#!/usr/bin/perl
#
# Jeremy Chartier, <jeremy.chartier@free.fr>
# Date: 2004/12/02
# Revision: 2.3.0
# 

#
# Modules requirement
# Detect specific logs - Comment unnecessary log detectection
#
require "modules/ipf_log.snortalog";
require "modules/pf_log.snortalog";
require "modules/netfilter_log.snortalog";
require "modules/pix_log.snortalog";
require "modules/fw1export_log.snortalog";
require "modules/fw1syslog_log.snortalog";
require "modules/snortfast_log.snortalog";
require "modules/snortsyslog_log.snortalog";
require "modules/snortfull_log.snortalog";
require "modules/barnyardsyslog_log.snortalog";
#
# SnortALog additionnal plugins - Do not comment
#
require "modules/gui.snortalog";
require "modules/whois.snortalog";
require "modules/init_graph.snortalog";
require "modules/init_pdf.snortalog";
require "modules/usage.snortalog";

#
# User variables
# General Librairies - Never comment
#
use Getopt::Long		;		# use Getopt for options
use Term::ANSIColor qw(:constants);		# use Term Color
use Env;					# use Env for variables
use Socket;					# use socket for resolving domain name from IP
use File::Path;
use Time::localtime;				# use for Time
eval " use DB_File;";				# use DBM usage 
eval "use Net::Whois::IP;";			# use whois.pm for Whois Database Informations

#
# Graphical Tool Kit Librairies
#
$TK = 0 ;
$TK = eval "use Tk;1;" ;
$TK = eval "use Tk::NoteBook;2;" if ($TK == 1);

#
# GD Librairies for charts
#
$GD = 0 ;
$GD = eval "use GD::Graph::pie;1;";
$GD = eval "use GD::Graph::bars;2;" if ($GD == 1);
$GD = eval "use GD::Graph::lines;3;" if ($GD == 2);
$GD = eval "use GD::Graph::area;4;" if ($GD == 3);

#
# HTML and PDF manipulation libraries
#
$HTML = 0 ;
$HTML =  eval "use HTML::HTMLDoc; 1;"; 




#
# Main variables
#
$domains_file = "domains"; $DOMAINS = 1;	# Path to find Domain file
$rules_file = "rules"; $RULES = 1;		# Path to find Rules file
$hw_file = "hw"; $HW = 1;			# Path to find Hardware file
$lang_file = "lang"; $LANG = 1;			# Path to find Language file
$html_directory = "/var/www/snortalog/";			# Default output directorys (HTML output exclusively)
$dbm_directory = "/var/www/snortalog/";			# Default output directorys (HTML output exclusively)
$tmpout_file = "/var/www/snortalog/.snortalog.tmp";		# Default tempory file (GUI exclusively)

#
# Style variables
#
$background = "#FFFFFF";      # Sets html background color (#CCCCCC)
                              # or background image (url('path_to_image/image.gif')
$font = "sans-serif";         # Sets html font-type (serif)
$color = "#000000";           # Sets html font color (#000000)
$border = "0";                # Sets border for data tables (1 = yes, 0 = no)
$th_bg_color = "#006666";     # Sets html table header background color (#FFCC99)
$th_color = "#FFFFFF";        # Sets html table header font color (black)
$tb_bg_color = "#EEEEEE";     # Sets html table body background color (#FFFFFF)
$tb_color = "#000000";        # Sets html table body font color (#000000)
$anchor = "#000000";          # Sets html anchor style
$graph_fgcolor = "gray";      # Sets graph foreground color (axes and grid) (blue)
$transparent = "1";           # Sets graph transparency (1 = yes, 0 = no)
$graph_bgcolor = "#EEEEEE";   # Sets graph background color (transparency must be 0)
$graph_txtcolor = "#006666";  # Sets graph labelclr, axislabelclr, legendclr, textclr
                              # label (labels for the axes or pie),
                              # axis label (values printed along the axes, or on a pie slice),
                              # legend, shown values, and
                              # text, all other text.

#
# Program variables (DON'T TOUCH ANYTHING)
#
$addr_len = 15;
$nb_len = 6;
$port_len = 5;
$attack_len = 70;
$class_len = 60;
$resolve_len = 50;
$whois_len = 109;
$inetnum_len = 33;
$netname_len = 30;
$descr_len = 20;
$country_len = 20;
$email_len = 20;
$hour_len = 2;
$graph_len = 75;
$prior_len = 1;
$sever_len = 7;
$domain_len = 10;
$ether_len = 10;
$version = "2.3.0";
$datever = "2004/12/02 11:31:03";
$date = ctime();
$maxday = 1; $maxmonth = 1; $maxhour = 0; $maxmin = 0; $maxsec = 0;
$minday = 31; $minmonth = 12; $minhour = 23; $minmin = 59; $minsec = 59;
$logfw = 0;
$logids = 0;
$logpix = 0;
$logportscan = 0;
$graph_date = `date +%Y%m%d%H%M`;
chomp $graph_date;


Getopt::Long;
GetOptions( \%opt,
	#
	# MAIN OPTIONS
	#
	'd',
	'r',
	'i',
	'c',
	'x',
	's',
	'a',
	'w',
	'g=s',
	'h=s',
	'p=s',
	'u=s',
	'n=i',
	'l=s',
	#
	# ALERT OPTIONS
	#
	'all',
	'1',
	'2',
	'3',
	'4',
	'5',
	'6',
	'7',
	'8',
	'9',
	'10',
	#
	# Filter Options
	#
	'fsrc=s',
	'fdst=s',
	'fdport=s',
	'fether=s',
	'fhour=s',
	'fday=s',
	'fmonth=s',
	'fhost=s',
	'fseverity=s',
	'fproto=s',
	'faction=s',
	'frule=s',
	'ftype=s',
	'file=s',
	#
	# Reports Options
	#
	'class',
	'src',
	'dst',
	'class_attack',
	'attack',
	'dport',
	'dport_attack',
	'nids',
	'stateful',
	'interfaces',
	'severity',
	'src_attack',
	'dst_attack',
	'hour',
	'proto',
	'hour_attack',
	'daily_event',
	'domain_src',
	'src_dst_attack',
	'portscan',
	'priority',
	'src_dport',
	'dst_dport',
	'rules',
	'defense_attack',
	'typelog',
	'hwlog',
	'reasons',
	'actions',
	'report',
	#
	# Input Files Options
	#
	'rulesfile=s',
	'hwfile=s',
	'domainsfile=s',
	'langfile=s',
	'dbmdir=s',
	'genref=s'
	) or usage();

#
# Disable control caracters if in ascii mode only
#
if ($opt{a}) {
	$ENV{ANSI_COLORS_DISABLED}='yes' ;
}

if ( $opt{rulesfile} ) {
	$rules_file = $opt{rulesfile}; $RULES = 1;		# Path to find Rules file
}

if ( $opt{hwfile} ) {
	$hw_file = $opt{hwfile}; $HW = 1;			# Path to find hardawre file
}

if ( $opt{domainsfile} ) {
	$domains_file = $opt{domainsfile}; $DOMAINS = 1;	# Path to find Domain file
}

if ( $opt{langfile} ) {
	$lang_file = $opt{langfile}; $LANG = 1;			# Path to find Lang file
}

init_monthday();
init_daymonth();
init_pixlog();
init_lang();
init_domains() if ( $DOMAINS == 1 );
init_rules() if ( $RULES == 1 );
init_hw() if ( $HW == 1 );



if ($opt{x}) {
	#
	# If GUI mode is selected
	#
	gui();
} else { 
	#
	# If TEXT mode
	# Part 2 : Work in progress
	#
	# Initialize variables
	#
	$opt_i = 0;
	$opt_r = 0;
	$opt_w = 0;
	$opt_h = 0;
	$opt_p = 0;
	$opt_dbm = 0;
	$opt_u = 0;
	$opt_g = 0;
	$opt_d = 0;
	$opt_c = 0;
	$opt_n = 0;
	$opt_l = 0;
	$opt_all = 0;
	$opt_1 = 0;
	$opt_2 = 0;
	$opt_3 = 0;
	$opt_4 = 0;
	$opt_5 = 0;
	$opt_6 = 0;
	$opt_7 = 0;
	$opt_8 = 0;
	$opt_9 = 0;
	$opt_fproto = 0;
	$opt_fsrc = 0;
	$opt_fdst = 0;
	$opt_fdport = 0;
	$opt_fether = 0;
	$opt_fhour = 0;
	$opt_fday = 0;
	$opt_fmonth = 0;
	$opt_fhost = 0;
	$opt_fseverity = 0;
	$opt_faction = 0;
	$opt_frule = 0;
	$opt_ftype = 0;
	$opt_i = 1 if $opt{i}; 
	$opt_r = 1 if $opt{r}; 
	$opt_w = 1 if $opt{w}; 
	$opt_h = 1 if $opt{h}; 
	$opt_p = 1 if $opt{p}; 
	$opt_dbm = 1 if $opt{dbmdir}; 
	$opt_u = 1 if $opt{u}; 
	$opt_d = 1 if $opt{d}; 
	$opt_g = 1 if $opt{g}; 
	$opt_c = 1 if $opt{c}; 
	$opt_n = 1 if $opt{n}; 
	$opt_l = 1 if $opt{l}; 
	$opt_all = 1 if $opt{all}; 
	$opt_1 = 1 if $opt{1};
	$opt_2 = 1 if $opt{2};
	$opt_3 = 1 if $opt{3};
	$opt_4 = 1 if $opt{4};
	$opt_5 = 1 if $opt{5};
	$opt_6 = 1 if $opt{6};
	$opt_7 = 1 if $opt{7};
	$opt_8 = 1 if $opt{8};
	$opt_9 = 1 if $opt{9};
	$opt_fproto = 1 if $opt{fproto}; 
	$opt_fsrc = 1 if $opt{fsrc}; 
	$opt_fdst = 1 if $opt{fdst}; 
	$opt_fdport = 1 if $opt{fdport}; 
	$opt_fether = 1 if $opt{fether}; 
	$opt_fhour = 1 if $opt{fhour}; 
	$opt_fday = 1 if $opt{fday}; 
	$opt_fmonth = 1 if $opt{fmonth}; 
	$opt_fhost = 1 if $opt{fhost}; 
	$opt_fseverity = 1 if $opt{fseverity}; 
	$opt_faction = 1 if $opt{faction}; 
	$opt_frule = 1 if $opt{frule}; 
	$opt_ftype = 1 if $opt{ftype}; 
	$val_opt_n = $opt{n} if ( $opt_n == 1 ); 
	$val_opt_h = $opt{h} if ( $opt_h == 1 ); 
	$val_opt_p = $opt{p} if ( $opt_p == 1 ); 
	$val_opt_g = $opt{g} if ( $opt_g == 1 ); 
	$val_opt_l = $opt{l} if ( $opt_l == 1 ); 
	#
	# Test if kind of logs are selected else all arent chosen by default
	#
	if ( ! ($opt{1} || $opt{2} || $opt{3} || $opt{4} || $opt{5} || $opt{6} || $opt{7} || $opt{8}) ) {
		$opt_all = 1;
	} else {
		$opt_all = 0;
	}
	#
	# Test if language option is used else English is selected by default
	#
	if ( $opt_l == 1 ) {
		$val_opt_l = $opt{l}; 
	} else {
		$val_opt_l = "en"; 
	}
	#
	# Test if a directorie is selected
	#
	if ( $opt_u == 1 ) {
		$val_opt_u = $opt{u};
		$tmpout_file = $val_opt_u .".snortalog.tmp";
	} else {
		$val_opt_u = $html_directory;
	}
	if ( $opt_dbm == 1 ) {
		$val_opt_dbm = $opt{dbmdir};
	} else {
		$val_opt_dbm = $dbm_directory;
	}
	$val_opt_fproto = $opt{fproto} if ( $opt_fproto == 1 );
	$val_opt_fsrc = $opt{fsrc} if ( $opt_fsrc == 1 );
	$val_opt_fdst = $opt{fdst} if ( $opt_fdst == 1 );
	$val_opt_fdport = $opt{fdport} if ( $opt_fdport == 1 );
	$val_opt_fether = $opt{fether} if ( $opt_fether == 1 );
	$val_opt_fhour = $opt{fhour} if ( $opt_fhour == 1 );
	$val_opt_fday = $opt{fday} if ( $opt_fday == 1 );
	$val_opt_fmonth = $opt{fmonth} if ( $opt_fmonth == 1 );
	$val_opt_fhost = $opt{fhost} if ( $opt_fhost == 1 );
	$val_opt_fseverity = $opt{fseverity} if ( $opt_fseverity == 1 );
	$val_opt_faction = $opt{faction} if ( $opt_faction == 1 );
	$val_opt_frule = $opt{frule} if ( $opt_frule == 1 );
	$val_opt_ftype = $opt{ftype} if ( $opt_ftype == 1 );
	$val_opt_file = $opt{file} if ( $opt{file} );
	#
	# Initialize border when PDF output is selected
	#
	$border = "1" if $opt{p};
	
	
	
	
	#
	# Part 2 : Work in progress
	#
	# Test if genref option is used
	# to generate a RULE file
	#
	if ( $opt{genref} ) {
		load();
		print "The Signature Rules File was generated successfully : $opt{genref}\n";
		exit;
	} else {
		#
		# Lod input file line per line
		#
		if ( $opt{file} ) {
			xload();
		} else {
			load();
		}
		#
		# Test if filter option is selected
		#
		search_filter();
		print_head();
		print_summary();
		print_menu();
		#
		# Test if a specific report is selected
		#
		if ( $opt{src} ) { attack_src() };
		if ( $opt{dst} ) { attack_dst() };
		if ( $opt{src_attack} ) { same_src_attack() };
		if ( $opt{dst_attack} ) { same_dst_attack() };
		if ( $opt{src_dst_attack} ) { same_src_dst_attack() };
		if ( $opt{attack} ) { attack() };
		if ( $opt{class} ) { same_class() };
		if ( $opt{severity} ) { severity() };
		if ( $opt{daily_event} ) { daily_event() if ($minmonth ne $maxmonth) || ($minday < $maxday) };
		if ( $opt{hour} ) { hour() };
		if ( $opt{hour_attack} ) { same_hour_attack() };
		if ( $opt{dport} ) { dport() };
		if ( $opt{dport_attack} ) { dport_attack() };
		if ( $opt{nids} ) { nids() if (keys(%s13) > 1) };
		if ( $opt{stateful} ) { stateful() if ($anomaly > 0) };
		if ( $opt{domain_src} ) { domain_src() };
		if ( $opt{proto} ) { proto() };
		if ( $opt{portscan} ) { portscan() if ( keys(%s25) > 0 ) };
		if ( $opt{interfaces} ) { interfaces() if ( keys(%s1) > 1 ) };
		if ( $opt{reasons} ) { reasons() if ( keys(%s12) > 1 ) };
		if ( $opt{actions} ) { actions() if ( keys(%s14) > 1 ) };
		if ( $opt{rules} ) { rules() if ( keys(%s21) > 1 ) };
		if ( $opt{defense_attack} ) { defense_attack() if ( keys(%s24) > 0 ) };
		if ( $opt{typelog} ) { typelog() };
		if ( $opt{hwlog} ) { hwlog() };
		if ( $opt{src_dport} ) { same_src_dport() };
		if ( $opt{dst_dport} ) { same_dst_dport() };
		#
		# Else full report are activated
		#
		if ( $opt{report} ) {
			report();
		}
		print_footer();
		#
		# Test if PDF option are selectionned
		#
		init_pdf() if ( $opt_p == 1 );
	}
}





