blacklight/Snort_AIPreproc
1
0
Fork 0
mirror of https://github.com/BlackLight/Snort_AIPreproc.git synced 2024-12-26 03:05:11 +01:00
Code Issues Projects Releases Packages Wiki Activity

Modifying DOT files for including timestamps too

Browse source
This commit is contained in:
BlackLight 2011-02-17 02:56:33 +01:00
parent fcb2f25476
commit 1c591c4734
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
correlation.c
View file

@ -111,18 +111,22 @@ __AI_correlated_alerts_to_dot ( AI_alert_correlation *corr, FILE *fp )
fprintf ( fp, fprintf ( fp,
"\t\"[%d.%d.%d] %s\\n" "\t\"[%d.%d.%d] %s\\n"
"%s:%s -> %s:%s\\n" "%s:%s -> %s:%s\\n"
"starting from %lu"
"(%d alerts grouped)\" -> " "(%d alerts grouped)\" -> "
"\"[%d.%d.%d] %s\\n" "\"[%d.%d.%d] %s\\n"
"%s:%s -> %s:%s\\n" "%s:%s -> %s:%s\\n"
"starting from %lu"
"(%d alerts grouped)\";\n", "(%d alerts grouped)\";\n",
corr->key.a->gid, corr->key.a->sid, corr->key.a->rev, corr->key.a->desc, corr->key.a->gid, corr->key.a->sid, corr->key.a->rev, corr->key.a->desc,
src_addr1, src_port1, dst_addr1, dst_port1, src_addr1, src_port1, dst_addr1, dst_port1,
corr->key.a->timestamp,
corr->key.a->grouped_alerts_count, corr->key.a->grouped_alerts_count,
corr->key.b->gid, corr->key.b->sid, corr->key.b->rev, corr->key.b->desc, corr->key.b->gid, corr->key.b->sid, corr->key.b->rev, corr->key.b->desc,
src_addr2, src_port2, dst_addr2, dst_port2, src_addr2, src_port2, dst_addr2, dst_port2,
corr->key.b->timestamp,
corr->key.b->grouped_alerts_count corr->key.b->grouped_alerts_count
); );
} /* ----- end of function __AI_correlated_alerts_to_dot ----- */ } /* ----- end of function __AI_correlated_alerts_to_dot ----- */