#!/usr/bin/perl
#
# Jeremy Chartier, <jeremy.chartier@free.fr>
# Date: 2004//
# Revision: 2.2.1
# 

# User variables
# General Librairies - Never comment
use Getopt::Long		;		# use Getopt for options
use Term::ANSIColor qw(:constants);		# use Getopt for options
use Socket;					# use socket for resolving domain name from IP
use File::Path;					# use socket for resolving domain name from IP
use Time::localtime;				# use for Time
#use DB_File;					# use DBM usage 
# Graphical Tool Kit Librairies
#use Tk; $TK = 1;                    # use Tk for using GUI
#use Tk::NoteBook; $TK = 2;		# use Tk::NoteBook for using GUI
# GD Librairies for charts
#use GD::Graph::pie; $GD = 1;
#use GD::Graph::bars; $GD = 2;
#use GD::Graph::lines; $GD = 3;
#use GD::Graph::area; $GD = 4;
# HTML and PDF manipulation libraries
#use HTML::HTMLDoc; $HTML = 1;

# Main variables
$domains_file = "/etc/snortalog/domains";	# Path to find Domain file
$rules_file = "/etc/snortalog/rules";		# Path to find Rules file
$hw_file = "/etc/snortalog/hw";			# Path to find Hardware file
$html_directory = "/var/www/snortalog/";			# Default output directorys (HTML output exclusively)
$dbm_directory = "/var/www/snortalog/";			# Default output directorys (HTML output exclusively)
$tmpout_file = "/var/www/snortalog/.snortalog.tmp";		# Default tempory file (GUI exclusively)

# Comment variables
$legende_red = "Dangerous connections (potentially bad, further investigation needed!)";
$legende_green = "Warning connections (strange, may need further intevestigation!)";
$legende_black = "Not dangerous alert";


# Style variables
$background = "#FFFFFF";      # Sets html background color (#CCCCCC)
                              # or background image (url('path_to_image/image.gif')
$font = "sans-serif";         # Sets html font-type (serif)
$color = "#000000";           # Sets html font color (#000000)
$border = "0";                # Sets border for data tables (1 = yes, 0 = no)
$th_bg_color = "#006666";     # Sets html table header background color (#FFCC99)
$th_color = "#FFFFFF";        # Sets html table header font color (black)
$tb_bg_color = "#EEEEEE";     # Sets html table body background color (#FFFFFF)
$tb_color = "#000000";        # Sets html table body font color (#000000)
$anchor = "#000000";          # Sets html anchor style
$graph_fgcolor = "gray";      # Sets graph foreground color (axes and grid) (blue)
$transparent = "1";           # Sets graph transparency (1 = yes, 0 = no)
$graph_bgcolor = "#EEEEEE";   # Sets graph background color (transparency must be 0)
$graph_txtcolor = "#006666";  # Sets graph labelclr, axislabelclr, legendclr, textclr
                              # label (labels for the axes or pie),
                              # axis label (values printed along the axes, or on a pie slice),
                              # legend, shown values, and
                              # text, all other text.


# Program variables (DON'T TOUCH ANYTHING)
$addr_len = 15;
$nb_len = 6;
$port_len = 5;
$attack_len = 70;
$class_len = 60;
$resolve_len = 50;
$hour_len = 2;
$graph_len = 75;
$prior_len = 1;
$sever_len = 7;
$domain_len = 30;
$ether_len = 10;
$version = "2.2.1";
$datever = "2004/05/03 17:19:00";
$date = ctime();
$maxday = 1; $maxmonth = 1; $maxhour = 0; $maxmin = 0; $maxsec = 0;
$minday = 31; $minmonth = 12; $minhour = 23; $minmin = 59; $minsec = 59;
$logfw = 0;
$logids = 0;
$logpix = 0;
$graph_date = `date +%Y%m%d%H%M`;
chomp $graph_date;

Getopt::Long;

GetOptions( \%opt,
	'd',
	'r',
	'i',
	'c',
	'x',
	's',
	'g=s',
	'h=s',
	'p=s',
	'u=s',
	'n=i',
	# Filter part
	'fproto=s',
	'fsrc=s',
	'fdst=s',
	'fdport=s',
	'fether=s',
	'fhour=s',
	'fday=s',
	'fmonth=s',
	'fhost=s',
	'fseverity=s',
	'fproto=s',
	'faction=s',
	'frule=s',
	'ftype=s',
	'file=s',
	'class',
	'src',
	'dst',
	'class_attack',
	'attack',
	'dport',
	'dport_attack',
	'nids',
	'stateful',
	'interfaces',
	'severity',
	'src_attack',
	'dst_attack',
	'hour',
	'proto',
	'hour_attack',
	'daily_event',
	'domain_src',
	'src_dst_attack',
	'portscan',
	'priority',
	'src_dport',
	'dst_dport',
	'rules',
	'defense_attack',
	'typelog',
	'hwlog',
	'reasons',
	'actions',
	'report',
	'rulesfile=s',
	'hwfile=s',
	'domainsfile=s',
	'dbmdir=s',
	'genref=s'
	) or usage();

if ( $opt{rulesfile} ) {
	$rules_file = $opt{rulesfile}; $RULES = 1;		# Path to find Rules file
}

if ( $opt{hwfile} ) {
	$hw_file = $opt{hwfile}; $HW = 1;		# Path to find hardawre file
}

if ( $opt{domainsfile} ) {
	$domains_file = $opt{domainsfile}; $DOMAINS = 1;	# Path to find Domain file
}

init_monthday();
init_daymonth();
init_pixlog();
init_domains() if ( $DOMAINS == 1 );
init_rules() if ( $RULES == 1 );
init_hw() if ( $HW == 1 );

if ($opt{x}) {
	if ( $TK == 2 ) {
#	$top = new MainWindow;
	my $top = MainWindow->new;

	$menu = $top->Menu;
	$file_menu = $menu->cascade(-label => 'Fi~le', -tearoff => 0);
	$reportsids_menu  = $menu->cascade(-label => '~IDS', -tearoff => 0);
	$reportsfw_menu  = $menu->cascade(-label => '~FW', -tearoff => 0);
	$utils_menu  = $menu->cascade(-label => '~Utils', -tearoff => 0);
	$help_menu  = $menu->cascade(-label => '~Help', -tearoff => 0);

	$file_submenu = $top->Menu(-tearoff => 1, -menuitems => [
		[command => "~Exit", -command => sub { exit } ],]);

	$reportsids_submenu = $top->Menu(-tearoff => 1, -menuitems => [
		[command => "Top IP Sources", -command => \&x_attack_src],
		[command => "Top IP Destinations", -command => \&x_attack_dst],
		[command => "Top IP Source<-->Attacks", -command => \&x_src_attack],
		[command => "Top IP Desination<-->Attacks", -command => \&x_dst_attack],
		[command => "Top Source<-->Destination<-->Attacks", -command => \&x_src_dst_attack],
		[command => "Top Attacks", -command => \&x_attack],
		[command => "Top Hour", -command => \&x_hour],
		[command => "Top Classfication", -command => \&x_class],
		[command => "Top Stateful", -command => \&x_stateful],
		[command => "Top Nids", -command => \&x_nids],
		[command => "Top Severity", -command => \&x_severity],
		[command => "Top Daily Event", -command => \&x_daily_event],
		[command => "Top Destination Port Attack", -command => \&x_dport],
		[command => "Top Destination Port<--> Attack", -command => \&x_dport_attack],
		[command => "Top Hour<-->Attacks", -command => \&x_same_hour_attack],
		[command => "Top Domain Source", -command => \&x_domain_src],
		[command => "Top Interfaces", -command => \&x_interfaces],
		[command => "Top Protocols", -command => \&x_proto],
		[command => "Portscans", -command => \&x_portscan],
		[Separator => ""],
		[command => "Full Report", -command => \&report],]);

	$reportsfw_submenu = $top->Menu(-tearoff => 1, -menuitems => [
		[command => "Top IP Sources", -command => \&x_attack_src],
		[command => "Top IP Destinations", -command => \&x_attack_dst],
		[command => "Top IP Sources <--> Destination Port", -command => \&x_src_dport],
		[command => "Top IP Destinations <--> Destination Port", -command => \&x_dst_dport],
		[command => "Top Hour", -command => \&x_hour],
		[command => "Top Nids", -command => \&x_nids],
		[command => "Top Daily Event", -command => \&x_daily_event],
		[command => "Top Domain Source", -command => \&x_domain_src],
		[command => "Top Interfaces", -command => \&x_interfaces],
		[command => "Top Protocols", -command => \&x_proto],
		[command => "Portscans", -command => \&x_portscan],
		[command => "Top actions", -command => \&x_actions],
		[command => "Top reasons", -command => \&x_reasons],
		[command => "Top rules", -command => \&x_rules],
		[command => "Top SmartDefense Attack", -command => \&x_defense_attack],
		[command => "Top Attacks", -command => \&x_attack],
		[Separator => ""],
		[command => "Full Report", -command => \&report],]);

	$utils_submenu = $top->Menu(-tearoff => 1, -menuitems => [
		[command => "~Clear Screen", -command => \&clear_screen ],
		[command => "~Reset Filter", -command => \&reset_filter ],]);

	$help_submenu = $top->Menu(-tearoff => 1, -menuitems => [
		[command => "~About", -command => \$help_top],]);

	$file_menu->configure(-menu => $file_submenu);
	$reportsids_menu->configure(-menu => $reportsids_submenu);
	$reportsfw_menu->configure(-menu => $reportsfw_submenu);
	$utils_menu->configure(-menu => $utils_submenu);
	$help_menu->configure(-menu => $help_submenu);

	$top->configure(title => "SnortALog V2.2.1", width => 895, height => 520, menu => $menu);
	$note = $top->NoteBook()->place(-x => 10, -y => 5);

	$pagegen = $note->add("pagegen", label => 'Main Tab');
	$pagefilter = $note->add("filter", label => 'Filter');
	$pageconf = $note->add("pageconf", label => 'Configuration');
	$pageresult = $note->add("pageresult", label => 'Result');
	$pagedebug = $note->add("pagedebug", label => 'Debug');

	$label_file = $pagegen->Label(text => 'File :')->place(-x => 10, -y => 0);
	$entry_file = $pagegen->Entry(width => 30, background => 'gray')->place(-x => 10, -y => 20);

	$label_load_option = $pagegen->Label(width => 18, height => 15, relief => 'groove')->place(-x => 250 , -y => 20);
	$label_work = $pagegen->Label(text => 'Load Options :')->place(-x => 260, -y => 10);


	$button_load = $pagegen->Button( text => 'Load File', width => 12, command => \&xload)->place(-x => 260, -y => 40);
	$button_unload = $pagegen->Button( text => 'Unload All', width => 12 , command => \&x_unload)->place(-x => 260, -y => 70);
	$optdbm = 0;                     # Starting value
	$opt_dbm = $pagegen->Checkbutton ( variable => \$optdbm, text => 'Use DBM')->place(-x => 260, -y => 100);
	$optd = 0;                     # Starting value
	$opt_d = $pagegen->Checkbutton ( variable => \$optd, text => 'Debug Mode')->place(-x => 260, -y => 120);
	$listbox_load = $pagegen->Scrolled('Text', width => 27, height => 14, -bg => 'gray', -scrollbars => 'e', -wrap =>'word')->place(-x => 10, -y => 40);

	$label4 = $pagegen->Label(width => 65, height => 15, relief => 'groove')->place(-x => 400, -y => 20);
	$label_result_option = $pagegen->Label(text => 'Result Options :')->place(-x => 405, -y => 10);
	$label5 = $pagegen->Label(width => 65, height => 14, relief => 'groove')->place(-x => 400, -y => 250);
	$label_html_option = $pagegen->Label(text => 'Output Options :')->place(-x => 405, -y => 240);

	$optn = 0;                     # Starting value
	$opth = 0;                     # Starting value
	$optp = 0;                     # Starting value
	$optu = 0;                     # Starting value
	$optg = 0;                     # Starting value
	$opti = 0;                     # Starting value
	$optr = 0;                     # Starting value
	$optc = 0;                     # Starting value
	$nb_files = 0;			# Initialize nb-files variables for index
	# Initialize variables before xload function
	$logtotal = 0;
	$logdrop = 0;
	$logfw = 0;
	$logids = 0;
	$total = 0;
	$opt_i = $pagegen->Checkbutton ( variable => \$opti, text => 'Ascending Order')->place(-x => 470, -y => 40);
	$opt_r = $pagegen->Checkbutton ( variable => \$optr, text => 'Resolve Addresses')->place(-x => 470, -y => 70);
	$opt_d = $pagegen->Checkbutton ( variable => \$optc, text => 'Resolve Domain')->place(-x => 470, -y => 100);
	$opt_n = $pagegen->Checkbutton ( variable => \$optn, text => 'Specify number of Occurences :')->place(-x => 470, -y => 130);
	$entry_option_n = $pagegen->Entry(width => 5, background => 'gray')->place(-x => 700, -y => 130);
	$opt_h = $pagegen->Checkbutton ( variable => \$opth, text => 'Specify HTML File :')->place(-x => 470, -y => 270);
	$entry_option_h = $pagegen->Entry(width => 15, background => 'gray')->place(-x => 700, -y => 270);
	$opt_p = $pagegen->Checkbutton ( variable => \$optp, text => 'Specify PDF File :')->place(-x => 470, -y => 300);
	$entry_option_p = $pagegen->Entry(width => 15, background => 'gray')->place(-x => 700, -y => 300);
	$opt_g = $pagegen->Checkbutton ( variable => \$optg, text => 'Specify Graph Format :')->place(-x => 470, -y => 330);
 	$listbox_option_g = $pagegen->Listbox(width => 15, height => 3, background => 'gray')->place(-x => 700, -y => 330);
	$listbox_option_g->insert('end', 'gif','png','jpg');
	$listbox_option_g->selectionSet(0);


	$scrolled_result  = $pageresult->Scrolled('Text', width => 120, height => 35, -bg => 'gray', -scrollbars => 'e', -wrap =>'word')->pack;
	$scrolled_debug  = $pagedebug->Scrolled('Text', width => 120, height => 35, -bg => 'gray', -scrollbars => 'e', -wrap =>'word')->pack;
	$label_status = $pagegen->Label(text => 'Status :')->place(-x => 10, -y => 240);
	$scrolled_status  = $pagegen->Scrolled('Text', width => 49, height => 14, -bg => 'gray', -scrollbars => 'e', -wrap =>'word')->place(-x => 10, -y => 260);

	$label21 = $pagefilter->Label(width => 55, height => 13, relief => 'groove')->place(-x => 30, -y => 20);
	$label22 = $pagefilter->Label(text => 'Time Filter')->place(-x => 35 , -y => 10);
	$label_fhour = $pagefilter->Label(text => 'Hour :')->place(-x => 50, -y => 40);
	$entry_fhour = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 120, -y => 40);
	$label_fday = $pagefilter->Label(text => 'Day :')->place(-x => 50, -y => 70);
	$entry_fday = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 120, -y => 70);
	$label_fmonth = $pagefilter->Label(text => 'Month :')->place(-x => 50, -y => 100);
	$entry_fmonth = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 120, -y => 100);
	$label23 = $pagefilter->Label(width => 55, height => 13, relief => 'groove')->place(-x => 450, -y => 20);
	$label24 = $pagefilter->Label(text => 'IP Filter')->place(-x => 455 , -y => 10);
	$label_fsrc = $pagefilter->Label(text => 'IP src :')->place(-x => 470, -y => 40);
	$entry_fsrc = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 540, -y => 40);
	$label_fdst = $pagefilter->Label(text => 'IP dst :')->place(-x => 470, -y => 70);
	$entry_fdst = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 540, -y => 70);
	$label_fhost = $pagefilter->Label(text => 'IP host :')->place(-x => 470, -y => 100);
	$entry_fhost = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 540, -y => 100);
	$label25 = $pagefilter->Label(width => 55, height => 13, relief => 'groove')->place(-x => 30, -y => 250);
	$label26 = $pagefilter->Label(text => 'Other Filter')->place(-x => 35 , -y => 240);
	$label_fproto = $pagefilter->Label(text => 'Protocol :')->place(-x => 50, -y => 270);
	$entry_fproto = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 120, -y => 270);
	$label_fdport = $pagefilter->Label(text => 'Dst port :')->place(-x => 50, -y => 300);
	$entry_fdport = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 120, -y => 300);
	$label_fether = $pagefilter->Label(text => 'Interface :')->place(-x => 50, -y => 330);
	$entry_fether = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 120, -y => 330);
	$label_fseverity = $pagefilter->Label(text => 'Severity :')->place(-x => 50, -y => 360);
	$entry_fseverity = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 120, -y => 360);
	$label_frule = $pagefilter->Label(text => 'Rule :')->place(-x => 50, -y => 390);
	$entry_frule = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 120, -y => 390);
	$label_faction = $pagefilter->Label(text => 'Action :')->place(-x => 230, -y => 270);
	$entry_faction = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 300, -y => 270);
	$label_ftype = $pagefilter->Label(text => 'Type :')->place(-x => 230, -y => 300);
	$entry_ftype = $pagefilter->Entry(width => 10, background => 'gray')->place(-x => 300, -y => 300);

	$label_domains_file = $pageconf->Label(text => 'Path to Domain File :')->place(-x => 30, -y => 40);
	$entry_domains_file = $pageconf->Entry(width => 30, background => 'gray')->place(-x => 250, -y => 40);
	$entry_domains_file->insert('end', "$domains_file");
	$label_rules_file = $pageconf->Label(text => 'Path to Rules File :')->place(-x => 30, -y => 80);
	$entry_rules_file = $pageconf->Entry(width => 30, background => 'gray')->place(-x => 250, -y => 80);
	$entry_rules_file->insert('end', "$rules_file");
	$label_hw_file = $pageconf->Label(text => 'Path to Hardware Related File :')->place(-x => 30, -y => 120);
	$entry_hw_file = $pageconf->Entry(width => 30, background => 'gray')->place(-x => 250, -y => 120);
	$entry_hw_file->insert('end', "$hw_file");
	$label_tmpout_file = $pageconf->Label(text => 'Specify the Tempory File :')->place(-x => 30, -y => 160);
	$entry_tmpout_file = $pageconf->Entry(width => 30, background => 'gray')->place(-x => 250, -y => 160);
	$entry_tmpout_file->insert('end', "$tmpout_file");
	$label_html_directory = $pageconf->Label(text => 'Specify the Output directory :')->place(-x => 30, -y => 200);
	$entry_html_directory = $pageconf->Entry(width => 30, background => 'gray')->place(-x => 250, -y => 200);
	$entry_html_directory->insert('end', "$html_directory");
	$label_dbm_directory = $pageconf->Label(text => 'Specify the DBM directory :')->place(-x => 30, -y => 240);
	$entry_dbm_directory = $pageconf->Entry(width => 30, background => 'gray')->place(-x => 250, -y => 240);
	$entry_dbm_directory->insert('end', "$dbm_directory");

	MainLoop();
	} else {
		print "GUI not available, please to check your installation !!!\n";
		print "\n";
		print "Uncomment this variables :\n";
		print "\tuse Tk; \$TK = 1;\n";
		print "\tuse Tk::NoteBook; \$TK = 2;\n";
		print "\n";
		print "And verify you have the good perl libraries.\n";
	}