sub get_opt {
	#
	# Initialize variables
	# GUI exclusively
	#
	$opt_x = 1;
	$opt_i = $opti;
	$opt_r = $optr;
	$opt_w = $optw;
	$opt_h = $opth;
	$opt_p = $optp;
	$opt_dbm = $optdbm;
	$opt_g = $optg;
	$opt_n = $optn;
	$opt_d = $optd;
	$opt_c = $optc;
	$listbox_option_g->selectionSet(0);
	$val_opt_file = $entry_file->get();
	$val_opt_l = $entry_option_l->get();
	$val_opt_n = $entry_option_n->get() if ($opt_n == 1);
	$val_opt_h = $entry_option_h->get() if ($opt_h == 1);
	$val_opt_p = $entry_option_p->get() if ($opt_p == 1);
	$val_opt_dbm = $entry_dbm_directory->get() if ($opt_dbm == 1);
	$val_opt_langfile = $entry_langfile_directory->get();
	$index_opt_g = $listbox_option_g->curselection;
	$val_opt_g = $listbox_option_g->get($index_opt_g);
	$val_opt_u = $entry_html_directory->get();
	$opt_fproto = 0;
	$opt_fsrc = 0;
	$opt_fdst = 0;
	$opt_fdport = 0;
	$opt_fether = 0;
	$opt_fhour = 0;
	$opt_fday = 0;
	$opt_fmonth = 0;
	$opt_fhost = 0;
	$opt_fseverity = 0;
	$opt_faction = 0;
	$opt_frule = 0;
	$opt_ftype = 0;
	$opt_fproto = 1 if ( $entry_fproto->get() ne "" ); 
	$opt_fsrc = 1 if ( $entry_fsrc->get() ne "" );
	$opt_fdst = 1 if ( $entry_fdst->get() ne "" ); 
	$opt_fdport = 1 if ( $entry_fdport->get() ne "" );
	$opt_fether = 1 if ( $entry_fether->get() ne "" );
	$opt_fhour = 1 if ( $entry_fhour->get() ne "" );
	$opt_fday = 1 if ( $entry_fday->get() ne "" );
	$opt_fmonth = 1 if ( $entry_fmonth->get() ne "" );
	$opt_fhost = 1 if ( $entry_fhost->get() ne "" );
	$opt_fseverity = 1 if ( $entry_fseverity->get() ne "" );
	$opt_faction = 1 if ( $entry_faction->get() ne "" );
	$opt_frule = 1 if ( $entry_frule->get() ne "" );
	$opt_ftype = 1 if ( $entry_ftype->get() ne "" );
	$val_opt_fproto = $entry_fproto->get() if ( $opt_fproto == 1 );
	$val_opt_fsrc = $entry_fsrc->get() if ( $opt_fsrc == 1 );
	$val_opt_fdst = $entry_fdst->get() if ( $opt_fdst == 1 );
	$val_opt_fdport = $entry_fdport->get() if ( $opt_fdport == 1 );
	$val_opt_fether = $entry_fether->get() if ( $opt_fether == 1 );
	$val_opt_fhour = $entry_fhour->get() if ( $opt_fhour == 1 );
	$val_opt_fday = $entry_fday->get() if ( $opt_fday == 1 );
	$val_opt_fmonth = $entry_fmonth->get() if ( $opt_fmonth == 1 );
	$val_opt_fhost = $entry_fhost->get() if ( $opt_fhost == 1 );
	$val_opt_fseverity = $entry_fseverity->get() if ( $opt_fseverity == 1 );
	$val_opt_faction = $entry_faction->get() if ( $opt_faction == 1 );
	$val_opt_frule = $entry_frule->get() if ( $opt_frule == 1 );
	$val_opt_ftype = $entry_ftype->get() if ( $opt_ftype == 1 );
	$scrolled_debug->delete('1.0','end');
	$scrolled_status->delete('1.0','end');
	$opt_all = $optall;
	$opt_1 = $opt1;
	$opt_2 = $opt2;
	$opt_3 = $opt3;
	$opt_4 = $opt4;
	$opt_5 = $opt5;
	$opt_6 = $opt6;
	$opt_7 = $opt7;
	$opt_8 = $opt8;
	$opt_9 = $opt9;
	#
	# Test if kind of logs are selected else all arent chosen by default
	#
	if ( ($opt1 || $opt2 || $opt3 || $opt4 || $opt5 || $opt6 || $opt7 || $opt8 || $opt_9) != 1 ) {
		$opt_all = 1;
	} else {
		$opt_all = 0;
	}

	$domains_file = $entry_domains_file->get();
	$rules_file = $entry_rules_file->get();
	$hw_file = $entry_hw_file->get();
	$tmpout_file = $entry_tmpout_file->get();
	#
	# Extract the name of output file for graph file name
	#
	$graph_name = $val_opt_h;
	$graph_name =~ /^([\w||\d]+)/;
	$graph_name = $1;
	# for intialize border in PDF
	$border = "1" if ( $opt_p == 1 );
	#
	# For initialize configuration files
	#
	if ( $rules_file ne "" ) {
		$RULES = 1;		# Path to find Rules file
	}
	if ( $hw_file ne "" ) {
		$HW = 1;		# Path to find hardawre file
	}
	if ( $domains_file ne "" ) {
		$DOMAINS = 1;		# Path to find Domain file
	}
	init_domains() if ( $DOMAINS == 1 );
	init_rules() if ( $RULES == 1 );
	init_hw() if ( $HW == 1 );
}




sub xload {
	get_opt() if ( ! $opt{file} );
	open (FILE, $val_opt_file) or die $scrolled_status->insert('end', "Can not open $val_opt_file : $!\n");

	while (<FILE>) {
		search_log($_);
	}
	++$nb_files; $listbox_load->insert('end', $nb_files ." - ". $val_opt_file ."\n") if $opt{x};
	search_filter() if $opt{x};
	work();
}








sub search_log {
	my $alert = {};
	chomp;
	$PIX = 0;
	#
	# If the line is blank, go to the next one
	#
	next if $_ eq "";
	++$logtotal;

	$snortfast = 0;	
	$snortfull = 0;	
	$snortsyslog = 0;	
	$barnyardsyslog = 0;	
	$fw1syslog = 0;	
	$fw1export = 0;	
	$pix = 0;	
	$ipfilter = 0;	
	$pfilter = 0;	
	$netfilter = 0;	
	#
	# This is Netscreen Log
	# if ($_ =~ m/NetScreen/) {
	# }
	#

	#
	# Erase this string if facility is used in :
	# 1- SNORT CONFIGURATION FILE
	# 2- FW-1 SYSLOG LOG
	#
	s/\[ID\s+\d+\s+\S+]\s+//ox;


	#
	# This is all available log detection
	#
	ipf_log() if ( ($opt_7 == 1) || ($opt_all == 1) );
	pf_log() if ( ($opt_10 == 1) || ($opt_all == 1) );
	netfilter_log() if ( ($opt_8  == 1) || ($opt_all == 1) );
	pix_log() if ( ($opt_6 == 1) || ($opt_all == 1) );
	fw1export_log() if ( ($opt_4 == 1) || ($opt_all == 1) );
	fw1syslog_log() if ( ($opt_5 == 1) || ($opt_all == 1) );
	snortfast_log() if ( ($opt_1 == 1) || ($opt_all == 1) );
	snortsyslog_log() if ( ($opt_2 == 1) || ($opt_all == 1) );
	snortfull_log() if ( ($opt_3 == 1) || ($opt_all == 1) );
	barnyardsyslog_log() if ( ($opt_9 == 1) || ($opt_all == 1) );
	#
	# If a log message has been repeated several times
	#
	if ($lastwassnort && $_ =~ m/last message repeated (\d+) times/) {
		$repeats = $1;
		while ($repeats) {
			push @result, $result[-1];
			$repeats--;
		}
	#
	# Else, this is not a matched SnortALog log 
	#
	} else {
		if ($opt_d == 1) {
			print STDERR "Log not recognize --> $_\n" if ( ($opt_x != 1) && ($snortfast || $snortsyslog || $snortfull || $fw1syslog || $fw1export || $pix || $ipfilter || $pfilter || $netfilter || $barnyardsyslog) == 0 );
	        	$scrolled_debug->insert('end', "Log not recognize --> $_\n") if ( ($opt_x == 1) && ($snortfast || $snortsyslog || $snortfull || $fw1syslog || $fw1export || $pix || $ipfilter || $pfilter ||  $netfilter || $barnyardsyslog) == 0 );
		}
		++$logdrop if ( ($snortfast || $snortsyslog || $snortfull || $fw1syslog || $fw1export || $pix || $ipfilter || $pfilter || $netfilter || $barnyardsyslog) == 0 );
	 	$lastwassnort = 0;
	}
}





sub clear_screen {
	$scrolled_result->delete('1.0','end');
}


sub reset_filter {
	$entry_fproto->delete('0.0','end'); 
	$entry_fsrc->delete('0.0','end');
	$entry_fdst->delete('0.0','end');
	$entry_fdport->delete('0.0','end');
	$entry_fether->delete('0.0','end');
	$entry_fhour->delete('0.0','end');
	$entry_fday->delete('0.0','end');
	$entry_fmonth->delete('0.0','end');
	$entry_fhost->delete('0.0','end');
	$entry_fseverity->delete('0.0','end');
	$entry_faction->delete('0.0','end');
	$entry_frule->delete('0.0','end');
	$entry_ftype->delete('0.0','end');
}


sub x_popup {
}


sub x_unload {
	#
	# Undef variables
	#
	undef @result;
	undef %s0;
	undef %s1;
	undef %s2;
	undef %s3;
	undef %s4;
	undef %s5;
	undef %s6;
	undef %s7;
	undef %s8;
	undef %s9;
	undef %s10;
	undef %s11;
	undef %s12;
	undef %s13;
	undef %s14;
	undef %s15;
	undef %s16;
	undef %s17;
	undef %s18;
	undef %s19;
	undef %s20;
	undef %s21;
	undef %s22;
	undef %s23;
	undef %s24;		### For defense_attack() 
	undef %s25;		### For portscan()
	undef %s40;		### For domain hash table
	$listbox_load->delete('0.0','end');
	# Initialize variables before xload function
	$nb_files = 0;
	$logtotal = 0;
	$logdrop = 0;
	$logfw = 0;
	$logids = 0;
	$total = 0;
	$logportscan = 0;
	$maxday = 1; $maxmonth = 1; $maxhour = 0; $maxmin = 0; $maxsec = 0;
	$minday = 31; $minmonth = 12; $minhour = 23; $minmin = 59; $minsec = 59;
}


sub x_daily_event {
	get_opt();
	daily_event();
}

sub x_severity {
	get_opt();
	severity();
}

sub x_interfaces {
	get_opt();
	interfaces();
}

sub x_nids {
	get_opt();
	nids();
}

sub x_proto {
	get_opt();
	proto();
}

sub x_stateful {
	get_opt();
	stateful();
}

sub x_src_dst_attack {
	get_opt();
	same_src_dst_attack();
}

sub x_src_attack {
	get_opt();
	same_src_attack();
}

sub x_dst_attack {
	get_opt();
	same_dst_attack();
}

sub x_attack {
	get_opt();
	attack();
}

sub x_attack_src {
	get_opt();
	attack_src();
}

sub x_attack_dst {
	get_opt();
	attack_dst();
}

sub x_domain_src {
	get_opt();
	domain_src();
}

sub x_hour {
	get_opt();
	hour();
}

sub x_class {
	get_opt();
	same_class();
}

sub x_same_hour_attack {
	get_opt();
	same_hour_attack();
}

sub x_dport {
	get_opt();
	dport();
}

sub x_dport_attack {
	get_opt();
	dport_attack();
}


sub x_portscan {
	get_opt();
	portscan();
}


sub x_actions {
	get_opt();
	actions();
}


sub x_reasons {
	get_opt();
	reasons();
}


sub x_rules {
	get_opt();
	rules();
}


sub x_src_dport {
	get_opt();
	same_src_dport();
}


sub x_defense_attack {
	get_opt();
	defense_attack();
}


sub x_dst_dport {
	get_opt();
	same_dst_dport();
}




sub report {
	if ( $opt{x} ) {
		get_opt();
		clear_screen();
		#
		# Only when GUI is started because this 3 part arent already perform in CLI
		#
		print_head();
		print_summary();
		print_menu() if ( $opt_h == 1 || $opt_p == 1 );
	}

	if ( $logids gt 0 ) {
		proto();
		severity();
		hour();
		daily_event() if ($minmonth ne $maxmonth) || ($minday < $maxday);
		dport();
		nids() if (keys(%s13) > 1);
		interfaces() if (keys(%s1) > 1);
		domain_src() if ( $opt{c} );
		attack_src();
		same_src_attack();
		attack_dst();
		same_dst_attack();
		same_src_dst_attack();
		attack();
		same_class();
		same_hour_attack();
		dport_attack();
		portscan() if ( keys(%s25) > 0 );
	}
	
	if ( $logfw gt 0 ) {
		proto();
		hour();
		daily_event() if ($minmonth ne $maxmonth) || ($minday < $maxday);
		dport();
		nids() if (keys(%s13) > 1);
		interfaces() if (keys(%s1) > 1);
		domain_src() if ( $opt{c} );
		attack_src();
		attack_dst();
		same_src_dport();
		same_dst_dport();
		reasons() if ( keys(%s12) > 1 );
		actions() if ( keys(%s14) > 1 );
		rules() if ( keys(%s21) > 1 );
		defense_attack() if ( keys(%s24) > 0 );
		attack() if ( keys(%s4) > 1 );
		hwlog() if ( keys(%s300) > 0 );
	}
	typelog();

	if ( $opt{x} ) { 
		print_footer();
		init_pdf() if ( $opt_p == 1 );
		$scrolled_status->insert('end', "HTML report generated :\t\tOK\n") if ( $opt_h == 1 );
		$scrolled_status->insert('end', "PDF report generated :\t\tOK\n") if ( $opt_p == 1 );
	}
}







sub load {	
$logtotal = 0;
$logdrop = 0;
$logfw = 0;
$logids = 0;
if ( $opt{genref} ) {
	open(RULES,">$opt{genref}") or die "Can not open domain file: $opt{genref} $!\n";
	while (<>) {
		next if ($_ eq "" or /^#/);
		if ( $_ =~ m/reference/ox ) {
			$_ =~ s/^alert\s(\w+)\s.+\s.+\>\s.+\s.+\(msg\:\"([^\"|^\"]*?)\".+reference\://x;
			$PROTO = $1; $PROTO =~ tr/A-Z/a-z/; $SIG = $2;
			$_ = ";$_";
			$_ =~ s/^\;([^\;|^\;]*?)\;.*$//x;
			$REF = $1;
			print RULES ("$SIG {$PROTO}\t\t$REF\n");
		}
	}
	close (RULES);
} else {	
	#
	#wiPROCESS WHATEVER COMES IN
	#
	while (<>) {
		search_log($_);
	}
}
work() if ( !$opt{genref} );
}





