From 1c591c4734f98dbbc9790f3ef9d18eb4b4284044 Mon Sep 17 00:00:00 2001
From: BlackLight <blacklight@autistici.org>
Date: Thu, 17 Feb 2011 02:56:33 +0100
Subject: [PATCH] Modifying DOT files for including timestamps too

---
 correlation.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/correlation.c b/correlation.c
index 37b81c4..77ba336 100644
--- a/correlation.c
+++ b/correlation.c
@@ -111,18 +111,22 @@ __AI_correlated_alerts_to_dot ( AI_alert_correlation *corr, FILE *fp )
 	fprintf ( fp,
 		"\t\"[%d.%d.%d] %s\\n"
 		"%s:%s -> %s:%s\\n"
+		"starting from %lu"
 		"(%d alerts grouped)\" -> "
 
 		"\"[%d.%d.%d] %s\\n"
 		"%s:%s -> %s:%s\\n"
+		"starting from %lu"
 		"(%d alerts grouped)\";\n",
 
 		corr->key.a->gid, corr->key.a->sid, corr->key.a->rev, corr->key.a->desc,
 		src_addr1, src_port1, dst_addr1, dst_port1,
+		corr->key.a->timestamp,
 		corr->key.a->grouped_alerts_count,
 
 		corr->key.b->gid, corr->key.b->sid, corr->key.b->rev, corr->key.b->desc,
 		src_addr2, src_port2, dst_addr2, dst_port2,
+		corr->key.b->timestamp,
 		corr->key.b->grouped_alerts_count
 	);
 }		/* -----  end of function __AI_correlated_alerts_to_dot  ----- */