} else { 
	# initialize variables
	$opt_i = 0;
	$opt_r = 0;
	$opt_h = 0;
	$opt_p = 0;
	$opt_dbm = 0;
	$opt_u = 0;
	$opt_g = 0;
	$opt_d = 0;
	$opt_c = 0;
	$opt_n = 0;
	$opt_fproto = 0;
	$opt_fsrc = 0;
	$opt_fdst = 0;
	$opt_fdport = 0;
	$opt_fether = 0;
	$opt_fhour = 0;
	$opt_fday = 0;
	$opt_fmonth = 0;
	$opt_fhost = 0;
	$opt_fseverity = 0;
	$opt_faction = 0;
	$opt_frule = 0;
	$opt_ftype = 0;
	$opt_i = 1 if $opt{i}; 
	$opt_r = 1 if $opt{r}; 
	$opt_h = 1 if $opt{h}; 
	$opt_p = 1 if $opt{p}; 
	$opt_dbm = 1 if $opt{dbmdir}; 
	$opt_u = 1 if $opt{u}; 
	$opt_d = 1 if $opt{d}; 
	$opt_g = 1 if $opt{g}; 
	$opt_c = 1 if $opt{c}; 
	$opt_n = 1 if $opt{n}; 
	$opt_fproto = 1 if $opt{fproto}; 
	$opt_fsrc = 1 if $opt{fsrc}; 
	$opt_fdst = 1 if $opt{fdst}; 
	$opt_fdport = 1 if $opt{fdport}; 
	$opt_fether = 1 if $opt{fether}; 
	$opt_fhour = 1 if $opt{fhour}; 
	$opt_fday = 1 if $opt{fday}; 
	$opt_fmonth = 1 if $opt{fmonth}; 
	$opt_fhost = 1 if $opt{fhost}; 
	$opt_fseverity = 1 if $opt{fseverity}; 
	$opt_faction = 1 if $opt{faction}; 
	$opt_frule = 1 if $opt{frule}; 
	$opt_ftype = 1 if $opt{ftype}; 
	$val_opt_n = $opt{n} if ( $opt_n == 1 ); 
	$val_opt_h = $opt{h} if ( $opt_h == 1 ); 
	$val_opt_p = $opt{p} if ( $opt_p == 1 ); 
	$val_opt_dbm = $opt{dbmdir} if ( $opt_dbm == 1 ); 
	$val_opt_g = $opt{g} if ( $opt_g == 1 ); 
	$val_opt_u = $opt{u} if ( $opt_u == 1 );
	$val_opt_fproto = $opt{fproto} if ( $opt_fproto == 1 );
	$val_opt_fsrc = $opt{fsrc} if ( $opt_fsrc == 1 );
	$val_opt_fdst = $opt{fdst} if ( $opt_fdst == 1 );
	$val_opt_fdport = $opt{fdport} if ( $opt_fdport == 1 );
	$val_opt_fether = $opt{fether} if ( $opt_fether == 1 );
	$val_opt_fhour = $opt{fhour} if ( $opt_fhour == 1 );
	$val_opt_fday = $opt{fday} if ( $opt_fday == 1 );
	$val_opt_fmonth = $opt{fmonth} if ( $opt_fmonth == 1 );
	$val_opt_fhost = $opt{fhost} if ( $opt_fhost == 1 );
	$val_opt_fseverity = $opt{fseverity} if ( $opt_fseverity == 1 );
	$val_opt_faction = $opt{faction} if ( $opt_faction == 1 );
	$val_opt_frule = $opt{frule} if ( $opt_frule == 1 );
	$val_opt_ftype = $opt{ftype} if ( $opt_ftype == 1 );
	$val_opt_file = $opt{file} if ( $opt{file} );
	$border = "1" if $opt{p};

	if ( $opt{genref} ) {
		load();
		print "The Signature Rules File was generated successfully : $opt{genref}\n";
		exit;
	} else {
		if ( $opt{file} ) {
			xload();
		} else {
			load();
		}
		search_filter();
		print_head();
		print_summary();
		print_menu();
		if ( $opt{src} ) { attack_src() };
		if ( $opt{dst} ) { attack_dst() };
		if ( $opt{src_attack} ) { same_src_attack() };
		if ( $opt{dst_attack} ) { same_dst_attack() };
		if ( $opt{src_dst_attack} ) { same_src_dst_attack() };
		if ( $opt{attack} ) { attack() };
		if ( $opt{class} ) { same_class() };
		if ( $opt{severity} ) { severity() };
		if ( $opt{daily_event} ) { daily_event() if ($minmonth ne $maxmonth) || ($minday < $maxday) };
		if ( $opt{hour} ) { hour() };
		if ( $opt{hour_attack} ) { same_hour_attack() };
		if ( $opt{dport} ) { dport() };
		if ( $opt{dport_attack} ) { dport_attack() };
		if ( $opt{nids} ) { nids() if (keys(%s13) > 1) };
		if ( $opt{stateful} ) { stateful() if ($anomaly > 0) };
		if ( $opt{domain_src} ) { domain_src() };
		if ( $opt{proto} ) { proto() };
		if ( $opt{portscan} ) { portscan() if ( keys(%s25) > 0 ) };
		if ( $opt{interfaces} ) { interfaces() if ( keys(%s1) > 1 ) };
		if ( $opt{reasons} ) { reasons() if ( keys(%s12) > 1 ) };
		if ( $opt{actions} ) { actions() if ( keys(%s14) > 1 ) };
		if ( $opt{rules} ) { rules() if ( keys(%s21) > 1 ) };
		if ( $opt{defense_attack} ) { defense_attack() if ( keys(%s24) > 0 ) };
		if ( $opt{typelog} ) { typelog() };
		if ( $opt{hwlog} ) { hwlog() };
		if ( $opt{src_dport} ) { same_src_dport() };
		if ( $opt{dst_dport} ) { same_dst_dport() };
		if ( $opt{report} ) {
			report();
		}
		print_footer();
		init_pdf() if ( $opt_p == 1 );
	}
}





sub get_opt {
	# initialize variables
	$opt_x = 1;
	$opt_i = $opti;
	$opt_r = $optr;
	$opt_h = $opth;
	$opt_p = $optp;
	$opt_dbm = $optdbm;
	$opt_g = $optg;
	$opt_n = $optn;
	$opt_d = $optd;
	$opt_c = $optc;
	$listbox_option_g->selectionSet(0);
	$val_opt_file = $entry_file->get();
	$val_opt_n = $entry_option_n->get() if ($opt_n == 1);
	$val_opt_h = $entry_option_h->get() if ($opt_h == 1);
	$val_opt_p = $entry_option_p->get() if ($opt_p == 1);
	$val_opt_dbm = $entry_dbm_directory->get() if ($opt_dbm == 1);
	$index_opt_g = $listbox_option_g->curselection;
	$val_opt_g = $listbox_option_g->get($index_opt_g);
	$val_opt_u = $entry_html_directory->get();
	$opt_fproto = 0;
	$opt_fsrc = 0;
	$opt_fdst = 0;
	$opt_fdport = 0;
	$opt_fether = 0;
	$opt_fhour = 0;
	$opt_fday = 0;
	$opt_fmonth = 0;
	$opt_fhost = 0;
	$opt_fseverity = 0;
	$opt_faction = 0;
	$opt_frule = 0;
	$opt_ftype = 0;
	$opt_fproto = 1 if ( $entry_fproto->get() ne "" ); 
	$opt_fsrc = 1 if ( $entry_fsrc->get() ne "" );
	$opt_fdst = 1 if ( $entry_fdst->get() ne "" ); 
	$opt_fdport = 1 if ( $entry_fdport->get() ne "" );
	$opt_fether = 1 if ( $entry_fether->get() ne "" );
	$opt_fhour = 1 if ( $entry_fhour->get() ne "" );
	$opt_fday = 1 if ( $entry_fday->get() ne "" );
	$opt_fmonth = 1 if ( $entry_fmonth->get() ne "" );
	$opt_fhost = 1 if ( $entry_fhost->get() ne "" );
	$opt_fseverity = 1 if ( $entry_fseverity->get() ne "" );
	$opt_faction = 1 if ( $entry_faction->get() ne "" );
	$opt_frule = 1 if ( $entry_frule->get() ne "" );
	$opt_ftype = 1 if ( $entry_ftype->get() ne "" );
	$val_opt_fproto = $entry_fproto->get() if ( $opt_fproto == 1 );
	$val_opt_fsrc = $entry_fsrc->get() if ( $opt_fsrc == 1 );
	$val_opt_fdst = $entry_fdst->get() if ( $opt_fdst == 1 );
	$val_opt_fdport = $entry_fdport->get() if ( $opt_fdport == 1 );
	$val_opt_fether = $entry_fether->get() if ( $opt_fether == 1 );
	$val_opt_fhour = $entry_fhour->get() if ( $opt_fhour == 1 );
	$val_opt_fday = $entry_fday->get() if ( $opt_fday == 1 );
	$val_opt_fmonth = $entry_fmonth->get() if ( $opt_fmonth == 1 );
	$val_opt_fhost = $entry_fhost->get() if ( $opt_fhost == 1 );
	$val_opt_fseverity = $entry_fseverity->get() if ( $opt_fseverity == 1 );
	$val_opt_faction = $entry_faction->get() if ( $opt_faction == 1 );
	$val_opt_frule = $entry_frule->get() if ( $opt_frule == 1 );
	$val_opt_ftype = $entry_ftype->get() if ( $opt_ftype == 1 );
	$scrolled_debug->delete('1.0','end');
	$scrolled_status->delete('1.0','end');
	$domains_file = $entry_domains_file->get();
	$rules_file = $entry_rules_file->get();
	$hw_file = $entry_hw_file->get();
	$tmpout_file = $entry_tmpout_file->get();
	# extract the name of output file for graph file name
	$graph_name = $val_opt_h;
	$graph_name =~ /^([\w||\d]+)/;
	$graph_name = $1;
	# for intialize border in PDF
	$border = "1" if ( $opt_p == 1 );
	# for iniialize configuration files
	if ( $rules_file ne "" ) {
		$RULES = 1;		# Path to find Rules file
	}
	if ( $hw_file ne "" ) {
		$HW = 1;		# Path to find hardawre file
	}
	if ( $domains_file ne "" ) {
		$DOMAINS = 1;		# Path to find Domain file
	}
	init_domains() if ( $DOMAINS == 1 );
	init_rules() if ( $RULES == 1 );
	init_hw() if ( $HW == 1 );
}


sub xload {
	get_opt() if ( ! $opt{file} );
	open (FILE, $val_opt_file) or die $scrolled_status->insert('end', "Can not open $val_opt_file : $!\n");

	while (<FILE>) {
		search_log($_);
	}
	++$nb_files; $listbox_load->insert('end', $nb_files ." - ". $val_opt_file ."\n") if $opt{x};
	search_filter() if $opt{x};
	work();
}








sub search_log {
	$PIX = 0;
	my $alert = {};
	chomp;
	# if the line is blank, go to the next one
	next if $_ eq "";
	++$logtotal;


	# This is netscreen log 
	if ($_ =~ m/NetScreen/) {
	}


	# This is ipf log 
	if ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+(\S+)\s+ipmon\[\d+\]\:\s+\S+\s+(\S+)\s+\S+\s\S+\s+([\d\.]+)\,(\d+)\s+\-\>\s+([\d\.]+)\,(\d+)\s+\S+\s+(\S+)*// || s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+(\S+)\s+ipmon\[\d+\]\:\s+\S+\s+\S+\s(\S+)\s+\S+\s\S+\s+([\d\.]+)\,(\d+)\s+\-\>\s+([\d\.]+)\,(\d+)\s+\S+\s+(\S+)*//) {
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3; 
		$alert->{MIN} = $4; $alert->{SEC} = $5; $alert->{HOST} = $6;  
		$alert->{ETHER} = $7; $alert->{SADDR} = $8; $alert->{SPORT} = $9;  
		$alert->{DADDR} = $10; $alert->{DPORT} = $11; $alert->{PROTO} = $12; $alert->{TYPE} = "ipfilter";
		$alert->{PLUGIN} = "alert";
		record_data($alert);
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+(\S+)\s+ipmon\[\d+\]\:\s+\S+\s+(\S+)\s+\S+\s\S+\s+([\d\.]+)\s+\-\>\s+([\d\.]+)\s+\S+\s+(\S+)*//) {
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3; 
		$alert->{MIN} = $4; $alert->{SEC} = $5; $alert->{HOST} = $6;  
		$alert->{ETHER} = $7; $alert->{SADDR} = $8; $alert->{DADDR} = $9; $alert->{PROTO} = $10;
		$alert->{TYPE} = "ipfilter"; $alert->{PLUGIN} = "alert";
		record_data($alert); next;



	# This is Netfilter log 
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+(\S+)\s+kernel\:\s+IN=(\S+)?\sOUT=(\S+)?\sMAC=\S+?\sSRC=(\S+)\sDST=(\S+)\sLEN=\S+\sTOS=\S+\sPREC=\S+\sTTL=\S+\sID=\S+\sD?F?\s?PROTO=(\S+)\sSPT=(\S+)\sDPT=(\S+)// ) {
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3; 
		$alert->{MIN} = $4; $alert->{SEC} = $5; $alert->{HOST} = $6;  
		$alert->{SADDR} = $9; $alert->{SPORT} = $12; $alert->{DADDR} = $10; $alert->{DPORT} = $13;
		$alert->{PROTO} = $11; $alert->{TYPE} = "netfilter"; $alert->{PLUGIN} = "alert";
		if ( $7 ne "" ) {
			$alert->{ETHER} = $7;
		} else {
			$alert->{ETHER} = $8;
		}
		record_data($alert); next;
	 } elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+(\S+)\s+kernel\:\s+IN=(\S+)?\sOUT=(\S+)?\sMAC=\S+?\sSRC=(\S+)\sDST=(\S+)\sLEN=\S+\sTOS=\S+\sPREC=\S+\sTTL=\S+\sID=\S+\sD?F?\s?PROTO=(\S+)\sTYPE=(\S+)// ) {
		$alert->{MON} = $monthday{$1};    $alert->{DAY} = $2;    $alert->{HOUR} = $3; 
	 	$alert->{MIN} = $4;    $alert->{SEC} = $5;    $alert->{HOST} = $6;  
	 	$alert->{SADDR} = $9; $alert->{DADDR} = $10; $alert->{PROTO} = $11; $alert->{TYPE} = "netfilter";
		$alert->{PLUGIN} = "alert"; $alert->{PLUGIN} = "alert";
		if ( $7 ne "" ) {
			$alert->{ETHER} = $7;
		} else {
			$alert->{ETHER} = $8;
		}
	 	record_data($alert); next;



	# This is PIX log
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+\S+\s+\w{3}\s+\d+\s+\d+\s+\S+\s+(\%PIX-(\d)-\d+):\s+// || $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+\S+\s+(\%PIX-(\d)-\d+):\s+// ) {
#		print "$1\t$2\t$3\t$4\t$5\t$6\t$7\t$8\t$9\t$10\t$11\t$12\t$13\t$14\t$15\n";
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3; 
		$alert->{MIN} = $4; $alert->{SEC} = $5; $alert->{HOST} = "localhost";  
		$alert->{REASON} = "$pixlog{$7} Messages"; $alert->{TYPE} = "pix";
		$alert->{PLUGIN} = "alert"; $alert->{SEVERITY} = $pixlog{$7}; $alert->{PRIORITY} = $7;
		if ( "$hw{$6}" ne "" ) {
			$alert->{HW_INFO} = $hw{$6}; $alert->{TYPE} = "pix"; $alert->{PLUGIN} = "alerthw";
			$PIX = 1;
		}
		if ( $_ =~ s/(\w+)\s+(\w+|\d+)\s+src\s\w+\:([\d\.]+)\/(\d+|\w+\-\_)\s+dst\s+\w+\:([\d\.]+)\/(\d+|\w+\-\_)\s+// ) {
			$alert->{ACTION} = $1;
			$alert->{PROTO} = $2; $alert->{SADDR} = $3; $alert->{SPORT} = $4; $alert->{DADDR} = $5;
			$alert->{DPORT} = $6; $alert->{SIG} = "PIX log"; $PIX = 1;
		}
		if ( $_ =~ s/(Deny\sIP\sspoof)\sfrom\s\([\d\.]+\)\sto\s([\d\.]+)// ) {
			$alert->{ACTION} = "Other"; $alert->{SIG} = $1; $PIX = 0;
		}
		if ( $_ =~ s/(IDS:.+)from\s+([\d\.]+)\s+to\s+([\d\.]+).+$// ) {
			$alert->{ACTION} = "IDS"; $alert->{SIG} = $1;
			$alert->{SADDR} = $2; $alert->{DADDR} = $3;
			$alert->{DPORT} = 0; $PIX = 1;
		}
		record_data($alert) if ( $PIX == 1 ); next;




	# This is fw1 4.1 log ( syslog )
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+\S+\s+\S+\s+\S+\s+(\S+)\s+(\S+)\s+[\>|\<](\S+)\s+proto\s+(\S+)\s+src\s+([\d\.]+)\s+dst\s+([\d\.]+)\s+//ox ) {
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3;
		$alert->{MIN} = $4; $alert->{SEC} = $5; $alert->{ACTION} = $6;  $alert->{HOST} = $7;
		$alert->{ETHER} = $8; $alert->{SADDR} = $10; $alert->{DADDR} = $11; $alert->{PROTO} = $9;
		$alert->{TYPE} = "fw1-41"; $alert->{PLUGIN} = "alert";
		if ( $_ =~ s/^service\s+(\S+)\s+s_port\s+(\S+)\s+//ox ) {
        		$alert->{DPORT} = $1;    $alert->{SPORT} = $2;
		}
		if ( $_ =~ s/^rule\s+(\d+)\s+reason:\s+//ox) {
       	   		$alert->{REASON} = $_; $alert->{RULE} = $1;
       	 	} elsif ( $_ =~ s/^rule\s+(\d+)\s+//ox) {
        		$alert->{REASON} = $_; $alert->{RULE} = $1;
       	 	} elsif ($_ =~ s/^len\s+\d+\s+rule\s+(\d+)//ox) {
        		$alert->{REASON} = "Normal Connection"; $alert->{RULE} = $1;
       		}
		record_data($alert); next;

	# This is fw1 NG log ( DAEMON message ONLY - syslog )
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+\S+\s+\S+\s+\[[^\[|^\]]*?\]\s+\d+\:\d+\:\d+\s+(\S+)\s+([\d\.]+)\s+[\>|\<](\S+)\s+sys_message\:[^\:|^\;]*?\;//ox ) {
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3;
		$alert->{MIN} = $4; $alert->{SEC} = $5;	$alert->{ACTION} = $6; $alert->{HOST} = $7;
		$alert->{ETHER} = $8; $alert->{REASON} = $9; $alert->{RULE} = 0; $alert->{TYPE} = "VPN-1 & FireWall-1";
		$alert->{PLUGIN} = "alert";
		record_data($alert); next;



	# This is fw1 NG log ( ICMP ONLY state and normal - syslog )
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+\S+\s+\S+\s+\[[^\[|^\]]*?\]\s+\d+\:\d+\:\d+\s+(\S+)\s+([\d\.]+)\s+[\>|\<](\S+)\s+\w+\:\s+VPN-1\s\&\sFireWall-1;\s+src\:\s+([\d\.]+);\s+dst\:\s+([\d\.]+);\s+proto\:\s+(\w+|\d+);\s+icmp-type\:\s+(\d+);\s+icmp-code\:\s+(\d+);//ox ) {
#		print "$1\t$2\t$3\t$4\t$5\t$6\t$7\t$8\t$9\t$10\t$11\t$12\t$13\t$14\t$15\n";
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3;
		$alert->{MIN} = $4; $alert->{SEC} = $5;	$alert->{ACTION} = $6; $alert->{HOST} = $7;
		$alert->{ETHER} = $8; $alert->{SADDR} = $9; $alert->{DADDR} = $10; $alert->{PROTO} = $11;
		$alert->{DPORT} = "$12/$13"; $alert->{SPORT} = "$12/$13"; $alert->{TYPE} = "VPN-1 & FireWall-1";
		$alert->{PLUGIN} = "alert"; $alert->{RULE} = 0; $alert->{REASON} = "Normal Connection";
		if ( $_ =~ s/rule\:\s+(\d+);//ox) {
      	   		$alert->{RULE} = $1;
		}
		if ( $_ =~ s/message_info\:\s+([^\:|^\;]*?);//ox) {
      	   		$alert->{REASON} = $1;
		}
		record_data($alert); next;


