delete users (and all perms) fixed

git-svn-id: http://www.observium.org/svn/observer/trunk@2371 61d68cd4-352d-0410-923a-c4978735b2b8

html/pages/deluser.inc.php

@@ -14,12 +14,17 @@ if ($_SESSION['userlevel'] < '10') { include("includes/error-no-perm.inc.php");
 
       if ($_GET['confirm'] == "yes")
       {
+        dbDelete('bill_perms', "`user_id` =  ?", array($_GET['user_id']));
         dbDelete('devices_perms', "`user_id` =  ?", array($_GET['user_id']));
+	dbDelete('ports_perms', "`user_id` =  ?", array($_GET['user_id']));
+        dbDelete('users_prefs', "`user_id` =  ?", array($_GET['user_id']));
+        dbDelete('users', "`user_id` =  ?", array($_GET['user_id']));
+
         if (deluser($_GET['user_id'])) { echo("<span class=info>User '$delete_username' deleted!</span>"); }
       }
       else
       {
-        echo("<span class=alert>You have requested deletion of the user '$delete_username'. This action can not be reversed.<br /><a href='?page=deluser&action=del&user_id=" . $_GET['user_id'] . "&confirm=yes'>Click to confirm</a></span>");
+        echo("<div class=errorbox>You have requested deletion of the user '$delete_username'. This action can not be reversed.<br /><a href='?page=deluser&action=del&user_id=" . $_GET['user_id'] . "&confirm=yes'>Click to confirm</a></div>");
       }
     }
 

includes/syslog.php

@@ -1,101 +1,110 @@
 <?php
 
-/**
- * @package syslog
- */
+function get_cache($host, $value){
+  global $dev_cache;
+  if(!isset($dev_cache[$host][$value])){
+    switch($value){
+      case 'device_id':
+        //Try by hostname
+        $dev_cache[$host]['device_id'] = dbFetchCell('SELECT `device_id` FROM devices WHERE `hostname`=\''.$host.'\' OR `sysName`=\''.$host.'\'');
+        //If failed, try by IP
+        if($dev_cache[$host]['device_id'] == null)
+          $dev_cache[$host]['device_id'] = dbFetchCell('SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE A.ipv4_address = \'' . $entry['host'].'\' AND I.interface_id = A.interface_id');
+        break;
+      case 'os':
+        $dev_cache[$host]['os'] = dbFetchCell('SELECT `os` FROM devices WHERE `device_id`='.get_cache($host, 'device_id'));
+        break;
+      case 'version':
+        $dev_cache[$host]['version'] = dbFetchCell('SELECT `version` FROM devices WHERE `device_id`='.get_cache($host, 'device_id'));
+        break;
+      default:
+        return null;
+    }
+  }
+  return $dev_cache[$host][$value];
+}
 
-/**
- * function process_syslog
- */
 function process_syslog ($entry, $update) {
-
   global $config;
   global $dev_cache;
 
