diff --git a/neural_cluster.c b/neural_cluster.c
index a757971..872b466 100644
--- a/neural_cluster.c
+++ b/neural_cluster.c
@@ -45,7 +45,7 @@
PRIVATE void
__AI_neural_clusters_to_xml ( kmeans_t *km, AI_alerts_per_neuron *alerts_per_neuron )
{
- int i, j, k, l, are_equal;
+ int i, j, k, l, m, n, are_equal;
FILE *fp = NULL;
uint32_t src_addr = 0,
@@ -57,8 +57,9 @@ __AI_neural_clusters_to_xml ( kmeans_t *km, AI_alerts_per_neuron *alerts_per_neu
*tmp = NULL,
*buf = NULL;
- AI_alerts_per_neuron_key key;
- AI_alerts_per_neuron *alert_iterator = NULL;
+ AI_alerts_per_neuron_key key, tmp_key;
+ AI_alerts_per_neuron *alert_iterator = NULL,
+ *tmp_iterator = NULL;
if ( !( fp = fopen ( config->neural_clusters_log, "w" )))
{
@@ -106,6 +107,40 @@ __AI_neural_clusters_to_xml ( kmeans_t *km, AI_alerts_per_neuron *alerts_per_neu
}
}
+ /* If no duplicate alert was found on the same neuron, check
+ * that there is no duplicate alert on other neurons */
+ if ( !are_equal )
+ {
+ for ( l=0; l <= i && !are_equal; l++ )
+ {
+ for ( m=0; m < j && !are_equal; m++ )
+ {
+ tmp_key.x = km->clusters[l][m][0];
+ tmp_key.y = km->clusters[l][m][1];
+ HASH_FIND ( hh, alerts_per_neuron, &tmp_key, sizeof ( tmp_key ), tmp_iterator );
+
+ if ( tmp_iterator )
+ {
+ for ( n=0; n < tmp_iterator->n_alerts && !are_equal; n++ )
+ {
+ if (
+ alert_iterator->alerts[k].gid == tmp_iterator->alerts[n].gid &&
+ alert_iterator->alerts[k].sid == tmp_iterator->alerts[n].sid &&
+ alert_iterator->alerts[k].rev == tmp_iterator->alerts[n].rev &&
+ alert_iterator->alerts[k].src_ip_addr == tmp_iterator->alerts[n].src_ip_addr &&
+ alert_iterator->alerts[k].dst_ip_addr == tmp_iterator->alerts[n].dst_ip_addr &&
+ alert_iterator->alerts[k].src_port == tmp_iterator->alerts[n].src_port &&
+ alert_iterator->alerts[k].dst_port == tmp_iterator->alerts[n].dst_port &&
+ alert_iterator->alerts[k].timestamp == tmp_iterator->alerts[n].timestamp )
+ {
+ are_equal = 1;
+ }
+ }
+ }
+ }
+ }
+ }
+
if ( !are_equal )
{
src_addr = htonl ( alert_iterator->alerts[k].src_ip_addr );