Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Attempt to make hostname notice email extension work and small format adjustments.

Browse source
This commit is contained in:
Seth Hall 2011-10-21 22:51:56 -04:00
parent 9413e7f58c
commit 75e5caeff5
3 changed files with 9 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/base/frameworks/notice/__load__.bro
View file

@ -8,7 +8,7 @@
@load ./actions/page
@load ./actions/add-geodata
# There shouldn't be any defaul toverhead from loading these since they
# There shouldn't be any default overhead from loading these since they
# *should* only do anything when notices have the ACTION_EMAIL action applied.
@load ./extend-email/hostnames

19
scripts/base/frameworks/notice/extend-email/hostnames.bro
View file

@ -17,25 +17,16 @@ event Notice::notice(n: Notice::Info) &priority=10
{
when ( local src_name = lookup_addr(n$src) )
{
output = cat(output, "orig_h/src: ", src_name, "\n");
}
timeout 5secs
{
output = cat(output, "orig_h/src: <timeout>\n");
output = string_cat("orig_h/src hostname: ", src_name, "\n");
n$email_body_sections[|n$email_body_sections|] = output;
}
}
if ( n?$dst )
{
when ( local dst_name = lookup_addr(n$dst) )
{
output = cat(output, "resp_h/dst: ", dst_name, "\n");
}
timeout 5secs
{
output = cat(output, "resp_h/dst: <timeout>\n");
}
}
if ( output != "" )
output = string_cat("resp_h/dst hostname: ", dst_name, "\n");
n$email_body_sections[|n$email_body_sections|] = output;
}
}
}

8
scripts/base/frameworks/notice/main.bro
View file

@ -354,10 +354,7 @@ function email_notice_to(n: Notice::Info, dest: string, extend: bool)
local email_text = email_headers(fmt("%s", n$note), dest);
# The notice emails always start off with the human readable message.
email_text = string_cat(email_text, "\n", n$msg, "\n");
# Add information about the connection if it exists.
# First off, add information about the connection if it exists.
if ( n?$id )
email_text = string_cat(email_text, "Connection: ",
fmt("%s", n$id$orig_h), ":", fmt("%d", n$id$orig_p), " -> ",
@ -365,6 +362,9 @@ function email_notice_to(n: Notice::Info, dest: string, extend: bool)
else if ( n?$src )
email_text = string_cat(email_text, "Address: ", fmt("%s", n$src), "\n");
# Any connection information is followed up by the human readable message.
email_text = string_cat(email_text, "\n", "Message: ", n$msg, "\n");
# Add the extended information if it's requested.
if ( extend )
{