From 5f605e967d42034581ffabd9df9f43de836b30f9 Mon Sep 17 00:00:00 2001
From: Mika Havela <mika.havela@gmail.com>
Date: Wed, 23 Jan 2008 20:13:26 +0000
Subject: Removing presentation of categorie because this is already presented
 in the header. Displaying a globe for each URL that exists for each alert.

git-svn-id: svn://svn.alpinelinux.org/acf/snort/trunk@631 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 snort-model.lua       |  9 ++++++++-
 snort-status-html.lsp | 10 +++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/snort-model.lua b/snort-model.lua
index 97e08ba..c812a99 100644
--- a/snort-model.lua
+++ b/snort-model.lua
@@ -73,6 +73,9 @@ function read_alert()
 				if (alertpriority[priority][classification][currid]["value"] == nil) then
 					alertpriority[priority][classification][currid]["value"] = {}
 				end
+				if (alertpriority[priority][classification][currid]["url"] == nil) then
+					alertpriority[priority][classification][currid]["url"] = {}
+				end
 				-- COUNTER
 				if not (count[priority..classification..currid]) then
 					count[priority..classification..currid] = 0
@@ -84,8 +87,12 @@ function read_alert()
 					if (rowvalue == "") then
 						break 
 					end
-					if (rowvalue) then
+					if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then
 						table.insert(alertpriority[priority][classification][currid]["value"],rowvalue)
+					elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then
+						for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do
+							table.insert(alertpriority[priority][classification][currid]["url"],v)
+						end
 					end
 				end
 				alertcount = alertcount + 1
diff --git a/snort-status-html.lsp b/snort-status-html.lsp
index 0eac963..5c35e30 100644
--- a/snort-status-html.lsp
+++ b/snort-status-html.lsp
@@ -30,7 +30,15 @@
 			<? for l=2, table.maxn(view.alertresult[i]["value"][j][k]["value"]) do ?>
 				<?= view.alertresult[i]["value"][j][k]["value"][l] ?><BR>
 			<? end ?>
-			<I>(This alarm is repeated <B><?= view.alertresult[i]["value"][j][k]["count"] ?></B> times)</I></p>
+			<I>(This alarm is repeated <B><?= view.alertresult[i]["value"][j][k]["count"] ?></B> times)</I>
+			<? if (table.maxn(view.alertresult[i]["value"][j][k]["url"]) ~= 0) then ?>
+				( URL's:
+				<? for q=1, table.maxn(view.alertresult[i]["value"][j][k]["url"]) do ?>
+					<a href="<?= view.alertresult[i]["value"][j][k]["url"][q] ?>" target="_new"><img src="/static/tango/16x16/categories/applications-internet.png" alt="<?= view.alertresult[i]["value"][j][k]["url"][q] ?>"></a>
+				<? end ?>
+			)
+			<? end ?>
+			</p>
 		<? end ?>
 
 	<? end ?>
-- 
cgit v1.2.3