sub work {
if ( $#result + 1 == 0 ) {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "No correct logs found\n");
	} else {
		print "No correct logs found\n";
		exit;
	}
} else {
	if ( $opt_dbm == 1 ) {
		dbmopen(%s0, $val_opt_dbm ."snortalog_dbms0", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s1, $val_opt_dbm ."snortalog_dbms1", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s2, $val_opt_dbm ."snortalog_dbms2", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s3, $val_opt_dbm ."snortalog_dbms3", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s4, $val_opt_dbm ."snortalog_dbms4", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s5, $val_opt_dbm ."snortalog_dbms5", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s6, $val_opt_dbm ."snortalog_dbms6", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s7, $val_opt_dbm ."snortalog_dbms7", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s8, $val_opt_dbm ."snortalog_dbms8", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s9, $val_opt_dbm ."snortalog_dbms9", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s10, $val_opt_dbm ."snortalog_dbms10", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s11, $val_opt_dbm ."snortalog_dbms11", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s12, $val_opt_dbm ."snortalog_dbms12", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s13, $val_opt_dbm ."snortalog_dbms13", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s14, $val_opt_dbm ."snortalog_dbms14", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s15, $val_opt_dbm ."snortalog_dbms15", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s16, $val_opt_dbm ."snortalog_dbms16", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s17, $val_opt_dbm ."snortalog_dbms17", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s18, $val_opt_dbm ."snortalog_dbms18", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s19, $val_opt_dbm ."snortalog_dbms19", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s20, $val_opt_dbm ."snortalog_dbms20", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s21, $val_opt_dbm ."snortalog_dbms21", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s22, $val_opt_dbm ."snortalog_dbms22", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s23, $val_opt_dbm ."snortalog_dbms23", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s24, $val_opt_dbm ."snortalog_dbms24", 0644) or die "Can't open DB_File: $!\n";
		dbmopen(%s25, $val_opt_dbm ."snortalog_dbms25", 0644) or die "Can't open DB_File: $!\n";
	}
	for $i ( 0 .. $#result ) {
		if ( $logfw > 1 ) {
			# used by reasons()
			$s12{"$result[$i]->[17]"}++;
			# used by rules()
			$s21{"$result[$i]->[18]"}++;
			# use by actions()
			$s14{"$result[$i]->[16]"}++;
			# used by defense_attack()
			$s24{"$result[$i]->[21],$result[$i]->[22]"}++ if ( $result[$i]->[21] ne "" );
			# used by same_src_dport()
			$s22{"$result[$i]->[7],$result[$i]->[10]"}++;
			# used by same_dst_dport()
			$s23{"$result[$i]->[9],$result[$i]->[10]"}++;
			# use by daily_event()
			$s19{"$result[$i]->[1],$result[$i]->[0]"}++;
			# use by dport()
			$s16{"$result[$i]->[10]"}++;
			# use by typelog()
			$s17{"$result[$i]->[19]"}++;
			# use by proto()
			$s11{"$result[$i]->[15]"}++;
			# use by nids()
			$s13{"$result[$i]->[5]"}++;
			# used by hour()
			$s7{"$result[$i]->[2]"}++;
			# use by daily_event()
			$s15{"$result[$i]->[1],$result[$i]->[0],$result[$i]->[13]"}++;
			# used in attack_src()
			$s5{"$result[$i]->[7]"}++;
			# used by attack_dst 
			$s6{"$result[$i]->[9]"}++;
		}

		if ( $logids > 1 ) {
			# for the same pair of attacker and victim with same attack
			# used in same_src_dst_attack()
			$s0{"$result[$i]->[9],$result[$i]->[7],$result[$i]->[6]"}++;
			# used in same_src_dst_attack()
			$s1{"$result[$i]->[14]"}++;
			# used in same_src_attack()
			$s2{"$result[$i]->[6],$result[$i]->[7],$result[$i]->[13]"}++;
			# to same victim with same method
			# to see how many attacks received by one host
			# used in same_dest_attack()
			$s3{"$result[$i]->[6],$result[$i]->[9],$result[$i]->[13]"}++;
			# same signature
			# to see the popularity of one attack method
			# used in attack()
			$s4{"$result[$i]->[6],$result[$i]->[12],$result[$i]->[13]"}++;
			# used in attack_src()
			$s5{"$result[$i]->[7]"}++;
			# used by attack_dst 
			$s6{"$result[$i]->[9]"}++;
			# used by hour()
			$s7{"$result[$i]->[2]"}++;
			# used by hour()
			$s8{"$result[$i]->[2],$result[$i]->[13]"}++;
			# use by same_hour_attack()
			$s9{"$result[$i]->[2],$result[$i]->[6]"}++;
			# used by same_class() 
			$s10{"$result[$i]->[11],$result[$i]->[13]"}++;
			# use by proto()
			$s11{"$result[$i]->[15]"}++;
			# use by nids()
			$s13{"$result[$i]->[5]"}++;
			# use by daily_event()
			$s15{"$result[$i]->[1],$result[$i]->[0],$result[$i]->[13]"}++;
			# use by dport()
			$s16{"$result[$i]->[10]"}++;
			# use by typelog()
			$s17{"$result[$i]->[19]"}++;
			# use by dport_attack()
			$s18{"$result[$i]->[10],$result[$i]->[6]"}++;
			# use by daily_event()
			$s19{"$result[$i]->[1],$result[$i]->[0]"}++;
			# use by severity()
			$s20{"$result[$i]->[13]"}++;
			# used by portscan()
			$s25{"$result[$i]->[7]"}++ if ( $result[$i]->[19] eq "snort_portscan" );
		}
	}
	
	#
	# For hardware related message logs
	#
	for $i ( 0 .. $#resulthw ) {
		$s300{"$resulthw[$i]->[6]"}++;
	}

	#
	# Initialize a special crontrol when several files arent loaded in GUI mode
	#
	$total = $total + $#result + 1;
	$logportscan = $logportscan + keys(%s25);
	
	#
	# Reinitialize tables
	#
	undef @result;
	undef @resulthw;
}
}


sub print_head {
$kindlog = "IDS" if ( $logids > 0 );
$kindlog = "Firewall" if ( $logfw > 0 );
my $title = $lang{"title_". $val_opt_l};

if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	if ( $opt_h == 1 ) {
		$filename = "$val_opt_u"."$val_opt_h";
		$graph_name = $val_opt_h;
		$graph_name =~ /^([\w||\d||\-||\_]+)/;
		$graph_name = $1;
	} elsif ( $opt_p == 1 ) {
		$filename = $tmpout_file;
		$graph_name = $val_opt_p;
		$graph_name =~ /^([\w||\d||\-||\_]+)/;
		$graph_name = $1;
	}
	open (FILEOUT, ">$filename") or die "Can no access file : $filename\n";
	print FILEOUT ("<HTML>\n<HEAD>\n<TITLE>SnortALog Report</TITLE>\n");
	print FILEOUT ("<meta http-equiv='Content-Type' content='text/html' charset='iso-8859-1'>\n");
	print FILEOUT ("<STYLE>\n");
	print FILEOUT ("BODY { color: $color; font-family: $font; background: $background; font-size: 12px; margin-left: 24px; margin-right:24px;}\n") if ( $opt_h == 1 );
	print FILEOUT ("/* Table Header */\n") if ( $opt_h == 1 );
	print FILEOUT (".TH { font-family: Verdana,Arial,Helvetica,sans-serif; font-size: 12px; background-color: $th_bg_color; color: $th_color; font-weight: bold; }\n") if ( $opt_h == 1 );
	print FILEOUT ("/* Table body */\n") if ( $opt_h == 1 );
	print FILEOUT (".TB { color: $tb_color; background-color: $tb_bg_color; font-size: 12px; }\n") if ( $opt_h == 1 );
	print FILEOUT ("/* Table body RED*/\n") if ( $opt_h == 1 );
	print FILEOUT (".TBR { color: red; background-color: $tb_bg_color; font-size: 12px; }\n") if ( $opt_h == 1 );
	print FILEOUT ("/* Table body GREEN*/\n") if ( $opt_h == 1 );
	print FILEOUT (".TBG { color: green; background-color: $tb_bg_color; font-size: 12px; }\n") if ( $opt_h == 1 );
	print FILEOUT ("A { color: $anchor; }\n") if ( $opt_h == 1 );
	print FILEOUT ("DIV { width: 100%; text-align: center; color: white; background-color: #006666; font-size: 24px; }\n") if ( $opt_h == 1 );
	print FILEOUT ("</STYLE>\n</HEAD>\n");
	print FILEOUT ("<BODY>\n");
	print FILEOUT ("<h3><CENTER><a name=\"top\" HREF=\"#top\"></a></CENTER></h3>\n");
	print FILEOUT ("<DIV>$kindlog $title $date</DIV><BR \>\n");
} else {
	if ( !$opt{x} ) {			### IF GUI X
		print "subject: $kindlog $title $date\n"; 
	}
}
}


sub print_summary {
	# Heade variables
	my $head1 = $lang{"head1_". $val_opt_l};
	my $head2 = $lang{"head2_". $val_opt_l};
	my $head3 = $lang{"head3_". $val_opt_l};
	my $head4 = $lang{"head4_". $val_opt_l};
	my $head5 = $lang{"head5_". $val_opt_l};
	my $head6 = $lang{"head6_". $val_opt_l};
	my $head7 = $lang{"head7_". $val_opt_l};
	my $head8 = $lang{"head8_". $val_opt_l};
	my $head9 = $lang{"head9_". $val_opt_l};
	my $head10 = $lang{"head10_". $val_opt_l};
	my $head11 = $lang{"head11_". $val_opt_l};
	my $head12 = $lang{"head12_". $val_opt_l};
	my $head13 = $lang{"head13_". $val_opt_l};
	# Comment variables
	my $legende_red = $lang{"legendered_". $val_opt_l};
	my $legende_green = $lang{"legendegreen_". $val_opt_l};
	my $legende_black = $lang{"legendeblack_". $val_opt_l};

	if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ){
		print FILEOUT ("<TABLE BORDER=$border ALIGN=CENTER BGCOLOR=$tb_bg_color WIDTH=100%><TR><TD><TABLE BORDER=0><TR><TD WIDTH=65%>");
		print FILEOUT ("<TABLE VALIGN=top>\n");
		print FILEOUT ("<TR ALIGN=left><TH>$head1</TH>");
		print FILEOUT ("<TD>$daymonth{$minmonth} $minday $minhour\:$minmin\:$minsec</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>$head2</TH>");
		print FILEOUT ("<TD>$daymonth{$maxmonth} $maxday $maxhour\:$maxmin\:$maxsec</TD></TR>\n");
		print FILEOUT ("<TR><TD></TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>$head3</TH>");
		print FILEOUT ("<TD>$logtotal</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>$head4</TH>");
		printf FILEOUT ("<TD>%d (%2.2f%)</TD></TR>\n",$logdrop,$logdrop/$logtotal*100);
		print FILEOUT ("<TR><TD></TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>$head13</TH><TD>$filter</TD></TR>\n") if $filter ne "";
		print FILEOUT ("<TR><TD></TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>$head5</TH>");
		print FILEOUT ("<TD>$total</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>$head6</TH>");
		print FILEOUT ("<TD>". keys(%s5) ."</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>$head7</TH>");
		print FILEOUT ("<TD>". keys(%s6) ."</TD></TR>\n");
		print FILEOUT ("<TR><TD></TD></TR>\n");
		if ( $logids > 1 ) {
			print FILEOUT ("<TR ALIGN=left><TH>$head8</TH>");
			print FILEOUT ("<TD>". keys(%s13) ." with ". keys(%s1) . " interface(s)</TD></TR>\n");
			print FILEOUT ("<TR ALIGN=left><TH>$head9</TH>");
			print FILEOUT ("<TD>". keys(%s4) ."<TD></TR>\n");
			print FILEOUT ("<TR ALIGN=left><TH>$head10</TH>");
			print FILEOUT ("<TD>". keys(%s10) ."</TD></TR>\n");
			print FILEOUT ("<TR ALIGN=left><TH>$head11</TH>");
			print FILEOUT ("<TD>". keys(%s20) ."</TD></TR>\n");
			print FILEOUT ("<TR ALIGN=left><TH>$head12</TH>");
			print FILEOUT ("<TD>$logportscan</TD></TR>\n");
		}
		if ( $logfw > 1 ) {
			print FILEOUT ("<TR ALIGN=left><TH>$head8</TH>");
			print FILEOUT ("<TD>". keys(%s13) ." with ". keys(%s1) . " interface(s)</TD></TR>\n");
		}
		print FILEOUT ("</TABLE>\n");
		
		print FILEOUT ("</TD><TD VALIGN=top>\n");
	
		print FILEOUT ("<TABLE>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Domains File : </TH>");
		print FILEOUT ("<TD>". $domains_file ."</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Number of domains : </TH>");
		print FILEOUT ("<TD>". keys(%DomainName) ."</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Rules File : </TH>");
		print FILEOUT ("<TD>". $rules_file ."</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TH>Number of referenced rules : </TH>");
		print FILEOUT ("<TD>". keys(%link) ."</TD></TR>\n");
		print FILEOUT ("</TD></TABLE></TABLE></TABLE><BR>\n");

		print FILEOUT ("<TABLE BORDER=0 ALIGN=CENTER>\n");
		print FILEOUT ("<TR ALIGN=left><TD WIDTH=12%><B><U>Legend :</U></B></TD><TD WIDTH=12%></TD><TD></TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TD WIDTH=12%></TD><TD WIDTH=12%><FONT COLOR=RED>RED :</FONT></TD><TD>$legende_red</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TD WIDTH=12%></TD><TD WIDTH=12%><FONT COLOR=GREEN>GREEN :</FONT></TD><TD>$legende_green</TD></TR>\n");
		print FILEOUT ("<TR ALIGN=left><TD WIDTH=12%></TD><TD WIDTH=12%>BLACK :</TD><TD>$legende_black</TD></TR>\n");
		print FILEOUT ("</TABLE><BR>\n");
	} else {
		if ( $opt{x} ) {			### IF GUI X
			$scrolled_status->insert('end', "Print_Summary() :\t\t\t");
			$scrolled_result->insert ('end', "$head1 $daymonth{$minmonth} $minday $minhour\:$minmin\:$minsec\n");
			$scrolled_result->insert ('end', "$head2 $daymonth{$maxmonth} $maxday $maxhour\:$maxmin\:$maxsec\n");
			$scrolled_result->insert ('end', "\n");
			$scrolled_result->insert ('end', "$head3 $logtotal\n");
			$scrolled_result->insert ('end', "$head4 ". $logdrop ." (". $logdrop/$logtotal*100 ."%)\n");
			$scrolled_result->insert ('end', "\n");
			$scrolled_result->insert ('end', "$head13 $filter\n") if $filter ne "";
			$scrolled_result->insert ('end', "\n");
			$scrolled_result->insert ('end', "$head5 $total\n");
			$scrolled_result->insert ('end', "$head6 ". keys(%s5) ."\n");
			$scrolled_result->insert ('end', "$head7 ". keys(%s6) ."\n");
			$scrolled_result->insert ('end', "\n");
			if ( $logids > 1 ) {
				$scrolled_result->insert ('end', "$head8 ". keys(%s13) ." with ". keys(%s1) ." interface(s)\n");
				$scrolled_result->insert ('end', "$head9 ". keys(%s4) ."\n");
				$scrolled_result->insert ('end', "$head10 ". keys(%s10) ."\n");
				$scrolled_result->insert ('end', "$head11 ". keys(%s20) ."\n");
				$scrolled_result->insert ('end', "$head12 $logportscan\n");
				$scrolled_result->insert ('end', "\n");
			}
			if ( $logfw > 1 ) {
				$scrolled_result->insert ('end', "$head8 ". keys(%s13) ." with ". keys(%s1) ." interface(s)\n");
				$scrolled_result->insert ('end', "\n");
			}
			$scrolled_status->insert('end', "OK\n");
		} else {
			chomp $minmonth;
			chomp $maxmonth;
			print BOLD, "$head1 $daymonth{$minmonth} $minday $minhour\:$minmin\:$minsec\n", RESET;
			print BOLD, "$head2 $daymonth{$maxmonth} $maxday $maxhour\:$maxmin\:$maxsec\n", RESET;
			print "\n";
			print "$head3 $logtotal\n";
			printf ("$head4 %d (%5.2f",$logdrop,$logdrop/$logtotal*100);
			print "%)\n";
			print "\n";
			print "$head13 $filter\n" if $filter ne "";
			print "\n";
			print BOLD,"$head5 $total\n", RESET;
			print "$head6 ". keys(%s5) ."\n" if ( keys(%s5) > 0 );
			print "$head7 ". keys(%s6) ."\n" if ( keys(%s6) > 0 );
			print "\n";
			if ( $logids > 1 ) {
				print "$head8 ". keys(%s13) ." with ". keys(%s1) ." interface(s)\n";
				print "$head9 ". keys(%s4) ."\n";
				print "$head10 ". keys(%s10) ."\n";
				print "$head11 ". keys(%s20) ."\n";
				print "$head12 $logportscan\n";
			}
			if ( $logfw > 1 ) {
				print "$head8 ". keys(%s13) ." with ". keys(%s1) ." interface(s)\n";
			}
		}
	}
}









