From 8c71e68c05db95bb234105dfed97c70bb42dee0e Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Thu, 9 Jun 2011 12:50:00 -0400
Subject: [PATCH] Fixed a bug where notices and the conn log.

- Notices that weren't logged were still tagging
  the conn log which was confusing.  Only logged
  notices are now tagged in the conn log.
---
 policy/frameworks/notice/base.bro | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/policy/frameworks/notice/base.bro b/policy/frameworks/notice/base.bro
index f30cec3d6f..ad63fdf138 100644
--- a/policy/frameworks/notice/base.bro
+++ b/policy/frameworks/notice/base.bro
@@ -252,14 +252,6 @@ function fill_in_missing_details(n: Notice::Info)
 
 	# Generate a unique ID for this notice.
 	n$tag = unique_id("@");
-
-	# Add the tag to the connection's notice_tags if there is a connection.
-	if ( n?$conn && n$conn?$conn )
-		{
-		if ( ! n$conn$conn?$notice_tags )
-			n$conn$conn$notice_tags = set();
-		add n$conn$conn$notice_tags[n$tag];
-		}
 		
 	local action = match n using policy;
 	if ( action != ACTION_IGNORE && 
@@ -277,6 +269,14 @@ event notice(n: Notice::Info) &priority=-5
 
 	if ( n$action != ACTION_IGNORE )
 		{
+		# Add the tag to the connection's notice_tags if there is a connection.
+		if ( n?$conn && n$conn?$conn )
+			{
+			if ( ! n$conn$conn?$notice_tags )
+				n$conn$conn$notice_tags = set();
+			add n$conn$conn$notice_tags[n$tag];
+			}
+		
 		Log::write(NOTICE_LOG, n);
 
 		if ( n$action != ACTION_FILE && n$do_alarm )