diff options
author | Mika Havela <mika.havela@gmail.com> | 2008-01-23 20:13:26 +0000 |
---|---|---|
committer | Mika Havela <mika.havela@gmail.com> | 2008-01-23 20:13:26 +0000 |
commit | 5f605e967d42034581ffabd9df9f43de836b30f9 (patch) | |
tree | 2249c20d8cb5880a14a6df42103251e3e1fb9639 | |
parent | 8d89479e98beed2065ea4d1619cbf8f185dd9fb0 (diff) | |
download | acf-snort-5f605e967d42034581ffabd9df9f43de836b30f9.tar.bz2 acf-snort-5f605e967d42034581ffabd9df9f43de836b30f9.tar.xz |
Removing presentation of categorie because this is already presented in the header.
Displaying a globe for each URL that exists for each alert.
git-svn-id: svn://svn.alpinelinux.org/acf/snort/trunk@631 ab2d0c66-481e-0410-8bed-d214d4d58bed
-rw-r--r-- | snort-model.lua | 9 | ||||
-rw-r--r-- | snort-status-html.lsp | 10 |
2 files changed, 17 insertions, 2 deletions
diff --git a/snort-model.lua b/snort-model.lua index 97e08ba..c812a99 100644 --- a/snort-model.lua +++ b/snort-model.lua @@ -73,6 +73,9 @@ function read_alert() if (alertpriority[priority][classification][currid]["value"] == nil) then alertpriority[priority][classification][currid]["value"] = {} end + if (alertpriority[priority][classification][currid]["url"] == nil) then + alertpriority[priority][classification][currid]["url"] = {} + end -- COUNTER if not (count[priority..classification..currid]) then count[priority..classification..currid] = 0 @@ -84,8 +87,12 @@ function read_alert() if (rowvalue == "") then break end - if (rowvalue) then + if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then table.insert(alertpriority[priority][classification][currid]["value"],rowvalue) + elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then + for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do + table.insert(alertpriority[priority][classification][currid]["url"],v) + end end end alertcount = alertcount + 1 diff --git a/snort-status-html.lsp b/snort-status-html.lsp index 0eac963..5c35e30 100644 --- a/snort-status-html.lsp +++ b/snort-status-html.lsp @@ -30,7 +30,15 @@ <? for l=2, table.maxn(view.alertresult[i]["value"][j][k]["value"]) do ?> <?= view.alertresult[i]["value"][j][k]["value"][l] ?><BR> <? end ?> - <I>(This alarm is repeated <B><?= view.alertresult[i]["value"][j][k]["count"] ?></B> times)</I></p> + <I>(This alarm is repeated <B><?= view.alertresult[i]["value"][j][k]["count"] ?></B> times)</I> + <? if (table.maxn(view.alertresult[i]["value"][j][k]["url"]) ~= 0) then ?> + ( URL's: + <? for q=1, table.maxn(view.alertresult[i]["value"][j][k]["url"]) do ?> + <a href="<?= view.alertresult[i]["value"][j][k]["url"][q] ?>" target="_new"><img src="/static/tango/16x16/categories/applications-internet.png" alt="<?= view.alertresult[i]["value"][j][k]["url"][q] ?>"></a> + <? end ?> + ) + <? end ?> + </p> <? end ?> <? end ?> |