#
# Need to verify drive and path below to correct syslog directory
# Bobby Brown
# bbrown@netsecadmin.com
#

#################################################################################
# Get info from form to store in buffer (For post method only)
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
# Split the name-value pairs
	@pairs = split(/&/, $buffer);

# Split the names and assign variables
	foreach $pair (@pairs)
	{
        ($name, $value)=split(/=/,$pair);

        $value=~ tr/+/ /;
	$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
        $FORM{$name}=$value;
	}


#User form to set variables
$count = "$FORM{'alerts'}";
$type = $FORM{'type'};
$eventtype = $FORM{'eventtype'};
$filename = $FORM{'filename'};
$Search = $FORM{'search'};
$Searchyes = $FORM{'searchyes'};

##### Set drive and directory to your syslog log directory
open (F,"<d:\\syslogs\\$filename") ;
##### Set drive and path to a directory the webserver can write to and modifiy files.
open (R,">d:\\temp\\tmp") ;

#Reverse the file so most current is first in file when dumped.
print R reverse <F> ;

close R ;
close F ;


($Y,$M,$D,$z) = split(/\-/,$filename,4) ;



print "Content-type: text/html \n\n";
print  <<"EOL";
	<HTML><BODY TEXT=WHITE><BR><P><FONT SIZE=5 COLOR="DARKBLUE">Most recent $count alerts from $M-$D-$Y </FONT></P>
	<TABLE BORDER=1 BGCOLOR=darkblue >
	<TR><TH>IDS color codes - <FONT SIZE=3 COLOR=Yellow>Priority 4</FONT>&nbsp;&nbsp;&nbsp;<FONT SIZE=3 COLOR=\"ffccff\">Priority 6</FONT>&nbsp;&nbsp;&nbsp;<FONT SIZE=3 COLOR=RED>Priority 10</FONT><BR></TH></TR>
	</TABLE>
	
	<TABLE BORDER=1 BGCOLOR=darkblue >
	<TR>
	<TD WIDTH=80><FONT SIZE=3><B>DATE</B></FONT></TD><TD><FONT SIZE=3><B>TIME</B></FONT></TD><TD><FONT SIZE=3><B>FACILITY</B></FONT></TD><TD><FONT SIZE=3><B>SENSOR</B></FONT></TD><TD><FONT SIZE=3 COLOR=WHITE><B>MESSAGE</B></FONT></TD></TR>
EOL


open (R,"<d:\\temp\\tmp") ;

$start = "0" ;
while (<R>) {
	
	#If cases to print seletect type of syslog entries
	chomp;
	($date,$t,$f,$h,$mess) = split(/\t/,$_,5) ;	
	if ( ($type eq "snort") && ($mess !~ /snort\[/) ) {next; }
	if ( ($type eq "asgsentry") && ($mess !~ /^SNMP/) ) {next; }
	if ( ($type eq "EvntSLog") && ($mess !~ /^EvntSLog/) ) {next; }
	if ( ($type eq "EvntSLog") && ($eventtype eq "AUF") && ($mess !~ /AUF/) ) {next; }
	if ( ($type eq "EvntSLog") && ($eventtype eq "ERR") && ($mess !~ /ERR/) ) {next; }
	if ( ($Searchyes) && ($mess !~/$Search/) ) {next; }


	print  <<"EOF";
		<TR><TD WIDTH=80><FONT SIZE=3><B>$date</B></FONT></TD><TD><FONT SIZE=3><B>$t</B></FONT></TD><TD><FONT SIZE=3><B>$f</B></FONT></TD><TD><FONT SIZE=3><B>$h</B></FONT></TD>
EOF

# If cases to change colors of the table rows
	if ($mess =~ /AUF/) { print  "<TD><FONT SIZE=3 COLOR=RED><B>$mess</B></FONT></TD></TR>" ; $start = $start + 1 ; }
	elsif ($mess =~ /ERR/) { print  "<TD><FONT SIZE=3 COLOR=YELLOW><B>$mess</B></FONT></TD></TR>" ; $start = $start + 1 ; }
	elsif ($mess =~ /Priority: 4/) { print  "<TD><FONT SIZE=3 COLOR=YELLOW><B>$mess</B></FONT></TD></TR>" ; $start = $start + 1 ; }
	elsif ($mess =~ /Priority: 6/) { print  "<TD><FONT SIZE=3 COLOR=\"ffccff\"><B>$mess</B></FONT></TD></TR>" ; $start = $start + 1 ; }
	elsif ($mess =~ /Priority: 10/) { print  "<TD><FONT SIZE=3 COLOR=RED><B>$mess</B></FONT></TD></TR>" ; $start = $start + 1 ; }
	elsif ( ($Searchyes) && ($mess =~/$Search/) )  { print  "<TD><FONT SIZE=3 COLOR=RED><B>$mess</B></FONT></TD></TR>" ; $start = $start + 1 ; }
	else { print  "<TD><FONT SIZE=3 COLOR=WHITE><B>$mess</B></FONT></TD></TR>" ; $start = $start + 1 ; }



	if ($count ==  $start) {
		
		print  "</TABLE></BODY></HTML>" ;
		close R ;	
		exit 1;
	} ;



}

print  "</TABLE></BODY></HTML>" ;
close R ;