# print menu for HTML page
sub print_menu {
my $description = $lang{"s19_". $val_opt_l};
	if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
		print FILEOUT ("<TABLE BORDER=0 ALIGN=CENTER><TR ALIGN=left><TD WIDTH=50% VALIGN=top>\n");
		print FILEOUT ("<h4>General Statistics</h4>\n<menu>\n");
		print FILEOUT ("<li><a href=\"#hour\">". $lang{"s7_". $val_opt_l} ."</a>\n");
		print FILEOUT ("<li><a href=\"#daily_event\">". $lang{"s19_". $val_opt_l} ."</a>\n") if ($minmonth ne $maxmonth) || ($minday < $maxday);
		print FILEOUT ("<li><a href=\"#nids\">". $lang{"s13_". $val_opt_l} ."</a>\n") if (keys(%s13) > 1);
		print FILEOUT ("<li><a href=\"#domain_src\">". $lang{"s40_". $val_opt_l} ."</a>\n") if ( $opt{c} );
		print FILEOUT ("<li><a href=\"#attack_src\">". $lang{"s5_". $val_opt_l} ."</a>\n");
		print FILEOUT ("<li><a href=\"#attack_dst\">". $lang{"s6_". $val_opt_l} ."</a>\n");
		print FILEOUT ("<li><a href=\"#dport\">". $lang{"s16_". $val_opt_l} ."</a>\n");
		print FILEOUT ("<li><a href=\"#proto\">". $lang{"s11_". $val_opt_l} ."</a>\n");
		print FILEOUT ("<li><a href=\"#interfaces\">". $lang{"s1_". $val_opt_l} ."</a>\n") if (keys(%s1) > 1);
		print FILEOUT ("<li><a href=\"#typelog\">". $lang{"s17_". $val_opt_l} ."</a>\n</menu>") if (keys(%s17) > 0);	
		print FILEOUT ("</TD><TD WIDTH=50% VALIGN=top>\n");
		
		print FILEOUT ("<U><B>Specific Statistics</B></U><P>\n");
		if ( $logfw gt 0 ) {	
			print FILEOUT ("<li><a href=\"#same_src_dport\">". $lang{"s22_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#same_dst_dport\">". $lang{"s23_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#actions\">". $lang{"s14_". $val_opt_l} ."</a>\n") if ( keys(%s14) > 1 );
			print FILEOUT ("<li><a href=\"#reasons\">". $lang{"s12_". $val_opt_l} ."</a>\n") if ( keys(%s12) > 1 );
			print FILEOUT ("<li><a href=\"#rules\">". $lang{"s21_". $val_opt_l} ."</a>\n") if ( keys(%s21) > 1 );
			print FILEOUT ("<li><a href=\"#defense_attack\">". $lang{"s24_". $val_opt_l} ."</a>\n") if ( keys(%s24) > 0 );
			print FILEOUT ("<li><a href=\"#attack\">". $lang{"s4_". $val_opt_l} ."</a>\n") if ( keys(%s4) > 1 );
			print FILEOUT ("<li><a href=\"#hwlog\">". $lang{"s300_". $val_opt_l} ."</a>\n") if ( keys(%s300) > 0 );
		} 
		if ( $logids gt 0 ) {	
			print FILEOUT ("<li><a href=\"#same_src_attack\">". $lang{"s2_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#same_dst_attack\">". $lang{"s3_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#same_src_dst_attack\">". $lang{"s0_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#port_attack\">Events to one destination port grouped by attack</a>\n");
			print FILEOUT ("<li><a href=\"#attack\">". $lang{"s4_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#same_class\">". $lang{"s10_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#severity\">". $lang{"s20_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#hour_attack\">". $lang{"s7_". $val_opt_l} ."</a>\n");
			print FILEOUT ("<li><a href=\"#portscan\">". $lang{"s25_". $val_opt_l} ."</a>\n") if ( keys(%s25) > 0 );
		}
		print FILEOUT ("</menu>\n");
		print FILEOUT ("</TD></TR></TABLE><BR>\n");
	}
}       







sub daily_event {
$max = 0;
my $description = $lang{"s19_". $val_opt_l};
if ( ($opt_h == 1) || ($opt_p == 1) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"daily_event\" HREF=\"#top\">$description</a></h3>\n");
	print FILEOUT ("<table border=$border align=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>Day</td><td>Month</td><td>No</td><td>%</td><td>Graph</td></tr>");

	foreach $k (%s19) {
		$max = $s19{$k} if ($s19{$k} > $max);
	}
	my $ratio = $max/$total*100;
	foreach $k (sort { $a <=> $b } keys %s19) {
		@_ = split ",",$k;
		my $num = $s19{$k}/$total*(50000/$ratio);
		printf FILEOUT ("<TR CLASS=TB><TD>%-${hour_len}d</TD><TD>%-3s</TD><TD>%-${nb_len}d</TD><TD>%-2.2f</TD><TD WIDTH=$num><HR NOSHADE ALIGN=LEFT SIZE=10 COLOR=#CCCCCC WIDTH=%3d ></TD></TR>\n",$_[0],$_[1],$s19{$k},$s19{$k}/$total*100,$num);
		push @list1 ,($s19{$k});
		push @list2 ,("$_[0]");
	}
	print FILEOUT ("</TABLE>\n");
 	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("days1","area") if ($opt_g == 1);
		print FILEOUT ("<BR><TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=.".$graph_name._days1.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("days1","area") if ($opt_g == 1);
		print FILEOUT ("<BR><TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=".$graph_name._days1.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TD></TR></TABLE><BR>\n");
	}

	if (( $logids gt 0 ) and ( $opt_g == 1 )) {
		$compt = 1;	
		foreach $k (sort { $a <=> $b } keys %s15) {
			@_ = split ",",$k;
			$beforeday = $_[0];
			$belowday = $beforeday if ( $compt == 1 );
			if ( $belowday < $beforeday ) {
				if ( $low ) {
					push @listlow ,($low);
					undef $low;
				} else {
					push @listlow ,(0);
				}
				if ( $medium ) {
					push @listmedium ,($medium);
					undef $medium;
				} else {
					push @listmedium ,(0);
				}
				if ( $high ) {
					push @listhigh ,($high);
					undef $high;
				} else {
					push @listhigh ,(0);
				}
				if ( $unknown ) {
					push @listunknown ,($unknown);
					undef $unknown;
				} else {
					push @listunknown ,(0);
				}
			}
			if ( $_[2] eq "low") {
				$low = $s15{$k};
			} elsif ( $_[2] eq "medium" ) {
				$medium = $s15{$k};
			} elsif ( $_[2] eq "high" ) {
				$high = $s15{$k};
			} elsif ( $_[2] eq "unknown" ) {
				$unknown = $s15{$k};
			}
			$belowday = $beforeday;
			$compt ++;
		}
		if ( $low ) {
			push @listlow ,($low);
			undef $low;
		} else {
			push @listlow ,(0);
		}
		if ( $medium ) {
			push @listmedium ,($medium);
			undef $medium;
		} else {
			push @listmedium ,(0);
		}
		if ( $high ) {
			push @listhigh ,($high);
		} else {
			push @listhigh ,(0);
		}
		if ( $unknown ) {
			push @listunknown ,($unknown);
			undef $unknown;
		} else {
			push @listunknown ,(0);
		}
		init_graph("days2","lines");
		if ( $opt_p == 1 ) {
			print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=.".$graph_name._days2.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
		} else {
			print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=".$graph_name._days2.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
		}
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "daily_event() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		$linelength = 20 + $nb_len + 6 + $graph_len;
		print FILEOUT ("$description\n");
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s19) ." of ". keys(%s19) ." ###\n");
		print FILEOUT (" Day Month  No         %    Graph\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (%s19) {
			$max = $s19{$k} if ($s19{$k} > $max);
		}
		$ratio = $max/$total*100;
		foreach $k (sort { $a <=> $b } keys %s19) {
			@_ = split ",",$k;
			$num = $s19{$k}/$total*75*(100 / $ratio);
			printf FILEOUT ("  %-${hour_len}d   %-3s   %-${nb_len}d  %5.2f  %-${graph_len}s\n", $_[0],$_[1],$s19{$k},$s19{$k}/$total*100, '#' x $num);
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");

	} else {
		foreach $k (%s19) {
			$max = $s19{$k} if ($s19{$k} > $max);
		}
		$ratio = $max/$total*100;
		section_header("$description\n", "daily_event");
		foreach $k (sort { $a <=> $b } keys %s19) {
			@_ = split ",",$k;
			$num = $s19{$k}/$total*75*(100 / $ratio);
			printf("  %-${hour_len}d   %-3s   %-${nb_len}d  %5.2f  %-${graph_len}s\n", $_[0],$_[1],$s19{$k},$s19{$k}/$total*100, '#' x $num);
		}
	}
}
}


sub severity {
$max = 0;
my $description = $lang{"s20_". $val_opt_l};
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<H3><CENTER><A NAME=\"severity\" HREF=\"#top\">$description</A></CENTER></H3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><TD>%</TD><TD>No</TD><TD>Severity</TD></TR>");
	foreach $k (sort { $s20{$b} <=> $s20{$a} } keys %s20) {
		$STYLE = init_color($k);
		printf FILEOUT (("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${sever_len}s</td></tr>\n", $s20{$k}/$total*100,$s20{$k},$k));
		push @list1 ,($s20{$k}/$total*100);
		push @list2 ,("$k");
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("severity","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._severity.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("severity","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._severity.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	foreach $k (%s20) {
		$max = $s20{$k} if ($s20{$k} > $max);
	}
	$ratio = $max/$total*100;
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "severity() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 13 + $nb_len + 2 + $sever_len + 2 + $graph_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s20) ." of ". keys(%s20) ." ###\n");
		print FILEOUT ("    %    No      Severity Graph\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s20{$b} <=> $s20{$a} } keys %s20) {
			$num = $s20{$k}/$total*75*(100 / $ratio);
			printf FILEOUT ("  %-5.2f  %-${nb_len}d  %-${sever_len}s  %-${graph_len}s\n", $s20{$k}/$total*100,$s20{$k},$k, '#' x $num);
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		section_header("$description\n", "severity");
		foreach $k (sort { $s20{$b} <=> $s20{$a} } keys %s20) {
			$num = $s20{$k}/$total*75*(100 / $ratio);
			printf("  %-5.2f  %-${nb_len}d  %-${sever_len}s  %-${graph_len}s\n", $s20{$k}/$total*100,$s20{$k},$k, '#' x $num);
		}

	}
}
}



sub interfaces {
$i = 0;
$max = 8;
my $description = $lang{"s1_". $val_opt_l};
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<H3><CENTER><A NAME=\"interfaces\" HREF=\"#top\">$description</A></CENTER></H3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><TD>%</TD><TD>No</TD><TD>Interface</TD></TR>");
	foreach $k (sort { $s1{$b} <=> $s1{$a} } keys %s1) {
		printf FILEOUT (("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-32s</TD></TR>\n", $s1{$k}/$total*100,$s1{$k},$k));
		push @list1 ,($s1{$k}/$total*100) if ( $i < $max );
		push @list2 ,("$k") if ( $i < $max );
		++$i;
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("ether","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._ether.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("ether","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._ether.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "interfaces() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 50;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s1) ." of ". keys(%s1) ." ###\n");
		print FILEOUT ("    %    No      Interfaces\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s1{$b} <=> $s1{$a} } keys %s1) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-10s\n", $s1{$k}/$total*100,$s1{$k},$k); 
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "interfaces");
		foreach $k (sort { $s1{$b} <=> $s1{$a} } keys %s1) {
			printf("  %5.2f  %-${nb_len}d  %-10s\n", $s1{$k}/$total*100,$s1{$k},$k); 
		}
	}
}
}





sub nids {
my $i = 0;
my $max = 6;
my $description = $lang{"s13_". $val_opt_l};
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"nids\" HREF=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Host Logger</td></tr>");
	foreach $k (sort { $s13{$b} <=> $s13{$a} } keys %s13) {
		printf FILEOUT (("<tr class=TB><td>%2.2f</td><td>%-${nb_len}d</td><td>%-32s</td></tr>\n", $s13{$k}/$total*100,$s13{$k},$k));
		push @list1 ,($s13{$k}) if ( $i < $max );
		push @list2 ,("$k") if ( $i < $max );
		++$i;
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("nids","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._nids.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("nids","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._nids.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "nids() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 50;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s13) ." of ". keys(%s13) ." ###\n");
		print FILEOUT ("    %    No      Host Logger\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s13{$b} <=> $s13{$a} } keys %s13) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-32s\n", $s13{$k}/$total*100,$s13{$k},$k); 
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "nids");
		foreach $k (sort { $s13{$b} <=> $s13{$a} } keys %s13) {
			printf("  %5.2f  %-${nb_len}d  %-32s\n", $s13{$k}/$total*100,$s13{$k},$k); 
		}
	}
}
}


sub proto {
my $i = 0;
my $max = 6;
my $description = $lang{"s11_". $val_opt_l};
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"proto\" HREF=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><table border=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Protocols</td></tr>");
	foreach $k (sort { $s11{$b} <=> $s11{$a} } keys %s11) {
		printf FILEOUT (("<tr class=TB><td>%2.2f</td><td>%-${nb_len}d</td><td>%-32s</td></tr>\n", $s11{$k}/$total*100,$s11{$k},$k));
		push @list1 ,($s11{$k}) if ( $i < $max );
		push @list2 ,("$k") if ( $i < $max );
		++$i;
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("proto","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._proto.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("proto","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._proto.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "proto() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 50;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s11) ." of ". keys(%s11) ." ###\n");
		print FILEOUT ("    %    No      Protocols\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s11{$b} <=> $s11{$a} } keys %s11) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-32s\n", $s11{$k}/$total*100,$s11{$k},$k); 
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
#		section_header("The distribution of event by protocols\n", "proto");
		section_header("$description\n", "proto");
		foreach $k (sort { $s11{$b} <=> $s11{$a} } keys %s11) {
			printf("  %5.2f  %-${nb_len}d  %-32s\n", $s11{$k}/$total*100,$s11{$k},$k); 
		}
	}
}
}





sub same_src_dst_attack {
$i=0;
my $description = $lang{"s0_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s0) ) ) {
	$n = keys %s0;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_src_dst_attack\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=o$border ALIGN=CENTER>\n");
	print FILEOUT ("<TR CLASS=TH align=center><td>%</td><td>No</td><td>IP Source</td><td>IP Destination</td><td>Attack</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s0{$a} <=> $s0{$b} } keys %s0) { 
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td></tr>\n", $s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	} else {
		foreach $k (sort { $s0{$b} <=> $s0{$a} } keys %s0) { 
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td></tr>\n", $s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_src_dst_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 13 + $nb_len + 4 + $addr_len + 4 + $addr_len + 4 + $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s0) ." ###\n");
		print FILEOUT ("    %    No      IP source        IP destination   Attack\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s0{$a} <=> $s0{$b} } keys %s0) { 
				@_ = split ",",$k;
				printf FILEOUT ("  %-5.2f  %-${nb_len}d  %-${addr_len}s  %-${addr_len}s  %-10s\n",
				$s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		} else {
			foreach $k (sort { $s0{$b} <=> $s0{$a} } keys %s0) { 
				@_ = split ",",$k;
				printf FILEOUT ("  %-5.2f  %-${nb_len}d  %-${addr_len}s  %-${addr_len}s  %-10s\n",
				$s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "same_src_dst_attack");
		if ($opt_i == 1) {
			foreach $k (sort { $s0{$a} <=> $s0{$b} } keys %s0) { 
				@_ = split ",",$k;
				printf("  %-5.2f  %-${nb_len}d  %-${addr_len}s  %-${addr_len}s  %-10s\n",
				$s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		} else {
			foreach $k (sort { $s0{$b} <=> $s0{$a} } keys %s0) { 
				@_ = split ",",$k;
				printf("  %-5.2f  %-${nb_len}d  %-${addr_len}s  %-${addr_len}s  %-10s\n",
				$s0{$k}/$total*100, $s0{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
	}
}
}


