[- use DBI; -] [- use POSIX; -] [- use Socket -] [- $req = shift; -] [# Lets look for UNIX Metacharacters in the query string from the browser #] [$ if $ENV{'QUERY_STRING'} =~ /([;\*\/'\$!#\(\)\[\]\{\}:'"])/ $] [- Execute ('error.html') -] [- exit -] [$ endif $] [- $LanChoice = $fdat{LanChoice}; -] [- chomp $LanChoice; -] [- $HostChoice = $fdat{HostChoice} -] [- chomp $HostChoice; -] [- $Event = $fdat{Event} -] [- chomp $Event; -] [$ if $Event eq "Inbnd" $] [- $TableName = "InBnd" -] [$ elsif $Event eq "Outbnd" $] [- $TableName = "OutBnd" -] [$ endif $] [- ($dsn) = "DBI:mysql:FireWatch"; -] [- $dsn .= ";mysql_read_default_file=./roll-sql.cnf"; -] [- $dbh = DBI->connect($dsn); -]

25 ([+ $Event +]) Most Active Domains on [+ $HostChoice +] on [+ $LanChoice +] Lan

[- $ResultsPerPage = 25; -] [- $temp_table = $hours.$min.$sec.$$.Temp -] [- $sth = $dbh -> prepare ("create temporary table $temp_table select count(SRC_IP) as Event_Count, SRC_IP,SRC_Port,DST_Port,Protocol from `${HostChoice}_${TableName}_Week$req->{weeknum}` where Lan = '$LanChoice' group by SRC_IP,DST_Port"); -] [- $sth -> execute; -] [- $sth -> finish (); -] [- $sth = $dbh -> prepare ("select Event_Count,SRC_IP,SRC_Port,DST_Port,Protocol from $temp_table group by Event_Count,SRC_IP order by Event_Count DESC limit $ResultsPerPage"); -] [- $sth -> execute; -] [$ while @row = $sth -> fetchrow_array $] [- $ip =(inet_ntoa(pack"N", hex(@row[1]))) -] [- chomp $ip; -] [- $host = `(dig +short -x $ip)`; -] [- chomp $host; -] [$ if $host ne "" $] [$ else $] [$ endif $] [$ endwhile $]
Event Count Source Host Source Port Dest. Port Protocol
[+ @row[0] +][+ $ip +]   [+ $host +][+ $ip +] Failed to Resolve[+ @row[2] +] [+ @row[3] +] [+ @row[4] +]

Reload Page

[- $dbh->disconnect -]