Record the date when adding the number of abuses for an IP address

in the abuse list.

diff --git a/src/gcm_daemon/gcm_daemon.php b/src/gcm_daemon/gcm_daemon.php
index 7003d95..278c29e 100755 (executable)
--- a/src/gcm_daemon/gcm_daemon.php
+++ b/src/gcm_daemon/gcm_daemon.php
@@ -20,7 +20,11 @@
    Gnucomo-0.0.8: September 4th 2003
 
  $Log: gcm_daemon.php,v $
- Revision 1.21  2007-01-11 13:47:41  arjen
+ Revision 1.22  2007-10-23 11:23:52  arjen
+ Record the date when adding the number of abuses for an IP address
+ in the abuse list.
+
+ Revision 1.21  2007/01/11 13:47:41  arjen
  Log_adv and derived tables removed.
  Create notifications from log entries with pattern matching.
 
@@ -73,12 +77,12 @@
 
 */
 
-// $Id: gcm_daemon.php,v 1.21 2007-01-11 13:47:41 arjen Exp $
+// $Id: gcm_daemon.php,v 1.22 2007-10-23 11:23:52 arjen Exp $
 
 ini_set('include_path', '.:./classes:../phpclasses');
 ini_set('html_errors', 'false');
 
-define("BATCHSIZE", 2000);
+define("BATCHSIZE", 5000);
 
 //Tell the log that we're up.
 define_syslog_variables();
@@ -259,7 +263,7 @@ function purge_old_logs($purge_date)
 
    echo "Purging log entries before $purge_date\n";
 
-   $dbms->query("CREATE TABLE gcm_deamon_old_log AS SELECT logid FROM log WHERE logid < $purge_date");
+   $dbms->query("CREATE TABLE gcm_deamon_old_log AS SELECT logid FROM log WHERE timestamp < '$purge_date'");
    $dbms->query("SELECT logid FROM gcm_deamon_old_log");
    echo $dbms->num_rows() . " log entries found.\n";
    $r = $dbms->query("select notificationid from log_notification where logid in
@@ -633,6 +637,7 @@ function match_log_patterns($logstart)
       for ($patnr = 0; !$match_found && $patnr < $dbms->num_rows($pattern_res); $patnr++)
       {
          $srv_pat = $dbms->fetch_object($pattern_res, $patnr);
+         //echo "  Checking with pattern " . $srv_pat->pattern . "\n";
          if (ereg($srv_pat->pattern, $logentry->rawdata, $matches))
          {
             //  Scan the argument for '$n' expressions and expand
@@ -668,7 +673,7 @@ function match_log_patterns($logstart)
                break;
 
             case "abuse":
-               if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >= 6)
+               if (record_abuse($logentry->logid, $logentry->objectid, $srv_pat->argument, 1) >= 32)
                {
                   $source_ip = $srv_pat->argument;
                   $notif = 'abuses exceeded';
@@ -743,7 +748,8 @@ function record_abuse($logid, $objectid, $sourceip, $points)
    if (pg_numrows($abres) == 0 && $points > 0)
    {
       //echo "$sourceip is new.\n";
-      $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points')");
+      $dbms->query("INSERT INTO object_abuse VALUES ('$objectid', '$sourceip', '$points', '', NOW())");
+      $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
    }
    else if (pg_numrows($abres) != 0)
    {
@@ -758,13 +764,13 @@ function record_abuse($logid, $objectid, $sourceip, $points)
          //echo $sourceip . " will get " . $abuse_points . " abuse points, ";
          //echo "Status was " . $abuse->status . "\n";
          $dbms->query("UPDATE object_abuse SET nr_abuses='$abuse_points'" .
-                     " WHERE objectid='$objectid' AND source='$sourceip'");
+                     ", last_change=NOW() WHERE objectid='$objectid' AND source='$sourceip'");
 
          if ($points > 0)
          {
             $dbms->query("INSERT INTO log_abuse VALUES ('$logid', '$objectid', '$sourceip')");
          }
-         if ($abuse_points >= 6)
+         if ($abuse_points >= 32)
          {
             //echo "      BLOCK IP adrress $sourceip on the firewall.\n";
             $dbms->query("UPDATE object_abuse SET status='dropped'" .