# to see how many attacks launched from one host
sub same_src_attack {
$i=0;
my $description = $lang{"s2_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s2) ) ) {
	$n = keys %s2;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_src_attack\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border align=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td><td>Attack</td><td>Severity</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s2{$a} <=> $s2{$b} } keys %s2) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td><td>%-${server_len}s</td></tr>\n", $s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i
		}
	} else {
		foreach $k (sort { $s2{$b} <=> $s2{$a} } keys %s2) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td><td>%-${server_len}s</td></tr>\n", $s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_src_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $addr_len + 4 + $attack_len + 4 + $sever_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s2) ." ###\n");
		print FILEOUT ("    %    No      IP source        Attack                                                                  Severity\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s2{$a} <=> $s2{$b} } keys %s2) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${server_len}s\n",$s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i
			}
		} else {
			foreach $k (sort { $s2{$b} <=> $s2{$a} } keys %s2) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "same_src_attack");  
		if ($opt_i == 1) {
			foreach $k (sort { $s2{$a} <=> $s2{$b} } keys %s2) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${server_len}s\n",
				$s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i
			}
		} else {
			foreach $k (sort { $s2{$b} <=> $s2{$a} } keys %s2) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",
				$s2{$k}/$total*100, $s2{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
	}
}
}


# to see how many attacks received by one host (destination correlated)
sub same_dst_attack {
$i=0;
my $description = $lang{"s3_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s3) ) ) {
	$n = keys %s3;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_dst_attack\" href=\"#top\">$description</a><CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border align=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Destination</td><td>Attack</td><td>Severity</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s3{$a} <=> $s3{$b} } keys %s3) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td><td>%-${sever_len}s</td></tr>\n",$s3{$k}/$total*100 , $s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	} else {
		foreach $k (sort { $s3{$b} <=> $s3{$a} } keys %s3) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${attack_len}s</td><td>%-${sever_len}s</td></tr>\n",$s3{$k}/$total*100 , $s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
#	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_dst_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 13 + $nb_len + 4 + $addr_len + 4 + $attack_len + 4 + $sever_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s3) ." ###\n");
		print FILEOUT ("    %    No      IP destination   Attack                                                                  Severity\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s3{$a} <=> $s3{$b} } keys %s3) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s3{$k}/$total*100 ,$s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		} else {
			foreach $k (sort { $s3{$b} <=> $s3{$a} } keys %s3) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s3{$k}/$total*100 ,$s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "same_dst_attack");
		if ($opt_i == 1) {
			foreach $k (sort { $s3{$a} <=> $s3{$b} } keys %s3) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s3{$k}/$total*100 ,
				$s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		} else {
			foreach $k (sort { $s3{$b} <=> $s3{$a} } keys %s3) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${attack_len}s  %-${sever_len}s\n",$s3{$k}/$total*100 ,
				$s3{$k},$_[1],$_[0],$_[2]) if $i < $n;
				++$i;
			}
		}
	}
}
}

#
# TO SEE THE POPULARITY OF ONE ATTACK METHOD
#
sub attack {
my $description = $lang{"s4_". $val_opt_l};
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"attack\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Attack</td><td>Priority</td><td>Severity</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s4{$a} <=> $s4{$b} } keys %s4) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			if ( ($link{$_[0]} =~ /(^.+),(.*$)/) && ($RULES == 1) ) {
				$url = init_url($1);
				printf FILEOUT ("<tr class=$STYLE><td>%2.2f</td><td>%-${nb_len}d</td><td><a href=$url$2 class=$STYLE target=_blank>%-${attack_len}s</a></td><td>%-${prior_len}d</td><td>%-${sever_len}s</td><td>%-20s</td></tr>\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			} else {
				printf FILEOUT ("<tr class=$STYLE><td>%2.2f</td><td>%-${nb_len}d</td><td>%-${attack_len}s</td><td>%-${prior_len}d</td><td>%-${sever_len}s</td><td>%-20s</td></tr>\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		}
	} else {
		foreach $k (sort { $s4{$b} <=> $s4{$a} } keys %s4) {
			@_ = split ",",$k;
			$STYLE = init_color($_[2]);
			if ( ($link{$_[0]} =~ /(^.+),(.*$)/ ) && ($RULES == 1) ) {
				$url = init_url($1);
				printf FILEOUT ("<tr class=$STYLE><td>%2.2f</td><td>%-${nb_len}d</td><td><a href=$url$2 class=$STYLE target=_blank>%-${attack_len}s</a></td><td>%-${prior_len}d</td><td>%-${sever_len}s</td></tr>\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			} else {
				printf FILEOUT ("<tr class=$STYLE><td>%2.2f</td><td>%-${nb_len}d</td><td>%-${attack_len}s</td><td>%-${prior_len}d</td><td>%-${sever_len}s</td></tr>\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		}
	}
	print FILEOUT ("</table><BR>\n");
#	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "attack() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 13 + $nb_len + 4 + $attack_len + 4 + $prior_len + 4 + $sever_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s4) ." of ". keys(%s4) ." ###\n");
		print FILEOUT ("    %    No     Attack                                                           Priority Severity\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s4{$a} <=> $s4{$b} } keys %s4) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${attack_len}s  %-${prior_len}d %-${sever_len}s\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		} else {
			foreach $k (sort { $s4{$b} <=> $s4{$a} } keys %s4) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${attack_len}s  %-${prior_len}d %-${sever_len}s\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {		
		section_header("$description\n", "attack");
		if ($opt_i == 1) {
			foreach $k (sort { $s4{$a} <=> $s4{$b} } keys %s4) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${attack_len}s  %-${prior_len}d %-${sever_len}s\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		} else {
			foreach $k (sort { $s4{$b} <=> $s4{$a} } keys %s4) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${attack_len}s  %-${prior_len}d %-${sever_len}s\n", $s4{$k}/$total*100,$s4{$k},$_[0],$_[1],$_[2]); 
				++$i;
			}
		}
	}
}
}


# to see the popularity of one source host 
sub same_class {
my $description = $lang{"s10_". $val_opt_l};
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_class\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Classification</td><td>Severity</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s10{$a} <=> $s10{$b} } keys %s10) {
			@_ = split ",",$k;
			$STYLE = init_color($_[1]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${class_len}s</td><td>%-${server_len}s</td></tr>\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
		}
	} else {
		foreach $k (sort { $s10{$b} <=> $s10{$a} } keys %s10) {
			@_ = split ",",$k;
			$STYLE = init_color($_[1]);
			printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${class_len}s</td><td>%-${server_len}s</td></tr>\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
		}
	}
	print FILEOUT ("</table><BR>\n");
#	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_class() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 13 + $nb_len + 4 + $class_len + 4 + $sever_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s10) ." of ". keys(%s10) ." ###\n");
		print FILEOUT ("    %    No       Classification                                               Severity\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s10{$a} <=> $s10{$b} } keys %s10) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${class_len}s  %-${server_len}s\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
			}
		} else {
			foreach $k (sort { $s10{$b} <=> $s10{$a} } keys %s10) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${class_len}s  %-${sever_len}s\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {		
		section_header("$description\n", "same_class");
		if ($opt_i == 1) {
			foreach $k (sort { $s10{$a} <=> $s10{$b} } keys %s10) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${class_len}s  %-${server_len}s\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
			}
		} else {
			foreach $k (sort { $s10{$b} <=> $s10{$a} } keys %s10) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${class_len}s  %-${sever_len}s\n", $s10{$k}/$total*100,$s10{$k},$_[0],$_[1]); 
			}
		}
	}
}
}



# to see the popularity of one source host 
sub attack_src {
$i=0;
my $description = $lang{"s5_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s5) ) ) {
	$n = keys %s5;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"attack_src\" href=\"#top\">$description</A></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	if ( ($opt_r == 1 ) && ($opt_w == 1) ) {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td><td>Resolve</td><td>Domain</td></tr>");
	} elsif ( $opt_r == 1 ) {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td><td>Resolve</td><td>Domain</td></tr>");
	} else {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td></tr>");
	}
	
	if ($opt_i == 1) {
		foreach $k (sort { $s5{$a} <=> $s5{$b} } keys %s5) {
			if ($i < $n) {
				if ( ($opt_r == 1) && ($opt_w == 1) ) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					$STYLE = init_color($src_host);
					$src_host =~ /(\w+$)/;
					whois();
					printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td><a href=$requestwhois target=_blank class=$STYLE>%-${addr_len}s</a></td><td>%-${resolve_len}s</td><td>%-${domain_len}s</td></tr>\n",$s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
				} elsif ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					$STYLE = init_color($src_host);
					$src_host =~ /(\w+$)/;
					printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${addr_len}s</td><td>%-${domain_len}s</td></tr>\n",$s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
				} elsif ( $opt_w == 1 ) {
					whois();
					$STYLE = "TB";
					printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td><a href=$requestwhois target=_blank>%-${addr_len}s</a></td></tr>\n",$s5{$k}/$total*100,$s5{$k},$k);

				} else {
					printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td></tr>\n", $s5{$k}/$total*100,$s5{$k},$k);
				}
			}
		++$i;
		}
	} else {
		foreach $k (sort { $s5{$b} <=> $s5{$a} } keys %s5) {
			if ($i < $n) {
				if ( ($opt_r == 1) && ($opt_w == 1) ) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					$STYLE = init_color($src_host);
					$src_host =~ /(\w+$)/;
					whois();
					printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td><a href=$requestwhois target=_blank class=$STYLE>%-${addr_len}s</a></td><td>%-${resolve_len}s</td><td>%-${domain_len}s</td></tr>\n",$s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
				} elsif ( $opt_r == 1 ) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					$STYLE = init_color($src_host);
					$src_host =~ /(\w+$)/;
					printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${resolve_len}s</td><td>%-${domain_len}s</td></tr>\n",$s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
				} elsif ( $opt_w == 1 ) {
					whois();
					$STYLE = "TB";
					printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td><a href=$requestwhois target=_blank>%-${addr_len}s</a></td></tr>\n",$s5{$k}/$total*100,$s5{$k},$k);
				} else {
					 printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td></tr>\n", $s5{$k}/$total*100,$s5{$k},$k);
				}
			}
		++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "attack_src() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		if ( ($opt_r == 1) && ($opt_w == 1) ) {
			$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len + 2 + $domain_len + 2 + $whois_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
			print FILEOUT ("    %    No      IP source        Resolve                                             Domain      Inetnum                            Netname                         Descr                 Email\n");
		} elsif ( $opt_r == 1 ) {
			$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len + 2 + $domain_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
			print FILEOUT ("    %    No      IP source        Resolve                                             Domain\n");
		} elsif ( $opt_w == 1 ) {
			$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $whois_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
			print FILEOUT ("    %    No      IP source        Inetnum                            Netname                         Descr                 Email\n");
		} else {
			$linelength = 13 + $nb_len + 4 + $addr_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
			print FILEOUT ("    %    No      IP source\n");
		}
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s5{$a} <=> $s5{$b} } keys %s5) {
				if ($i < $n) {
					if ( ($opt_r == 1) && ($opt_w == 1) ) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						$s40{"$1"}++;
						whois();
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s  %-${inetnum_len}s  %-${netname_len}s  %-${descr_len}s  %-${email_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1},$inetnum,$netname,$descr,$mail);
					} elsif ( $opt_r == 1 ) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
					} elsif ( $opt_w == 1 ) {
						whois();
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${inetnum_len}s  %-${netname_len}s  %-${descr_len}s  %-${email_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$inetnum,$netname,$descr,$mail);
					} else {
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s5{$k}/$total*100,$s5{$k},$k);
					}
				}
			++$i;
			}
		} else {
			foreach $k (sort { $s5{$b} <=> $s5{$a} } keys %s5) {
				if ($i < $n) {
					if ( ($opt_r == 1) && ($opt_w == 1) ) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						$s40{"$1"}++;
						whois();
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s  %-${inetnum_len}s  %-${netname_len}s  %-${descr_len}s  %-${email_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1},$inetnum,$netname,$descr,$mail);
					} elsif ( $opt_r == 1 ) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
					} elsif ( $opt_w == 1 ) {
						whois();
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${inetnum_len}s  %-${netname_len}s  %-${descr_len}s  %-${email_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$inetnum,$netname,$descr,$mail);
					} else {
						printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s5{$k}/$total*100,$s5{$k},$k);
					}
				}
			++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {		
		if ( ($opt_r == 1 ) && ($opt_w == 1) ) {
			section_header("$description\n", "attack_src_resolve_whois");
		} elsif ($opt_w == 1) {
			section_header("$description\n", "attack_src_whois");
		} elsif  ($opt_r == 1) {
			section_header("$description\n", "attack_src_resolve");
		} else {
			section_header("$description\n", "attack_src");
		}
		if ($opt_i == 1) {
			foreach $k (sort { $s5{$a} <=> $s5{$b} } keys %s5) {
				if ($i < $n) {
					if ( ($opt_r == 1) && ($opt_w == 1) ) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						$s40{"$1"}++;
						whois();
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s  %-${inetnum_len}s  %-${netname_len}s  %-${descr_len}s  %-${email_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1},$inetnum,$netname,$descr,$mail);
					} elsif ( $opt_r == 1 ) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						$s40{"$1"}++;
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
					} elsif ( $opt_w == 1 ) {
						whois();
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${inetnum_len}s  %-${netname_len}s  %-${descr_len}s  %-${email_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$inetnum,$netname,$descr,$mail);

