} , '/cgi-bin/hoststrusted.cgi', "IPCop $tr{'host trusted configuration'}" ],

il y a dans ce cas des pbr d'affichage /decalage du menu javascript vers le bas mais ca reste utilisable tel que....
je n'ai pas prevu de corriger car sans réél utilité

par **elarifr** » 19 Juil 2004 15:12

Modifier ou remplacer proxylog.dat dans /home/http/cgi-bin/logs.cgi par le code ci dessous

proxylog.dat.2o0719-22h22.public
proxylog.dat.2o0720-23h15.public le filtre etait applique en ordre inverse du menu

Code: Tout sélectionner: #!/usr/bin/perl # # SmoothWall CGIs # # This code is distributed under the terms of the GPL # # (c) The SmoothWall Team # # $Id: proxylog.dat,v 1.4.2.3 2004/04/17 16:23:03 eoberlander Exp $ # require '/var/ipcop/header.pl'; my %cgiparams; my %logsettings; my %ips; my %save; my %selected; my %checked; my @log; my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ); my @longmonths = ( $tr{'january'}, $tr{'february'}, $tr{'march'}, $tr{'april'}, $tr{'may'}, $tr{'june'}, $tr{'july'}, $tr{'august'}, $tr{'september'}, $tr{'october'}, $tr{'november'}, $tr{'december'} ); my @now = localtime(); my $dow = $now[6]; my $doy = $now[7]; my $tdoy = $now[7]; my $year = $now[5]+1900; $cgiparams{'DAY'} = $now[3]; $cgiparams{'MONTH'} = $now[4]; $cgiparams{'SOURCE_IP'} = 'ALL'; $cgiparams{'FILTER'} = "[.](gif|jpeg|jpg|png|css|js)\$"; $cgiparams{'ENABLE_FILTER'} = 'off'; $cgiparams{'ACTION'} = ''; #Elari #$cgiparams{'ENABLE_FILTERTRUST'} = 'off'; $cgiparams{'DOMAINTRUSTLEVEL'} = '3'; $tr{'edithoststrusted'} = "Edit Trusted Hosts"; $tr{'enable hosts trusted'} = "Enable Filter Trusted Hosts"; #following translation are same as in hoststrusted.cgi and must be moved to language file $tr{'host trust level'} = "Trust level"; $tr{'host trust level0'} = "Not applied"; $tr{'host trust level1'} = "Lowest"; $tr{'host trust level2'} = "Low"; $tr{'host trust level3'} = "Medium"; $tr{'host trust level4'} = "High"; $tr{'host trust level5'} = "Highest"; my %hoststrustedhash; &readhash("${swroot}/main/hoststrusted.conf", \%hoststrustedhash); #print $hoststrustedhash{'1'}; #print $hoststrustedhash{'2'}; #print $hoststrustedhash{'3'}; #print $hoststrustedhash{'4'}; #print $hoststrustedhash{'5'}; #finally using write & readhash is easiest :) #my $id = 1; #while ($id <= 5 ) { # my $filetrust = "//etc/hoststrusted$id"; # open(FILE, "$filetrust") or die 'Unable to open config file.'; # my @hoststrusted = <FILE>; # print @hoststrusted; # close(FILE); # $id++; #} #Elari &getcgihash(\%cgiparams); $logsettings{'LOGVIEW_REVERSE'} = 'off'; &readhash("${swroot}/logging/settings", \%logsettings); if ($cgiparams{'ACTION'} eq '') { $cgiparams{'ENABLE_FILTER'} = 'on'; } if ($cgiparams{'ACTION'} eq $tr{'restore defaults'}) { $cgiparams{'FILTER'} = "[.](gif|jpeg|jpg|png|css|js)\$"; $cgiparams{'ENABLE_FILTER'} = 