-  foreach($config['syslog_filter'] as $bi) {
+  foreach($config['syslog_filter'] as $bi)
     if(strpos($entry['msg'], $bi) !== FALSE){
-        $delete = 1;
-    }
-  }
- 
-  if (strpos($entry['msg'], "diskio.c: don't know how to handle") !== FALSE)
-  {
-    $delete = 1;
-  }
-
-
-  if($dev_cache[$entry[host]]) 
-  { 
-    $entry['device_id'] = $dev_cache[$entry[host]];
-  } else {
-    $device_id_host = @mysql_result(mysql_query("SELECT device_id FROM devices WHERE `hostname` = '".$entry['host']."' OR `sysName` = '".$entry['host']."'"),0);
-    if($device_id_host) {
-      $dev_cache[$entry[host]] = $device_id_host;
-      $entry['device_id'] = $device_id_host;
-    } else {
-      $device_id_ip = @mysql_result(mysql_query("SELECT device_id FROM ipv4_addresses AS A, ports AS I WHERE 
-      A.ipv4_address = '" . $entry['host']."' AND I.interface_id = A.interface_id"),0);
-      if($device_id_ip) { 
-        $entry['device_id'] = $device_id_ip;
-        $dev_cache[$entry[host]] = $device_id_ip;
-      }
-    }
-  } 
-
-  if($entry['device_id'] && !$delete) {
-    $os = mysql_result(mysql_query("SELECT `os` FROM `devices` WHERE `device_id` = '".$entry['device_id']."'"),0);
-
-    if($os == "ios" || $os == "iosxe") {
-      if(strpos($entry[msg], "%") !== FALSE) {
-        
-#        list(,$entry[msg]) = split(": %", $entry['msg'], 2);
-#        $entry['msg'] = "%" . $entry['msg'];
-#        $entry['msg'] = preg_replace("/^%(.+?):\ /", "\\1||", $entry['msg']);      
-      } else { 
-        $entry['msg'] = preg_replace("/^.*[0-9]:/", "", $entry['msg']);
-        $entry['msg'] = preg_replace("/^[0-9][0-9]\ [A-Z]{3}:/", "", $entry['msg']);
-#        $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']);
-      }
-
-      $entry['msg'] = preg_replace("/^.+\.[0-9]{3}:/", "", $entry['msg']);
-      $entry['msg'] = preg_replace("/^.+-Traceback=/", "Traceback:", $entry['msg']);
-
-      list($entry['program'], $entry['msg']) = explode(":", $entry['msg'], 2);
-      $entry['program'] = str_replace("%", "", $entry['program']);
-      $entry['msg'] = preg_replace("/^[0-9]+:/", "", $entry['msg']);
-
-      if(!$entry['program']) {
-         #$entry['msg'] = preg_replace("/^([0-9A-Z\-]+?):\ /", "\\1||", $entry['msg']);
-	 list($entry['program'], $entry['msg']) = explode(":", $entry['msg'], 2);
-      }
-
-      if(!$entry['msg']) { $entry['msg'] = $entry['program']; unset ($entry['program']); }
-
-    } else {
-      #$program = preg_quote($entry['program'],'/');
-      #$entry['msg'] = preg_replace("/^$program:\ /", "", $entry['msg']);
-#      if(preg_match("/^[a-zA-Z\/]+\[[0-9]+\]:/", $entry['msg'])) {
-        #$entry['msg'] = preg_replace("/^(.+?)\[[0-9]+\]:\ /", "\\1||", $entry['msg']);
-        #if(strpos($entry['msg'], "||") !== FALSE) { $entry['msg'] = preg_replace("/^(.+?):\ /", "\\1||", $entry['msg']);}
-        #00:38:39.139606
-        if(!$entry['program']) {      
-        #  list($entry['program'], $entry['msg']) = explode(":", $entry['msg'], 2);
-        }
-#        $entry['program'] = preg_replace("@\-[0-9]+@", "", $entry['program']);
-#      }
-    }
-
-    $entry['program'] = strtoupper($entry['program']);
-    $x  = "UPDATE `syslog` set `device_id` = '".$entry['device_id']."', `program` = '".$entry['program']."', `msg` = '" . mres($entry['msg']) . "', processed = '1' WHERE `seq` = '" . $entry['seq'] . "'";
-    $x  = "INSERT INTO `syslog` (`device_id`,`program`,`facility`,`priority`, `level`, `tag`, `msg`, `timestamp`) ";
-    $x .= "VALUES ('".$entry['device_id']."','".$entry['program']."','".$entry['facility']."','".$entry['priority']."', '".$entry['level']."', '".$entry['tag']."', '".$entry['msg']."','".$entry['timestamp']."')";   
-    if($update && $entry['device_id']) { mysql_query($x); }
-    unset ($fix);
-  } else { print_r($entry); echo("D-$delete");}
-
+      print_r($entry);
+      echo('D-'.$bi);
       return $entry;
-
     }
     