					} else {
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s5{$k}/$total*100,$s5{$k},$k);
					}
				}
			++$i;
			}
		} else {
			foreach $k (sort { $s5{$b} <=> $s5{$a} } keys %s5) {
				if ($i < $n) {
					if ( ($opt_r == 1) && ($opt_w == 1) ) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						$s40{"$1"}++;
						whois();
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s  %-${inetnum_len}s  %-${netname_len}s  %-${descr_len}s  %-${email_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1},$inetnum,$netname,$descr,$mail);
					} elsif ( $opt_r == 1 ) {
						$host = resolve ($k);
						$src_host = $host if ($host ne $k);
						$src_host =~ /(\w+$)/;
						$s40{"$1"}++;
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s  %-${domain_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$src_host,$DomainName{$1});
					} elsif ( $opt_w == 1 ) {
						whois();
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${inetnum_len}s  %-${netname_len}s  %-${descr_len}s  %-${email_len}s\n", $s5{$k}/$total*100,$s5{$k},$k,$inetnum,$netname,$descr,$mail);

					} else {
						printf("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s5{$k}/$total*100,$s5{$k},$k);
					}
				}
			++$i;
			}
		}
	}
}
}







sub domain_src {
$i=0;
my $description = $lang{"s40_". $val_opt_l};
foreach $k (sort { $s5{$b} <=> $s5{$a} } keys %s5) {
	$host = resolve ($k);
	$src_host = $host if ($host ne $k);
	$src_host =~ /(\w+$)/;
	$s40{"$1"}++;
}
$i=0;
$max = 8;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s40) ) ) {
	$n = keys %s40;
	$max = $n if ( keys %s40 < 8);
} else {
	$n = $val_opt_n;
	$max = $n if ( keys %s40 < 8);
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"domain_src\" HREF=\"#top\">$description</a><CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Domain</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s40{$a} <=> $s40{$b} } keys %s40) {
			if ( $i < $n ) {
				$STYLE = init_color($k);
				printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${domain_len}s</td></tr>\n", $s40{$k}/(keys %s5)*100,$s40{$k},$DomainName{$k});
				push @list1 ,($s40{$k}) if ( $i < $max );
				push @list2 ,("$k") if ( $i < $max );
				++$i;
			}
		}
	} else {
		foreach $k (sort { $s40{$b} <=> $s40{$a} } keys %s40) {
			if ( $i < $n ) {
				$STYLE = init_color($k);
				printf FILEOUT ("<tr class=$STYLE><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${domain_len}s</td></tr>\n", $s40{$k}/(keys %s5)*100,$s40{$k},$DomainName{$k});
				push @list1 ,($s40{$k}) if ( $i < $max );
				push @list2 ,("$k") if ( $i < $max );
				++$i;
			}
		}
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("domain","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._domain.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("domain","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._domain.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "domain_crc() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $domain_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s40) ." ###\n");
		print FILEOUT ("    %    No      Domain\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $l (sort { $s40{$a} <=> $s40{$b} } keys %s40) {
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${domain_len}s\n", $s40{$l}/(keys %s5)*100,$s40{$l},$DomainName{$l}) if ( $i < $n );
				++$1;
			}
		} else {
			foreach $l (sort { $s40{$b} <=> $s40{$a} } keys %s40) {
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${domain_len}s\n", $s40{$l}/(keys %s5)*100,$s40{$l},$DomainName{$l}) if ( $i < $n );
				++$1;
			}
		}	
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");	
	} else {		
		section_header("$description\n", "domain_src");
		if ($opt{i}) {
			foreach $l (sort { $s40{$a} <=> $s40{$b} } keys %s40) {
				printf("  %5.2f  %-${nb_len}d  %-${domain_len}s\n", $s40{$l}/(keys %s5)*100,$s40{$l},$DomainName{$l}) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $l (sort { $s40{$b} <=> $s40{$a} } keys %s40) {
				printf("  %5.2f  %-${nb_len}d  %-${domain_len}s\n", $s40{$l}/(keys %s5)*100,$s40{$l},$DomainName{$l}) if ( $i < $n );
				++$i;
			}
		}
	}
}
}



# to see the popularity of one destination host
sub attack_dst {
$i=0;
my $description = $lang{"s6_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s6) ) ) {
	$n = keys %s6;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"attack_dst\" href=\"#top\">$description</a><CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	if ($opt_r) {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Destination</td><td>Resolve</td></tr>");
	} else {
		print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Destination</td></tr>");
	}

	if ($opt_i == 1) {
		foreach $k (sort { $s6{$a} <=> $s6{$b} } keys %s6) {
			if ($opt_r) {
				$host = resolve ($k);
				$src_host = $host if ($host ne $k);
				printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${resolve_len}s</td></tr>\n",$s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
			} else {
				printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td></tr>\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n;
			}
		++$i;
		}
	} else {
		foreach $k (sort { $s6{$b} <=> $s6{$a} } keys %s6) {
			if ($opt_r) {
				$host = resolve ($k);
				$src_host = $host if ($host ne $k);
				printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td><td>%-${resolve_len}s</td></tr>\n",$s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
			} else {
				printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${addr_len}s</td></tr>\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n;
			}
		++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "attack_dst() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		if ($opt_r) {
			$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len + 2 + $domain_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s6) ." ###\n");
			print FILEOUT ("    %    No      IP destination   Resolve\n");
			print FILEOUT ( '=' x $linelength, "\n");
		} else {
			$linelength = 13 + $nb_len + 4 + $addr_len;
			print FILEOUT ( '=' x $linelength, "\n");
			print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s6) ." ###\n");
			print FILEOUT ("    %    No      IP destination\n");
			print FILEOUT ( '=' x $linelength, "\n");
		}

		if ($opt_i == 1) {
			foreach $k (sort { $s6{$a} <=> $s6{$b} } keys %s6) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s\n", $s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
				} else {
					printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n; 
				}
			++$i;
			}
		} else {
			foreach $k (sort { $s6{$b} <=> $s6{$a} } keys %s6) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s\n", $s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
				} else {
					printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n; 
				}
			++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		if ($opt_r) {
			section_header("$description\n", "attack_dst_resolve");
		} else {
			section_header("$description\n", "attack_dst");
		}
		if ($opt_i == 1) {
			foreach $k (sort { $s6{$a} <=> $s6{$b} } keys %s6) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s\n", $s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
				} else {
					printf("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n; 
				}
			++$i;
			}
		} else {
			foreach $k (sort { $s6{$b} <=> $s6{$a} } keys %s6) {
				if ($opt_r) {
					$host = resolve ($k);
					$src_host = $host if ($host ne $k);
					printf("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-${resolve_len}s\n", $s6{$k}/$total*100,$s6{$k},$k,$src_host) if $i < $n;
				} else {
					printf("  %5.2f  %-${nb_len}d  %-${addr_len}s\n", $s6{$k}/$total*100,$s6{$k},$k) if $i < $n; 
				}
			++$i;
			}
		}
	}

}
}



# to see the activity by hour 
sub hour {
$max = 0;
my $description = $lang{"s7_". $val_opt_l};
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<H3><CENTER><A NAME=\"hour\" HREF=\"#top\">$description</A><CENTER></H3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><TD>Hour</TD><TD>No</TD><TD>%</TD><TD>Graph</TD></TR>");
	foreach $k (%s7) {
		$max = $s7{$k} if ($s7{$k} > $max);
	}
	my $ratio = $max/$total*100;
	
	foreach $k (sort { $a <=> $b } keys %s7) {
		my $num = $s7{$k}/$total*(50000/$ratio);
		printf FILEOUT ("<TR CLASS=TB><TD>%${hour_len}dh</TD><TD>%-${nb_len}d</TD><TD>%-2.2f</TD><TD WIDTH=$num><HR NOSHADE ALIGN=left SIZE=10 COLOR=#CCCCCC  WIDTH=%3d ></TD></TR>\n", $k,$s7{$k},$s7{$k}/$total*100,$num); 
		push @list1 ,($s7{$k});
		push @list2 ,($k);
	}
	print FILEOUT ("</TABLE>\n");
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("hours1","area") if ( $opt_g == 1 );
		print FILEOUT ("<BR><TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=.".$graph_name._hours1.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("hours1","area") if ( $opt_g == 1 );
		print FILEOUT ("<BR><TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=".$graph_name._hours1.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TD></TR></TABLE><BR>\n");
	}

	if (( $logids gt 0 ) and ( $opt_g == 1 )) {
		$compt = 1;
		foreach $k (sort { $a <=> $b } keys %s8) {
			@_ = split ",",$k;
			$beforeday = $_[0];
			$belowday = $beforeday if ( $compt == 1 );
			if ( $belowday < $beforeday ) {
				if ( $low ) {
					push @listlow ,($low);
					undef $low;
				} else {
					push @listlow ,(0);
				}
				if ( $medium ) {
					push @listmedium ,($medium);
					undef $medium;
				} else {
					push @listmedium ,(0);
				}
				if ( $high ) {
					push @listhigh ,($high);
					undef $high;
				} else {
					push @listhigh ,(0);
				}
				if ( $unknown ) {
					push @listunknown ,($unknown);
					undef $unknown;
				} else {
					push @listunknown ,(0);
				}
			}
			if ( $_[1] eq "low") {
				$low = $s8{$k};
			} elsif ( $_[1] eq "medium" ) {
				$medium = $s8{$k};
			} elsif ( $_[1] eq "high" ) {
				$high = $s8{$k};
			} elsif ( $_[1] eq "unknown" ) {
				$unknown = $s8{$k};
			}
			$belowday = $beforeday;
			$compt ++;
		}
		if ( $low ) {
			push @listlow ,($low);
			undef $low;
		} else {
			push @listlow ,(0);
		}
		if ( $medium ) {
			push @listmedium ,($medium);
			undef $medium;
		} else {
			push @listmedium ,(0);
		}
		if ( $high ) {
			push @listhigh ,($high);
			undef $high;
		} else {
			push @listhigh ,(0);
		}
		if ( $unknown ) {
			push @listunknown ,($unknown);
			undef $unknown;
		} else {
			push @listunknown ,(0);
		}
		init_graph("hours2","bars");
		if ( $opt_p == 1 ) {
			print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=.".$graph_name._hours2.".".$val_opt_g."></TD></TR><TR></TABLE><BR>\n");
		} else {
			print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><IMG SRC=".$graph_name._hours2.".".$val_opt_g."></TD></TR><TR></TABLE><BR>\n");
		}
	}
} else {
	foreach $k (%s7) {
		$max = $s7{$k} if ($s7{$k} > $max);
	}
	$ratio = $max/$total*100;
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "hour() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 13 + $nb_len + 2 + $hour_len + 2 + $graph_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". keys(%s7) ." of ". keys(%s7) ." ###\n");
		print FILEOUT ("  Hour No        %    Graph\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort keys %s7) {
			my $num = $s7{$k}/$total*75*(100 / $ratio);
			printf FILEOUT ("  %${hour_len}dh  %-${nb_len}d  %5.2f  %-${graph_len}s\n", $k,$s7{$k},$s7{$k}/$total*100, '#' x $num); 
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		section_header("$description\n", "hour");
		foreach $k (sort keys %s7) {
			my $num = $s7{$k}/$total*75*(100 / $ratio);
			printf("  %${hour_len}dh  %-${nb_len}d  %5.2f  %-${graph_len}s\n", $k,$s7{$k},$s7{$k}/$total*100, '#' x $num); 
		}
	}
}
}


sub same_hour_attack {
$i=0;
my $description = $lang{"s9_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s9) ) ) {
	$n = keys %s9;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"hour_attack\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Hour</td><td>Attack</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s9{$a} <=> $s9{$b} } keys %s9) {
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%${hour_len}dh</td><td>%-${attack_len}s</td></tr>\n",
			$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
			++$i
		}
	} else {
		foreach $k (sort { $s9{$b} <=> $s9{$a} } keys %s9) {
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%${hour_len}dh</td><td>%-${attack_len}s</td></tr>\n",
			$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_hour_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $hour_len + 4 + $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s9) ." ###\n");
		print FILEOUT ("    %    No      Heure  Attack\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s9{$a} <=> $s9{$b} } keys %s9) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %${hour_len}dh    %-${attack_len}s\n",
				$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
				++$i
			}
		} else {
			foreach $k (sort { $s9{$b} <=> $s9{$a} } keys %s9) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %${hour_len}dh    %-${attack_len}s\n",
				$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "same_hour_attack");  
		if ($opt_i == 1) {
			foreach $k (sort { $s9{$a} <=> $s9{$b} } keys %s9) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %${hour_len}dh    %-${attack_len}s\n",
				$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
				++$i
			}
		} else {
			foreach $k (sort { $s9{$b} <=> $s9{$a} } keys %s9) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %${hour_len}dh    %-${attack_len}s\n",
				$s9{$k}/$total*100, $s9{$k},$_[0],$_[1]) if $i < $n;
				++$i;
			}
		}
	}
}
}


sub dport {
$i = 0;
$max = 10;
my $description = $lang{"s16_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s16) ) ) {
	$n = keys %s16;
	$max = $n if ( keys %s16 < 10);
} else {
	$n = $val_opt_n;
	$max = $n if ( keys %s16 < 10);
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	@list1 = ();
	@list2 = ();
	print FILEOUT ("<h3><CENTER><a name=\"dport\" HREF=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=0 ALIGN=center><TR><TD><TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Destination Port</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s16{$a} <=> $s16{$b} } keys %s16) {
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${port_len}s</td></tr>\n",
			$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
			push @list1 ,($s16{$k}) if ( $i < $max );
			push @list2 ,("$k") if ( $i < $max );
			++$i;
		}
	} else {
		foreach $k (sort { $s16{$b} <=> $s16{$a} } keys %s16) {
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${port_len}s</td></tr>\n",
			$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
			push @list1 ,($s16{$k}) if ( $i < $max );
			push @list2 ,("$k") if ( $i < $max );
			++$i;
		}
	}
	if ( ( $opt_g == 1 ) && ( $opt_p == 1 ) ) {
		init_graph("dport","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=.".$graph_name._dport.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} elsif ( ( $opt_g == 1 ) && ( $opt_h == 1 ) ) {
		init_graph("dport","pie");
		print FILEOUT ("</TABLE></TD><TD WIDTH=300 ALIGN=right><IMG SRC=".$graph_name._dport.".".$val_opt_g."></TD></TR></TABLE><BR>\n");
	} else {
		print FILEOUT ("</TABLE></TD></TR></TABLE><BR>\n");
	}
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "dport() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s16) ." ###\n");
		print FILEOUT ("    %    No      Port\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s16{$a} <=> $s16{$b} } keys %s16) {
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${port_len}s\n",
				$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $k (sort { $s16{$b} <=> $s16{$a} } keys %s16) {
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${port_len}s\n",
				$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
				++$i;
			}
		}	
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "dport");  
		if ($opt_i == 1) {
			foreach $k (sort { $s16{$a} <=> $s16{$b} } keys %s16) {
				printf("  %5.2f  %-${nb_len}d  %-${port_len}s\n",
				$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $k (sort { $s16{$b} <=> $s16{$a} } keys %s16) {
				printf("  %5.2f  %-${nb_len}d  %-${port_len}s\n",
				$s16{$k}/$total*100, $s16{$k},$k) if ( $i < $n );
				++$i;
			}
		}
	}
}
}




