From 5f605e967d42034581ffabd9df9f43de836b30f9 Mon Sep 17 00:00:00 2001
From: Mika Havela <mika.havela@gmail.com>
Date: Wed, 23 Jan 2008 20:13:26 +0000
Subject: Removing presentation of categorie because this is already presented
 in the header. Displaying a globe for each URL that exists for each alert.

git-svn-id: svn://svn.alpinelinux.org/acf/snort/trunk@631 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 snort-model.lua | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'snort-model.lua')

diff --git a/snort-model.lua b/snort-model.lua
index 97e08ba..c812a99 100644
--- a/snort-model.lua
+++ b/snort-model.lua
@@ -73,6 +73,9 @@ function read_alert()
 				if (alertpriority[priority][classification][currid]["value"] == nil) then
 					alertpriority[priority][classification][currid]["value"] = {}
 				end
+				if (alertpriority[priority][classification][currid]["url"] == nil) then
+					alertpriority[priority][classification][currid]["url"] = {}
+				end
 				-- COUNTER
 				if not (count[priority..classification..currid]) then
 					count[priority..classification..currid] = 0
@@ -84,8 +87,12 @@ function read_alert()
 					if (rowvalue == "") then
 						break 
 					end
-					if (rowvalue) then
+					if (rowvalue) and (string.match(rowvalue, "%[Xref.*") == nil) and (string.match(rowvalue, "%[Classification.*") == nil)then
 						table.insert(alertpriority[priority][classification][currid]["value"],rowvalue)
+					elseif (rowvalue) and (string.match(rowvalue, "%[Xref.*") ~= nil) then
+						for v in string.gmatch(rowvalue, "%[Xref%s+%=%>%s+(.-)%]") do
+							table.insert(alertpriority[priority][classification][currid]["url"],v)
+						end
 					end
 				end
 				alertcount = alertcount + 1
-- 
cgit v1.2.3