	# This is fw1 NG log ( NOT ICMP normal DROP - syslog )
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+\S+\s+\S+\s+\[[^\[|^\]]*?\]\s+\d+\:\d+\:\d+\s+(\S+)\s+([\d\.]+)\s+[\>|\<](\S+)\s+\w+\:\s+VPN-1\s\&\sFireWall-1;\s+src\:\s+([\d\.]+);\s+s_port\:\s+([\d|\w|\-|\d]+);\s+dst\:\s+([\d\.]+);\s+service\:\s+([\d|\w|\-|\d]+);\s+proto\:\s+(\w+|\d+);\s+//ox ) {
#		print "$1\t$2\t$3\t$4\t$5\t$6\t$7\t$8\t$9\t$10\t$11\t$12\t$13\t$14\t$15\n";
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3;
		$alert->{MIN} = $4; $alert->{SEC} = $5;	$alert->{ACTION} = $6; $alert->{HOST} = $7;
		$alert->{ETHER} = $8; $alert->{SADDR} = $9; $alert->{SPORT} = $10; $alert->{DADDR} = $11;
		$alert->{DPORT} = $12; $alert->{PROTO} = $13; $alert->{TYPE} = "VPN-1 & FireWall-1"; $alert->{PLUGIN} = "alert";
		$alert->{RULE} = 0; $alert->{REASON} = "Normal Connection";
		if ( $_ =~ s/message_info\:\s+([^\:|^\;]*?);//ox) {
      	   		$alert->{REASON} = $1;
     		}
		if ( $_ =~ s/rule\:\s+(\d+);//ox) {
			$alert->{RULE} = $1;
		}
		record_data($alert); next;

	# This is fw1 NG log ( NOT ICMP state DROP - syslog )
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+\S+\s+\S+\s+\[[^\[|^\]]*?\]\s+\d+\:\d+\:\d+\s+(\S+)\s+([\d\.]+)\s+[\>|\<](\S+)\s+\w+\:\s+VPN-1\s\&\sFireWall-1;[^\;|^\:]*?\:\s([^\:|^\;]*)?;[^\;|^\;]*?;\s+src\:\s+([\d\.]+);\s+s_port\:\s+([\d|\w|\-|\d]+);\s+dst\:\s+([\d\.]+);\s+service\:\s+([\d|\w|\-|\d]+);\s+proto\:\s+(\w+|\d+);//ox ) {
#		print "$1\t$2\t$3\t$4\t$5\t$6\t$7\t$8\t$9\t$10\t$11\t$12\t$13\t$14\t$15\n";
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3;
		$alert->{MIN} = $4; $alert->{SEC} = $5;	$alert->{ACTION} = $6; $alert->{HOST} = $7;
		$alert->{ETHER} = $8; $alert->{SADDR} = $10; $alert->{SPORT} = $11; $alert->{DADDR} = $12;
		$alert->{REASON} = $9; $alert->{RULE} = 0;
		$alert->{DPORT} = $13; $alert->{PROTO} = $14; $alert->{TYPE} = "VPN-1 & FireWall-1"; $alert->{PLUGIN} = "alert";
		record_data($alert); next;

	# This is fw1 NG log ( SMARTDEFENSE - syslog )
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+\S+\s+\S+\s+\[[^\[|^\]]*?\]\s+\d+\:\d+\:\d+\s+(\S+)\s+([\d\.]+)\s+[\>|\<](\S+)\s+\w+\:\sSmartDefense;\s+//ox ) {
#		print "$1\t$2\t$3\t$4\t$5\t$6\t$7\t$8\t$9\t$10\t$11\t$12\t$13\t$14\t$15\n";
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3;
		$alert->{MIN} = $4; $alert->{SEC} = $5;	$alert->{ACTION} = $6; $alert->{HOST} = $7;
		$alert->{ETHER} = $8; $alert->{TYPE} = "SmartDefense";
		if ( $_ =~ m/src\:\s+([\d\.]+);/) { $alert->{SADDR} = $1};
		if ( $_ =~ m/dst\:\s+([\d\.]+);/) { $alert->{DADDR} = $1};
		if ( $_ =~ m/proto\:\s+(\S+);/) { $alert->{PROTO} = $1};
		if ( $_ =~ m/s_port\:\s+(\S+);/) { $alert->{SPORT} = $1};
		if ( $_ =~ m/service\:\s+(\S+);/) { $alert->{DPORT} = $1};
		if ( $_ =~ m/attack\:\s+([^\:|^;]*?);/) { $alert->{ATTACK} = $1};
		if ( $_ =~ m/reason\:\s+([^\:|^;]*?);/) { $alert->{ATTACK_INFO} = $1};
		if ( $_ =~ m/Attack\sInfo\:\s+([^\:|^;]*?);/) { $alert->{ATTACK_INFO} = $1};
		$alert->{RULE} = 0; $alert->{REASON} = "SmartDefense"; $alert->{PLUGIN} = "alert";
		record_data($alert); next;




	# This is fw1 logexport command (4.1 + all NG) )
	} elsif ( $_ =~ /i\/f_name/ ) {
		@head= split (/;/, $_);
		$CPFW1 = 1;


	} elsif ( $CPFW1 == 1 ) {
		@hash{@head}= split (/;/, $_);
		if($hash{date}=~ /(\d+)([a-zA-Z]+)(\d+)/) {
			($day,$month,$year) = ($1,$2,$3);
		}
		($hour,$min,$sec) = (split /:/,$hash{time});

		$alert->{MON} = $monthday{$month}; $alert->{DAY} = $day; $alert->{HOUR} = $hour;
		$alert->{MIN} = $min; $alert->{SEC} = $sec; $alert->{ACTION} = $hash{action};
		$alert->{HOST} = $hash{orig}; $alert->{ETHER} = $hash{'i/f_name'}; $alert->{SADDR} = $hash{src};
		$alert->{DADDR} = $hash{dst}; $alert->{PROTO} = $hash{proto}; $alert->{RULE} = $hash{rule};
		$alert->{ATTACK_INFO} = $hash{'Attack Info'}; $alert->{ATTACK} = $hash{attack};
		$alert->{PLUGIN} = "alert";
		# Test if the log correspond to 4.1 or NG (product doesn't exist in 4.1)
		if ( $hash{product} ne "" ) {
			$alert->{TYPE} = $hash{product};
		} else {
			$alert->{TYPE} = 'VPN-1 & FireWall-1';
		}
		# If proto ICMP then print ICMP-type and code in DPORT
		if ( $hash{proto} eq "icmp" ) {
			$alert->{SPORT} = "$hash{'icmp-type'}/$hash{'icmp-code'}";
			$alert->{DPORT} = "$hash{'icmp-type'}/$hash{'icmp-code'}";
		} else {
			$alert->{SPORT} = $hash{s_port}; $alert->{DPORT} = $hash{service};
		}
		# Test4.1 or NG for print DROP Reason
		if ( $hash{'TCP packet out of state'} ne "" ) {
			$alert->{REASON} = $hash{'TCP packet out of state'};
		} elsif ( $hash{'reason:'} ne "" ) {
			$alert->{REASON} = $hash{'reason:'};
		} else {
			$alert->{REASON} = "Normal Connection";
		}
		record_data($alert); next;



	#
	#  test if the log correspond to a fast alert
	#
	} elsif ( ($_ =~ s/^(\d{2})\/(\d{2})-(\d{2})\:(\d{2})\:(\d{2})\.\d+\s+\[\*\*\]\s+\[[0-9:]+\]\s+//ox) || ($_ =~ s/^(\d{2})\/(\d{2})\/\d{2}-(\d{2})\:(\d{2})\:(\d{2})\.\d+\s+\[\*\*\]\s+\[[0-9:]+\]\s+//ox) ) {
		$alert->{MON} = $1; $alert->{DAY} = $2; $alert->{HOUR} = $3; 
		$alert->{MIN} = $4; $alert->{SEC} = $5; $alert->{HOST} = "localhost";
		s/\s+\[\*\*\]\s+//ox;
		$alert->{ETHER} = $1 if ( s/\<\S+\>//ox );  # Get interface
		if ( $_ =~ m/(http\_inspect|snort\_decoder|spp\_stream4|spp\_frag2)/ox ) {
			$alert->{CLASS} = $1; 
			s/\{(\w+|\d+)\}\s+([\d\.]+)[\:]?([\d]+)\s[\-\>]+\s([\d\.]+)[\:]?(\d+)//ox;
			$PROTO = $1; $PROTO =~ tr/A-Z/a-z/; $alert->{PROTO} = $PROTO;
			$alert->{SADDR} = $2; $alert->{SPORT} = $3;
			$alert->{DADDR} = $4; $alert->{DPORT} = $5; $alert->{SIG} = $_;
			$alert->{TYPE} = "snort_processor"; $alert->{PLUGIN} = "alert";
			$alert->{SEVERITY} = "unknown"; record_data($alert); next;
		} else {
			if ( $_ =~ s/\{(\w+|\d+)\}\s+([\d\.]+)\:(\d+)\s[\-\>]+\s([\d\.]+)\:(\d+)//ox ) {
				$PROTO = $1; $PROTO =~ tr/A-Z/a-z/; $alert->{PROTO} = $PROTO;
				$alert->{SADDR} = $2; $alert->{SPORT} = $3; 
				$alert->{DADDR} = $4; $alert->{DPORT} = $5; 
			} elsif ( s/\{(\w+|\d+)\}\s+([\d\.]+)\s[\-\>]+\s([\d\.]+)//ox ) {;
				$PROTO = $1; $PROTO =~ tr/A-Z/a-z/; $alert->{PROTO} = $PROTO;
				$alert->{SADDR} = $2; $alert->{SPORT} = 0; 
				$alert->{DADDR} = $3; $alert->{DPORT} = 0; 
			}
			$alert->{HOST} = "localhost";
				s/\[Classification\:\s+([^\[|^\]]*?)\]\s+\[Priority\:\s+(\d)\]\s+//ox;
				if ($2 == 1) {
					$severity = "high";
				} elsif ($2 == 2) {
					$severity = "medium";
				} elsif ($2 == 3) {
					$severity = "low";
				} else {
					$severity = "unknown"
				}
			$alert->{CLASS} = $1; $alert->{PRIORITY} = $2; $alert->{SEVERITY} = $severity;
			$alert->{SIG} = "$_ {$PROTO}"; $alert->{PLUGIN} = "alert"; $alert->{TYPE} = "snort_signature";
			record_data($alert); $lastwassnort = 1; next;
		}


	#
	#  test if the log correspond to a syslog alert
	#
	} elsif ( $_ =~ s/^(\w{3})\s+(\d+)\s+(\d+)\:(\d+)\:(\d+)\s+(\S+?)\s+snort:\s+\[[0-9:]+\]\s+//ox ) {
		$alert->{MON} = $monthday{$1}; $alert->{DAY} = $2; $alert->{HOUR} = $3; 
		$alert->{MIN} = $4; $alert->{SEC} = $5;    $alert->{HOST} = $6;
		$alert->{ETHER} = $1 if ( $_ =~ s/\<(\S+)\>//ox );  # Get interface
		if ( $_ =~ m/(http\_inspect|snort\_decoder|spp\_stream4|spp\_frag2)/ox ) {
			$alert->{CLASS} = $1; $alert->{PLUGIN} = "alert"; 
			s/\{(\w+|\d+)\}\s+([\d\.]+)[\:]?([\d]+)\s[\-\>]+\s([\d\.]+)[\:]?(\d+)//ox;
			$alert->{SIG} = $_; $alert->{TYPE} = "snort_processor";
			record_data($alert); next;
		} else {
			if ( $_ =~ s/\{(\w+|\d+)\}\s+([\d\.]+)\:(\d+)\s[\-\>]+\s([\d\.]+)\:(\d+)//ox) {
				$PROTO = $1; $PROTO =~ tr/A-Z/a-z/; $alert->{PROTO} = $PROTO;
				$alert->{SADDR} = $2; $alert->{SPORT} = $3; 
				$alert->{DADDR} = $4; $alert->{DPORT} = $5; 
			} elsif ( $_ =~ s/\{(\w+|\d+)\}\s+([\d\.]+)\s[\-\>]+\s([\d\.]+)//ox ) {
				$PROTO = $1; $PROTO =~ tr/A-Z/a-z/; $alert->{PROTO} = $PROTO;
				$alert->{SADDR} = $2; $alert->{SPORT} = 0; 
				$alert->{DADDR} = $3; $alert->{DPORT} = 0; 
			}
			s/\s+\[Classification\:\s+([^\[|^\]]*?)\]\s+\[Priority\:\s+(\d)\]\:\s+//ox;
				if ($2 == 1) {
					$severity = "high";
				} elsif ($2 == 2) {
					$severity = "medium";
				} elsif ($2 == 3) {
					$severity = "low";
				} else {
					$severity = "unknown"
				}
			$alert->{CLASS} = $1; $alert->{PRIORITY} = $2;
			$alert->{SEVERITY} = $severity;
			$alert->{SIG} = "$_ {$PROTO}"; $alert->{PLUGIN} = "alert"; $alert->{TYPE} = "snort_signature";
			record_data($alert); $lastwassnort = 1; next;
		}




	#
	#  test if the log correspond to the first line of snort's full alert
	#
	} elsif ( $_ =~ /^\[\*\*\]/ ) {
		s/\<(\S+)\>\s//ox;  # Get interface
		$ETHER = $1;
		if ( $_ =~ m/^\[\*\*\]\s+\[[0-9:]+\].+Portscan\sdetected\sfrom\s([\d\.]+)/ox) { # portscan
			$alert->{SADDR} = $1; $alert->{TYPE} = "snort_portscan"; $alert->{PLUGIN} = "alert";
			$alert->{CLASS} = "flow-portscan"; $alert->{SEVERITY} = "unknown"; $alert->{HOST} = "localhost";
			record_data($alert); next; 
		} else {
			s/\s*\[\*\*\]\s*//og;
			s/\s*\[[0-9:]+\]\s*//og;
			if ( $_ =~ m/(http_inspect|snort_decoder|spp_stream4|spp_frag2)/ox ) {
				$TYPE = "snort_processor"; $PLUGIN = "alert";
				$SEVERITY = "unknown"; $CLASS = $1; $SIG = $_;
				next;
			} else {
				$TYPE = "snort_signature"; $PLUGIN = "alert"; $SIG = $_;
				next;
			}
		}


	#
	#  test if the log correspond to the second line of snort's full alert
	#
	} elsif ( $_ =~ m/^\[Classification\:\s+([^\[|^\]]*?)\]\s+\[Priority:\s+(\d{1})\]/ox ) {
		if ($2 == 1) {
			$severity = "high";
		} elsif ($2 == 2) {
			$severity = "medium";
		} elsif ($2 == 3) {
			$severity = "low";
		} else {
			$severity = "unknown"
		}
		$CLASS = $1;
		$PRIORITY = $2;
		$SEVERITY = $severity;
		next;


	#
	#  test if the log correspond to the third line of snort's full alert
	#
	} elsif ( ($_ =~ s/^(\d{2})\/(\d{2})-(\d{2}):(\d{2}):(\d{2})\.\d+\s+//o) || ($_ =~ s/^(\d{2})\/(\d{2})\/\d{2}-(\d{2}):(\d{2}):(\d{2})\.\d+\s+//o) ) {
		#	([\d\.]+):(\d+)\s+\-\>\s+([\d\.]+):(\d+)/) {
		$MON = $1; $DAY = $2; $HOUR = $3; $MIN = $4; $SEC = $5;
		if ( $_ =~ /^([\d\.]+):(\d+)\s+\-\>\s+([\d\.]+):(\d+)/ ) {
			$SADDR = $1; $SPORT = $2; $DADDR = $3; $DPORT = $4;
			next;
		} elsif ( $_ =~ /^([\d\.]+)\s+\-\>\s+([\d\.]+)/ ) {
			$SADDR = $1; $DADDR = $2;
			next;
		}


	# If correspond to TCP and UDP without MAC
#	} elsif ( $_ =~ /^(\d{2})\/(\d{2}).+?-(\d{2}):(\d{2}):(\d{2})\.\d+\s+([\d\.]+):(\d+)\s+\-\>\s+([\d\.]+):(\d+)/) {
#		$MON = $1; $DAY = $2; $HOUR = $3; $MIN = $4; $SEC = $5; $SADDR = $6; $SPORT = $7; $DADDR = $8; $DPORT = $9;
#		next;
	# If correspond to ICMP without MAC
#	} elsif ( $_ =~ /^(\d{2})\/(\d{2}).+?-(\d{2}):(\d{2}):(\d{2})\.\d+\s+([\d\.]+)\s+\-\>\s+([\d\.]+)/) {
#		$MON = $1; $DAY = $2; $HOUR = $3; $MIN = $4; $SEC = $5; $SADDR = $6; $DADDR = $7;
#		next;
	# If correspond MAC address infos
#	} elsif ( $_ =~ /^(\d{2})\/(\d{2}).+?-(\d{2}):(\d{2}):(\d{2})\.\d+\s+([\d|\w:]+)\s+\-\>\s+([\d|\w:]+)/) {
#		print "$1\t$2\t$3\t$4\t$5\t$6\t$7\t$8\t$9\t$10\t$11\t$12\t$13\t$14\t$15\n";
#		$MON = $1; $DAY = $2; $HOUR = $3; $MIN = $4; $SEC = $5;
#		next;
	



	#
	#  test if the log correspond to the fourth line of snort's full alert
	#
	# If correspond to TCP and UDP with MAC
	} elsif ( $_ =~ m/^(\w+)\s+TTL:\d+\s+TOS:\S+\s+ID:\d+\sIpLen:\d+\sDgmLen:\d+/ox ) {
		$PROTO = $1; $PROTO =~ tr/A-Z/a-z/;
		$alert->{MON} = $MON; $alert->{DAY} = $DAY; $alert->{HOUR} = $HOUR;
		$alert->{MIN} = $MIN; $alert->{SEC} = $SEC; $alert->{SADDR} = $SADDR;
		$alert->{SPORT} = $SPORT; $alert->{DADDR} = $DADDR; $alert->{DPORT} = $DPORT;
		$alert->{HOST} = "localhost";
		$alert->{SIG} = "$SIG {$PROTO}";
		$alert->{TYPE} = $TYPE;
		$alert->{PLUGIN} = $PLUGIN;
		$alert->{CLASS} = $CLASS;
		$alert->{PRIORITY} = $PRIORITY;
		$alert->{SEVERITY} = $SEVERITY;
		$alert->{ETHER} = $ETHER;
		$alert->{PROTO} = $PROTO;
		record_data($alert);
		next;
	# If correspond to TCP and UDP without MAC
	} elsif ( $_ =~ /^([\d\.]+):(\d+)\s+\-\>\s+([\d\.]+):(\d+)\s+([\w|\d]+)/) {
		$PROTO = $5; $PROTO =~ tr/A-Z/a-z/;
		$alert->{MON} = $MON; $alert->{DAY} = $DAY; $alert->{HOUR} = $HOUR;
		$alert->{MIN} = $MIN; $alert->{SEC} = $SEC; $alert->{SADDR} = $1;
		$alert->{SPORT} = $2; $alert->{DADDR} = $3; $alert->{DPORT} = $4;
		$alert->{HOST} = "localhost";
		$alert->{SIG} = "$SIG {$PROTO}";
		$alert->{TYPE} = $TYPE;
		$alert->{PLUGIN} = $PLUGIN;
		$alert->{CLASS} = $CLASS;
		$alert->{PRIORITY} = $PRIORITY;
		$alert->{SEVERITY} = $SEVERITY;
		$alert->{ETHER} = $ETHER;
		$alert->{PROTO} = $PROTO;
		record_data($alert);
		next;
	# If correspond to ICMP with MAC
	} elsif ( $_ =~ /^([\d\.]+)\s+\-\>\s+([\d\.]+)\s+([\w|\d]+)/) {
		$PROTO = $3; $PROTO =~ tr/A-Z/a-z/;
		$SADDR = $1; $DADDR = $2;
		next;
	# If correspond to ICMP
	} elsif ( $_ =~ /^Type:(\d+)\s+Code:(\d+)/ ) {
#		print "$1\t$2\t$3\t$4\t$5\t$6\t$7\t$8\t$9\t$10\t$11\t$12\t$13\t$14\t$15\n";
		$alert->{SPORT} = "$1/$2"; $alert->{DPORT} = "$1/$2";
		$alert->{MON} = $MON; $alert->{DAY} = $DAY; $alert->{HOUR} = $HOUR;
		$alert->{MIN} = $MIN; $alert->{SEC} = $SEC;
		$alert->{SADDR} = $SADDR; $alert->{DADDR} = $DADDR;
		$alert->{HOST} = "localhost";
		$alert->{SIG} = "$SIG {$PROTO}";
		$alert->{TYPE} = $TYPE;
		$alert->{PLUGIN} = $PLUGIN;
		$alert->{CLASS} = $CLASS;
		$alert->{PRIORITY} = $PRIORITY;
		$alert->{SEVERITY} = $SEVERITY;
		$alert->{ETHER} = $ETHER;
		$alert->{PROTO} = $PROTO;  
		record_data($alert);
		next;