sub dport_attack {
$i = 0;
my $description = $lang{"s18_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s18) ) ) {
	$n = keys %s18;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"port_attack\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Port</td><td>Attack</td></tr>");
	if ($opt_i == 1) {
		foreach $k (sort { $s18{$a} <=> $s18{$b} } keys %s18) {
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${port_len}s</td><td>%-${attack_len}s</td></tr>\n",
			$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
	} else {
		foreach $k (sort { $s18{$b} <=> $s18{$a} } keys %s18) {
			@_ = split ",",$k;
			printf FILEOUT ("<tr class=TB><td>%-2.2f</td><td>%-${nb_len}d</td><td>%-${port_len}s</td><td>%-${attack_len}s</td></tr>\n",
			$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "dport_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s18) ." ###\n");
		print FILEOUT ("    %    No      Port   Attack\n");
		print FILEOUT ( '=' x $linelength, "\n");
		if ($opt_i == 1) {
			foreach $k (sort { $s18{$a} <=> $s18{$b} } keys %s18) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${port_len}s  %-${attack_len}s\n",
				$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $k (sort { $s18{$b} <=> $s18{$a} } keys %s18) {
				@_ = split ",",$k;
				printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${port_len}s  %-${attack_len}s\n",
				$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
				++$i;
			}
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "dport_attack");  
		if ($opt_i == 1) {
			foreach $k (sort { $s18{$a} <=> $s18{$b} } keys %s18) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${port_len}s  %-${attack_len}s\n",
				$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
				++$i;
			}
		} else {
			foreach $k (sort { $s18{$b} <=> $s18{$a} } keys %s18) {
				@_ = split ",",$k;
				printf("  %5.2f  %-${nb_len}d  %-${port_len}s  %-${attack_len}s\n",
				$s18{$k}/$total*100, $s18{$k},$_[0],$_[1]) if ( $i < $n );
				++$i;
			}
		}
	}
}
}




sub reasons {
$i = 0;
my $description = $lang{"s12_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s12) ) ) {
	$n = keys %s12;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"reasons\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Reasons</td></tr>");
        foreach $k (sort { $s12{$b} <=> $s12{$a} } keys %s12) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-32s</TD></TR>\n", $s12{$k}/$total*100,$s12{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "reasons() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s12) ." ###\n");
		print FILEOUT ("    %    No      Reasons\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s12{$b} <=> $s12{$a} } keys %s12) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-50s\n", $s12{$k}/$total*100,$s12{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		section_header("$description\n", "reasons");
		foreach $k (sort { $s12{$b} <=> $s12{$a} } keys %s12) {
			printf("  %5.2f  %-${nb_len}d  %-50s\n", $s12{$k}/$total*100,$s12{$k},$k) if ( $i < $n );
			++$i;
		}
	}
}
}



sub actions {
$i = 0;
my $description = $lang{"s14_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s14) ) ) {
	$n = keys %s14;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"actions\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Actions</td></tr>");
        foreach $k (sort { $s14{$b} <=> $s14{$a} } keys %s14) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-32s</TD></TR>\n", $s14{$k}/$total*100,$s14{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "actions() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $actions_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s14) ." ###\n");
		print FILEOUT ("    %    No      Actions\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s14{$b} <=> $s14{$a} } keys %s14) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-10s\n", $s14{$k}/$total*100,$s14{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {
		section_header("$description\n", "actions");
		foreach $k (sort { $s14{$b} <=> $s14{$a} } keys %s14) {
			printf("  %5.2f  %-${nb_len}d  %-10s\n", $s14{$k}/$total*100,$s14{$k},$k) if ( $i < $n );
			++$i;
		}
	}
}
}






sub rules {
$i = 0;
my $description = $lang{"s21_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s21) ) ) {
	$n = keys %s21;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"rules\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Rules</td></tr>");
        foreach $k (sort { $s21{$b} <=> $s21{$a} } keys %s21) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-32s</TD></TR>\n", $s21{$k}/$total*100,$s21{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "rules() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $actions_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s21) ." ###\n");
		print FILEOUT ("    %    No      Rules\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s21{$b} <=> $s21{$a} } keys %s21) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-4d\n", $s21{$k}/$total*100,$s21{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "rules");
		foreach $k (sort { $s21{$b} <=> $s21{$a} } keys %s21) {
			printf("  %5.2f  %-${nb_len}d  %-4d\n", $s21{$k}/$total*100,$s21{$k},$k) if ( $i < $n );
			++$i;
		}	
	}
}
}



sub defense_attack {
$i = 0;
my $description = $lang{"s24_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s24) ) ) {
	$n = keys %s24;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"defense_attack\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><td>%</td><td>No</td><td>Attack</td><td>Info</td></tr>\n");
        foreach $k (sort { $s24{$b} <=> $s24{$a} } keys %s24) {
		@_ = split ",",$k;
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-30s</TD><TD>%-30s</TD></TR>\n", $s24{$k}/$total*100,$s24{$k},$_[0],$_[1]) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "defense_attack() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s24) ." ###\n");
		print FILEOUT ("    %    No      SmartDefense Attack             Infos\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s100{$b} <=> $s100{$a} } keys %s24) {
			@_ = split ",",$k;
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s24{$k}/$total*100,$s24{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "defense_attack");
		foreach $k (sort { $s24{$b} <=> $s24{$a} } keys %s24) {
			@_ = split ",",$k;
			printf("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s24{$k}/$total*100,$s24{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}	
	}
}
}







sub hwlog {
$i = 0;
my $description = $lang{"s300_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s300) ) ) {
	$n = keys %s300;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"hwlog\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><td>%</td><td>No</td><td>Type</td></tr>\n");
        foreach $k (sort { $s300{$b} <=> $s300{$a} } keys %s300) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-30s</TD></TR>\n", $s300{$k}/$total*100,$s300{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "hwlog() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $actions_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s300) ." ###\n");
		print FILEOUT ("    %    No      Type\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s300{$b} <=> $s300{$a} } keys %s300) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s300{$k}/$total*100,$s300{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "hwlog");
		foreach $k (sort { $s300{$b} <=> $s300{$a} } keys %s300) {
			printf("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s300{$k}/$total*100,$s300{$k},$k) if ( $i < $n );
			++$i;
		}	
	}
}
}









sub typelog {
$i = 0;
my $description = $lang{"s17_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s17) ) ) {
	$n = keys %s17;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"typelog\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<TR CLASS=TH ALIGN=center><td>%</td><td>No</td><td>Type</td></tr>\n");
        foreach $k (sort { $s17{$b} <=> $s17{$a} } keys %s17) {
                printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-30s</TD></TR>\n", $s17{$k}/$total*100,$s17{$k},$k) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "typelog() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $actions_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s17) ." ###\n");
		print FILEOUT ("    %    No      Type\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s17{$b} <=> $s17{$a} } keys %s17) {
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s17{$k}/$total*100,$s17{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "typelog");
		foreach $k (sort { $s17{$b} <=> $s17{$a} } keys %s17) {
			printf("  %5.2f  %-${nb_len}d  %-30s  %-30s\n", $s17{$k}/$total*100,$s17{$k},$k) if ( $i < $n );
			++$i;
		}	
	}
}
}





sub same_src_dport {
$i = 0;
my $description = $lang{"s22_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s22) ) ) {
	$n = keys %s22;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_src_dport\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Ip Src</td><td>Dport</td></tr>");
        foreach $k (sort { $s22{$b} <=> $s22{$a} } keys %s22) {
		@_ = split ",",$k;
		printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-${addr_len}s</TD><TD>%-5s</TD></TR>\n", $s22{$k}/$total*100,$s22{$k},$_[0],$_[1]) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_src_dport() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s22) ." ###\n");
		print FILEOUT ("    %    No      Ip Src           Dport\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s22{$b} <=> $s22{$a} } keys %s22) {
			@_ = split ",",$k;
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-5s\n", $s22{$k}/$total*100,$s22{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "same_src_dport");
		foreach $k (sort { $s22{$b} <=> $s22{$a} } keys %s22) {
			@_ = split ",",$k;
			printf ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-5s\n", $s22{$k}/$total*100,$s22{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}	
	}
}
}



sub same_dst_dport {
$i = 0;
my $description = $lang{"s23_". $val_opt_l};
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s23) ) ) {
	$n = keys %s23;
} else {
	$n = $val_opt_n;
}
if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"same_dst_dport\" href=\"#top\">$description</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>Ip Dest</td><td>Dport</td></tr>");
        foreach $k (sort { $s23{$b} <=> $s23{$a} } keys %s23) {
		@_ = split ",",$k;
		printf FILEOUT ("<TR CLASS=TB><TD>%2.2f</TD><TD>%-${nb_len}d</TD><TD>%-${addr_len}s</TD><TD>%-5s</TD></TR>\n", $s23{$k}/$total*100,$s23{$k},$_[0],$_[1]) if ( $i < $n );
		++$i;
        }
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "same_dst_dport() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "$description\n";
		$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### ". $n ." of ". keys(%s23) ." ###\n");
		print FILEOUT ("    %    No      Ip Src           Dport\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s23{$b} <=> $s23{$a} } keys %s23) {
			@_ = split ",",$k;
			printf FILEOUT ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-5s\n", $s23{$k}/$total*100,$s23{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("$description\n", "same_dst_dport");
		foreach $k (sort { $s23{$b} <=> $s23{$a} } keys %s23) {
			@_ = split ",",$k;
			printf ("  %5.2f  %-${nb_len}d  %-${addr_len}s  %-5s\n", $s23{$k}/$total*100,$s23{$k},$_[0],$_[1]) if ( $i < $n );
			++$i;
		}	
	}
}
}














sub init_domains {
open(DOMAINS,$domains_file) or die "Can not open domain file: $domains_file $!\n";
$MaxDomain=0;
while (<DOMAINS>) {
	next if (/^$/ or /^#/);
	$Dots=1;
	($Code,$Description) = /(^\S+)\s+(.*)/;
	$Code =~ tr/A-Z/a-z/;
	$DomainName{$Code}="$Description";
	$Dots++ while $Code =~ /\./g;
	$MaxDomain=$Dots if ($Dots >$MaxDomain);
}
close(DOMAINS);
}



sub init_lang {
my $orig;
my $translation;
open(LANG,$lang_file) or die "Can not open language file: $lang_file $!\n";
while (<LANG>) {
	next if (/^$/ or /^#/);
	($orig,$translation) = /(^\S+)\s+(.*)/;
	$lang{$orig}="$translation";
}
close(LANG);
}



sub init_rules {
open(RULES,$rules_file) or die "Can not open rules file: $rules_file $!\n";
while (<RULES>) {
	next if (/^$/ or /^#/);
	($descr_attack,$link_attack) = /(^.+})\s+(.*)$/;
	$link{$descr_attack}="$link_attack";
}
close(RULES);
}



sub init_hw {
open(HW,$hw_file) or die "Can not open hardware file: $hw_file $!\n";
while (<HW>) {
	next if (/^$/ or /^#/);
	($hw_id,$hw_info) = /^(\%\S+)\s+(.*)$/;
	$hw{$hw_id}="$hw_info";
}
close(HW);
}



sub init_color {
my $LOG = shift;
my $COLOR;
if (($LOG eq "high") || ($LOG =~ /nresolved/)) {
	$COLOR="TBR";
} elsif ($LOG eq "unknown") {
	$COLOR="TBG";
} else {
	$COLOR="TB";
}
return ($COLOR)
}




sub init_url {
my $LOG = shift;
my $URL;
if ($LOG eq "bugtraq") {
	$URL="http://www.securityfocus.com/bid/";
} elsif ($LOG eq "arachnids") {
	$URL="http://www.whitehats.com/info/IDS";
} elsif ($LOG eq "cve") {
	$URL="http://cve.mitre.org/cgi-bin/cvename.cgi?name=";
} elsif ($LOG eq "nessus") {
	$URL="http://cgi.nessus.org/plugins/dump.php3?id=";
} elsif ($LOG eq "MCAFEE") {
	$URL="http://vil.nai.com/vil/content/v_";
} elsif ($LOG eq "url") {
	$URL="http://";
}
return ($URL);
}





sub init_pixlog {
%pixlog = qw (
	1 Alert
	2 Critical
	3 Error
	4 Warning
	5 Notification
	6 Informational
	7 Debugging);
}






sub init_monthday {
%monthday = qw (
	Jan 1
	Feb 2
	Mar 3
	Apr 4
	May 5
	Jun 6
	Jul 7
	Aug 8
	Sep 9
	Oct 10
	Nov 11
	Dec 12);
}



sub init_daymonth {
%daymonth = qw (
	1 Jan
	2 Feb
	3 Mar
	4 Apr
	5 May
	6 Jun
	7 Jul
	8 Aug
	9 Sep
	10 Oct 
	11 Nov
	12 Dec
	01 Jan
	02 Feb
	03 Mar
	04 Apr
	05 May
	06 Jun
	07 Jul
	08 Aug
	09 Sep);
}




sub search_date {
my $tab = shift;
my $MONTH = $tab->{MON};
my $DAY = $tab->{DAY};
my $HOUR = $tab->{HOUR};
my $MIN = $tab->{MIN};
my $SEC = $tab->{SEC};
if ( $MONTH >= $maxmonth) {
	if ($MONTH > $maxmonth) {
		$maxday = 0; $maxhour = 0; $maxmin = 0; $maxsec = 0;
	} 
	if ($DAY >= $maxday) {
		if ($DAY > $maxday) {
			$maxhour = 0; $maxmin = 0; $maxsec = 0;
		} 
		if ( $HOUR >= $maxhour) {
			if ($HOUR > $maxhour) {
				$maxmin = 0; $maxsec = 0;
			} 
			if ($MIN >= $maxmin) {
				if ($MIN > $maxmin) {
					$maxsec = 0;
				} 
				if ($SEC >= $maxsec) {
					$maxmonth = $MONTH;
					$maxday = $DAY;
					$maxhour = $HOUR;
					$maxmin = $MIN;
					$maxsec = $SEC;
#					print "MAX: $maxmonth\t$maxday\t$maxhour\t$maxmin\t$maxsec\n";
				}
			}
		}
	}
}	
if ( $MONTH <= $minmonth) {
	if ($MONTH < $minmonth) {
	$minday = 31; $minhour = 23; $minmin = 59; $minsec = 59;
	} 
	if ($DAY <= $minday) {
		if ($DAY < $minday) {
			$minhour = 23; $minmin = 59; $minsec = 59;
		} 
		if ( $HOUR <= $minhour) {
			if ($HOUR < $minhour) {
				$minmin = 59; $minsec = 59;
			} 
			if ($MIN <= $minmin) {
				if ($MIN < $minmin) {
					$minsec = 59;
				} 
				if ($SEC <= $minsec) {
					$minmonth = $MONTH;
					$minday = $DAY;
					$minhour = $HOUR;
					$minmin = $MIN;
					$minsec = $SEC;
#					print "MIN: $minmonth\t$minday\t$minhour\t$minmin\t$minsec\n";
				}
			}
		}
	}
}
}



sub search_filter {
	$filter = "";
	if ( $opt_fsrc == 1 ) {
		$filter = $filter ." src = $val_opt_fsrc ";
	}
	if ( $opt_fdst == 1 ) {
		$filter = $filter ." dst = $val_opt_fdst ";
	}
	if ( $opt_fmonth == 1 ) {
		$filter = $filter ." month = $val_opt_fmonth ";
	}
	if ( $opt_fday == 1 ) {
		$filter = $filter ." day = $val_opt_fday ";
	}
	if ( $opt_fhost == 1 ) {
		$filter = $filter ." host = $val_opt_fhost ";
	}
	if ( $opt_fether == 1 ) {
		$filter = $filter ." ether = $val_opt_fether ";
	}
	if ( $opt_fseverity == 1 ) {
		$filter = $filter ." severity = $val_opt_fseverity ";
	}
	if ( $opt_fproto == 1 ) {
		$filter = $filter ." protocol = $val_opt_fproto ";
	}
	if ( $opt_faction == 1 ) {
		$filter = $filter ." action = $val_opt_faction ";
	}
	if ( $opt_frule == 1 ) {
		$filter = $filter ." rule = $val_opt_frule ";
	}
	if ( $opt_fdport == 1 ) {
		$filter = $filter ." dport = $val_opt_fdport ";
	}
	if ( $opt_ftype == 1 ) {
		$filter = $filter ." type = $val_opt_ftype ";
	}
}





