Now actually pretty-printing the notices.

Output is similar to Bro 1.x.

scripts/base/frameworks/notice/__load__.bro

@@ -7,7 +7,6 @@
 @load ./actions/email_admin
 @load ./actions/page
 @load ./actions/add-geodata
-@load ./actions/pp-alarms
 
 # There shouldn't be any default overhead from loading these since they 
 # *should* only do anything when notices have the ACTION_EMAIL action applied.
@@ -19,3 +18,6 @@
 @if ( Cluster::is_enabled() )
 @load ./cluster
 @endif
+
+# Load here so that it can check whether clustering is enabled.
+@load ./actions/pp-alarms

scripts/base/frameworks/notice/actions/pp-alarms.bro

@@ -12,6 +12,12 @@ export {
 	## :bro:id:`Notice::mail_dest`.
 	const mail_dest_pretty_printed = "" &redef;
 
+        ## If an address from one of these networks is involved in alarm, we mark
+	## the entry with a quote symbol (i.e., ">"). Many mailers highlight such
+	## lines in some way.
+	global flag_nets: set[subnet] &redef;
+
+
 	## Function that renders a single alarm. Can be overidden.
 	global pretty_print_alarm: function(out: file, n: Info) &redef;
 }
@@ -24,6 +30,7 @@ global pp_alarms_open: bool = F;
 # Returns True if pretty-printed alarm summaries are activated.
 function want_pp() : bool
 	{
+	return T;
 	return (pretty_print_alarms && ! reading_traces()
 		&& (mail_dest != "" || mail_dest_pretty_printed != ""));
 	}
@@ -53,8 +60,8 @@ function pp_send()
 	write_file(pp_alarms, "\n\n--\n[Automatically generated]\n\n");
 	close(pp_alarms);
 	
-	system(fmt("/bin/cat %s | %s -t -oi && /bin/rm %s",
+	#system(fmt("/bin/cat %s | %s -t -oi && /bin/rm %s",
-		   pp_alarms_name, sendmail, pp_alarms_name));
+	#	   pp_alarms_name, sendmail, pp_alarms_name));
 
 	pp_alarms_open = F;
 	}
@@ -84,8 +91,8 @@ event notice(n: Notice::Info) &priority=-5
 	{
 	if ( ! want_pp() )
 		return;
-	
+
-	if ( ACTION_ALARM !in n$actions )
+	if ( ACTION_LOG !in n$actions )
 		return;
 
 	if ( ! pp_alarms_open )
@@ -94,12 +101,82 @@ event notice(n: Notice::Info) &priority=-5
 	pretty_print_alarm(pp_alarms, n);
 	}
 
+function do_msg(out: file, n: Info, line1: string, line2: string, line3: string, host: addr, name: string)
+	{
+	if ( host != 0.0.0.0 ) 
+		{
+		local country = "";
+		if ( n?$remote_location && n$remote_location?$country_code  )
+			country = fmt(" (%s)", n$remote_location$country_code);
+
+		name = fmt(" %s = %s%s", host, name, country);
+		}
+	
+	
+	line1 = cat(line1, name);
+	
+	print out, line1;
+	print out, line2;
+	if ( line3 != "" )
+		print out, line3;
+	}
+
 # Default pretty-printer.
 function pretty_print_alarm(out: file, n: Info)
 	{
-	print out, n;
+	local pdescr = "";
+
+@if ( Cluster::is_enabled() )	
+	pdescr = "local";
+	
+	if ( n?$src_peer )
+		pdescr = n$src_peer?$descr ? n$src_peer$descr : fmt("%s", n$src_peer$host);
+	
+	pdescr = fmt("<%s> ", pdescr);
+@endif	
+
+	local msg = fmt( "%s%s%s", pdescr, n$msg, n?$sub ? cat(" ", n$sub) : "");
+
+	local orig = 0.0.0.0;
+	local resp = 0.0.0.0;
+	local host = 0.0.0.0;
+
+	if ( n?$src )
+		orig = host = n$src;
+
+	if ( n?$id )
+		{
+		orig = n$id$orig_h;
+		resp = n$id$resp_h;
+		}
+
+	if ( host == 0.0.0.0 )
+		host = orig; 
+
+	local flag = (orig in flag_nets || resp in flag_nets);
+	
+	local location = "";
+
+	if ( host != 0.0.0.0 )
+		location =  Site::is_local_addr(host) ? "(L)" : "(R)";
+
+	local line1 = fmt(">%s %D %s %s", (flag ? ">" : " "), network_time(), n$note, location);
+	local line2 = fmt("   %s", msg);   
+	local line3 = ""; # Could use later.
+
+	if ( host == 0.0.0.0 )
+		{
+		do_msg(out, n, line1, line2, line3, 0.0.0.0, "");
+		return;
+		}
+	
+	when ( local name = lookup_addr(host) )
+		{
+		do_msg(out, n, line1, line2, line3, host, name);
+		}
+	timeout 5secs
+		{
+		do_msg(out, n, line1, line2, line3, host, "(dns timeout)");
+		}
 	}
-
+	
-
-
-