From ChekMate Security Group
<?php
/* BASE.php
* enables cacti to read BASE statistics
* by smcnaught@axia.com - Friday September 23, 2005
*
* usage:
* BASE.php section db_host db_user db_password [status_var]
*
* sections:
* trafficprofile, uniquealerts, iptraffic, iplinks, srcports, dstports
*
*/
if ($_SERVER["argc"] == 5 || ($_SERVER["argv"][1] == "status" && $_SERVER["argc"] == 6)) {
$host = $_SERVER["argv"][2];
$username = $_SERVER["argv"][3];
$password = $_SERVER["argv"][4];
$output = "";
$mysqli = new mysqli("$host", $username, $password, "snort");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
switch($_SERVER["argv"][1]) {
case "trafficprofile":
/* Total Events */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE DATE_SUB(NOW(),INTERVAL 5 MINUTE) <= timestamp")) {
$row = $result->fetch_row();
$output = $output . "total:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total TCP */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE ip_proto=6 AND DATE_SUB(NOW(),INTERVAL 5 MINUTE) <= timestamp")) {
$row = $result->fetch_row();
$output = $output . "tcp:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total UDP */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE ip_proto=17 AND DATE_SUB(NOW(),INTERVAL 5 MINUTE) <= timestamp")) {
$row = $result->fetch_row();
$output = $output . "udp:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total ICMP */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE ip_proto=1 AND DATE_SUB(NOW(),INTERVAL 5 MINUTE) <= timestamp")) {
$row = $result->fetch_row();
$output = $output . "icmp:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total PortScan */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE ip_proto=255 AND DATE_SUB(NOW(),INTERVAL 5 MINUTE) <= timestamp")) {
$row = $result->fetch_row();
$output = $output . "portscan:" . $row[0];
/* Free result */
$result->close();
}
break;
case "trafficprofile5min":
/* Total Events */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event")) {
$row = $result->fetch_row();
$output = $output . "total:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total TCP */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE ip_proto=6")) {
$row = $result->fetch_row();
$output = $output . "tcp:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total UDP */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE ip_proto=17")) {
$row = $result->fetch_row();
$output = $output . "udp:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total ICMP */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE ip_proto=1")) {
$row = $result->fetch_row();
$output = $output . "icmp:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total PortScan */
if ($result = $mysqli->query("SELECT count(*) FROM acid_event WHERE ip_proto=255")) {
$row = $result->fetch_row();
$output = $output . "portscan:" . $row[0];
/* Free result */
$result->close();
}
break;
case "uniquealerts":
/* Unique Alerts */
if ($result = $mysqli->query("SELECT COUNT(DISTINCT acid_event.signature) FROM acid_event")) {
$row = $result->fetch_row();
$output = $output . $row[0];
/* Free result */
$result->close();
}
break;
case "iptraffic":
/* Total Source IP */
if ($result = $mysqli->query("SELECT COUNT(DISTINCT acid_event.ip_src) FROM acid_event")) {
$row = $result->fetch_row();
$output = $output . "srcip:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Total Destination IP */
if ($result = $mysqli->query("SELECT COUNT(DISTINCT acid_event.ip_dst) FROM acid_event")) {
$row = $result->fetch_row();
$output = $output . "dstip:" . $row[0] . " ";
/* Free result */
$result->close();
}
break;
case "iplinks":
/* Unique IP Links */
if ($result = $mysqli->query("SELECT COUNT(DISTINCT acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto) FROM acid_event")) {
$row = $result->fetch_row();
$output = $output . "iplinks:" . $row[0] . " ";
/* Free result */
$result->close();
}
break;
case "srcports":
/* Source Ports TCP */
if ($result = $mysqli->query("SELECT COUNT(DISTINCT acid_event.layer4_sport) FROM acid_event WHERE ip_proto=6")) {
$row = $result->fetch_row();
$output = $output . "srctcpports:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Source Ports UDP */
if ($result = $mysqli->query("SELECT COUNT(DISTINCT acid_event.layer4_sport) FROM acid_event WHERE ip_proto=17")) {
$row = $result->fetch_row();
$output = $output . "srcudpports:" . $row[0] . " ";
/* Free result */
$result->close();
}
break;
case "dstports":
/* Destination Ports TCP */
if ($result = $mysqli->query("SELECT COUNT(DISTINCT acid_event.layer4_dport) FROM acid_event WHERE ip_proto=6")) {
$row = $result->fetch_row();
$output = $output . "dsttcpports:" . $row[0] . " ";
/* Free result */
$result->close();
}
/* Destination Ports UDP */
if ($result = $mysqli->query("SELECT COUNT(DISTINCT acid_event.layer4_dport) FROM acid_event WHERE ip_proto=17")) {
$row = $result->fetch_row();
$output = $output . "dstudpports:" . $row[0] . " ";
/* Free result */
$result->close();
}
break;
default :
die("Error: undefinded parameter given.\nUse one of these: cache, commands, handler, thread, status, traffic\n");
}
$mysqli->close();
echo $output;
} else {
die("Error: wrong parameter count\nUsage: BASE.php section db_host db_user db_password [status_var]\n");
}
?>