	} elsif ( $_ =~ m/Len/o ) {
		next;
	} elsif ( $_ =~ m/Xref/o ) {
		next;
	} elsif ( $_ =~ m/MSS:/o ) {
		next;


	# If a snort message has been repeated several times
	} elsif ($lastwassnort && $_ =~ m/last message repeated (\d+) times/) {
	# put the data in the matrix again for each repeat
		$repeats = $1;
		while ($repeats) {
			push @result, $result[-1];
			$repeats--;
		}
		next;
	} else {
		print STDERR "Log not recognize --> $_\n" if (($opt_d == 1) && ($opt_x != 1)); 
	        $scrolled_debug->insert('end', "Log not recognize --> $_\n") if (($opt_d == 1) && ($opt_x == 1));
		++$logdrop; $lastwassnort = 0;
		next;
	}
}





sub clear_screen {
	$scrolled_result->delete('1.0','end');
}


sub reset_filter {
	$entry_fproto->delete('0.0','end'); 
	$entry_fsrc->delete('0.0','end');
	$entry_fdst->delete('0.0','end');
	$entry_fdport->delete('0.0','end');
	$entry_fether->delete('0.0','end');
	$entry_fhour->delete('0.0','end');
	$entry_fday->delete('0.0','end');
	$entry_fmonth->delete('0.0','end');
	$entry_fhost->delete('0.0','end');
	$entry_fseverity->delete('0.0','end');
	$entry_faction->delete('0.0','end');
	$entry_frule->delete('0.0','end');
	$entry_ftype->delete('0.0','end');
}


sub x_popup {
}


sub x_unload {
	### UNDEF VARIABLES
	undef @result;
	undef %s0;
	undef %s1;
	undef %s2;
	undef %s3;
	undef %s4;
	undef %s5;
	undef %s6;
	undef %s7;
	undef %s8;
	undef %s9;
	undef %s10;
	undef %s11;
	undef %s12;
	undef %s13;
	undef %s14;
	undef %s15;
	undef %s16;
	undef %s17;
	undef %s18;
	undef %s19;
	undef %s20;
	undef %s21;
	undef %s22;
	undef %s23;
	undef %s24;		### For defense_attack() 
	undef %s25;		### For portscan()
	undef %s40;		### For domain hash table
	$listbox_load->delete('0.0','end');
	# Initialize variables before xload function
	$nb_files = 0;
	$logtotal = 0;
	$logdrop = 0;
	$logfw = 0;
	$logids = 0;
	$total = 0;
	$maxday = 1; $maxmonth = 1; $maxhour = 0; $maxmin = 0; $maxsec = 0;
	$minday = 31; $minmonth = 12; $minhour = 23; $minmin = 59; $minsec = 59;
}


sub x_daily_event {
	get_opt();
	daily_event();
}

sub x_severity {
	get_opt();
	severity();
}

sub x_interfaces {
	get_opt();
	interfaces();
}

sub x_nids {
	get_opt();
	nids();
}

sub x_proto {
	get_opt();
	proto();
}

sub x_stateful {
	get_opt();
	stateful();
}

sub x_src_dst_attack {
	get_opt();
	same_src_dst_attack();
}

sub x_src_attack {
	get_opt();
	same_src_attack();
}

sub x_dst_attack {
	get_opt();
	same_dst_attack();
}

sub x_attack {
	get_opt();
	attack();
}

sub x_attack_src {
	get_opt();
	attack_src();
}

sub x_attack_dst {
	get_opt();
	attack_dst();
}

sub x_domain_src {
	get_opt();
	domain_src();
}

sub x_hour {
	get_opt();
	hour();
}

sub x_same_hour_attack {
	get_opt();
	same_hour_attack();
}

sub x_dport {
	get_opt();
	dport();
}

sub x_dport_attack {
	get_opt();
	dport_attack();
}


sub x_portscan {
	get_opt();
	portscan();
}


sub x_actions {
	get_opt();
	actions();
}


sub x_reasons {
	get_opt();
	reasons();
}


sub x_rules {
	get_opt();
	rules();
}


sub x_src_dport {
	get_opt();
	same_src_dport();
}


sub x_defense_attack {
	get_opt();
	defense_attack();
}


sub x_dst_dport {
	get_opt();
	same_dst_dport();
}




sub report {
	if ( $opt{x} ) {
		get_opt();
		clear_screen();
		### Only when GUI is started because this 3 part arent already perform in CLI
		print_head();
		print_summary();
		print_menu() if ( $opt_h == 1 || $opt_p == 1 );
		###
	}

	if ( $logids gt 0 ) {
		proto();
		severity();
		hour();
		daily_event() if ($minmonth ne $maxmonth) || ($minday < $maxday);
		dport();
		nids() if (keys(%s13) > 1);
		interfaces() if (keys(%s1) > 1);
		domain_src() if ( $opt{c} );
		attack_src();
		same_src_attack();
		attack_dst();
		same_dst_attack();
		same_src_dst_attack();
		attack();
		same_class();
		same_hour_attack();
		dport_attack();
		portscan() if ( keys(%s25) > 0 );
	}
	if ( $logfw gt 0 ) {
		proto();
		hour();
		daily_event() if ($minmonth ne $maxmonth) || ($minday < $maxday);
		dport();
		nids() if (keys(%s13) > 1);
		interfaces() if (keys(%s1) > 1);
		domain_src() if ( $opt{c} );
		attack_src();
		attack_dst();
		same_src_dport();
		same_dst_dport();
		reasons() if ( keys(%s12) > 1 );
		actions() if ( keys(%s14) > 1 );
		rules() if ( keys(%s21) > 1 );
		defense_attack() if ( keys(%s24) > 0 );
		attack() if ( keys(%s4) > 1 );
		hwlog() if ( keys(%s300) > 0 );
	}
	typelog();

	if ( $opt{x} ) { 
		print_footer();
		init_pdf() if ( $opt_p == 1 );
		$scrolled_status->insert('end', "HTML report generated :\t\tOK\n") if ( $opt_h == 1 );
		$scrolled_status->insert('end', "PDF report generated :\t\tOK\n") if ( $opt_p == 1 );
	}
}







sub load {	
$logtotal = 0;
$logdrop = 0;
$logfw = 0;
$logids = 0;
if ( $opt{genref} ) {
	open(RULES,">$opt{genref}") or die "Can not open domain file: $opt{genref} $!\n";
	while (<>) {
		next if ($_ eq "" or /^#/);
		if ( $_ =~ m/reference/ox ) {
			$_ =~ s/^alert\s(\w+)\s.+\s.+\>\s.+\s.+\(msg\:\"([^\"|^\"]*?)\".+reference\://x;
			$PROTO = $1; $PROTO =~ tr/A-Z/a-z/; $SIG = $2;
			$_ = ";$_";
			$_ =~ s/^\;([^\;|^\;]*?)\;.*$//x;
			$REF = $1;
			print RULES ("$SIG {$PROTO}\t\t$REF\n");
		}
	}
	close (RULES);
} else {	
	# process whatever comes in
 
	while (<>) {
		search_log($_);
	}
}
work() if ( !$opt{genref} );
}





sub work {
if ( $#result + 1 == 0 ) {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "No correct logs found\n");
	} else {
		print "No correct logs found\n";
		exit;
	}
} else {
	if ( $opt_dbm == 1 ) {
		dbmopen(%s0, $val_opt_dbm ."snortalog_dbms0", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s1, $val_opt_dbm ."snortalog_dbms1", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s2, $val_opt_dbm ."snortalog_dbms2", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s3, $val_opt_dbm ."snortalog_dbms3", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s4, $val_opt_dbm ."snortalog_dbms4", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s5, $val_opt_dbm ."snortalog_dbms5", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s6, $val_opt_dbm ."snortalog_dbms6", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s7, $val_opt_dbm ."snortalog_dbms7", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s8, $val_opt_dbm ."snortalog_dbms8", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s9, $val_opt_dbm ."snortalog_dbms9", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s10, $val_opt_dbm ."snortalog_dbms10", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s11, $val_opt_dbm ."snortalog_dbms11", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s12, $val_opt_dbm ."snortalog_dbms12", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s13, $val_opt_dbm ."snortalog_dbms13", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s14, $val_opt_dbm ."snortalog_dbms14", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s15, $val_opt_dbm ."snortalog_dbms15", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s16, $val_opt_dbm ."snortalog_dbms16", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s17, $val_opt_dbm ."snortalog_dbms17", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s18, $val_opt_dbm ."snortalog_dbms18", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s19, $val_opt_dbm ."snortalog_dbms19", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s20, $val_opt_dbm ."snortalog_dbms20", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s21, $val_opt_dbm ."snortalog_dbms21", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s22, $val_opt_dbm ."snortalog_dbms22", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s23, $val_opt_dbm ."snortalog_dbms23", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s24, $val_opt_dbm ."snortalog_dbms24", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s25, $val_opt_dbm ."snortalog_dbms25", 0644) or die "Can't open DB_File: $!\n";
	}
	for $i ( 0 .. $#result ) {
		# for the same pair of attacker and victim with same attack
		# used in same_src_dst_attack()
		$s0{"$result[$i]->[9],$result[$i]->[7],$result[$i]->[6]"}++;
		# used in same_src_dst_attack()
		$s1{"$result[$i]->[14]"}++;
		# used in same_src_attack()
		$s2{"$result[$i]->[6],$result[$i]->[7],$result[$i]->[13]"}++;
		# to same victim with same method
		# to see how many attacks received by one host
		# used in same_dest_attack()
		$s3{"$result[$i]->[6],$result[$i]->[9],$result[$i]->[13]"}++;
		# same signature
		# to see the popularity of one attack method
		# used in attack()
		$s4{"$result[$i]->[6],$result[$i]->[12],$result[$i]->[13]"}++;
		# used in attack_src()
		$s5{"$result[$i]->[7]"}++;
		# used by attack_dst 
		$s6{"$result[$i]->[9]"}++;
		# used by hour()
		$s7{"$result[$i]->[2]"}++;
		# used by hour()
		$s8{"$result[$i]->[2],$result[$i]->[13]"}++;
		# use by same_hour_attack()
		$s9{"$result[$i]->[2],$result[$i]->[6]"}++;
		# used by same_class() 
		$s10{"$result[$i]->[11],$result[$i]->[13]"}++;
		# use by proto()
		$s11{"$result[$i]->[15]"}++;
		# used by reasons()
		$s12{"$result[$i]->[17]"}++;
		# use by nids()
		$s13{"$result[$i]->[5]"}++;
		# use by actions()
		$s14{"$result[$i]->[16]"}++;
		# use by daily_event()
		$s15{"$result[$i]->[1],$result[$i]->[0],$result[$i]->[13]"}++;
		# use by dport()
		$s16{"$result[$i]->[10]"}++;
		# use by typelog()
		$s17{"$result[$i]->[19]"}++;
		# use by dport_attack()
		$s18{"$result[$i]->[10],$result[$i]->[6]"}++;
		# use by daily_event()
		$s19{"$result[$i]->[1],$result[$i]->[0]"}++;
		# use by severity()
		$s20{"$result[$i]->[13]"}++;
		# used by rules()
		$s21{"$result[$i]->[18]"}++;
		# used by same_src_dport()
		$s22{"$result[$i]->[7],$result[$i]->[10]"}++;
		# used by same_dst_dport()
		$s23{"$result[$i]->[9],$result[$i]->[10]"}++;
		# used by defense_attack()
		$s24{"$result[$i]->[21],$result[$i]->[22]"}++ if ( $result[$i]->[21] ne "" );
		# used by portscan()
		$s25{"$result[$i]->[7]"}++ if ( $result[$i]->[19] eq "snort_portscan" );
	}

	# for Portscan logs
	for $i ( 0 .. $#portscan ) {
		$s400{"$portscan[$i]->[0]"}++;
	}
	
	# for Hardware related message logs
	for $i ( 0 .. $#resulthw ) {
		# use by hwlog()
		$s300{"$resulthw[$i]->[6]"}++;
	}
	$total = $#result + 1 + $total;
	$totalscan = $#portscan + 1 + $totalscan;
	# Reinitialize Tables
	undef @result;
	undef @resulthw;
	undef @portscan;
}
}

# print the header (e.g. for mail)
sub print_head {
$kindlog = "IDS" if ( $logids > 0 );
$kindlog = "Firewall" if ( $logfw > 0 );
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	if ( $opt_h == 1 ) {
		$filename = "$val_opt_u"."$val_opt_h";
		$graph_name = $val_opt_h;
		$graph_name =~ /^([\w||\d||\-||\_]+)/;
		$graph_name = $1;
	} elsif ( $opt_p == 1 ) {
		$filename = $tmpout_file;
		$graph_name = $val_opt_p;
		$graph_name =~ /^([\w||\d||\-||\_]+)/;
		$graph_name = $1;
	}
	open (FILEOUT, ">$filename") or die "Can no access file : $filename\n";
	print FILEOUT ("<HTML>\n<HEAD>\n<TITLE>SnortALog Report</TITLE>\n");
	print FILEOUT ("<meta http-equiv='Content-Type' content='text/html' charset='iso-8859-1'>\n");
	print FILEOUT ("<STYLE>\n");
	print FILEOUT ("BODY { color: $color; font-family: $font; background: $background; font-size: 12px; margin-left: 24px; margin-right:24px;}\n") if ( $opt_h == 1 );
	print FILEOUT ("/* Table Header */\n") if ( $opt_h == 1 );
	print FILEOUT (".TH { font-family: Verdana,Arial,Helvetica,sans-serif; font-size: 12px; background-color: $th_bg_color; color: $th_color; font-weight: bold; }\n") if ( $opt_h == 1 );
	print FILEOUT ("/* Table body */\n") if ( $opt_h == 1 );
	print FILEOUT (".TB { color: $tb_color; background-color: $tb_bg_color; font-size: 12px; }\n") if ( $opt_h == 1 );
	print FILEOUT ("/* Table body RED*/\n") if ( $opt_h == 1 );
	print FILEOUT (".TBR { color: red; background-color: $tb_bg_color; font-size: 12px; }\n") if ( $opt_h == 1 );
	print FILEOUT ("/* Table body GREEN*/\n") if ( $opt_h == 1 );
	print FILEOUT (".TBG { color: green; background-color: $tb_bg_color; font-size: 12px; }\n") if ( $opt_h == 1 );
	print FILEOUT ("A { color: $anchor; }\n") if ( $opt_h == 1 );
	print FILEOUT ("DIV { width: 100%; text-align: center; color: white; background-color: #006666; font-size: 24px; }\n") if ( $opt_h == 1 );
	print FILEOUT ("</STYLE>\n</HEAD>\n");
	print FILEOUT ("<BODY>\n");
	print FILEOUT ("<DIV>$kindlog Statistics generated on $date</DIV><BR \>\n");
} else {
	if ( !$opt{x} ) {			### IF GUI X
		print "subject: $kindlog Statistics generated on $date\n"; 
	}
}
}

# print the time of begin and end of the log
sub print_summary {
	if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ){
		print FILEOUT ("<TABLE BORDER=$border ALIGN=CENTER BGCOLOR=$tb_bg_color WIDTH=100%><TR><TD><TABLE BORDER=0><TR><TD WIDTH=65%>");
		print FILEOUT ("<TABLE VALIGN=top>\n");
		print FILEOUT ("<TR ALIGN=left><TH>The log begins at :</TH>");
		print FILEOUT ("<TD>$daymonth{$minmonth} $minday $minhour\:$minmin\:$minsec</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>The log ends at :</TH>");
		print FILEOUT ("<TD>$daymonth{$maxmonth} $maxday $maxhour\:$maxmin\:$maxsec</TD></TR>\n");
		print FILEOUT ("<TR><TD></TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Total of Lines in log file :</TH>");
		print FILEOUT ("<TD>$logtotal</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Total of Logs Dropped :</TH>");
		printf FILEOUT ("<TD>%d (%2.2f%)</TD></TR>\n",$logdrop,$logdrop/$logtotal*100);
		print FILEOUT ("<TR><TD></TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Filter Running:</TH><TD>$filter</TD></TR>\n") if $filter ne "";
		print FILEOUT ("<TR><TD></TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Total events in table :</TH>");
		print FILEOUT ("<TD>$total</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Source IP recorded :</TH>");
		print FILEOUT ("<TD>". keys(%s5) ."</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Destination IP recorded :</TH>");
		print FILEOUT ("<TD>". keys(%s6) ."</TD></TR>\n");
		print FILEOUT ("<TR><TD></TD></TR>\n");
		if ( $logids == 1 ) {
			print FILEOUT ("<TR ALIGN=left><TH>NIDS recorded :</TH>");
			print FILEOUT ("<TD>". keys(%s13) ." with ". keys(%s1) . " interface(s)</TD></TR>\n");
			print FILEOUT ("<TR ALIGN=left><TH>Signatures recorded :</TH>");
			print FILEOUT ("<TD>". keys(%s4) ."<TD></TR>\n");
			print FILEOUT ("<TR ALIGN=left><TH>Classification recorded :</TH>");
			print FILEOUT ("<TD>". keys(%s10) ."</TD></TR>\n");
			print FILEOUT ("<TR ALIGN=left><TH>Severity recorded :</TH>");
			print FILEOUT ("<TD>". keys(%s20) ."</TD></TR>\n");
			print FILEOUT ("<TR ALIGN=left><TH>Preprocessor anomaly :</TH>");
			print FILEOUT ("<TR ALIGN=left><TH>Portscan detected :</TH>") if $totalscan > 0;
			print FILEOUT ("<TD>". $totalscan ."</TD></TR>\n") if $totalscan > 0;
		}
		if ( $logfw == 1 ) {
			print FILEOUT ("<TR ALIGN=left><TH>Firewall recorded :</TH>");
			print FILEOUT ("<TD>". keys(%s13) ." with ". keys(%s1) . " interface(s)</TD></TR>\n");
		}
		print FILEOUT ("</TABLE>\n");
		
		print FILEOUT ("</TD><TD VALIGN=top>\n");
	
		print FILEOUT ("<TABLE>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Domains File : </TH>");
		print FILEOUT ("<TD>". $domains_file ."</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Number of domains : </TH>");
		print FILEOUT ("<TD>". keys(%DomainName) ."</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Rules File : </TH>");
		print FILEOUT ("<TD>". $rules_file ."</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Number of referenced rules : </TH>");
		print FILEOUT ("<TD>". keys(%link) ."</TD></TR>\n");
		print FILEOUT ("</TD></TABLE></TABLE></TABLE><BR>\n");