'off'; } $save{'FILTER'} = $cgiparams{'FILTER'}; $save{'ENABLE_FILTER'} = $cgiparams{'ENABLE_FILTER'}; &writehash("${swroot}/proxy/viewersettings", \%save); &readhash("${swroot}/proxy/viewersettings", \%save); my $start = -1; if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $tr{'update'}) { my @temp = split(',',$ENV{'QUERY_STRING'}); $start = $temp[0]; $cgiparams{'MONTH'} = $temp[1]; $cgiparams{'DAY'} = $temp[2]; $cgiparams{'SOURCE_IP'} = $temp[3]; } if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) { $cgiparams{'DAY'} = $now[3]; $cgiparams{'MONTH'} = $now[4]; } elsif($cgiparams{'ACTION'} eq '>>') { my @temp_then; my @temp_now = localtime(time); $temp_now[4] = $cgiparams{'MONTH'}; $temp_now[3] = $cgiparams{'DAY'}; @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); ## Retrieve the same time on the next day - ## 86400 seconds in a day $cgiparams{'MONTH'} = $temp_then[4]; $cgiparams{'DAY'} = $temp_then[3]; } elsif($cgiparams{'ACTION'} eq '<<') { my @temp_then; my @temp_now = localtime(time); $temp_now[4] = $cgiparams{'MONTH'}; $temp_now[3] = $cgiparams{'DAY'}; @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); ## Retrieve the same time on the previous day - ## 86400 seconds in a day $cgiparams{'MONTH'} = $temp_then[4]; $cgiparams{'DAY'} = $temp_then[3]; } if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) { my @then = (); if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || ( $cgiparams{'MONTH'} > $now[4] ) ) { @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); } else { @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); } $tdoy = $then[7]; my $lastleap=($year-1)%4; if ($tdoy>$doy) { if ($lastleap == 0 && $tdoy < 60) { $doy=$tdoy+366; } else { $doy=$doy+365; } } } my $datediff=0; my $dowd=0; my $multifile=0; if ($tdoy ne $doy) { $datediff=int(($doy-$tdoy)/7); $dowd=($doy-$tdoy)%7; if (($dow-$dowd)<1) { $datediff=$datediff+1; } if (($dow-$dowd)==0) { $multifile=1; } } ###my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; my $month = (($cgiparams{'MONTH'}) + 1); my $monthstr; if ($month <= 9) { $monthstr = " $month"; } else { $monthstr = $month; } if ($monthstr < 10) { $monthstr++; $monthstr--; $monthstr="0$monthstr"; } my $day = $cgiparams{'DAY'}; my $daystr; if ($day <= 9) { $daystr = " $day"; } else { $daystr = $day; } if ($daystr < 10) { $daystr++; $daystr--; $daystr="0$daystr"; } my $search_date = "$daystr/$monthstr"; my $lines = 0; my $linestotal = 0; my $filter; if ($cgiparams{'ENABLE_FILTER'} eq 'on') { $filter = $cgiparams{'FILTER'}; } else { $filter = ''; } my $sourceip = $cgiparams{'SOURCE_IP'}; my $sourceall; if ($cgiparams{'SOURCE_IP'} eq 'ALL') { $sourceall = 1; } else { $sourceall = 0; } #elari we define trusted hash depend on selected level my $trustedfilter= ''; my $levelid = 1; while ( $levelid <= 5 ) { if ($levelid >= $cgiparams{'DOMAINTRUSTLEVEL'}) { $trustedfilter .