+  $entry['device_id'] = get_cache($entry['host'], 'device_id');
+  if($entry['device_id']) {
+    $os = get_cache($entry['host'], 'os');
+    if(in_array($os, array('ios', 'iosxe', 'catos'))){
+      $matches = array();
+      if(preg_match('#%(?P<program>.*):( ?)(?P<msg>.*)#', $entry['msg'], $matches)){
+        $entry['msg'] = $matches['msg'];
+        $entry['program'] = $matches['program'];
+      }
+      unset($matches);
+    } elseif($os == 'linux' and get_cache($entry['host'], 'version') == 'Point'){
+      //Cisco WAP200 and similar
+      $matches = array();
+      if(preg_match('#Log: \[(?P<program>.*)\] - (?P<msg>.*)#', $entry['msg'], $matches)){
+        $entry['msg'] = $matches['msg'];
+        $entry['program'] = $matches['program'];
+      }
+      unset($matches);
+    } elseif($os == 'linux'){
+      $matches = array();
+      //User_CommonName/123.213.132.231:39872 VERIFY OK: depth=1, /C=PL/ST=Malopolska/O=VLO/CN=v-lo.krakow.pl/emailAddress=root@v-lo.krakow.pl
+      if($entry['facility'] == 'daemon' and preg_match('#/([0-9]{1,3}\.){3}[0-9]{1,3}:[0-9]{4,} ([A-Z]([A-Za-z)+( ?)){2,}:#', $entry['msg'])){
+        $entry['program'] = 'OpenVPN';
+      }
+      //pop3-login: Login: user=<username>, method=PLAIN, rip=123.213.132.231, lip=123.213.132.231, TLS
+      //POP3(username): Disconnected: Logged out top=0/0, retr=0/0, del=0/1, size=2802
+      elseif($entry['facility'] == 'mail' and preg_match('#^(((pop3|imap)\-login)|((POP3|IMAP)\(.*\))):', $entry['msg'])){
+        $entry['program'] = 'Dovecot';
+      }
+      //pam_krb5(sshd:auth): authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
+      //pam_krb5[sshd:auth]: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
+      elseif(preg_match('#^(?P<program>(.*((\(|\[).*(\)|\])))):(?P<msg>.*)$#', $entry['msg'], $matches)){
+        $entry['msg'] = $matches['msg'];
+        $entry['program'] = $matches['program'];
+      }
+      //SYSLOG CONNECTION BROKEN; FD='6', SERVER='AF_INET(123.213.132.231:514)', time_reopen='60'
+      //pam_krb5: authentication failure; logname=root uid=0 euid=0 tty=ssh ruser= rhost=123.213.132.231
+      elseif($pos = strpos($entry['msg'], ';') or $pos = strpos($entry['msg'], ':')){
+        $entry['program'] = substr($entry['msg'], 0, $pos);
+        $entry['msg'] = substr($entry['msg'], $pos+1);
+      }
+      //fallback, better than nothing...
+      elseif(empty($entry['program']) and !empty($entry['facility'])){
+        $entry['program'] = $entry['facility'];
+      }
+      unset($matches);
+    }
+    if(!isset($entry['program'])){
+      $entry['program'] = $entry['msg'];
+      unset($entry['msg']);
+    }
+    $entry['program'] = strtoupper($entry['program']);
+    array_walk($entry, 'trim');
+    if($update)
+      dbInsert(
+        array(
+          'device_id' => $entry['device_id'],
+          'program' => $entry['program'], 
+          'facility' => $entry['facility'],
+          'priority' => $entry['priority'],
+          'level' => $entry['level'],
+          'tag' => $entry['tag'],
+          'msg' => $entry['msg'],
+          'timestamp' => $entry['timestamp']
+        ),
+        'syslog'
+      );
+    unset($os);
+  }
+  return $entry; 
+}
 
 ?>

syslog.php

@@ -4,6 +4,7 @@
 include("includes/defaults.inc.php");
 include("config.php");
 include("includes/syslog.php");
+include("includes/dbFacile.php");
 include("includes/common.php");
 
 $i = "1";