[Sguil-cvs] sguil/client/lib qrylib.tcl,1.20,1.21
Status: Beta
Brought to you by:
bamm
From: Steve H. <sha...@us...> - 2004-10-20 20:45:51
|
Update of /cvsroot/sguil/sguil/client/lib In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3647/lib Modified Files: qrylib.tcl Log Message: Added "RT SRC IP" "RT DST IP" and "RT SRC/DST" to right click ip address menu. TOoSmOoth...who's your daddy. -srh Index: qrylib.tcl =================================================================== RCS file: /cvsroot/sguil/sguil/client/lib/qrylib.tcl,v retrieving revision 1.20 retrieving revision 1.21 diff -C2 -d -r1.20 -r1.21 *** qrylib.tcl 12 Oct 2004 20:33:48 -0000 1.20 --- qrylib.tcl 20 Oct 2004 20:45:40 -0000 1.21 *************** *** 7,77 **** # proc QueryRequest { tableName queryType { incidentCat {NULL} } } { ! global currentSelectedPane ! set timestamp [lindex [GetCurrentTimeStamp "1 week ago"] 0] ! set hourago [GetCurrentTimeStamp "1 hour ago"] ! if { $tableName == "event" } { ! set whereTmp "WHERE $tableName.timestamp > '$timestamp' AND " ! } else { ! if { ( $queryType == "srcip" || $queryType == "dstip" || $queryType == "src2dst" ) && $incidentCat == 1 } { ! set whereTmp "WHERE $tableName.start_time > '$hourago' AND " ! } else { ! set whereTmp "WHERE $tableName.start_time > '$timestamp' AND " ! } ! } ! if { $queryType == "srcip" } { ! set selectedIndex [$currentSelectedPane.srcIPFrame.list curselection] ! set srcIP [$currentSelectedPane.srcIPFrame.list get $selectedIndex] ! set whereTmp "$whereTmp ($tableName.src_ip = INET_ATON('$srcIP') OR $tableName.dst_ip = INET_ATON('$srcIP'))" ! } elseif { $queryType == "srcport" } { ! set selectedIndex [$currentSelectedPane.srcPortFrame.list curselection] ! set srcport [$currentSelectedPane.srcPortFrame.list get $selectedIndex] ! set whereTmp "$whereTmp ($tableName.src_port = '$srcport' OR $tableName.dst_port = '$srcport')" ! } elseif { $queryType == "dstport" } { ! set selectedIndex [$currentSelectedPane.dstPortFrame.list curselection] ! set dstport [$currentSelectedPane.dstPortFrame.list get $selectedIndex] ! set whereTmp "$whereTmp ($tableName.src_port = '$dstport' OR $tableName.dst_port = '$dstport')" ! } elseif { $queryType == "dstip" } { ! set selectedIndex [$currentSelectedPane.srcIPFrame.list curselection] ! set dstIP [$currentSelectedPane.dstIPFrame.list get $selectedIndex] ! set whereTmp "$whereTmp ($tableName.src_ip = INET_ATON('$dstIP') OR $tableName.dst_ip = INET_ATON('$dstIP'))" ! } elseif { $queryType == "empty" } { ! set whereTmp "$whereTmp <Insert Query Here>" ! } elseif { $queryType == "src2dst" } { ! set selectedIndex [$currentSelectedPane.srcIPFrame.list curselection] ! set srcIP [$currentSelectedPane.srcIPFrame.list get $selectedIndex] ! set dstIP [$currentSelectedPane.dstIPFrame.list get $selectedIndex] ! set whereTmp "$whereTmp $tableName.src_ip = INET_ATON('$srcIP') AND $tableName.dst_ip = INET_ATON('$dstIP')" ! } elseif { $queryType == "category" } { ! set whereTmp "$whereTmp event.status = $incidentCat" ! } elseif { $queryType == "signature" } { ! set selectedIndex [$currentSelectedPane.srcIPFrame.list curselection] ! set eventMsg [$currentSelectedPane.msgFrame.list get $selectedIndex] ! set whereTmp "$whereTmp event.signature = '$eventMsg'" ! } ! set tmpWhereStatement [QryBuild $tableName $whereTmp] ! set whereStatement [lindex $tmpWhereStatement 1] ! set tableName [lindex $tmpWhereStatement 0] ! if { $whereStatement == "cancel" } { return } ! if { $tableName == "event" } { ! if { $queryType == "category" } { ! switch -exact $incidentCat { ! 11 { set winTitle "Cat I" } ! 12 { set winTitle "Cat II" } ! 13 { set winTitle "Cat III" } ! 14 { set winTitle "Cat IV" } ! 15 { set winTitle "Cat V" } ! 16 { set winTitle "Cat VI" } ! 