sub portscan {
$i = 0;
if ( ( $opt_n != 1 ) || ( $val_opt_n > keys(%s25) ) ) {
	$n = keys %s25;
} else {
	$n = $val_opt_n;
}

if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<h3><CENTER><a name=\"portscan\" href=\"#top\">Portscan List</a></CENTER></h3>\n");
	print FILEOUT ("<TABLE BORDER=$border ALIGN=center>\n");
	print FILEOUT ("<tr class=TH align=center><td>%</td><td>No</td><td>IP Source</td></tr>");
	foreach $k (sort { $s25{$b} <=> $s25{$a} } keys %s25) {
		printf FILEOUT ("<tr class=TB><TD>%-2.2f</TD><TD>%-${nb_len}d</TD><TD>%-${addr_len}s\n", $s25{$k}/$total*100,$s25{$k},$k) if ( $i < $n );
		++$i;
	}
	print FILEOUT ("</table><BR>\n");
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "portscan() :\t\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT "Portscans performed to/from HOME_NET\n";
		$linelength = 40;
		print FILEOUT ( '=' x $linelength, "\n");
		print FILEOUT (" " x 4, "### Portscan List ###\n");
		print FILEOUT ("    %    No     IP source\n");
		print FILEOUT ( '=' x $linelength, "\n");
		foreach $k (sort { $s25{$b} <=> $s25{$a} } keys %s25) {
			printf FILEOUT ("  %5.2f  %-4d   %-${addr_len}s\n", $s25{$k}/$total*100,$s25{$k},$k) if ( $i < $n );
			++$i;
		}
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
		section_header("Portscans performed to/from HOME_NET\n", "portscan");
		foreach $k (sort { $s25{$b} <=> $s25{$a} } keys %s25) {
			printf("  %5.2f  %-6d  %-${addr_len}s\n", $s25{$k}/$total*100,$s25{$k},$k) if ( $i < $n );
			++$i;
		}
	}
}
}



# print the footer (needed for html)
sub print_footer {
if ( $opt{dbmdir} ) {
	unlink $opt{dbmdir} ."snortalog_dbms0" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms1" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms2" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms3" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms4" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms5" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms6" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms7" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms8" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms9" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms10" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms11" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms12" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms13" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms14" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms15" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms16" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms17" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms18" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms19" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms20" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms21" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms22" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms23" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms24" or die "Couldn't delete DB_File: $!\n";
	unlink $opt{dbmdir} ."snortalog_dbms25" or die "Couldn't delete DB_File: $!\n";
	dbmclose %s0;
	dbmclose %s1;
	dbmclose %s2;
	dbmclose %s3;
	dbmclose %s4;
	dbmclose %s5;
	dbmclose %s6;
	dbmclose %s7;
	dbmclose %s8;
	dbmclose %s9;
	dbmclose %s10;
	dbmclose %s11;
	dbmclose %s12;
	dbmclose %s13;
	dbmclose %s14;
	dbmclose %s15;
	dbmclose %s16;
	dbmclose %s17;
	dbmclose %s18;
	dbmclose %s19;
	dbmclose %s20;
	dbmclose %s21;
	dbmclose %s22;
	dbmclose %s23;
	dbmclose %s24;
	dbmclose %s25;
}

if ( ( $opt_h == 1 ) || ( $opt_p == 1 ) ) {
	print FILEOUT ("<CENTER>Generated by <A HREF=http://jeremy.chartier.free.fr/snortalog/>SnortALog</A> Version: $version ( Date: $datever )</CENTER>\n");
	print FILEOUT ("<CENTER><A HREF=mailto:jeremy.chartier\@free.fr>Jeremy CHARTIER</A></CENTER>\n");
	print FILEOUT ("</BODY>\n</HTML>");
	close (FILEOUT);
} else {
	if ( $opt{x} ) {
		$scrolled_status->insert('end', "print_footer() :\t\t\t");
		open (FILEOUT, ">$tmpout_file") or die "Can not open file: $tmpout_file\n";
		print FILEOUT ("\n");
		print FILEOUT ("Version: $version\n");
		print FILEOUT ("Jeremy CHARTIER, <jeremy.chartier\@free.fr>\n");
		print FILEOUT ("Date: $datever\n");
		close (FILEOUT);
		open (FILEIN, "<$tmpout_file") or die "Can access file : $tmpout_file\n";
		while (<FILEIN>) {
			chomp $_;
			$scrolled_result->insert('end', "$_\n");
		}
		close (FILEIN);
		$scrolled_result->insert('end', "\n");
		$scrolled_status->insert('end', "OK\n");
	} else {	
print <<FootMessage

Version: $version
Jeremy CHARTIER, <jeremy.chartier\@free.fr>
Date: $datever
FootMessage
}
}
}


#
# resolve host name and cache it
#
sub resolve {
my $Address=shift;
my $Hostname;
if ($Address =~ /(\d+\.\d+\.\d+\.\d+)/) {
	$Hostname = gethostbyaddr(inet_aton($Address),AF_INET) or $Hostname="unresolved";
}
return $Hostname;
}






# Use a title and a short code to write the section headers
# This is used in place of a FORMAT as this allows variable column widths
# contributed by: Ned Patterson, <jpatter@alum.mit.edu>
#
sub section_header {
my $linelength;
$title = shift; 
$report = shift;
$_ = shift;
print BOLD,("\n\n$title"), RESET;

if ( $report eq "attack_src_resolve") {
	$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len + 2 + $domain_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
	print("    %    No      IP source        Resolve                                             Domain\n");
} elsif ($report eq "attack_src_whois") {
	$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $whois_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
	print("    %    No      IP source        Inetnum                            Netname                         Descr                 Email\n");
} elsif ($report eq "attack_src_resolve_whois") {
	$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len + 2 + $domain_len + 2 + $whois_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
	print("    %    No      IP source        Resolve                                             Domain      Inetnum                            Netname                         Descr                 Email\n");
} elsif ($report eq "domain_src") {
	$linelength = 11 + $domain_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s40) ." ###\n");
	print("    %    No      Domain\n");
} elsif ($report eq "attack_dst_resolve") {
	$linelength = 11 + $nb_len + 2 + $addr_len + 2 + $resolve_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s6) ." ###\n");
	print("    %    No      IP destination   Resolve\n");
} elsif ($report eq "attack") {
	$linelength = 13 + $nb_len + 4 + $attack_len + 4 + $prior_len + 4 + $sever_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s4) ." of ". keys(%s4) ." ###\n");
	print("    %    No      Attack                                                           Priority Severity\n");
} elsif ($report eq "nids") {
	$linelength = 50;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s13) ." of ". keys(%s13) ." ###\n");
	print("    %    No      Host Logger\n");
} elsif ($report eq "proto") {
	$linelength = 50;
	print( '=' x $linelength, "\n");
	print (" " x 4, "### ". keys(%s11) ." of ". keys(%s11) ." ###\n");
	print("    %    No      Protocols\n");
} elsif ($report eq "interfaces") {
	$linelength = 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s1) ." of ". keys(%s1) ." ###\n");
	print("    %    No      Interfaces\n");
} elsif ($report eq "same_class") {
	$linelength = 13 + $nb_len + 4 + $class_len + 4 + $sever_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s10) ." of ". keys(%s10) ." ###\n");
	print("    %    No      Classification                                                Severity\n");
} elsif ($report eq "same_hour_attack") {
	$linelength = 11 + $nb_len + 4 + $hour_len + 4 + $attack_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s9) ." ###\n");
	print("    %    No      Heure  Attack\n");
} elsif ($report eq "same_src_attack") {
	$linelength = 11 + $nb_len + 4 + $addr_len + 4 + $attack_len + 4 + $sever_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s2) ." ###\n");
	print("    %    No      IP source        Attack                                                                  Severity\n");
} elsif ($report eq "same_dst_attack") {
	$linelength = 13 + $nb_len + 4 + $addr_len + 4 + $attack_len + 4 + $sever_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s3) ." ###\n");
	print("    %    No      IP destination   Attack                                                                  Severity\n");
} elsif ($report eq "same_src_dst_attack") {
	$linelength = 13 + $nb_len + 4 + $addr_len + 4 + $addr_len + 4 + $attack_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s0) ." ###\n");
	print("    %    No      IP source        IP destination   Attack\n");
} elsif ($report eq "dport_attack") {
	$linelength = 11 + $nb_len + 4 + $port_len + 4 +  $attack_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s18) ." ###\n");
	print("    %    No      Port   Attack\n");
} elsif ($report eq "dport") {
	$linelength = 11 + $nb_len + 4 + $port_len + 4;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s16) ." ###\n");
	print("    %    No      Port\n");
} elsif ($report eq "same_src_dport") {
	$linelength = 13 + $nb_len + 4 + 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s22) ." ###\n");
	print("    %    No      IP Src           Dport\n");
} elsif ($report eq "same_dst_dport") {
	$linelength = 13 + $nb_len + 4 + 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s23) ." ###\n");
	print("    %    No      IP Dest          Dport\n");
} elsif ($report eq "reasons") {
	$linelength = 13 + $nb_len + 4 + 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s12) ." ###\n");
	print("    %    No      Reasons\n");
} elsif ($report eq "actions") {
	$linelength = 13 + $nb_len + 4 + 6;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s14) ." ###\n");
	print("    %    No      Actions\n");
} elsif ($report eq "rules") {
	$linelength = 13 + $nb_len + 4 + 6;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s21) ." ###\n");
	print("    %    No      Rules\n");
} elsif ($report eq "defense_attack") {
	$linelength = 13 + $nb_len + 4 + 70;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s24) ." ###\n");
	print("    %    No      SmartDefense Attack             Infos\n");
} elsif ($report eq "typelog") {
	$linelength = 13 + $nb_len + 4 + 30;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s17) ." ###\n");
	print("    %    No      Type\n");
} elsif ($report eq "hwlog") {
	$linelength = 13 + $nb_len + 4 + 50;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s300) ." ###\n");
	print("    %    No      Type\n");
} elsif ($report eq "daily_event") {
	$linelength = 20 + $nb_len + 6 + $graph_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s19) ." of ". keys(%s19) ." ###\n");
	print(" Day Month   No        %    Graph\n");
} elsif ($report eq "hour") {
	$linelength = 13 + $nb_len + 2 + $hour_len + 2 + $graph_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s7) ." of ". keys(%s7) ." ###\n");
	print("  Hour No        %    Graph\n");
} elsif ($report eq "portscan") {
	$linelength = 40;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### Portscan List ###\n");
	print("    %    No      IP source\n");
} elsif ($report eq "attack_dst") {
	$linelength = 13 + $nb_len + 4 + $addr_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s6) ." ###\n");
	print("    %    No      IP destination\n");
} elsif ($report eq "attack_src") {
	$linelength = 13 + $nb_len + 4 + $addr_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". $n ." of ". keys(%s5) ." ###\n");
	print("    %    No      IP source\n");
} elsif ($report eq "severity") {
	$linelength = 13 + $nb_len + 2 + $sever_len + 2 + $graph_len;
	print( '=' x $linelength, "\n");
	print(" " x 4, "### ". keys(%s20) ." of ". keys(%s20) ." ###\n");
	print("    %    No      Severity Graph\n");
}
	print( '=' x $linelength, "\n");
}








sub record_data {
	my $record = shift;
	if ( ($opt_fsrc || $opt_fdst || $opt_fproto || $opt_fdport || $opt_fmonth || $opt_fday || $opt_fhour || $opt_fseverity || $opt_faction || $opt_frule || $opt_ftype) == 1 ) {
		if ( ($record->{PROTO} ne $val_opt_fproto) && ($opt_fproto == 1) ) {
		} elsif ( ($record->{SADDR} ne $val_opt_fsrc) && ($opt_fsrc == 1) ) {
		} elsif ( ($record->{DADDR} ne $val_opt_fdst) && ($opt_fdst == 1) ) {
		} elsif ( ($record->{DPORT} ne $val_opt_fdport) && ($opt_fdport == 1) ) {
		} elsif ( ($record->{ETHER} ne $val_opt_fether) && ($opt_fether == 1) ) {
		} elsif ( ($record->{HOUR} ne $val_opt_fhour) && ($opt_fhour == 1) ) {
		} elsif ( ($record->{DAY} ne $val_opt_fday) && ($opt_fday  == 1) ) {
		} elsif ( ($record->{MON} ne $val_opt_fmonth) && ($opt_fmonth  == 1) ) {
		} elsif ( ($record->{HOST} ne $val_opt_fhost) && ($opt_fhost == 1) ) {
		} elsif ( ($record->{SEVERITY} ne $val_opt_fseverity) && ($opt_fseverity == 1) ) {
		} elsif ( ($record->{ACTION} ne $val_opt_faction) && ($opt_faction == 1) ) {
		} elsif ( ($record->{RULE} ne $val_opt_frule) && ($opt_frule == 1) ) {
		} elsif ( ($record->{TYPE} ne $val_opt_ftype) && ($opt_ftype == 1) ) {
		} else {
			search_date($record);
			process_data($record);
			++$logfw if ( $record->{TYPE} =~ m/Fire|ipfilter|pfilter|netfilter|Smart|pix/ox );
			++$logpix if ( $record->{TYPE} =~ m/pix/ox );
			++$logids if ( $record->{TYPE} =~ m/snort/ox );
		}
	} else {
		search_date($record);
		process_data($record);
		++$logfw if ( $record->{TYPE} =~ m/Fire|ipfilter|pfilter|netfilter|Smart|pix/ox );
		++$logpix if ( $record->{TYPE} =~ m/pix/ox );
		++$logids if ( $record->{TYPE} =~ m/snort/ox );
	}	
}




# Put data $alert into matrix for further process
# INPUT: $alert
sub process_data {
	$self = shift;
	# put those data into a big matrix
#	if ( $self->{TYPE} eq "smartdefense" ) {
#		push @resultdefense , [$self->{ATTACK_INFO},$self->{ATTACK}];
	if ($self->{PLUGIN} eq "alerthw") {
		push @resulthw , [$self->{MON},$self->{DAY},$self->{HOUR},$self->{MIN},
		$self->{SEC},$self->{HOST},$self->{HW_INFO}];
	} elsif ($self->{PLUGIN} eq "alert") {
		$self->{SIG} =~ s/\:$//o;
		push @result , [$self->{MON},$self->{DAY},$self->{HOUR},$self->{MIN},
		$self->{SEC},$self->{HOST},$self->{SIG},$self->{SADDR},
		$self->{SPORT},$self->{DADDR},$self->{DPORT},$self->{CLASS},
		$self->{PRIORITY},$self->{SEVERITY},$self->{ETHER},
		$self->{PROTO},$self->{ACTION},$self->{REASON},$self->{RULE},
		$self->{TYPE},$self->{PLUGIN},$self->{ATTACK},$self->{ATTACK_INFO}];
		$lastwassnort = 1;
	} else {
		print "Unknown alert type plugin! $self->{TYPE}:$self->{PLUGIN} Skipped!\n" if $opt{d};
		return;
	}
}