= $hoststrustedhash{"$levelid"};} $levelid++; } $trustedfilter =~ s/\|$//; #elari my $thiscode = '$temp =~ /$filter/;'; eval($thiscode); if ($@ ne '') { $errormessage = "$tr{'bad ignore filter'}.$@<P>"; $filter = ''; } else { my $skip=0; my $filestr; if ($datediff==0) { $filestr="/var/log/squid/access.log"; } else { $filestr="/var/log/squid/access.log.$datediff"; $filestr = "$filestr.gz" if -f "$filestr.gz"; } if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { $errormessage="$errormessage$tr{'date not in logs'}: $filestr $tr{'could not be opened'}<P>"; $skip=1; } if (!$skip) { while (<FILE>) { my ($datetime,$do,$ip,$ray,$me,$far,$url,$so) = split; my ($SECdt, $MINdt, $HOURdt, $DAYdt, $MONTHdt, $YEARdt) = localtime($datetime); $HOURdt = zeropad($HOURdt,2); $MINdt = zeropad($MINdt,2); $SECdt = zeropad($SECdt,2); $DAYdt = zeropad($DAYdt,2); $MONTHdt = zeropad($MONTHdt + 1,2); $YEARdt = $YEARdt + 1900; if (! $ips{$ip}) { $ips{$ip} = 1; } else { $ips{$ip}++; } $date_to_match = "$DAYdt/$MONTHdt"; if (($date_to_match =~ m|$search_date|) && !($url =~ /$filter/) && !($url =~ m/$trustedfilter/i) && ((($ip eq $sourceip) || $sourceall))) { my ($header,$urlsnip,$data)=split('/+',$url); $log[$lines] = "$HOURdt:$MINdt:$SECdt $ip $url"; $lines++; $linestotal++; } else { $linestotal++; } } close (FILE); } $skip=0; if ($multifile) { $datediff=$datediff-1; if ($datediff==0) { $filestr="/var/log/squid/access.log"; } else { $filestr="/var/log/squid/access.log.$datediff"; $filestr = "$filestr.gz" if -f "$filestr.gz"; } if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { $errormessage="$errormessage$tr{'date not in logs'}: $filestr $tr{'could not be opened'}"; $skip=1; } if (!$skip) { while (<FILE>) { my ($datetime,$do,$ip,$ray,$me,$far,$url,$so) = split; my ($SECdt, $MINdt, $HOURdt, $DAYdt, $MONTHdt, $YEARdt) = localtime($datetime); $HOURdt = zeropad($HOURdt,2); $MINdt = zeropad($MINdt,2); $SECdt = zeropad($SECdt,2); $DAYdt = zeropad($DAYdt,2); $MONTHdt = zeropad($MONTHdt + 1,2); $YEARdt = $YEARdt + 1900; print "$HOURdt:$MINdt:$SECdt $DAYdt/$MONTHdt/$YEARdt GMT\n"; if (! $ips{$ip}) { $ips{$ip} = 1; } else { $ips{$ip}++; } $date_to_match = "$DAYdt/$MONTHdt"; if (($date_to_match =~ m|$search_date|) && !($url =~ /$filter/) && ((($ip eq $sourceip) || $sourceall))) { my ($header,$urlsnip,$data)=split('/+',$url); $log[$lines] = "$HOURdt:$MINdt:$SECdt $ip $url"; $lines++; } } close (FILE); } } } if ($cgiparams{'ACTION'} eq $tr{'export'}) { print "Content-type: text/plain\n\n"; print "IPCop proxy log\r\n"; print "Date: $cgiparams{'DAY'} $longmonths[$cgiparams{'MONTH'}]\r\n"; print "Source IP: $cgiparams{'SOURCE_IP'}\r\n"; if ($cgiparams{'ENABLE_FILTER'} eq 'on') { print "Ignore filter: $cgiparams{'FILTER'}\r\n"; } print "\r\n"; if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @log = reverse @log; } foreach $_ (@log) { print "$_\n"; } exit; } $selected{'SOURCE_IP'}{$cgiparams{'SOURCE_IP'}} = "selected='selected'"; $checked{'ENABLE_FILTER'}{'off'} = ''; $checked{'ENABLE_FILTER'}{'on'} = ''; $checked{'ENABLE_FILTER'}{$cgiparams{'ENABLE_FILTER'}} = "checked='checked'"; $selected{'DOMAINTRUSTLEVEL'}{$cgiparams{'DOMAINTRUSTLEVEL'}} = "selected='selected'"; &showhttpheaders(); &openpage($tr{'proxy log viewer'}, 1, ''); &openbigbox('100%', 'left'); if ($errormessage) { &openbox('100%', 'left', $tr{'error messages'}); print "<font class='base'>$errormessage </font>\n"; &closebox(); } &openbox('100%', 'left', "$tr{'settings'}:"); #print $hoststrustedhash{'1'}; #print $hoststrustedhash{'2'}; #print $hoststrustedhash{'3'}; #print $hoststrustedhash{'4'}; #print $hoststrustedhash{'5'}; #print $trustedfilter ; print <<END <form method='post' action='$ENV{'SCRIPT_NAME'}'> <table width='100%'> <tr> <td width='10%' class='base'>$tr{'month'}</td> <td width='20%'> <select name='MONTH'> END ; for ($month = 0; $month < 12; $month++) { print "\t<option "; if ($month == $cgiparams{'MONTH'}) { print "selected='selected' "; } print "value='$month'>$longmonths[$month]</option>\n"; } print <<END </select> </td> <td width='10%' class='base'>$tr{'day'}:</td> <td width='10%'> <select name='DAY'> END ; for ($day = 1; $day <= 31; $day++) { print "\t<option "; if ($day == $cgiparams{'DAY'}) { print "selected='selected' "; } print "value='$day'>$day</option>\n"; } print <<END </select> </td> <td width='5%' align='center'><input type='submit' name='ACTION' title='$tr{'day before'}' value='<<' /></td> <td width='5%' align='center'><input type='submit' name='ACTION' title='$tr{'day after'}' value='>>' /></td> <td width='25%' class='base'>$tr{'source ip'}:</td> <td width='15%'> <select name='SOURCE_IP'> <option value='ALL' $selected{'SOURCE_IP'}{'ALL'}>$tr{'caps all'}</option> END ; my $ip; foreach $ip (keys %ips) { print "<option value='$ip' $selected{'SOURCE_IP'}{$ip}>$ip</option>\n"; } print <<END </select> </td> </tr> <tr> <td class='base'>$tr{'ignore filter'}:</td> <td colspan='5'><input type='text' name='FILTER' value='$cgiparams{'FILTER'}' size='40' /></td> <td class='base'>$tr{'enable ignore filter'}:</td> <td><input type='checkbox' name='ENABLE_FILTER' value='on' $checked{'ENABLE_FILTER'}{'on'} /></td> </tr> </table> <div align='center'> <table width='80%'> <tr> <td class='base'>$tr{'host trust level'}: <select name='DOMAINTRUSTLEVEL'> END ; my $trustlevel = 0; while ($trustlevel <= 5 ) { print "<option value='$trustlevel' $selected{'DOMAINTRUSTLEVEL'}{$trustlevel}>$tr{'host trust level' . $trustlevel}</option>\n"; $trustlevel ++; } print <<END </select> </td> <td align='center'><input type='submit' name='ACTION' value='$tr{'restore