Attempt to make hostname notice email extension work and small format adjustments.

scripts/base/frameworks/notice/extend-email/hostnames.bro

@@ -17,25 +17,16 @@ event Notice::notice(n: Notice::Info) &priority=10
 		{
 		when ( local src_name = lookup_addr(n$src) )
 			{
-			output = cat(output, "orig_h/src: ", src_name, "\n");
+			output = string_cat("orig_h/src hostname: ", src_name, "\n");
-			}
+			n$email_body_sections[|n$email_body_sections|] = output;
-		timeout 5secs
-			{
-			output = cat(output, "orig_h/src: <timeout>\n");
 			}
 		}
 	if ( n?$dst )
 		{
 		when ( local dst_name = lookup_addr(n$dst) )
 			{
-			output = cat(output, "resp_h/dst: ", dst_name, "\n");
+			output = string_cat("resp_h/dst hostname: ", dst_name, "\n");
-			}
-		timeout 5secs
-			{
-			output = cat(output, "resp_h/dst: <timeout>\n");
-			}
-		}
-	
-	if ( output != "" )
 			n$email_body_sections[|n$email_body_sections|] = output;
 			}
+		}
+	}

scripts/base/frameworks/notice/main.bro

@@ -354,10 +354,7 @@ function email_notice_to(n: Notice::Info, dest: string, extend: bool)
 		
 	local email_text = email_headers(fmt("%s", n$note), dest);
 	
-	# The notice emails always start off with the human readable message.
+	# First off, add information about the connection if it exists.
-	email_text = string_cat(email_text, "\n", n$msg, "\n");
-
-	# Add information about the connection if it exists.
 	if ( n?$id )
 		email_text = string_cat(email_text, "Connection: ", 
 			fmt("%s", n$id$orig_h), ":", fmt("%d", n$id$orig_p), " -> ",
@@ -365,6 +362,9 @@ function email_notice_to(n: Notice::Info, dest: string, extend: bool)
 	else if ( n?$src )
 		email_text = string_cat(email_text, "Address: ", fmt("%s", n$src), "\n");
 	
+	# Any connection information is followed up by the human readable message.
+	email_text = string_cat(email_text, "\n", "Message: ", n$msg, "\n");
+	
 	# Add the extended information if it's requested.
 	if ( extend )
 		{