blacklight/Snort_AIPreproc
1
0
Fork 0
mirror of https://github.com/BlackLight/Snort_AIPreproc.git synced 2024-12-26 03:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fixing a DOT format bug

Browse source
This commit is contained in:
BlackLight 2011-02-17 04:00:25 +01:00
parent 6433b6fe3d
commit 04d4cc378f
1 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
correlation.c
View file

@ -93,6 +93,9 @@ __AI_correlated_alerts_to_dot ( AI_alert_correlation *corr, FILE *fp )
src_port2[10], src_port2[10],
dst_port2[10]; dst_port2[10];
char *time1 = NULL,
*time2 = NULL;
if ( !corr ) if ( !corr )
return; return;
@ -108,25 +111,30 @@ __AI_correlated_alerts_to_dot ( AI_alert_correlation *corr, FILE *fp )
snprintf ( src_port2, sizeof ( src_port2 ), "%d", ntohs ( corr->key.b->tcp_src_port )); snprintf ( src_port2, sizeof ( src_port2 ), "%d", ntohs ( corr->key.b->tcp_src_port ));
snprintf ( dst_port2, sizeof ( dst_port2 ), "%d", ntohs ( corr->key.b->tcp_dst_port )); snprintf ( dst_port2, sizeof ( dst_port2 ), "%d", ntohs ( corr->key.b->tcp_dst_port ));
time1 = strdup ( ctime ( &(corr->key.a->timestamp )) );
time2 = strdup ( ctime ( &(corr->key.b->timestamp )) );
time1[strlen(time1)-1] = 0;
time2[strlen(time2)-1] = 0;
fprintf ( fp, fprintf ( fp,
"\t\"[%d.%d.%d] %s\\n" "\t\"[%d.%d.%d] %s\\n"
"%s:%s -> %s:%s\\n" "%s:%s -> %s:%s\\n"
"starting from %s " "starting from %s\n"
"(%d alerts grouped)\" -> " "(%d alerts grouped)\" -> "
"\"[%d.%d.%d] %s\\n" "\"[%d.%d.%d] %s\\n"
"%s:%s -> %s:%s\\n" "%s:%s -> %s:%s\\n"
"starting from %s " "starting from %s\n"
"(%d alerts grouped)\";\n", "(%d alerts grouped)\";\n",
corr->key.a->gid, corr->key.a->sid, corr->key.a->rev, corr->key.a->desc, corr->key.a->gid, corr->key.a->sid, corr->key.a->rev, corr->key.a->desc,
src_addr1, src_port1, dst_addr1, dst_port1, src_addr1, src_port1, dst_addr1, dst_port1,
ctime ( &(corr->key.a->timestamp )), time1,
corr->key.a->grouped_alerts_count, corr->key.a->grouped_alerts_count,
corr->key.b->gid, corr->key.b->sid, corr->key.b->rev, corr->key.b->desc, corr->key.b->gid, corr->key.b->sid, corr->key.b->rev, corr->key.b->desc,
src_addr2, src_port2, dst_addr2, dst_port2, src_addr2, src_port2, dst_addr2, dst_port2,
ctime ( &(corr->key.b->timestamp )), time2,
corr->key.b->grouped_alerts_count corr->key.b->grouped_alerts_count
); );
} /* ----- end of function __AI_correlated_alerts_to_dot ----- */ } /* ----- end of function __AI_correlated_alerts_to_dot ----- */