defaults'}' /></td> <td align='center'><input type='submit' name='ACTION' value='$tr{'update'}' /></td> <td align='center'><input type='submit' name='ACTION' value='$tr{'export'}' /></td> </tr> </table> </div> </form> END ; &closebox(); &openbox('100%', 'left', $tr{'log'}); if ($start == -1) { $start = $lines - $viewsize; } if ($start >= $lines - $viewsize) { $start = $lines - $viewsize; }; if ($start < 0) { $start = 0; } my $prev = $start - $viewsize; my $next = $start + $viewsize; if ($prev < 0) { $prev = 0; } if ($next >= $lines) { $next = -1 } if ($start == 0) { $prev = -1; } my @slice = splice(@log, $start, $viewsize); if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } print "<p><b>$tr{'web hits'} $longmonthstr $daystr: $lines</b> (total : $linestotal)</p>"; if ($lines != 0) { &oldernewer(); } print <<END <table width='100%'> <tr> <td width='10%' align='center' class='boldbase'><b>$tr{'time'}</b></td> <td width='15%' align='center' class='boldbase'><b>$tr{'source ip'}</b></td> <td width='75%' align='center' class='boldbase'><b>$tr{'website'}</b></td> </tr> END ; $lines = 0; foreach $_ (@slice) { if ($lines % 2) { print "<tr bgcolor='$table1colour'>\n"; } else { print "<tr bgcolor='$table2colour'>\n"; } my ($time,$ip,$url) = split; $url =~ /(^.{0,60})/; my $part = $1; unless (length($part) < 60) { $part = "${part}..."; } print <<END <td align='center'>$time</td> <td align='center'>$ip</td> <td align='left'><a href='$url' title='$url' target='_new'>$part</a></td> <td align='right' width='10%' class='boldbase'><form method='post' action='/cgi-bin/hoststrusted.cgi'> <input type='image' name='$tr{'edit'}' src='/images/edit.gif' alt='$tr{'edit'}' title='$tr{'edit'}' /> <input type='hidden' name='DOMAINNAME' value='$part' /><input type='hidden' name='DOMAININFO' value='$part . " " . $ip . " " . $time' /> </form></td> </tr> END ; $lines++; } print "</table>"; &oldernewer(); &closebox(); &closebigbox(); &closepage(); sub zeropad($$) { my $NUM = shift; my $LEN = shift; return $NUM if ($LEN < length($NUM)); my $PAD = $LEN - length($NUM); return $NUM if ($PAD == 0); my $i; my $OUT = ''; for ($i = 1; $i <= $PAD; $i++) { $OUT = "0$OUT"; } undef $i; $OUT = "$OUT$NUM"; return $OUT; } sub oldernewer { print <<END <table width='100%'> <tr> END ; print "<td align='center' width='50%'>"; if ($prev != -1) { print "<a href='/cgi-bin/logs.cgi/proxylog.dat?$prev,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{'SOURCE_IP'}'>$tr{'older'}</a>"; } else { print "$tr{'older'}"; } print "</td>\n"; print "<td align='center' width='50%'>"; if ($next != -1) { print "<a href='/cgi-bin/logs.cgi/proxylog.dat?$next,$cgiparams{'MONTH'},$cgiparams{'DAY'},$cgiparams{'SOURCE_IP'}'>$tr{'newer'}</a>"; } else { print "$tr{'newer'}"; } print "</td>\n"; print <<END </tr> </table> END ; }

