[Oisf-devel] [PATCH 1/2] Log verdict in Prelude alert module
Pierre Chifflier
chifflier at edenwall.com
Sat Dec 18 16:03:37 UTC 2010
Signed-off-by: Pierre Chifflier <chifflier at edenwall.com>
---
src/alert-prelude.c | 16 ++++++++++++++--
1 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/alert-prelude.c b/src/alert-prelude.c
index 0ce7fd1..d0f5a40 100644
--- a/src/alert-prelude.c
+++ b/src/alert-prelude.c
@@ -200,7 +200,7 @@ static int SetupAnalyzer(idmef_analyzer_t *analyzer)
*
* \return 0 if ok
*/
-static int EventToImpact(PacketAlert *pa, idmef_alert_t *alert)
+static int EventToImpact(PacketAlert *pa, Packet *p, idmef_alert_t *alert)
{
int ret;
prelude_string_t *str;
@@ -232,6 +232,18 @@ static int EventToImpact(PacketAlert *pa, idmef_alert_t *alert)
idmef_impact_set_severity(impact, severity);
+ if (p->action & ACTION_REJECT || p->action & ACTION_REJECT_BOTH ||
+ p->action & ACTION_REJECT_DST || p->action & ACTION_DROP) {
+ idmef_action_t *action;
+
+ ret = idmef_action_new(&action);
+ if ( ret < 0 )
+ SCReturnInt(ret);
+
+ idmef_action_set_category(action, IDMEF_ACTION_CATEGORY_BLOCK_INSTALLED);
+ idmef_assessment_set_action(assessment, action, 0);
+ }
+
ret = idmef_impact_new_description(impact, &str);
if ( ret < 0 )
SCReturnInt(ret);
@@ -673,7 +685,7 @@ TmEcode AlertPrelude (ThreadVars *tv, Packet *p, void *data, PacketQueue *pq, Pa
prelude_string_set_ref(str, pa->msg);
- ret = EventToImpact(pa, alert);
+ ret = EventToImpact(pa, p, alert);
if ( ret < 0 )
goto err;
--
1.7.2.3
More information about the Oisf-devel
mailing list