17 { set winTitle "Cat VII" } ! default { set winTitle "none" } ! } ! DBQueryRequest $whereStatement $winTitle } else { ! DBQueryRequest $whereStatement } - } elseif { $tableName == "sessions" } { - SsnQueryRequest $whereStatement - } elseif { $tableName == "sancp" } { - SancpQueryRequest $whereStatement - } } # --- 7,81 ---- # proc QueryRequest { tableName queryType { incidentCat {NULL} } } { ! global currentSelectedPane ! set timestamp [lindex [GetCurrentTimeStamp "1 week ago"] 0] ! set hourago [GetCurrentTimeStamp "1 hour ago"] ! if { $tableName == "event" } { ! if { $incidentCat == 0 } { ! set whereTmp "WHERE $tableName.timestamp > '$timestamp' AND event.status = 0 AND " ! } else { ! set whereTmp "WHERE $tableName.timestamp > '$timestamp' AND " ! } } else { ! if { ( $queryType == "srcip" || $queryType == "dstip" || $queryType == "src2dst" ) && $incidentCat == 1 } { ! set whereTmp "WHERE $tableName.start_time > '$hourago' AND " ! } else { ! set whereTmp "WHERE $tableName.start_time > '$timestamp' AND " ! } ! } ! if { $queryType == "srcip" } { ! set selectedIndex [$currentSelectedPane.srcIPFrame.list curselection] ! set srcIP [$currentSelectedPane.srcIPFrame.list get $selectedIndex] ! set whereTmp "$whereTmp ($tableName.src_ip = INET_ATON('$srcIP') OR $tableName.dst_ip = INET_ATON('$srcIP'))" ! } elseif { $queryType == "srcport" } { ! set selectedIndex [$currentSelectedPane.srcPortFrame.list curselection] ! set srcport [$currentSelectedPane.srcPortFrame.list get $selectedIndex] ! set whereTmp "$whereTmp ($tableName.src_port = '$srcport' OR $tableName.dst_port = '$srcport')" ! } elseif { $queryType == "dstport" } { ! set selectedIndex [$currentSelectedPane.dstPortFrame.list curselection] ! set dstport [$currentSelectedPane.dstPortFrame.list get $selectedIndex] ! set whereTmp "$whereTmp ($tableName.src_port = '$dstport' OR $tableName.dst_port = '$dstport')" ! } elseif { $queryType == "dstip" } { ! set selectedIndex [$currentSelectedPane.srcIPFrame.list curselection] ! set dstIP [$currentSelectedPane.dstIPFrame.list get $selectedIndex] ! set whereTmp "$whereTmp ($tableName.src_ip = INET_ATON('$dstIP') OR $tableName.dst_ip = INET_ATON('$dstIP'))" ! } elseif { $queryType == "empty" } { ! set whereTmp "$whereTmp <Insert Query Here>" ! } elseif { $queryType == "src2dst" } { ! set selectedIndex [$currentSelectedPane.srcIPFrame.list curselection] ! set srcIP [$currentSelectedPane.srcIPFrame.list get $selectedIndex] ! set dstIP [$currentSelectedPane.dstIPFrame.list get $selectedIndex] ! set whereTmp "$whereTmp $tableName.src_ip = INET_ATON('$srcIP') AND $tableName.dst_ip = INET_ATON('$dstIP')" ! } elseif { $queryType == "category" } { ! set whereTmp "$whereTmp event.status = $incidentCat" ! } elseif { $queryType == "signature" } { ! set selectedIndex [$currentSelectedPane.srcIPFrame.list curselection] ! set eventMsg [$currentSelectedPane.msgFrame.list get $selectedIndex] ! set whereTmp "$whereTmp event.signature = '$eventMsg'" ! } ! set tmpWhereStatement [QryBuild $tableName $whereTmp] ! set whereStatement [lindex $tmpWhereStatement 1] ! set tableName [lindex $tmpWhereStatement 0] ! if { $whereStatement == "cancel" } { return } ! if { $tableName == "event" } { ! if { $queryType == "category" } { ! switch -exact $incidentCat { ! 11 { set winTitle "Cat I" } ! 12 { set winTitle "Cat II" } ! 13 { set winTitle "Cat III" } ! 14 { set winTitle "Cat IV" } ! 15 { set winTitle "Cat V" } ! 16 { set winTitle "Cat VI" } ! 17 { set winTitle "Cat VII" } ! default { set winTitle "none" } ! } ! DBQueryRequest $whereStatement $winTitle ! } else { ! DBQueryRequest $whereStatement ! } ! } elseif { $tableName == "sessions" } { ! SsnQueryRequest $whereStatement ! } elseif { $tableName == "sancp" } { ! SancpQueryRequest $whereStatement } } # |