par **elarifr** » 19 Juil 2004 15:59

modifier ou remplacer le fichier hoststrusted.cgi dans /home/httpd/cgi-bin/ chmod 755 par la version ci dessous

hoststrusted.cgi.2o0719.14h59.public
hoststrusted.cgi.2o0719.15h52.public fini la fonction ecriture des 5 niveaux de recherche
hoststrusted.cgi.2o0719.16h59.public
hoststrusted.cgi.2o0812.17h14.public

Code: Tout sélectionner: #!/usr/bin/perl # # IPCop CGIs # # This code is distributed under the terms of the GPL # # (c) Alan Hourihane <alanh@fairlite.demon.co.uk> # # $Id: hosts.cgi,v 1.4.2.4 2004/04/24 21:45:52 gespinasse Exp $ # require '/var/ipcop/header.pl'; my (%cgiparams,%checked); my $filename = "${swroot}/main/hoststrusted.conf"; $cgiparams{'ACTION'} = ''; &getcgihash(\%cgiparams); &showhttpheaders(); #elari to move to language file $tr{'host trust name'} = "IP or domaine name to trust"; $tr{'host trust info'} = "Remark Info"; $tr{'host trust level'} = "Trust level"; $tr{'host trust level0'} = "Not applied"; $tr{'host trust level1'} = "Lowest"; $tr{'host trust level2'} = "Low"; $tr{'host trust level3'} = "Medium"; $tr{'host trust level4'} = "High"; $tr{'host trust level5'} = "Highest"; $tr{'host trust config added'} = "Added new trusted host"; $tr{'host trust config changed'} = "Changed trusted host"; $tr{'invalid fixed ip or host name'} = "IP must be xxx.xxx.xxx.xxx or fully qualified domain name domain.com"; #elari open(FILE, $filename) or die 'Unable to open config file.'; my @current = <FILE>; close(FILE); if ($cgiparams{'ACTION'} eq $tr{'add'}) { my $key = 0; #domain name must be an ip or an host name if ($cgiparams{'DOMAINNAME'}) { #I prefer full qualified domain for filtering but you can use validhost if you prefer.... # print $cgiparams{'DOMAINNAME'}; # print "validdomain : " . &validdomainname($cgiparams{'DOMAINNAME'}); # print "validhost : " . &validhostname($cgiparams{'DOMAINNAME'}); # print "validfqdn : " . &validfqdn($cgiparams{'DOMAINNAME'}); if (&validip($cgiparams{'DOMAINNAME'}) | &validfqdn($cgiparams{'DOMAINNAME'})) {$errormessage ="";} else { $errormessage = $tr{'invalid fixed ip or host name'};} } if ( ! $errormessage ) { if ($cgiparams{'DOMAINNAME'}) { if ($cgiparams{'EDITING'} eq 'no') { foreach my $line (@current) { $key++; } open(FILE,">>$filename") or die 'Unable to open config file.'; flock FILE, 2; print FILE "$key,$cgiparams{'DOMAINNAME'},$cgiparams{'DOMAININFO'},$cgiparams{'DOMAINTRUSTLEVEL'}\n"; &log($tr{'host trust config added'} . " : " . $cgiparams{'DOMAINNAME'}); } else { open(FILE,">$filename") or die 'Unable to open config file.'; flock FILE, 2; foreach my $line (@current) { chomp($line); my @temp = split(/\,/,$line); if ($cgiparams{'EDITING'} eq $temp[0]) { print FILE "$temp[0],$cgiparams{'DOMAINNAME'},$cgiparams{'DOMAININFO'},$cgiparams{'DOMAINTRUSTLEVEL'}\n"; } else { print FILE "$line\n"; } } &log($tr{'host trust config changed'} . " : " . $cgiparams{'DOMAINNAME'} . " - " . $cgiparams{'DOMAINTRUSTLEVEL'}); } close(FILE); undef %cgiparams; &rebuildhoststrusted(); } } else { # stay on edit mode if an error occur if ($cgiparams{'EDITING'} ne 'no') { $cgiparams{'ACTION'} = $tr{'edit'}; $cgiparams{'KEY1'} = $cgiparams{'EDITING'}; } } } if ($cgiparams{'ACTION'} eq $tr{'edit'}) { foreach my $line (@current) { chomp($line); my @temp = split(/\,/,$line); if ($cgiparams{'KEY1'} eq $temp[0]) { $cgiparams{'DOMAINNAME'} = $temp[1]; $cgiparams{'DOMAININFO'} = $temp[2]; $cgiparams{'DOMAINTRUSTLEVEL'} = $temp[3]; } } } if ($cgiparams{'ACTION'} eq $tr{'remove'}) { my $key = 0; open(FILE, ">$filename") or die 