		print FILEOUT ("<TABLE BORDER=0 ALIGN=CENTER>\n");
		print FILEOUT ("<TR ALIGN=left><TD WIDTH=12%><B><U>Legend :</U></B></TD><TD WIDTH=12%></TD><TD></TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TD WIDTH=12%></TD><TD WIDTH=12%><FONT COLOR=RED>RED :</FONT></TD><TD>$legende_red</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TD WIDTH=12%></TD><TD WIDTH=12%><FONT COLOR=GREEN>GREEN :</FONT></TD><TD>$legende_green</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TD WIDTH=12%></TD><TD WIDTH=12%>BLACK :</TD><TD>$legende_black</TD></TR>\n");
		print FILEOUT ("</TABLE><BR>\n");
	} else {
		if ( $opt{x} ) {			### IF GUI X
			$scrolled_status->insert('end', "Print_Summary() :\t\t\t");
			$scrolled_result->insert ('end', "The log begins from: $daymonth{$minmonth} $minday $minhour\:$minmin\:$minsec\n");
			$scrolled_result->insert ('end', "The log ends at: $daymonth{$maxmonth} $maxday $maxhour\:$maxmin\:$maxsec\n");
			$scrolled_result->insert ('end', "\n");
			$scrolled_result->insert ('end', "Total of Lines in log file: $logtotal\n");
			$scrolled_result->insert ('end', "Total of Logs Dropped: ". $logdrop ." (". $logdrop/$logtotal*100 ."%)\n");
			$scrolled_result->insert ('end', "\n");
			$scrolled_result->insert ('end', "Filter Running: $filter\n") if $filter ne "";
			$scrolled_result->insert ('end', "\n");
			$scrolled_result->insert ('end', "Total events in table: $total\n");
			$scrolled_result->insert ('end', "Source IP recorded: ". keys(%s5) ."\n");
			$scrolled_result->insert ('end', "Destination IP recorded: ". keys(%s6) ."\n");
			$scrolled_result->insert ('end', "\n");
			if ( $logids == 1 ) {
				$scrolled_result->insert ('end', "NIDS recorded: ". keys(%s13) ." with ". keys(%s1) ." interface(s)\n");
				$scrolled_result->insert ('end', "Signatures recorded: ". keys(%s4) ."\n");
				$scrolled_result->insert ('end', "Classification recorded: ". keys(%s10) ."\n");
				$scrolled_result->insert ('end', "Severity recorded: ". keys(%s20) ."\n");
				$scrolled_result->insert ('end', "Portscan recorded: $totalscan\n") if ( $totalscan > 0 );
				$scrolled_result->insert ('end', "\n");
				$scrolled_status->insert ('end', "OK\n");
			}
			if ( $logfw == 1 ) {
				$scrolled_result->insert ('end', "Firewall recorded: ". keys(%s13) ." with ". keys(%s1) ." interface(s)\n");
				$scrolled_result->insert ('end', "\n");
			}
			$scrolled_status->insert('end', "OK\n");
		} else {
			chomp $minmonth;
			chomp $maxmonth;
			print BOLD,"The logs begins from: $daymonth{$minmonth} $minday $minhour\:$minmin\:$minsec\n", RESET;
			print BOLD, "The log ends at: $daymonth{$maxmonth} $maxday $maxhour\:$maxmin\:$maxsec\n", RESET;
			print "\n";
			print BOLD,"Total of Lines in log file: $logtotal\n", RESET;
			printf ("Total of Logs Dropped: %d (%5.2f%)\n",$logdrop,$logdrop/$logtotal*100);
			print "\n";
			print "Filter Running: $filter\n" if $filter ne "";
			print "\n";
			print BOLD,"Total events in table: $total\n", RESET;
			print "Source IP recorded: ". keys(%s5) ."\n" if ( keys(%s5) > 0 );
			print "Destination IP recorded: ". keys(%s6) ."\n" if ( keys(%s6) > 0 );
			print "\n";
			if ( $logids == 1 ) {
				print "NIDS recorded: ". keys(%s13) ." with ". keys(%s1) ." interface(s)\n";
				print "Signatures recorded: ". keys(%s4) ."\n";
				print "Classification recorded: ". keys(%s10) ."\n";
				print "Severity recorded: ". keys(%s20) ."\n";
				print "Portscan recorded: $totalscan\n" if ( $totalscan > 0 );
			}
			if ( $logfw == 1 ) {
				print "Firewall recorded: ". keys(%s13) ." with ". keys(%s1) ." interface(s)\n";
			}
		}
	}
}









# print menu for HTML page
sub print_menu {
	if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
		print FILEOUT ("<TABLE BORDER=0 ALIGN=CENTER><TR ALIGN=left><TD WIDTH=50% VALIGN=top>\n");
		print FILEOUT ("<h4>General Statistics</h4>\n<menu>\n");
		print FILEOUT ("<li><a href=\"#hour\">The distribution of event by hour</a>\n");
		print FILEOUT ("<li><a href=\"#daily_event\">The distribution of event by day</a>\n") if ($minmonth ne $maxmonth) || ($minday < $maxday);
		print FILEOUT ("<li><a href=\"#nids\">The distribution of event by host logger</a>\n") if (keys(%s13) > 1);
		print FILEOUT ("<li><a href=\"#domain_src\">To see the popularity of one domain</a>\n") if ( $opt{c} );
		print FILEOUT ("<li><a href=\"#attack_src\">Popularity of one source host</a>\n");
		print FILEOUT ("<li><a href=\"#attack_dst\">Popularity of one destination host</a>\n");
		print FILEOUT ("<li><a href=\"#dport\">The distribution of event by destination port</a>\n");
		print FILEOUT ("<li><a href=\"#proto\">The distribution of event by protocols</a>\n");
		print FILEOUT ("<li><a href=\"#interfaces\">The distribution of event by interfaces</a>\n") if (keys(%s1) > 1);
		print FILEOUT ("<li><a href=\"#typelog\">The distribution of event type of log</a>\n</menu>") if (keys(%s17) > 0);	
		print FILEOUT ("</TD><TD WIDTH=50% VALIGN=top>\n");
		
		print FILEOUT ("<U><B>Specific Statistics</B></U><P>\n");
		if ( $logfw gt 0 ) {	
			print FILEOUT ("<li><a href=\"#same_src_dport\">Popularity of one source host by destination port</a>\n");
			print FILEOUT ("<li><a href=\"#same_dst_dport\">Popularity of one destination host by destination port</a>\n");
			print FILEOUT ("<li><a href=\"#actions\">Popularity of one action</a>\n");
			print FILEOUT ("<li><a href=\"#reasons\">Popularity of one reason</a>\n");
			print FILEOUT ("<li><a href=\"#rules\">Popularity of one rule</a>\n") if ( keys(%s18) > 0 );
			print FILEOUT ("<li><a href=\"#defense_attack\">Popularity of smartdefense attack</a>\n") if ( keys(%s24) > 0 );
			print FILEOUT ("<li><a href=\"#attack\">Distribution of attack methods</a>\n") if ( keys(%s25) > 1 );
			print FILEOUT ("<li><a href=\"#hwlog\">Popularity of hardware related error message</a>\n") if ( keys(%s300) > 0 );
		} 
		if ( $logids gt 0 ) {	
			print FILEOUT ("<li><a href=\"#same_src_attack\">Events from one host to any with same method</a>\n");
			print FILEOUT ("<li><a href=\"#same_dst_attack\">Events to one host from any with same method</a>\n");
			print FILEOUT ("<li><a href=\"#same_src_dst_attack\">Events from a host to a destination</a>\n");
			print FILEOUT ("<li><a href=\"#port_attack\">Events to one destination port grouped by attack</a>\n");
			print FILEOUT ("<li><a href=\"#attack\">Distribution of attack methods</a>\n");
			print FILEOUT ("<li><a href=\"#same_class\">Distribution of classification method</a>\n");
			print FILEOUT ("<li><a href=\"#severity\">The distribution of event by severity</a>\n");
			print FILEOUT ("<li><a href=\"#stateful\">Distribution of stateful problems</a>\n") if ($anomaly > 0);
			print FILEOUT ("<li><a href=\"#hour_attack\">Events by hour</a>\n");
			print FILEOUT ("<li><a href=\"#portscan\">Portscan list</a>\n") if ( $totalscan > 0 );
		}
		print FILEOUT ("</menu>\n");
		print FILEOUT ("</TD></TR></TABLE><BR>\n");
	}
}       







sub daily_event {
$max = 0;
if ( ($opt_h == 1) || ($opt_p == 1) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"daily_event\" HREF=\"#top\">The distribution of event by day</a></h3>\n");
	print FILEOUT ("<table border=$border align=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>Day</td><td>Month</td><td>No</td><td>%</td><td>Graph</td></tr>");

	foreach $k (%s19) {
		$max = $s19{$k} if ($s19{$k} > $max);
	}
	my $ratio = $max/$total*100;
	foreach $k (sort { $a <=> $b } keys %s19) {
		@_ = split ",",$k;
		my $num = $s19{$k}/$total*(50000/$ratio);
		printf FILEOUT ("<TR CLASS=TB><TD>%-${hour_len}d</TD><TD>%-3s</TD><TD>%-${nb_len}d</TD><TD>%-2.2f</TD><TD WIDTH=$num><HR NOSHADE ALIGN=LEFT SIZE=10 COLOR=#CCCCCC WIDTH=%3d ></TD></TR>\n",$_[0],$_[1],$s19{$k},$s19{$k}/$total*100,$num);
		push @list1 ,($s19{$k});
		push @list2 ,("$_[0]");
	}
 	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("days1","area") if ($opt_g == 1);
		print FILEOUT ("<BR><TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=.".$graph_name._days1.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("days1","area") if ($opt_g == 1);
		print FILEOUT ("<BR><TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=".$graph_name._days1.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TD></TR></TABLE><BR>\n");
	}

	if (( $logids gt 0 ) and ( $opt_g == 1 )) {
		$compt = 1;	
		foreach $k (sort { $a <=> $b } keys %s15) {
			@_ = split ",",$k;
			$beforeday = $_[0];
			$belowday = $beforeday if ( $compt == 1 );
			if ( $belowday < $beforeday ) {
				if ( $low ) {
					push @listlow ,($low);
					undef $low;
				} else {
					push @listlow ,(0);
				}
				if ( $medium ) {
					push @listmedium ,($medium);
					undef $medium;
				} else {
					push @listmedium ,(0);
				}
				if ( $high ) {
					push @listhigh ,($high);
					undef $high;
				} else {
					push @listhigh ,(0);
				}
				if ( $unknown ) {
					push @listunknown ,($unknown);
					undef $unknown;
				} else {
					push @listunknown ,(0);
				}
			}
			if ( $_[2] eq "low") {
				$low = $s15{$k};
			} elsif ( $_[2] eq "medium" ) {
				$medium = $s15{$k};
			} elsif ( $_[2] eq "high" ) {
				$high = $s15{$k};
			} elsif ( $_[2] eq "unknown" ) {
				$unknown = $s15{$k};
			}
			$belowday = $beforeday;
			$compt ++;
		}
		if ( $low ) {
			push @listlow ,($low);
			undef $low;
		} else {
			push @listlow ,(0);
		}
		if ( $medium ) {
			push @listmedium ,($medium);
			undef $medium;
		} else {
			push @listmedium ,(0);
		}
		if ( $high ) {
			push @listhigh ,($high);
		} else {
			push @listhigh ,(0);
		}
		if ( $unknown ) {
			push @listunknown ,($unknown);
			undef $unknown;
		} else {
			push @listunknown ,(0);
		}
		init_graph("days2","lines");
		if ( $opt_p == 1 ) {
			print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=.".$graph_name._days2.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
		} else {
			print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=".$graph_name._days2.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
		}
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "daily_event() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		$linelength = 20 + $nb_len + 6 + $graph_len;
		print FILEOUT ("The distribution of event by day\n");
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s19) ." of ". keys(%s19) ." ###\n");
		print FILEOUT (" Day Month  No         %    Graph\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (%s19) {
			$max = $s19{$k} if ($s19{$k} > $max);
		}
		$ratio = $max/$total*100;
		foreach $k (sort { $a <=> $b } keys %s19) {
			@_ = split ",",$k;
			$num = $s19{$k}/$total*75*(100 / $ratio);
			printf FILEOUT ("  %-${hour_len}d   %-3s   %-${nb_len}d  %5.2f  %-${graph_len}s\n", $_[0],$_[1],$s19{$k},$s19{$k}/$total*100, '#' x $num);
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");

	} else {
		foreach $k (%s19) {
			$max = $s19{$k} if ($s19{$k} > $max);
		}
		$ratio = $max/$total*100;
		section_header("The distribution of event by day\n", "daily_event");
		foreach $k (sort { $a <=> $b } keys %s19) {
			@_ = split ",",$k;
			$num = $s19{$k}/$total*75*(100 / $ratio);
			printf("  %-${hour_len}d   %-3s   %-${nb_len}d  %5.2f  %-${graph_len}s\n", $_[0],$_[1],$s19{$k},$s19{$k}/$total*100, '#' x $num);
		}
	}
}
}


sub severity {
$max = 0;
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<H3><CENTER><A NAME=\"severity\" HREF=\"#top\">The distribution of severity</A></CENTER></H3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><TD>%</TD><TD>No</TD><TD>Severity</TD></TR>");
	foreach $k (sort { $s20{$b} <=> $s20{$a} } keys %s20) {
		$STYLE = init_color($k);
		printf FILEOUT (("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${sever_len}s</td></tr>\n", $s20{$k}/$total*100,$s20{$k},$k));
		push @list1 ,($s20{$k}/$total*100);
		push @list2 ,("$k");
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("severity","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._severity.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("severity","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._severity.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	foreach $k (%s20) {
		$max = $s20{$k} if ($s20{$k} > $max);
	}
	$ratio = $max/$total*100;
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "severity() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "The distribution of severity\n";
		$linelength = 13 + $nb_len + 2 + $sever_len + 2 + $graph_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s20) ." of ". keys(%s20) ." ###\n");
		print FILEOUT ("    %    No      Severity Graph\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s20{$b} <=> $s20{$a} } keys %s20) {
			$num = $s20{$k}/$total*75*(100 / $ratio);
			printf FILEOUT ("  %-5.2f  %-${nb_len}d  %-${sever_len}s  %-${graph_len}s\n", $s20{$k}/$total*100,$s20{$k},$k, '#' x $num);
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		section_header("The distribution of severity\n", "severity");
		foreach $k (sort { $s20{$b} <=> $s20{$a} } keys %s20) {
			$num = $s20{$k}/$total*75*(100 / $ratio);
			printf("  %-5.2f  %-${nb_len}d  %-${sever_len}s  %-${graph_len}s\n", $s20{$k}/$total*100,$s20{$k},$k, '#' x $num);
		}

	}
}
}



sub interfaces {
$i = 0;
$max = 8;
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<H3><CENTER><A NAME=\"interfaces\" HREF=\"#top\">The distribution of event by interfaces</A></CENTER></H3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><TD>%</TD><TD>No</TD><TD>Interface</TD></TR>");
	foreach $k (sort { $s1{$b} <=> $s1{$a} } keys %s1) {
		printf FILEOUT (("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-32s</TD></TR>\n", $s1{$k}/$total*100,$s1{$k},$k));
		push @list1 ,($s1{$k}/$total*100) if ( $i < $max );
		push @list2 ,("$k") if ( $i < $max );
		++$i;
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("ether","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._ether.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("ether","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._ether.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "interfaces() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "The distribution of event by interfaces\n";
		$linelength = 50;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s1) ." of ". keys(%s1) ." ###\n");
		print FILEOUT ("    %    No      Interfaces\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s1{$b} <=> $s1{$a} } keys %s1) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-10s\n", $s1{$k}/$total*100,$s1{$k},$k); 
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("The distribution of event by interfaces\n", "interfaces");
		foreach $k (sort { $s1{$b} <=> $s1{$a} } keys %s1) {
			printf("  %5.2f  %-${nb_len}d  %-10s\n", $s1{$k}/$total*100,$s1{$k},$k); 
		}
	}
}
}





sub init_graph {
if ( $GD == 4 ) {
	my $func = shift;
	my $graph = shift;
	if ( $graph eq "pie" ) {
		$graphiq = GD::Graph::pie->new(250, 250);
		$graphiq->set(  title => 'Graph',
			fgclr => $graph_fgcolor,
			transparent => 1,
			bgclr => $graph_bgcolor,
			labelclr => $graph_txtcolor,
			axislabelclr => black,
			legendclr => $graph_txtcolor,
			textclr => $graph_txtcolor,
			suppress_angle => 3,
			) or die $graphiq->error;
		$gd = $graphiq->plot([\@list2, \@list1]) or die $graphiq->error;
	} elsif ( $graph eq "bars" ) {
		$graphiq = GD::Graph::bars->new(700, 300);
		if ( $func eq "hours2" ) {
			$graphiq->set( 	title => 'Number of Events by Hours',
				x_label => "Hours",
				y_label => "Events",
				dclrs => ['blue','green','red','cyan'],
				fgclr => $graph_fgcolor,
				transparent => $transparent,
				bgclr => $graph_bgcolor,
				labelclr => $graph_txtcolor,
				axislabelclr => $graph_txtcolor,
				legendclr => $graph_txtcolor,
				textclr => $graph_txtcolor,
				bar_spacing => 1,
				bar_width => 3,
				long_ticks => 1) or die $graphiq->error;
				$graphiq->set_legend('Low events','Medium events','High events','Unknown events');
				$gd = $graphiq->plot([\@list2, \@listlow, \@listmedium, \@listhigh, \@listunknown]) or die $graphiq->error;
		}
	} elsif ($graph eq "lines" ) {
		$graphiq = GD::Graph::lines->new(700, 300);
		if ( $func eq "days2" ) {
			$graphiq->set( 	title => 'Number of Severity Events by Days',
				x_label => "Days",
				y_label => "Events",
				line_types => [1, 1, 1, 1],
				line_width => 1,
				dclrs => ['blue','green','red','cyan'],
				fgclr => $graph_fgcolor,
				transparent => $transparent,
				bgclr => $graph_bgcolor,
				labelclr => $graph_txtcolor,
				axislabelclr => $graph_txtcolor,
				legendclr => $graph_txtcolor,
				textclr => $graph_txtcolor,
				) or die $graphiq->error;
			$graphiq->set_legend('Low events','Medium events','High events','Unknown events');
			$gd = $graphiq->plot([\@list2, \@listlow, \@listmedium, \@listhigh, \@listunknown]) or die $graphiq->error;
		}
	} elsif ($graph eq "area" ) {
		$graphiq = GD::Graph::area->new(700, 300);
		if ( $func eq "days1" ) {
			$graphiq->set( 	title => 'Number of Events by Days',
				x_label => "Days",
				y_label => "Events",
				fgclr => $graph_fgcolor,
				transparent => $transparent,
				bgclr => $graph_bgcolor,
				labelclr => $graph_txtcolor,
				axislabelclr => $graph_txtcolor,
				legendclr => $graph_txtcolor,
				textclr => $graph_txtcolor,
				) or die $graphiq->error;
			$gd = $graphiq->plot([\@list2, \@list1]) or die $graphiq->error;
		}
		if ( $func eq "hours1" ) {
			$graphiq->set( 	title => 'Number of Events by Hours',
				x_label => "Hours",
				y_label => "Events",
				fgclr => $graph_fgcolor,
				transparent => $transparent,
				bgclr => $graph_bgcolor,
				labelclr => $graph_txtcolor,
				axislabelclr => $graph_txtcolor,
				legendclr => $graph_txtcolor,
				textclr => $graph_txtcolor,) or die $graphiq->error;
				$gd = $graphiq->plot([\@list2, \@list1]) or die $graphiq->error;
		}
	}
	if ( $opt_p == 1 ) {
		open(IMG, '>'.$val_opt_u.".".$graph_name._.$func.'.'.$val_opt_g) or die $val_opt_u.$graph_name._.$func.".".$val_opt_g;
	} else {
		open(IMG, '>'.$val_opt_u.$graph_name._.$func.'.'.$val_opt_g) or die $val_opt_u.$graph_name._.$func.".".$val_opt_g;
	}	
	binmode IMG;
	$opton = $val_opt_g;
	print IMG $gd->$opton;
	close (IMG);
	undef @listlow;
	undef @listmedium;
	undef @listhigh;
	undef @listunknown;
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "Charts generation not available, please to check your installation !!!\n");
		$scrolled_status->insert('end', "\n");
		$scrolled_status->insert('end', "Uncomment this variables :\n");
		$scrolled_status->insert('end', "\tuse GD::Graph::pie; \$GD = 1;\n");
		$scrolled_status->insert('end', "\tuse GD::Graph::bars; \$GD = 2;\n");
		$scrolled_status->insert('end', "\tuse GD::Graph::lines; \$GD = 3;\n");
		$scrolled_status->insert('end', "\tuse GD::Graph::area; \$GD = 4;\n");
		$scrolled_status->insert('end', "\n");
		$scrolled_status->insert('end', "And verify you have the good perl libraries.\n");
	} else {
		print "Charts generation not available, please to check your installation !!!\n";
		print "\n";
		print "Uncomment this variables :\n";
		print "\tuse GD::Graph::pie; \$GD = 1;\n";
		print "\tuse GD::Graph::bars; \$GD = 2;\n";
		print "\tuse GD::Graph::lines; \$GD = 3;\n";
		print "\tuse GD::Graph::area; \$GD = 4;\n";
		print "\t\n";
		print "\n";
		print "And verify you have the good perl libraries.\n";
	}
}
}



