Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Jul 17, 2020 3:24 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 
Author Message
PostPosted: Mon Jun 29, 2009 2:22 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
I ran into a case where I wanted to make a view definition that included a link that ran a search for a particular field value. I looked at search.php and noticed it only accepts a POST value for the search field. Changing this behavior required only the following change to when the search variable is set ...

Code:
$search = (isset($_GET["search"])) ? stripslashes($_GET["search"]) : stripslashes($_POST["search_field"]);


Perhaps it's of limited use, I dunno. But I found it handy :D

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 30, 2009 10:23 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Just out of noseyness, what was the view, and how did you code it?

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Wed Jul 01, 2009 9:30 am 
Offline
Contributor

Joined: Fri Jul 04, 2008 6:46 am
Posts: 153
Location: USA - WI
Sure, this is what my view definition file looks like ...

Code:
<?php
    $query_array=array("headline"=>__("Audit Log for Schedule ID " . $_GET['schedule_id']) . " and timestamp " . $_GET['timestamp'],
                       "sql"=>"SELECT * FROM audit_log
                               WHERE audit_log_schedule_id = '" . $_GET['schedule_id'] . "' AND
                                     audit_log_timestamp   = '" . $_GET['timestamp'  ] . "'",
                       "sort"=>"audit_log_id",
                       "dir"=>"ASC",
                       "get"=>array("file"=>"search.php",
                                    "title"=>__("Audit Log For Schedule on Timestamp"),
                                    "var"=>array( "search"=>"%audit_log_host" ),
                                   ),
                       "fields"=>array("10"=>array("name"=>"audit_log_message",
                                                   "head"=>__("Log Message"),
                                                   "show"=>"y",
                                                  ),
                                       "20"=>array("name"=>"audit_log_host",
                                                   "head"=>__("Hostname"),
                                                   "show"=>"y",
                                                   "link"=>"y",
                                                  ),
                                       "30"=>array("name"=>"audit_log_pid",
                                                   "head"=>__("PID"),
                                                   "show"=>"y",
                                                  ),
                                      ),
                      );
?>


This view definition is how I view the log for my audits that I run from a Perl script managed via the web interface that I mentioned in this thread ...

viewtopic.php?f=9&t=3246

I use one view definition to sort my audit logs by schedule name, then another to narrow those down by the timestamp that the audit was run. Then I use this query to actually display the audit log. The reason I use the search file and pass it the system name via GET is because it's not guaranteed that just because it tried to audit it that it would actually be in the system, since it also records failed authentication attempts and failure to connect/ping. I suspect there are other practical uses for setting up the view definition that way, this was just the first time it seemed like a good solution.

_________________
OA Server: Debian Squeeze w/ Apache2
Auditing: 700 Workstations, 250 or so Retail Terminals, about 75 Servers
OS's: Windows XP/2003/2008/2008 R2/Vista/7, Debian
LDAP: Active Directory 2008 R2


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 3 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group