'Unable to open config file.'; flock FILE, 2; foreach my $line (@current) { chomp($line); my @temp = split(/\,/,$line); unless ($cgiparams{'KEY1'} eq $temp[0]) { print FILE "$key,$temp[1],$temp[2],$temp[3]\n"; $key++; } } close(FILE); &log($tr{'host trust config changed'} . " : " . $cgiparams{'DOMAINNAME'} . " - " . $cgiparams{'DOMAINTRUSTLEVEL'}); &rebuildhoststrusted(); } &openpage($tr{'hostname'}, 1, ''); &openbigbox('100%', 'left'); if ($errormessage) { &openbox('100%', 'left', $tr{'error messages'}); print "<class name='base'>$errormessage\n"; print " </class>\n"; &closebox(); } print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>\n"; &openbox('100%', 'left', "$tr{'settings'}:"); my ($see_trustlevel, $see_trustlevel1, $see_trustlevel2, $see_trustlevel3, $see_trustlevel4, $see_trustlevel5 ); $see_trustlevel = $cgiparams{'DOMAINTRUSTLEVEL'}; my $buttontext = $tr{'add'}; #if ($cgiparams{'ACTION'} eq $tr{'edit'}) { $buttontext = $tr{'update'}; } if ($cgiparams{'ACTION'} eq $tr{'edit'}) { $buttontext = $tr{'update'}; if ($see_trustlevel eq "1" ) {$see_trustlevel1="selected"} else {$see_trustlevel1=""}; if ($see_trustlevel eq "2" ) {$see_trustlevel2="selected"} else {$see_trustlevel2=""}; if ($see_trustlevel eq "3" ) {$see_trustlevel3="selected"} else {$see_trustlevel3=""}; if ($see_trustlevel eq "4" ) {$see_trustlevel4="selected"} else {$see_trustlevel4=""}; if ($see_trustlevel eq "5" ) {$see_trustlevel5="selected"} else {$see_trustlevel5=""}; } else { $see_trustlevel1= ""; $see_trustlevel2= ""; $see_trustlevel3= "selected"; $see_trustlevel4= ""; $see_trustlevel5= ""; } print <<END <table width='100%'> <tr> <td width='30%' class='base'>$tr{'host trust name'} : </td> <td width='50%' ><input type='text' name='DOMAINNAME' value='$cgiparams{'DOMAINNAME'}' size='50' tabindex='1' /></td> <td width='20%' align='center'><input type='hidden' name='ACTION' value='$tr{'add'}' /><input type='submit' name='SUBMIT' value='$buttontext' tabindex='4' /></td> </tr> <tr> <td width='30%' class='base'>$tr{'host trust info'}: <img src='/blob.gif' alt='*' /></td> <td width='50%'><input type='text' name='DOMAININFO' value='$cgiparams{'DOMAININFO'}' size='50' tabindex='2' /></td> </tr> <tr> <td width='30%' class='base'>$tr{'host trust level'}: <img src='/blob.gif' alt='*' /></td> <td width='70%'><select name='DOMAINTRUSTLEVEL' tabindex='3' /><option value='1' $see_trustlevel1>$tr{'host trust level1'}</option><option value='2' $see_trustlevel2>$tr{'host trust level2'}</option><option value='3' $see_trustlevel3>$tr{'host trust level3'}</option><option value='4' $see_trustlevel4>$tr{'host trust level4'}</option><option value='5' $see_trustlevel5>$tr{'host trust level5'}</option></select> <a href='/cgi-bin/logs.cgi/proxylog.dat'>IPCop $tr{'proxy log viewer'}</A></td> </tr> <tr> <td class='base' width='30%' align='center'><img src='/blob.gif' alt='*' align='top' /> $tr{'this field may be blank'}</td> </tr> </table> END ; &closebox(); if ($cgiparams{'ACTION'} eq $tr{'edit'}) { print "<input type='hidden' name='EDITING' value='$cgiparams{'KEY1'}' />\n"; } else { print "<input type='hidden' name='EDITING' value='no' />\n"; } print "</form>\n"; &openbox('100%', 'left', $tr{'current hosts'}); print <<END <div align='center'> END ; open (FILE, "$filename"); my @current = <FILE>; close (FILE); print <<END <table width='100%'> <tr> <td align='center' width="30%"><b>$tr{'host trust name'}</b></td> <td align='center' width="50%"><b>$tr{'host trust info'}</b></td> <td align='center' width="10%"><b>$tr{'host trust