sub nids {
my $i = 0;
my $max = 6;
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"nids\" HREF=\"#top\">The distribution of event by Host</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Host Logger</td></tr>");
	foreach $k (sort { $s13{$b} <=> $s13{$a} } keys %s13) {
		printf FILEOUT (("<tr class=TB><td>%2.2f</td><td>%-${nb_len}d</td><td>%-32s</td></tr>\n", $s13{$k}/$total*100,$s13{$k},$k));
		push @list1 ,($s13{$k}) if ( $i < $max );
		push @list2 ,("$k") if ( $i < $max );
		++$i;
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("nids","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._nids.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("nids","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._nids.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "nids() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "The distribution of event by Host\n";
		$linelength = 50;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s13) ." of ". keys(%s13) ." ###\n");
		print FILEOUT ("    %    No      Host Logger\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s13{$b} <=> $s13{$a} } keys %s13) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-32s\n", $s13{$k}/$total*100,$s13{$k},$k); 
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("The distribution of event by Host\n", "nids");
		foreach $k (sort { $s13{$b} <=> $s13{$a} } keys %s13) {
			printf("  %5.2f  %-${nb_len}d  %-32s\n", $s13{$k}/$total*100,$s13{$k},$k); 
		}
	}
}
}


sub proto {
my $i = 0;
my $max = 6;
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"proto\" HREF=\"#top\">The distribution of event by protocols</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><table border=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Protocols</td></tr>");
	foreach $k (sort { $s11{$b} <=> $s11{$a} } keys %s11) {
		printf FILEOUT (("<tr class=TB><td>%2.2f</td><td>%-${nb_len}d</td><td>%-32s</td></tr>\n", $s11{$k}/$total*100,$s11{$k},$k));
		push @list1 ,($s11{$k}) if ( $i < $max );
		push @list2 ,("$k") if ( $i < $max );
		++$i;
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("proto","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._proto.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("proto","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._proto.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "proto() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "The distribution of event by protocols\n";
		$linelength = 50;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s11) ." of ". keys(%s11) ." ###\n");
		print FILEOUT ("    %    No      Protocols\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s11{$b} <=> $s11{$a} } keys %s11) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-32s\n", $s11{$k}/$total*100,$s11{$k},$k); 
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("The distribution of event by protocols\n", "proto");
		foreach $k (sort { $s11{$b} <=> $s11{$a} } keys %s11) {
			printf("  %5.2f  %-${nb_len}d  %-32s\n", $s11{$k}/$total*100,$s11{$k},$k); 
		}
	}
}
}





sub same_src_dst_attack {
$i=0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s0) ) ) {
	$n = keys %s0;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_src_dst_attack\" href=\"#top\">Percentage and number of attacks from a host to a destination</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=o$border ALIGN=CENTER>\n");
	print FILEOUT ("<TR CLASS=TH align=center><td>%</td><td>No</td><td>IP Source</td><td>IP Destination</td><td>Attack</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s0{$a} <=> $s0{$b} } keys %s0) { 
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td></tr>\n", $s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	} else {
		foreach $k (sort { $s0{$b} <=> $s0{$a} } keys %s0) { 
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td></tr>\n", $s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_src_dst_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "The number of attacks from same host to same destination using same method\n";
		$linelength = 13 + $nb_len + 4 + $addr_len + 4 + $addr_len + 4 + $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s0) ." ###\n");
		print FILEOUT ("    %    No      IP source        IP destination   Attack\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s0{$a} <=> $s0{$b} } keys %s0) { 
				@_ = split ",",$k;
				printf FILEOUT ("  %-5.2f  %-${nb_len}d  %-${addr_len}s  %-${addr_len}s  %-10s\n",
				$s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		} else {
			foreach $k (sort { $s0{$b} <=> $s0{$a} } keys %s0) { 
				@_ = split ",",$k;
				printf FILEOUT ("  %-5.2f  %-${nb_len}d  %-${addr_len}s  %-${addr_len}s  %-10s\n",
				$s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("The number of attacks from same host to same destination using same method\n", "same_src_dst_attack");
		if ($opt_i == 1) {
			foreach $k (sort { $s0{$a} <=> $s0{$b} } keys %s0) { 
				@_ = split ",",$k;
				printf("  %-5.2f  %-${nb_len}d  %-${addr_len}s  %-${addr_len}s  %-10s\n",
				$s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		} else {
			foreach $k (sort { $s0{$b} <=> $s0{$a} } keys %s0) { 
				@_ = split ",",$k;
				printf("  %-5.2f  %-${nb_len}d  %-${addr_len}s  %-${addr_len}s  %-10s\n",
				$s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
	}
}
}


# to see how many attacks launched from one host
sub same_src_attack {
$i=0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s2) ) ) {
	$n = keys %s2;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_src_attack\" href=\"#top\">Percentage and number of attacks from one host to any with same method</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border align=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td><td>Attack</td><td>Severity</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s2{$a} <=> $s2{$b} } keys %s2) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td><td>%-${server_len}s</td></tr>\n", $s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i
		}
	} else {
		foreach $k (sort { $s2{$b} <=> $s2{$a} } keys %s2) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td><td>%-${server_len}s</td></tr>\n", $s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_src_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Percentage and number of attacks from one host to any with same method\n";
		$linelength = 11 + $nb_len + 4 + $addr_len + 4 + $attack_len + 4 + $sever_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s2) ." ###\n");
		print FILEOUT ("    %    No      IP source        Attack                                                                  Severity\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s2{$a} <=> $s2{$b} } keys %s2) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${server_len}s\n",$s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i
			}
		} else {
			foreach $k (sort { $s2{$b} <=> $s2{$a} } keys %s2) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Percentage and number of attacks from one host to any with same method\n", "same_src_attack");  
		if ($opt_i == 1) {
			foreach $k (sort { $s2{$a} <=> $s2{$b} } keys %s2) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${server_len}s\n",
				$s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i
			}
		} else {
			foreach $k (sort { $s2{$b} <=> $s2{$a} } keys %s2) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",
				$s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
	}
}
}


# to see how many attacks received by one host (destination correlated)
sub same_dst_attack {
$i=0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s3) ) ) {
	$n = keys %s3;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
#	open (FILEOUT, ">>$val_opt_u$val_opt_h") or die "Can no access file : $val_opt_u$val_opt_h\n";
	print FILEOUT ("<h3><CENTER><a name=\"same_dst_attack\" href=\"#top\">Percentage and number of attacks to one host from any with same method</a><CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border align=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Destination</td><td>Attack</td><td>Severity</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s3{$a} <=> $s3{$b} } keys %s3) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td><td>%-${sever_len}s</td></tr>\n",$s3{$k}/$total*100 , $s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	} else {
		foreach $k (sort { $s3{$b} <=> $s3{$a} } keys %s3) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td><td>%-${sever_len}s</td></tr>\n",$s3{$k}/$total*100 , $s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
#	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_dst_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Percentage and number of attacks to one host from any with same method\n";
		$linelength = 13 + $nb_len + 4 + $addr_len + 4 + $attack_len + 4 + $sever_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s3) ." ###\n");
		print FILEOUT ("    %    No      IP destination   Attack                                                                  Severity\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s3{$a} <=> $s3{$b} } keys %s3) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s3{$k}/$total*100 ,$s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		} else {
			foreach $k (sort { $s3{$b} <=> $s3{$a} } keys %s3) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s3{$k}/$total*100 ,$s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Percentage and number of attacks to one host from any with same method\n", "same_dst_attack");
		if ($opt_i == 1) {
			foreach $k (sort { $s3{$a} <=> $s3{$b} } keys %s3) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s3{$k}/$total*100 ,
				$s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		} else {
			foreach $k (sort { $s3{$b} <=> $s3{$a} } keys %s3) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s3{$k}/$total*100 ,
				$s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
	}
}
}


# to see the popularity of one attack method
sub attack {
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"attack\" href=\"#top\">The distribution of attack methods</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Attack</td><td>Priority</td><td>Severity</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s4{$a} <=> $s4{$b} } keys %s4) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			if ( ($link{$_[0]} =~ /(^.+),(.*$)/) && ($RULES == 1) ) {
				$url = init_url($1);
				printf FILEOUT ("<tr class=$STYLE><td>%2.2f</td><td>%-${nb_len}d</td><td><a href=$url$2 class=$STYLE>%-${attack_len}s</a></td><td>%-${prior_len}d</td><td>%-${sever_len}s</td><td>%-20s</td></tr>\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			} else {
				printf FILEOUT ("<tr class=$STYLE><td>%2.2f</td><td>%-${nb_len}d</td><td>%-${attack_len}s</td><td>%-${prior_len}d</td><td>%-${sever_len}s</td><td>%-20s</td></tr>\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		}
	} else {
		foreach $k (sort { $s4{$b} <=> $s4{$a} } keys %s4) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			if ( ($link{$_[0]} =~ /(^.+),(.*$)/ ) && ($RULES == 1) ) {
				$url = init_url($1);
				printf FILEOUT ("<tr class=$STYLE><td>%2.2f</td><td>%-${nb_len}d</td><td><a href=$url$2 class=$STYLE>%-${attack_len}s</a></td><td>%-${prior_len}d</td><td>%-${sever_len}s</td></tr>\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			} else {
				printf FILEOUT ("<tr class=$STYLE><td>%2.2f</td><td>%-${nb_len}d</td><td>%-${attack_len}s</td><td>%-${prior_len}d</td><td>%-${sever_len}s</td></tr>\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		}
	}
	print FILEOUT ("</table><BR>\n");
#	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "attack() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "The distribution of attack methods\n";
		$linelength = 13 + $nb_len + 4 + $attack_len + 4 + $prior_len + 4 + $sever_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s4) ." of ". keys(%s4) ." ###\n");
		print FILEOUT ("    %    No     Attack                                                           Priority Severity\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s4{$a} <=> $s4{$b} } keys %s4) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${attack_len}s  %-${prior_len}d %-${sever_len}s\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		} else {
			foreach $k (sort { $s4{$b} <=> $s4{$a} } keys %s4) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${attack_len}s  %-${prior_len}d %-${sever_len}s\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {		
		section_header("The distribution of attack methods\n", "attack");
		if ($opt_i == 1) {
			foreach $k (sort { $s4{$a} <=> $s4{$b} } keys %s4) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${attack_len}s  %-${prior_len}d %-${sever_len}s\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		} else {
			foreach $k (sort { $s4{$b} <=> $s4{$a} } keys %s4) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${attack_len}s  %-${prior_len}d %-${sever_len}s\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		}
	}
}
}


# to see the popularity of one source host 
sub same_class {
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_class\" href=\"#top\">The distribution of classification method</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Classification</td><td>Severity</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s10{$a} <=> $s10{$b} } keys %s10) {
			@_ = split ",",$k;
			$STYLE = init_color($_[1]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${class_len}s</td><td>%-${server_len}s</td></tr>\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
		}
	} else {
		foreach $k (sort { $s10{$b} <=> $s10{$a} } keys %s10) {
			@_ = split ",",$k;
			$STYLE = init_color($_[1]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${class_len}s</td><td>%-${server_len}s</td></tr>\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
		}
	}
	print FILEOUT ("</table><BR>\n");
#	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_class() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "The distribution of classification method\n";
		$linelength = 13 + $nb_len + 4 + $class_len + 4 + $sever_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s10) ." of ". keys(%s10) ." ###\n");
		print FILEOUT ("    %    No       Classification                                               Severity\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s10{$a} <=> $s10{$b} } keys %s10) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${class_len}s  %-${server_len}s\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
			}
		} else {
			foreach $k (sort { $s10{$b} <=> $s10{$a} } keys %s10) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${class_len}s  %-${sever_len}s\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {		
		section_header("The distribution of classification method\n", "same_class");
		if ($opt_i == 1) {
			foreach $k (sort { $s10{$a} <=> $s10{$b} } keys %s10) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${class_len}s  %-${server_len}s\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
			}
		} else {
			foreach $k (sort { $s10{$b} <=> $s10{$a} } keys %s10) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${class_len}s  %-${sever_len}s\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
			}
		}
	}
}
}



# to see the popularity of one source host 
sub attack_src {
$i=0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s5) ) ) {
	$n = keys %s5;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"attack_src\" href=\"#top\">To see the popularity of one source host</A></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	if ($opt_r) {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td><td>Resolve</td><td>Domain</td></tr>");
	} else {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td></tr>");
	}
	
	if ($opt_i == 1) {
		foreach $k (sort { $s5{$a} <=> $s5{$b} } keys %s5) {
			if ($i < $n) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					$STYLE = init_color($src_host);
					$src_host =~ /(\w+$)/;
					printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${addr_len}s</td><td>%-${domain_len}s</td></tr>\n",$s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
				} else {
					printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td></tr>\n", $s5{$k}/$total*100,$s5{$k},$k);
				}
			}
		++$i;
		}
	} else {
		foreach $k (sort { $s5{$b} <=> $s5{$a} } keys %s5) {
			if ($i < $n) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					$STYLE = init_color($src_host);
					$src_host =~ /(\w+$)/;
					printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${resolve_len}s</td><td>%-${domain_len}s</td></tr>\n",$s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
				} else {
					 printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td></tr>\n", $s5{$k}/$total*100,$s5{$k},$k);
				}
			}
		++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
#	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "attack_src() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "To see the popularity of one source host\n";
		if ($opt_r) {
			$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len + 2 + $domain_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
			print FILEOUT ("    %    No      IP source        Resolve                                             Domain\n");
			print FILEOUT ( '=' x $linelength, "\n");
		} else {
			$linelength = 13 + $nb_len + 4 + $addr_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
			print FILEOUT ("    %    No      IP source\n");
			print FILEOUT ( '=' x $linelength, "\n");
		}
		if ($opt_i == 1) {
			foreach $k (sort { $s5{$a} <=> $s5{$b} } keys %s5) {
				if ($i < $n) {
					if ($opt_r) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
					} else {
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s5{$k}/$total*100,$s5{$k},$k) if $i < $nb; 
					}
				}
			++$i;
			}
		} else {
			foreach $k (sort { $s5{$b} <=> $s5{$a} } keys %s5) {
				if ($i < $n) {
					if ($opt_r) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
					} else {
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s5{$k}/$total*100,$s5{$k},$k);
					}
				}
			++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {		
		if ($opt_r) {
			section_header("To see the popularity of one source host\n", "attack_src_resolve");
		} else {
			section_header("To see the popularity of one source host\n", "attack_src");
		}
		if ($opt_i == 1) {
			foreach $k (sort { $s5{$a} <=> $s5{$b} } keys %s5) {
				if ($i < $n) {
					if ($opt_r) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						$s40{"$1"}++;
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
					} else {
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s5{$k}/$total*100,$s5{$k},$k) if $i < $nb; 
					}
				}
			++$i;
			}
		} else {
			foreach $k (sort { $s5{$b} <=> $s5{$a} } keys %s5) {
				if ($i < $n) {
					if ($opt_r) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
#						$s40{"$1"}++;
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
					} else {
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s5{$k}/$total*100,$s5{$k},$k);
					}
				}
			++$i;
			}
		}
	}
}
}







sub domain_src {
$i=0;
foreach $k (sort { $s5{$b} <=> $s5{$a} } keys %s5) {
	$host = resolve ($k);
	$src_host = $host if ($host ne $k);
	$src_host =~ /(\w+$)/;
	$s40{"$1"}++;
}
$i=0;
$max = 8;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s40) ) ) {
	$n = keys %s40;
	$max = $n if ( keys %s40 < 8);
} else {
	$n = $val_opt_n;
	$max = $n if ( keys %s40 < 8);
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"domain_src\" HREF=\"#top\">To see the popularity of one domain</a><CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Domain</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s40{$a} <=> $s40{$b} } keys %s40) {
			if ( $i < $n ) {
				$STYLE = init_color($k);
				printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${domain_len}s</td></tr>\n", $s40{$k}/(keys %s5)*100,$s40{$k},$DomainName{$k});
				push @list1 ,($s40{$k}) if ( $i < $max );
				push @list2 ,("$k") if ( $i < $max );
				++$i;
			}
		}
	} else {
		foreach $k (sort { $s40{$b} <=> $s40{$a} } keys %s40) {
			if ( $i < $n ) {
				$STYLE = init_color($k);
				printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${domain_len}s</td></tr>\n", $s40{$k}/(keys %s5)*100,$s40{$k},$DomainName{$k});
				push @list1 ,($s40{$k}) if ( $i < $max );
				push @list2 ,("$k") if ( $i < $max );
				++$i;
			}
		}
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("domain","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._domain.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("domain","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._domain.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "domain_crc() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "To see the popularity of one domain\n";
		$linelength = 11 + $domain_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s40) ." ###\n");
		print FILEOUT ("    %    No      Domain\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $l (sort { $s40{$a} <=> $s40{$b} } keys %s40) {
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${domain_len}s\n", $s40{$l}/(keys %s5)*100,$s40{$l},$DomainName{$l}) if ( $i < $n );
				++$1;
			}
		} else {
			foreach $l (sort { $s40{$b} <=> $s40{$a} } keys %s40) {
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${domain_len}s\n", $s40{$l}/(keys %s5)*100,$s40{$l},$DomainName{$l}) if ( $i < $n );
				++$1;
			}
		}	
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");	
	} else {		
		section_header("To see the popularity of one domain\n", "domain_src");
		if ($opt{i}) {
			foreach $l (sort { $s40{$a} <=> $s40{$b} } keys %s40) {
				printf("  %5.2f  %-${nb_len}d  %-${domain_len}s\n", $s40{$l}/(keys %s5)*100,$s40{$l},$DomainName{$l}) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $l (sort { $s40{$b} <=> $s40{$a} } keys %s40) {
				printf("  %5.2f  %-${nb_len}d  %-${domain_len}s\n", $s40{$l}/(keys %s5)*100,$s40{$l},$DomainName{$l}) if ( $i < $n );
				++$i;
			}
		}
	}
}
}



# to see the popularity of one destination host
sub attack_dst {
$i=0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s6) ) ) {
	$n = keys %s6;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"attack_dst\" href=\"#top\">To see the popularity of one destination host</a><CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	if ($opt_r) {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Destination</td><td>Resolve</td></tr>");
	} else {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Destination</td></tr>");
	}

	if ($opt_i == 1) {
		foreach $k (sort { $s6{$a} <=> $s6{$b} } keys %s6) {
			if ($opt_r) {
				$host = resolve ($k);
				$src_host = $host if ($host ne $k);
				printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${resolve_len}s</td></tr>\n",$s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
			} else {
				printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td></tr>\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n;
			}
		++$i;
		}
	} else {
		foreach $k (sort { $s6{$b} <=> $s6{$a} } keys %s6) {
			if ($opt_r) {
				$host = resolve ($k);
				$src_host = $host if ($host ne $k);
				printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${resolve_len}s</td></tr>\n",$s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
			} else {
				printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td></tr>\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $val_opt_n;
			}
		++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "attack_dst() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "To see the popularity of one destination host\n";
		if ($opt_r) {
			$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len + 2 + $domain_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s6) ." ###\n");
			print FILEOUT ("    %    No      IP destination   Resolve\n");
			print FILEOUT ( '=' x $linelength, "\n");
		} else {
			$linelength = 13 + $nb_len + 4 + $addr_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s6) ." ###\n");
			print FILEOUT ("    %    No      IP destination\n");
			print FILEOUT ( '=' x $linelength, "\n");
		}

		if ($opt_i == 1) {
			foreach $k (sort { $s6{$a} <=> $s6{$b} } keys %s6) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s\n", $s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
				} else {
					printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n; 
				}
			++$i;
			}
		} else {
			foreach $k (sort { $s6{$b} <=> $s6{$a} } keys %s6) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s\n", $s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
				} else {
					printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n; 
				}
			++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		if ($opt_r) {
			section_header("To see the popularity of one destination host\n", "attack_dst_resolve");
		} else {
			section_header("To see the popularity of one destination host\n", "attack_dst");
		}
		if ($opt_i == 1) {
			foreach $k (sort { $s6{$a} <=> $s6{$b} } keys %s6) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s\n", $s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
				} else {
					printf("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n; 
				}
			++$i;
			}
		} else {
			foreach $k (sort { $s6{$b} <=> $s6{$a} } keys %s6) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s\n", $s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
				} else {
					printf("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n; 
				}
			++$i;
			}
		}
	}

