<?php
Require_once ("Ossim_db.inc");
Class Event {
var $id;
var $timestamp;
var $sensor;
var $interface;
var $type;
var $plugin _id;
var $plugin _sid;
var $protocol;
var $src _ip;
var $dst _ip;
var $src _port;
var $dst _port;
var $condition;
var $value;
var $time _interval;
var $absolute;
var $priority;
var $reliability;
var $asset _src;
var $asset _dst;
var $risk _c;
var $risk _a;
var $asset _src;
var $asset _dst;
var $snort _sid;
var $snort _cid;
var $alarm;
function Event ($id, $timestamp, $sensor, $interface, $type,
$plugin _id, $plugin _sid, $protocol, $src _ip, $dst _ip,
$src _port, $dst _port, $condition, $value, $time _interval,
$absolute, $priority, $reliability, $risk _c, $risk _a,
$asset _src, $asset _dst, $snort _sid, $snort _cid, $alarm)
{
$this->id = $id;
$this->timestamp = $timestamp;
$this->sensor = $sensor;
$this->interface = $interface;
$this->type = $type;
$this->plugin_id = $plugin _id;
$this->plugin_sid = $plugin _sid;
$this->protocol = $protocol;
$this->src_ip = $src _ip;
$this->dst_ip = $dst _ip;
$this->src_port = $src _port;
$this->dst_port = $dst _port;
$this->condition = $condition;
$this->value = $value;
$this->time_interval = $time _interval;
$this->absolute = $absolute;
$this->priority = $priority;
$this->reliability = $reliability;
$this->risk_c = $risk _c;
$this->risk_a = $risk _a;
$this->asset_src = $asset _src;
$this->asset_dst = $asset _dst;
$this->snort_sid = $snort _sid;
$this->snort_cid = $snort _cid;
$this->alarm = $alarm;
}
function get_id () {return $this->id; }
function Get_timestamp () {return $this->timestamp; }
function Get_sensor () {return $this->sensor; }
function Get_interface () {return $this->interface; }
function Get_type () {return $this->type; }
function get_plugin_id () {return $this->plugin_id; }
function Get_plugin_sid () {return $this->plugin_sid; }
function Get_protocol () {return $this->protocol; }
function Get_src_ip () {return $this->src_ip; }
function Get_dst_ip () {return $this->dst_ip; }
function Get_src_port () {return $this->src_port; }
function Get_dst_port () {return $this->dst_port; }
function Get_condition () {return $this->condition; }
function Get_value () {return $this->value; }
function Get_time_interval () {return $this->time_interval; }
function Get_absolute () {return $this->absolute; }
function get_priority () {return $this->priority; }
function get_reliability () {return $this->reliability; }
function Get_risk_c () {return $this->risk_c; }
function Get_risk_a () {return $this->risk_a; }
function Get_asset_src () {return $this->asset_src; }
function Get_asset_dst () {return $this->asset_dst; }
function Get_snort_sid () {return $this->snort_sid; }
function Get_snort_cid () {return $this->snort_cid; }
function Alarm () {return $this->alarm; }
function get_count ($conn, $where = "")
{
$query = Ossimquery ("SELECT count (*) from event $where");
if (! $rs = & $conn->execute ($query)) {
Print $conn->errormsg ();
} else {
return $rs->fields["Count (*)"];
}
}
function Get_list ($conn, $args = "", $inf = 0, $sup = 25)
{
$i = 0;
$query = Ossimquery ("SELECT *, Inet_ntoa (SRC_IP), Inet_ntoa (DST_IP)
From event $args ");
if (! $rs = & $conn->execute ($query)) {
Print $conn->errormsg ();
} else {
$list = Array ();
while (! $rs->eof) {
if ($i + + >= $inf) && ($inf + + <= $sup)) {
$list [] = new Event ($rs->fields["id"],
$rs->fields["Timestamp"],
$rs->fields["sensor"],
$rs->fields["Interface"],
$rs->fields["type"],
$rs->fields["plugin_id"],
$rs->fields["Plugin_sid"],
$rs->fields["Protocol"],
$rs->fields["Inet_ntoa (SRC_IP)"],
$rs->fields["Inet_ntoa (DST_IP)"],
$rs->fields["Src_port"],
$rs->fields["Dst_port"],
$rs->fields["condition"],
$rs->fields["value"],
$rs->fields["Time_interval"],
$rs->fields["Absolute"],
$rs->fields["Priority"],
$rs->fields["Reliability"],
$rs->fields["Risk_c"],
$rs->fields["Risk_a"],
$rs->fields["Asset_src"],
$rs->fields["ASSET_DST"],
$rs->fields["Snort_sid"],
$rs->fields["Snort_cid"],
$rs->fields["alarm"]);
} elseif ($inf > $sup) {
Break
}
$rs->movenext ();
}
}
return $list;
}
function Delete ($conn, $id)
{
if (!strcmp ($id, "all")) {
$sql = "DELETE from event";
$params = Array ();
} else {
$sql = "DELETE from event WHERE id =?";
$params = Array ($id);
}
if ($conn->execute ($sql, $params) = = = = False) {
print ' ERROR deleting: '. $conn->errormsg (). ' <BR> ';
}
}
}
?>
This article from "Lee Chenguang original Technology blog" blog, declined reprint!
Ossim Source Code of Event.inc