level'}</b></td> </tr> END ; my $id = 0; my @hostsarray = &srtarray('2','a','asc',@current); foreach my $line (@hostsarray) { $id++; chomp($line); my @temp = split(/\,/,$line); my $key = $temp[0]; my $domainname = $temp[1]; my $domaininfo = $temp[2]; my $domaintrustlevel = $tr{"host trust level" . $temp[3]}; if ($cgiparams{'ACTION'} eq $tr{'edit'} && $cgiparams{'KEY1'} eq $key) { print "<tr bgcolor='$colouryellow'>\n"; } elsif ($id % 2) { print "<tr bgcolor='$table1colour'>\n"; } else { print "<tr bgcolor='$table2colour'>\n"; } print "<td align='center'>$domainname</td>\n"; print "<td align='center'>$domaininfo</td>\n"; print "<td align='center'>$domaintrustlevel</td>\n"; print<<END <td align='center'> <form method='post' name='frm$temp[0]b' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='ACTION' value='$tr{'edit'}' /> <input type='image' name='$tr{'edit'}' src='/images/edit.gif' alt='$tr{'edit'}' title='$tr{'edit'}' /> <input type='hidden' name='KEY1' value='$key' /> </form> </td> <td align='center'> <form method='post' name='frm$temp[0]c' action='$ENV{'SCRIPT_NAME'}'> <input type='hidden' name='ACTION' value='$tr{'remove'}' /> <input type='image' name='$tr{'remove'}' src='/images/delete.gif' alt='$tr{'remove'}' title='$tr{'remove'}' /> <input type='hidden' name='KEY1' value='$key' /> </form> </td> END ; print "</tr>\n"; } print "</table>\n"; print "</div>\n"; # If the file contains entries, print Key to action icons if ( ! -z "$filename") { print <<END <table> <tr> <td class='boldbase'>  <b>$tr{'legend'}:</b></td> <td>    <img src='/images/edit.gif' alt='$tr{'edit'}' /></td> <td class='base'>$tr{'edit'}</td> <td>    <img src='/images/delete.gif' alt='$tr{'remove'}' /></td> <td class='base'>$tr{'remove'}</td> </tr> </table> END ; } &closebox(); &closebigbox(); &closepage(); sub rebuildhoststrusted($) { my $filename = "${swroot}/main/hoststrusted"; my %level; open (FILE, "$filename"); my @current = <FILE>; close (FILE); my $id = 0; my @hostsarray = &srtarray('3','n','asc',@current); foreach my $line (@hostsarray) { $id++; chomp($line); my @temp = split(/\,/,$line); my $key = $temp[0]; my $domainname = $temp[1]; my $domaintrustlevel = $temp[3]; $level{$temp[3]} .= $temp[1] . "|"; # print "level{$temp[3]} : " . $level{$temp[3]}; } &writehash("${swroot}/main/hoststrusted.conf", \%level); # my $id = 1; # while ($id <= 5 ) { # my $filetrust = "//etc/hoststrusted$id"; # print $filetrust; # open (FILE , "> $filetrust") or die "Unable to open $filetrust config file."; # flock (FILE, 2); # print FILE "$level{$id}"; # close (FILE); # $id++; # } }

par **elarifr** » 19 Juil 2004 18:30

bon ben c'est fini ca marche nickel

le dernier bleme de la regex est regle un | qui trainait

elari

par **elarifr** » 20 Juil 2004 23:49

une petite correction dans proxylog pour corriger l'ordre de filtrage

plus dispo jusque debut aout

si possible je mettrais une copie ecran sur http://elari.free.fr/ipcop/filtrage%20log/

elari

par **leso** » 21 Juil 2004 00:41

les différents ajouts seront incorporés officiellement?

par **elarifr** » 21 Juil 2004 14:04

je ne sais pas si ca seras retenu par ipcop. je n'en suis pas developpeur simplement nouvel utilisateur depuis un mois environ... ce qui m'amene à écrire les outils dont j'ai besoin...

par **elarifr** » 12 Août 2004 22:53

afin de facilter l'install du script merci de se rapporter plutot au topic suivant

viewtopic.php?t=19708

Regle : filtrage des logs de proxy sur les hotes reconnus

Regle : filtrage des logs de proxy sur les hotes reconnus

Qui est en ligne ?