}
}



# to see the activity by hour 
sub hour {
$max = 0;
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<H3><CENTER><A NAME=\"hour\" HREF=\"#top\">The distribution of attack by hour</A><CENTER></H3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><TD>Hour</TD><TD>No</TD><TD>%</TD><TD>Graph</TD></TR>");
	foreach $k (%s7) {
		$max = $s7{$k} if ($s7{$k} > $max);
	}
	my $ratio = $max/$total*100;
	
	foreach $k (sort { $a <=> $b } keys %s7) {
		my $num = $s7{$k}/$total*(50000/$ratio);
		printf FILEOUT ("<TR CLASS=TB><TD>%${hour_len}dh</TD><TD>%-${nb_len}d</TD><TD>%-2.2f</TD><TD WIDTH=$num><HR NOSHADE ALIGN=left SIZE=10 COLOR=#CCCCCC  WIDTH=%3d ></TD></TR>\n", $k,$s7{$k},$s7{$k}/$total*100,$num); 
		push @list1 ,($s7{$k});
		push @list2 ,($k);
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("hours1","area") if ( $opt_g == 1 );
		print FILEOUT ("<BR><TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=.".$graph_name._hours1.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("hours1","area") if ( $opt_g == 1 );
		print FILEOUT ("<BR><TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=".$graph_name._hours1.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TD></TR></TABLE><BR>\n");
	}

	if (( $logids gt 0 ) and ( $opt_g == 1 )) {
		$compt = 1;
		foreach $k (sort { $a <=> $b } keys %s8) {
			@_ = split ",",$k;
			$beforeday = $_[0];
			$belowday = $beforeday if ( $compt == 1 );
			if ( $belowday < $beforeday ) {
				if ( $low ) {
					push @listlow ,($low);
					undef $low;
				} else {
					push @listlow ,(0);
				}
				if ( $medium ) {
					push @listmedium ,($medium);
					undef $medium;
				} else {
					push @listmedium ,(0);
				}
				if ( $high ) {
					push @listhigh ,($high);
					undef $high;
				} else {
					push @listhigh ,(0);
				}
				if ( $unknown ) {
					push @listunknown ,($unknown);
					undef $unknown;
				} else {
					push @listunknown ,(0);
				}
			}
			if ( $_[1] eq "low") {
				$low = $s8{$k};
			} elsif ( $_[1] eq "medium" ) {
				$medium = $s8{$k};
			} elsif ( $_[1] eq "high" ) {
				$high = $s8{$k};
			} elsif ( $_[1] eq "unknown" ) {
				$unknown = $s8{$k};
			}
			$belowday = $beforeday;
			$compt ++;
		}
		if ( $low ) {
			push @listlow ,($low);
			undef $low;
		} else {
			push @listlow ,(0);
		}
		if ( $medium ) {
			push @listmedium ,($medium);
			undef $medium;
		} else {
			push @listmedium ,(0);
		}
		if ( $high ) {
			push @listhigh ,($high);
			undef $high;
		} else {
			push @listhigh ,(0);
		}
		if ( $unknown ) {
			push @listunknown ,($unknown);
			undef $unknown;
		} else {
			push @listunknown ,(0);
		}
		init_graph("hours2","bars");
		if ( $opt_p == 1 ) {
			print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=.".$graph_name._hours2.".".$val_opt_g."></TD></TR><TR></TABLE><BR>\n");
		} else {
			print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=".$graph_name._hours2.".".$val_opt_g."></TD></TR><TR></TABLE><BR>\n");
		}
	}
} else {
	foreach $k (%s7) {
		$max = $s7{$k} if ($s7{$k} > $max);
	}
	$ratio = $max/$total*100;
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "hour() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "The distribution of attack by hour\n";
		$linelength = 13 + $nb_len + 2 + $hour_len + 2 + $graph_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s7) ." of ". keys(%s7) ." ###\n");
		print FILEOUT ("  Hour No        %    Graph\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort keys %s7) {
			my $num = $s7{$k}/$total*75*(100 / $ratio);
			printf FILEOUT ("  %${hour_len}dh  %-${nb_len}d  %5.2f  %-${graph_len}s\n", $k,$s7{$k},$s7{$k}/$total*100, '#' x $num); 
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		section_header("The distribution of attack by hour\n", "hour");
		foreach $k (sort keys %s7) {
			my $num = $s7{$k}/$total*75*(100 / $ratio);
			printf("  %${hour_len}dh  %-${nb_len}d  %5.2f  %-${graph_len}s\n", $k,$s7{$k},$s7{$k}/$total*100, '#' x $num); 
		}
	}
}
}


sub same_hour_attack {
$i=0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s9) ) ) {
	$n = keys %s9;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"hour_attack\" href=\"#top\">Percentage and number of attacks by hour</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Hour</td><td>Attack</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s9{$a} <=> $s9{$b} } keys %s9) {
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%${hour_len}dh</td><td>%-${attack_len}s</td></tr>\n",
			$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
			++$i
		}
	} else {
		foreach $k (sort { $s9{$b} <=> $s9{$a} } keys %s9) {
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%${hour_len}dh</td><td>%-${attack_len}s</td></tr>\n",
			$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_hour_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Percentage and number of attacks by hour\n";
		$linelength = 11 + $nb_len + 4 + $hour_len + 4 + $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s9) ." ###\n");
		print FILEOUT ("    %    No      Heure  Attack\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s9{$a} <=> $s9{$b} } keys %s9) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %${hour_len}dh    %-${attack_len}s\n",
				$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
				++$i
			}
		} else {
			foreach $k (sort { $s9{$b} <=> $s9{$a} } keys %s9) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %${hour_len}dh    %-${attack_len}s\n",
				$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Percentage and number of attacks by hour\n", "same_hour_attack");  
		if ($opt_i == 1) {
			foreach $k (sort { $s9{$a} <=> $s9{$b} } keys %s9) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %${hour_len}dh    %-${attack_len}s\n",
				$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
				++$i
			}
		} else {
			foreach $k (sort { $s9{$b} <=> $s9{$a} } keys %s9) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %${hour_len}dh    %-${attack_len}s\n",
				$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
				++$i;
			}
		}
	}
}
}


sub dport {
$i = 0;
$max = 10;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s16) ) ) {
	$n = keys %s16;
	$max = $n if ( keys %s16 < 10);
} else {
	$n = $val_opt_n;
	$max = $n if ( keys %s16 < 10);
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"dport\" HREF=\"#top\">Distribution of event by destination port</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Destination Port</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s16{$a} <=> $s16{$b} } keys %s16) {
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${port_len}s</td></tr>\n",
			$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
			push @list1 ,($s16{$k}) if ( $i < $max );
			push @list2 ,("$k") if ( $i < $max );
			++$i;
		}
	} else {
		foreach $k (sort { $s16{$b} <=> $s16{$a} } keys %s16) {
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${port_len}s</td></tr>\n",
			$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
			push @list1 ,($s16{$k}) if ( $i < $max );
			push @list2 ,("$k") if ( $i < $max );
			++$i;
		}
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("dport","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._dport.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("dport","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._dport.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "dport() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Distribution of event by destination port\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s16) ." ###\n");
		print FILEOUT ("    %    No      Port\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s16{$a} <=> $s16{$b} } keys %s16) {
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${port_len}s\n",
				$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $k (sort { $s16{$b} <=> $s16{$a} } keys %s16) {
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${port_len}s\n",
				$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
				++$i;
			}
		}	
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Distribution of event by destination port\n", "dport");  
		if ($opt_i == 1) {
			foreach $k (sort { $s16{$a} <=> $s16{$b} } keys %s16) {
				printf("  %5.2f  %-${nb_len}d  %-${port_len}s\n",
				$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $k (sort { $s16{$b} <=> $s16{$a} } keys %s16) {
				printf("  %5.2f  %-${nb_len}d  %-${port_len}s\n",
				$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
				++$i;
			}
		}
	}
}
}




sub dport_attack {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s18) ) ) {
	$n = keys %s18;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"port_attack\" href=\"#top\">Percentage and number of attacks to one destination port</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Port</td><td>Attack</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s18{$a} <=> $s18{$b} } keys %s18) {
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${port_len}s</td><td>%-${attack_len}s</td></tr>\n",
			$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
	} else {
		foreach $k (sort { $s18{$b} <=> $s18{$a} } keys %s18) {
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${port_len}s</td><td>%-${attack_len}s</td></tr>\n",
			$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "dport_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Percentage and number of attacks to one destination port\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s18) ." ###\n");
		print FILEOUT ("    %    No      Port   Attack\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s18{$a} <=> $s18{$b} } keys %s18) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${port_len}s  %-${attack_len}s\n",
				$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $k (sort { $s18{$b} <=> $s18{$a} } keys %s18) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${port_len}s  %-${attack_len}s\n",
				$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Percentage and number of attacks to one destination port\n", "dport_attack");  
		if ($opt_i == 1) {
			foreach $k (sort { $s18{$a} <=> $s18{$b} } keys %s18) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${port_len}s  %-${attack_len}s\n",
				$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $k (sort { $s18{$b} <=> $s18{$a} } keys %s18) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${port_len}s  %-${attack_len}s\n",
				$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
				++$i;
			}
		}
	}
}
}




sub reasons {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s12) ) ) {
	$n = keys %s12;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"reasons\" href=\"#top\">Distribution by reason</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Reasons</td></tr>");
        foreach $k (sort { $s12{$b} <=> $s12{$a} } keys %s12) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-32s</TD></TR>\n", $s12{$k}/$total*100,$s12{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "reasons() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Distribution by reasons\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s12) ." ###\n");
		print FILEOUT ("    %    No      Reasons\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s12{$b} <=> $s12{$a} } keys %s12) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-50s\n", $s12{$k}/$total*100,$s12{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		section_header("Distribution by reasons\n", "reasons");
		foreach $k (sort { $s12{$b} <=> $s12{$a} } keys %s12) {
			printf("  %5.2f  %-${nb_len}d  %-50s\n", $s12{$k}/$total*100,$s12{$k},$k) if ( $i < $n );
			++$i;
		}
	}
}
}



sub actions {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s14) ) ) {
	$n = keys %s14;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"actions\" href=\"#top\">Distribution by action</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Actions</td></tr>");
        foreach $k (sort { $s14{$b} <=> $s14{$a} } keys %s14) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-32s</TD></TR>\n", $s14{$k}/$total*100,$s14{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "actions() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Distribution by actions\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $actions_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s14) ." ###\n");
		print FILEOUT ("    %    No      Actions\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s14{$b} <=> $s14{$a} } keys %s14) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-10s\n", $s14{$k}/$total*100,$s14{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		section_header("Distribution by actions\n", "actions");
		foreach $k (sort { $s14{$b} <=> $s14{$a} } keys %s14) {
			printf("  %5.2f  %-${nb_len}d  %-10s\n", $s14{$k}/$total*100,$s14{$k},$k) if ( $i < $n );
			++$i;
		}
	}
}
}






sub rules {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s21) ) ) {
	$n = keys %s21;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"rules\" href=\"#top\">Number of occurrences by rules</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Rules</td></tr>");
        foreach $k (sort { $s21{$b} <=> $s21{$a} } keys %s21) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-32s</TD></TR>\n", $s21{$k}/$total*100,$s21{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "rules() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Number of occurrences by rules\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $actions_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s21) ." ###\n");
		print FILEOUT ("    %    No      Rules\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s21{$b} <=> $s21{$a} } keys %s21) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-4d\n", $s21{$k}/$total*100,$s21{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Number of occurrences by rules\n", "rules");
		foreach $k (sort { $s21{$b} <=> $s21{$a} } keys %s21) {
			printf("  %5.2f  %-${nb_len}d  %-4d\n", $s21{$k}/$total*100,$s21{$k},$k) if ( $i < $n );
			++$i;
		}	
	}
}
}



sub defense_attack {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s24) ) ) {
	$n = keys %s24;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"defense_attack\" href=\"#top\">Number of occurrences for SmartDefense by attack</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><td>%</td><td>No</td><td>Attack</td><td>Info</td></tr>\n");
        foreach $k (sort { $s24{$b} <=> $s24{$a} } keys %s24) {
		@_ = split ",",$k;
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-30s</TD><TD>%-30s</TD></TR>\n", $s24{$k}/$total*100,$s24{$k},$_[0],$_[1]) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "defense_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Number of occurrences for SmartDefense by attack\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s24) ." ###\n");
		print FILEOUT ("    %    No      SmartDefense Attack             Infos\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s100{$b} <=> $s100{$a} } keys %s24) {
			@_ = split ",",$k;
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s24{$k}/$total*100,$s24{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Number of occurrences for SmartDefense by attack\n", "defense_attack");
		foreach $k (sort { $s24{$b} <=> $s24{$a} } keys %s24) {
			@_ = split ",",$k;
			printf("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s24{$k}/$total*100,$s24{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}	
	}
}
}







sub hwlog {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s300) ) ) {
	$n = keys %s300;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"hwlog\" href=\"#top\">Number of occurrences by hardware related message log</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><td>%</td><td>No</td><td>Type</td></tr>\n");
        foreach $k (sort { $s300{$b} <=> $s300{$a} } keys %s300) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-30s</TD></TR>\n", $s300{$k}/$total*100,$s300{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "hwlog() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Number of occurrences by hardware related message log\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $actions_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s300) ." ###\n");
		print FILEOUT ("    %    No      Type\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s300{$b} <=> $s300{$a} } keys %s300) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s300{$k}/$total*100,$s300{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Number of occurrences by hardware related message log\n", "hwlog");
		foreach $k (sort { $s300{$b} <=> $s300{$a} } keys %s300) {
			printf("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s300{$k}/$total*100,$s300{$k},$k) if ( $i < $n );
			++$i;
		}	
	}
}
}









sub typelog {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s17) ) ) {
	$n = keys %s17;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"typelog\" href=\"#top\">Number of occurrences by type of log</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><td>%</td><td>No</td><td>Type</td></tr>\n");
        foreach $k (sort { $s17{$b} <=> $s17{$a} } keys %s17) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-30s</TD></TR>\n", $s17{$k}/$total*100,$s17{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "typelog() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Number of occurrences by type of log\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $actions_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s17) ." ###\n");
		print FILEOUT ("    %    No      Type\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s17{$b} <=> $s17{$a} } keys %s17) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s17{$k}/$total*100,$s17{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Number of occurrences by type of log\n", "typelog");
		foreach $k (sort { $s17{$b} <=> $s17{$a} } keys %s17) {
			printf("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s17{$k}/$total*100,$s17{$k},$k) if ( $i < $n );
			++$i;
		}	
	}
}
}





sub same_src_dport {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s22) ) ) {
	$n = keys %s22;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_src_dport\" href=\"#top\">Number of occurrences grouped by IP source and destination port</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Ip Src</td><td>Dport</td></tr>");
        foreach $k (sort { $s22{$b} <=> $s22{$a} } keys %s22) {
		@_ = split ",",$k;
		printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-${addr_len}s</TD><TD>%-5s</TD></TR>\n", $s22{$k}/$total*100,$s22{$k},$_[0],$_[1]) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_src_dport() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Number of occurrences grouped by IP source and destination port\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s22) ." ###\n");
		print FILEOUT ("    %    No      Ip Src           Dport\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s22{$b} <=> $s22{$a} } keys %s22) {
			@_ = split ",",$k;
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-5s\n", $s22{$k}/$total*100,$s22{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Number of occurrences grouped by IP source and destination port\n", "same_src_dport");
		foreach $k (sort { $s22{$b} <=> $s22{$a} } keys %s22) {
			@_ = split ",",$k;
			printf ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-5s\n", $s22{$k}/$total*100,$s22{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}	
	}
}
}



sub same_dst_dport {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s23) ) ) {
	$n = keys %s23;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_dst_dport\" href=\"#top\">Number of occurrences grouped by IP dest and destination port</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Ip Dest</td><td>Dport</td></tr>");
        foreach $k (sort { $s23{$b} <=> $s23{$a} } keys %s23) {
		@_ = split ",",$k;
		printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-${addr_len}s</TD><TD>%-5s</TD></TR>\n", $s23{$k}/$total*100,$s23{$k},$_[0],$_[1]) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_dst_dport() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Number of occurrences grouped by IP dest and destination port\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s23) ." ###\n");
		print FILEOUT ("    %    No      Ip Src           Dport\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s23{$b} <=> $s23{$a} } keys %s23) {
			@_ = split ",",$k;
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-5s\n", $s23{$k}/$total*100,$s23{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Number of occurrences grouped by IP dest and destination port\n", "same_dst_dport");
		foreach $k (sort { $s23{$b} <=> $s23{$a} } keys %s23) {
			@_ = split ",",$k;
			printf ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-5s\n", $s23{$k}/$total*100,$s23{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}	
	}
}
}














sub init_domains {
open(DOMAINS,$domains_file) or die "Can not open domain file: $domains_file $!\n";
$MaxDomain=0;
while (<DOMAINS>) {
	next if (/^$/ or /^#/);
	$Dots=1;
	($Code,$Description) = /(^\S+)\s+(.*)/;
	$Code =~ tr/A-Z/a-z/;
	$DomainName{$Code}="$Description";
	$Dots++ while $Code =~ /\./g;
	$MaxDomain=$Dots if ($Dots >$MaxDomain);
}
close(DOMAINS);
}



sub init_rules {
open(RULES,$rules_file) or die "Can not open rules file: $rules_file $!\n";
while (<RULES>) {
	next if (/^$/ or /^#/);
	($descr_attack,$link_attack) = /(^.+})\s+(.*)$/;
	$link{$descr_attack}="$link_attack";
}
close(RULES);
}




sub init_hw {
open(HW,$hw_file) or die "Can not open hardware file: $hw_file $!\n";
while (<HW>) {
	next if (/^$/ or /^#/);
	($hw_id,$hw_info) = /^(\%\S+)\s+(.*)$/;
	$hw{$hw_id}="$hw_info";
}
close(HW);
}



sub init_color {
my $LOG = shift;
my $COLOR;
if (($LOG eq "high") || ($LOG =~ /nresolved/)) {
	$COLOR="TBR";
} elsif ($LOG eq "unknown") {
	$COLOR="TBG";
} else {
	$COLOR="TB";
}
return ($COLOR)
}




sub init_url {
my $LOG = shift;
my $URL;
if ($LOG eq "bugtraq") {
	$URL="http://www.securityfocus.com/bid/";
} elsif ($LOG eq "arachnids") {
	$URL="http://www.whitehats.com/info/IDS";
} elsif ($LOG eq "cve") {
	$URL="http://cve.mitre.org/cgi-bin/cvename.cgi?name=";
} elsif ($LOG eq "nessus") {
	$URL="http://cgi.nessus.org/plugins/dump.php3?id=";
} elsif ($LOG eq "MCAFEE") {
	$URL="http://vil.nai.com/vil/content/v_";
} elsif ($LOG eq "url") {
	$URL="http://";
}
return ($URL);
}





sub init_pixlog {
%pixlog = qw (
	1 Alert
	2 Critical
	3 Error
	4 Warning
	5 Notification
	6 Informational
	7 Debugging);
}






sub init_monthday {
%monthday = qw (
	Jan 1
	Feb 2
	Mar 3
	Apr 4
	May 5
	Jun 6
	Jul 7
	Aug 8
	Sep 9
	Oct 10
	Nov 11
	Dec 12);
}



sub init_daymonth {
%daymonth = qw (
	1 Jan
	2 Feb
	3 Mar
	4 Apr
	5 May
	6 Jun
	7 Jul
	8 Aug
	9 Sep
	10 Oct 
	11 Nov
	12 Dec
	01 Jan
	02 Feb
	03 Mar
	04 Apr
	05 May
	06 Jun
	07 Jul
	08 Aug
	09 Sep);
}




sub search_date {
my $tab = shift;
my $MONTH = $tab->{MON};
my $DAY = $tab->{DAY};
my $HOUR = $tab->{HOUR};
my $MIN = $tab->{MIN};
my $SEC = $tab->{SEC};
if ( $MONTH >= $maxmonth) {
	if ($MONTH > $maxmonth) {
		$maxday = 0; $maxhour = 0; $maxmin = 0; $maxsec = 0;
	} 
	if ($DAY >= $maxday) {
		if ($DAY > $maxday) {
			$maxhour = 0; $maxmin = 0; $maxsec = 0;
		} 
		if ( $HOUR >= $maxhour) {
			if ($HOUR > $maxhour) {
				$maxmin = 0; $maxsec = 0;
			} 
			if ($MIN >= $maxmin) {
				if ($MIN > $maxmin) {
					$maxsec = 0;
				} 
				if ($SEC >= $maxsec) {
					$maxmonth = $MONTH;
					$maxday = $DAY;
					$maxhour = $HOUR;
					$maxmin = $MIN;
					$maxsec = $SEC;
				}
			}
		}
	}
}	
if ( $MONTH <= $minmonth) {
	if ($MONTH < $minmonth) {
	$minday = 31; $minhour = 23; $minmin = 59; $minsec = 59;
	} 
	if ($DAY <= $minday) {
		if ($DAY < $minday) {
			$minhour = 23; $minmin = 59; $minsec = 59;
		} 
		if ( $HOUR <= $minhour) {
			if ($HOUR < $minhour) {
				$minmin = 59; $minsec = 59;
			} 
			if ($MIN <= $minmin) {
				if ($MIN < $minmin) {
					$minsec = 59;
				} 
				if ($SEC <= $minsec) {
					$minmonth = $MONTH;
					$minday = $DAY;
					$minhour = $HOUR;
					$minmin = $MIN;
					$minsec = $SEC;
				}
			}
		}
	}
}
}



sub search_filter {
	$filter = "";
	if ( $opt_fsrc == 1 ) {
		$filter = $filter ." src = $val_opt_fsrc ";
	}
	if ( $opt_fdst == 1 ) {
		$filter = $filter ." dst = $val_opt_fdst ";
	}
	if ( $opt_fmonth == 1 ) {
		$filter = $filter ." month = $val_opt_fmonth ";
	}
	if ( $opt_fday == 1 ) {
		$filter = $filter ." day = $val_opt_fday ";
	}
	if ( $opt_fhost == 1 ) {
		$filter = $filter ." host = $val_opt_fhost ";
	}
	if ( $opt_fether == 1 ) {
		$filter = $filter ." ether = $val_opt_fether ";
	}
	if ( $opt_fseverity == 1 ) {
		$filter = $filter ." severity = $val_opt_fseverity ";
	}
	if ( $opt_fproto == 1 ) {
		$filter = $filter ." protocol = $val_opt_fproto ";
	}
	if ( $opt_faction == 1 ) {
		$filter = $filter ." action = $val_opt_faction ";
	}
	if ( $opt_frule == 1 ) {
		$filter = $filter ." rule = $val_opt_frule ";
	}
	if ( $opt_fdport == 1 ) {
		$filter = $filter ." dport = $val_opt_fdport ";
	}
	if ( $opt_ftype == 1 ) {
		$filter = $filter ." type = $val_opt_ftype ";
	}
}




sub init_pdf {
if ( $HTML == 1 ) {
	$tmp_filename_html=$tmpout_file;
	$tmp_filename_pdf="$val_opt_u"."$val_opt_p";
	my $htmldoc = new HTML::HTMLDoc();
	$htmldoc->set_input_file($tmp_filename_html);
	$htmldoc->set_header('.', '.', '.');
	$htmldoc->set_footer('.', '.', '1');
	$htmldoc->set_left_margin(2, cm);
	my $pdf = $htmldoc->generate_pdf();
	print $pdf->to_file($tmp_filename_pdf);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "PDF generation not available, please to check your installation !!!\n");
		$scrolled_status->insert('end', "\n");
		$scrolled_status->insert('end', "Uncomment this variables :\n");
		$scrolled_status->insert('end', "\tuse HTML::HTMLDoc; \$HTML = 1;\n");
		$scrolled_status->insert('end', "\n");
		$scrolled_status->insert('end', "And verify you have the good perl libraries.\n");
	} else {
		print "PDF generation not available, please to check your installation !!!\n";
		print "\n";
		print "Uncomment this variables :\n";
		print "\tuse HTML::HTMLDoc; \$HTML = 1;\n";
		print "\n";
		print "And verify you have the good perl libraries.\n";
	}
}
}



sub portscan {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s25) ) ) {
	$n = keys %s25;
} else {
	$n = $val_opt_n;
}

if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"portscan\" href=\"#top\">Portscan List</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td></tr>");
	foreach $k (sort { $s25{$b} <=> $s25{$a} } keys %s25) {
		printf FILEOUT ("<tr class=TB><TD>%-2.2f</TD><TD>%-${nb_len}d</TD><TD>%-${addr_len}s\n", $s25{$k}/$total*100,$s25{$k},$k) if ( $i < $n );
		++$i;
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "portscan() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Portscans performed to/from HOME_NET\n";
		$linelength = 40;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### Portscan List ###\n");
		print FILEOUT ("    %    No     IP source\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s25{$b} <=> $s25{$a} } keys %s25) {
			printf FILEOUT ("  %5.2f  %-4d   %-${addr_len}s\n", $s25{$k}/$total*100,$s25{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Portscans performed to/from HOME_NET\n", "portscan");
		foreach $k (sort { $s25{$b} <=> $s25{$a} } keys %s25) {
			printf("  %5.2f  %-6d  %-${addr_len}s\n", $s25{$k}/$total*100,$s25{$k},$k) if ( $i < $n );
			++$i;
		}
	}
}
}



# print the footer (needed for html)
sub print_footer {
if ( $opt{dbmdir} ) {
	unlink $opt{dbmdir} ."snortalog_dbms0" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms1" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms2" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms3" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms4" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms5" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms6" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms7" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms8" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms9" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms10" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms11" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms12" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms13" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms14" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms15" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms16" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms17" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms18" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms19" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms20" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms21" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms22" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms23" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms24" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms25" or die "Couldn't delete DB_File: $!\n";
	dbmclose %s0;
	dbmclose %s1;
	dbmclose %s2;
	dbmclose %s3;
	dbmclose %s4;
	dbmclose %s5;
	dbmclose %s6;
	dbmclose %s7;
	dbmclose %s8;
	dbmclose %s9;
	dbmclose %s10;
	dbmclose %s11;
	dbmclose %s12;
	dbmclose %s13;
	dbmclose %s14;
	dbmclose %s15;
	dbmclose %s16;
	dbmclose %s17;
	dbmclose %s18;
	dbmclose %s19;
	dbmclose %s20;
	dbmclose %s21;
	dbmclose %s22;
	dbmclose %s23;
	dbmclose %s24;
	dbmclose %s25;
}

if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<CENTER>Generated by <A HREF=http://jeremy.chartier.free.fr/snortalog/>SnortALog</A> Version: $version ( Date: $datever )</CENTER>\n");
	print FILEOUT ("<CENTER><A HREF=mailto:jeremy.chartier\@free.fr>Jeremy CHARTIER</A></CENTER>\n");
	print FILEOUT ("</BODY>\n</HTML>");
	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "print_footer() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT ("\n");
		print FILEOUT ("Version: $version\n");
		print FILEOUT ("Jeremy CHARTIER, <jeremy.chartier\@free.fr>\n");
		print FILEOUT ("Date: $datever\n");
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
print <<FootMessage

Version: $version
Jeremy CHARTIER, <jeremy.chartier\@free.fr>
Date: $datever
FootMessage
}
}
}


#
# resolve host name and cache it
#
sub resolve {
my $Address=shift;
my $Hostname;
if ($Address =~ /(\d+\.\d+\.\d+\.\d+)/) {
	$Hostname = gethostbyaddr(inet_aton($Address),AF_INET) or $Hostname="unresolved";
}
return $Hostname;
}







# Use a title and a short code to write the section headers
# This is used in place of a FORMAT as this allows variable column widths
# contributed by: Ned Patterson, <jpatter@alum.mit.edu>
#
sub section_header {
my $linelength;
$title = shift; 
$report = shift;
$_ = shift;
print BOLD,("\n\n$title"), RESET;

if ( $report eq "attack_src_resolve") {
	$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len + 2 + $domain_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
	print("    %    No      IP source        Resolve                                             Domain\n");
} elsif ($report eq "domain_src") {
	$linelength = 11 + $domain_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s40) ." ###\n");
	print("    %    No      Domain\n");
} elsif ($report eq "attack_dst_resolve") {
	$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s6) ." ###\n");
	print("    %    No      IP destination   Resolve\n");
} elsif ($report eq "attack") {
	$linelength = 13 + $nb_len + 4 + $attack_len + 4 + $prior_len + 4 + $sever_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s4) ." of ". keys(%s4) ." ###\n");
	print("    %    No      Attack                                                           Priority Severity\n");
} elsif ($report eq "nids") {
	$linelength = 50;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s13) ." of ". keys(%s13) ." ###\n");
	print("    %    No      Host Logger\n");
} elsif ($report eq "proto") {
	$linelength = 50;
	print( '=' x $linelength, "\n");
	print (" " x 4, "### ". keys(%s11) ." of ". keys(%s11) ." ###\n");
	print("    %    No      Protocols\n");
} elsif ($report eq "interfaces") {
	$linelength = 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s1) ." of ". keys(%s1) ." ###\n");
	print("    %    No      Interfaces\n");
} elsif ($report eq "same_class") {
	$linelength = 13 + $nb_len + 4 + $class_len + 4 + $sever_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s10) ." of ". keys(%s10) ." ###\n");
	print("    %    No      Classification                                                Severity\n");
} elsif ($report eq "same_hour_attack") {
	$linelength = 11 + $nb_len + 4 + $hour_len + 4 + $attack_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s9) ." ###\n");
	print("    %    No      Heure  Attack\n");
} elsif ($report eq "same_src_attack") {
	$linelength = 11 + $nb_len + 4 + $addr_len + 4 + $attack_len + 4 + $sever_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s2) ." ###\n");
	print("    %    No      IP source        Attack                                                                  Severity\n");
} elsif ($report eq "same_dst_attack") {
	$linelength = 13 + $nb_len + 4 + $addr_len + 4 + $attack_len + 4 + $sever_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s3) ." ###\n");
	print("    %    No      IP destination   Attack                                                                  Severity\n");
} elsif ($report eq "same_src_dst_attack") {
	$linelength = 13 + $nb_len + 4 + $addr_len + 4 + $addr_len + 4 + $attack_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s0) ." ###\n");
	print("    %    No      IP source        IP destination   Attack\n");
} elsif ($report eq "dport_attack") {
	$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s18) ." ###\n");
	print("    %    No      Port   Attack\n");
} elsif ($report eq "dport") {
	$linelength = 11 + $nb_len + 4 + $port_len + 4;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s16) ." ###\n");
	print("    %    No      Port\n");
} elsif ($report eq "same_src_dport") {
	$linelength = 13 + $nb_len + 4 + 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s22) ." ###\n");
	print("    %    No      IP Src           Dport\n");
} elsif ($report eq "same_dst_dport") {
	$linelength = 13 + $nb_len + 4 + 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s23) ." ###\n");
	print("    %    No      IP Dest          Dport\n");
} elsif ($report eq "reasons") {
	$linelength = 13 + $nb_len + 4 + 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s12) ." ###\n");
	print("    %    No      Reasons\n");
} elsif ($report eq "actions") {
	$linelength = 13 + $nb_len + 4 + 6;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s14) ." ###\n");
	print("    %    No      Actions\n");
} elsif ($report eq "rules") {
	$linelength = 13 + $nb_len + 4 + 6;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s21) ." ###\n");
	print("    %    No      Rules\n");
} elsif ($report eq "defense_attack") {
	$linelength = 13 + $nb_len + 4 + 70;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s24) ." ###\n");
	print("    %    No      SmartDefense Attack             Infos\n");
} elsif ($report eq "typelog") {
	$linelength = 13 + $nb_len + 4 + 30;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s17) ." ###\n");
	print("    %    No      Type\n");
} elsif ($report eq "hwlog") {
	$linelength = 13 + $nb_len + 4 + 50;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s300) ." ###\n");
	print("    %    No      Type\n");
} elsif ($report eq "daily_event") {
	$linelength = 20 + $nb_len + 6 + $graph_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s19) ." of ". keys(%s19) ." ###\n");
	print(" Day Month   No        %    Graph\n");
} elsif ($report eq "hour") {
	$linelength = 13 + $nb_len + 2 + $hour_len + 2 + $graph_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s7) ." of ". keys(%s7) ." ###\n");
	print("  Hour No        %    Graph\n");
} elsif ($report eq "portscan") {
	$linelength = 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### Portscan List ###\n");
	print("    %    No      IP source\n");
} elsif ($report eq "attack_dst") {
	$linelength = 13 + $nb_len + 4 + $addr_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s6) ." ###\n");
	print("    %    No      IP destination\n");
} elsif ($report eq "attack_src") {
	$linelength = 13 + $nb_len + 4 + $addr_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
	print("    %    No      IP source\n");
} elsif ($report eq "severity") {
	$linelength = 13 + $nb_len + 2 + $sever_len + 2 + $graph_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s20) ." of ". keys(%s20) ." ###\n");
	print("    %    No      Severity Graph\n");
}
	print( '=' x $linelength, "\n");
}








sub record_data {
	my $record = shift;
#	print "$_\n";
	if ( ($record->{PROTO} ne $val_opt_fproto) && ($opt_fproto == 1) ) {
	} elsif ( ($record->{SADDR} ne $val_opt_fsrc) && ($opt_fsrc == 1) ) {
	} elsif ( ($record->{DADDR} ne $val_opt_fdst) && ($opt_fdst == 1) ) {
	} elsif ( ($record->{DPORT} ne $val_opt_fdport) && ($opt_fdport == 1) ) {
	} elsif ( ($record->{ETHER} ne $val_opt_fether) && ($opt_fether == 1) ) {
	} elsif ( ($record->{HOUR} ne $val_opt_fhour) && ($opt_fhour == 1) ) {
	} elsif ( ($record->{DAY} ne $val_opt_fday) && ($opt_fday  == 1) ) {
	} elsif ( ($record->{MON} ne $val_opt_fmonth) && ($opt_fmonth  == 1) ) {
	} elsif ( ($record->{HOST} ne $val_opt_fhost) && ($opt_fhost == 1) ) {
	} elsif ( ($record->{SEVERITY} ne $val_opt_fseverity) && ($opt_fseverity == 1) ) {
	} elsif ( ($record->{ACTION} ne $val_opt_faction) && ($opt_faction == 1) ) {
	} elsif ( ($record->{RULE} ne $val_opt_frule) && ($opt_frule == 1) ) {
	} elsif ( ($record->{TYPE} ne $val_opt_ftype) && ($opt_ftype == 1) ) {
	} else {
		search_date($record);
		process_data($record);
		++$logfw if ( $record->{TYPE} =~ m/Fire|ipfilter|netfilter|Smart|pix/ox );
		++$logpix if ( $record->{TYPE} =~ m/pix/ox );
		++$logids if ( $record->{TYPE} =~ m/snort/ox );
	}
}




# Put data $alert into matrix for further process
# INPUT: $alert
sub process_data {
	$self = shift;
	# put those data into a big matrix
#	if ( $self->{TYPE} eq "smartdefense" ) {
#		push @resultdefense , [$self->{ATTACK_INFO},$self->{ATTACK}];
	if ($self->{PLUGIN} eq "alerthw") {
		push @resulthw , [$self->{MON},$self->{DAY},$self->{HOUR},$self->{MIN},
		$self->{SEC},$self->{HOST},$self->{HW_INFO}];
	} elsif ($self->{PLUGIN} eq "alert") {
		$self->{SIG} =~ s/\:$//o;
		push @result , [$self->{MON},$self->{DAY},$self->{HOUR},$self->{MIN},
		$self->{SEC},$self->{HOST},$self->{SIG},$self->{SADDR},
		$self->{SPORT},$self->{DADDR},$self->{DPORT},$self->{CLASS},
		$self->{PRIORITY},$self->{SEVERITY},$self->{ETHER},
		$self->{PROTO},$self->{ACTION},$self->{REASON},$self->{RULE},
		$self->{TYPE},$self->{PLUGIN},$self->{ATTACK},$self->{ATTACK_INFO}];
		$lastwassnort = 1;
	} else {
		print "Unknown alert type plugin! $self->{TYPE}:$self->{PLUGIN} Skipped!\n" if $opt{d};
		return;
	}
}



sub usage {
print <<Helpmsg
Usage: cat <alerts file> or <snort.rules> | $0 <options> <reports> <filters>

Options:
-x                        Mode GUI
-r                        Resolve IP adresses	
-c                        Resolve domains	
-h <file.html>            Specify a HTML file
-p <file.pdf>             Specify a PDF file
-u <directory>            Specify an output directory	
-g <gif|png|jpg>          Graph output format	
-i                        Inverse the result	
-d                        Mode debug	
-n <integer>              Specify a number of line in the result
-file <log file>          Specify an input alert log file
-rulesfile <file>         Specify name and directory to search rules file
-hwfile <file>            Specify name and directory to search hardware file
-domainsfile <file>       Specify name and directory to search domains file 
-genref <rules file>      Generate the reference rules file	
-help                     View this help

Reports:
-src                      Top IPs sources
-dst                      Top IPs destination
-src_attack               Top IPs sources grouped by attack
-dst_attack               Top IPs destination grouped by attack
-src_dst_attack           Top alert grouped by IPs sources, Ips destination and attack
-attack                   Top attack
-class                    Top classification
-severity                 Top severity
-daily_event              Top number of attack grouped by day
-hour                     Top number of attack grouped by hour
-hour_attack              Top specific attack grouped by hour
-dport                    Top destination port
-proto                    Top protocols
-dport_attack             Top destination port grouped by attack
-nids                     Top NIDS host
-stateful                 Top stateful problems
-interfaces               Top interfaces events 
-domain_src               Top of domain source
-portscan                 Top of portscan alert
-actions                  Top of firewall action (DROP, REJECT, ACCEPT, etc ...)
-rules                    Top of rule (only Fw-1)
-reasons                  Top of reason (only Fw-1)
-src_dport                Top IPs sources grouped by destination port
-dst_dport                Top IPs destination grouped by destination port
-typelog                  Number of occurrences by type of log
-hwlog                    Number of occurrences by hardware related message log<
-report                   All reports

Filters:
-fsrc                     Sources filter
-fdst                     Destination filter
-fproto                   Protocol filter
-fdport                   Destination port filter
-fmonth                   Month filter
-fday                     Day filter
-fhour                    Hour filter
-fether                   Interface filter
-fseverity                Severity filter
-faction                  Firewall action filter
-frule                    Firewall rule filter
-ftype                    Type of logs

Helpmsg
;
print_footer();
exit 0;
}



