blacklight/Snort_AIPreproc
1
0
Fork 0
mirror of https://github.com/BlackLight/Snort_AIPreproc.git synced 2024-11-13 04:07:15 +01:00
Code Issues Projects Releases Packages Wiki Activity

Clustering still improved

Browse source
This commit is contained in:
BlackLight 2010-09-18 18:32:54 +02:00
parent efa5aa1ded
commit 960b70e106
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
cluster.c
View file

@ -272,10 +272,16 @@ _AI_merge_alerts ( AI_snort_alert **log )
{
if ( tmp2->next )
{
if ( tmp != tmp2->next )
if ( !(
tmp->gid == tmp2->next->gid &&
tmp->sid == tmp2->next->sid &&
tmp->rev == tmp2->next->rev &&
tmp->timestamp == tmp2->next->timestamp &&
tmp->ip_src_addr == tmp2->next->ip_src_addr &&
tmp->ip_dst_addr == tmp2->next->ip_dst_addr &&
tmp->tcp_src_port == tmp2->next->tcp_src_port &&
tmp->tcp_dst_port == tmp2->next->tcp_dst_port ))
{
_dpd.logMsg ( "Comparing '%s' and '%s'...\n", tmp->desc, tmp2->next->desc );
if ( _AI_equal_alarms ( tmp, tmp2->next ))
{
if ( !( tmp->grouped_alerts = ( AI_snort_alert** ) realloc ( tmp->grouped_alerts, (++(tmp->grouped_alerts_count)) * sizeof ( AI_snort_alert* ))))
@ -283,7 +289,6 @@ _AI_merge_alerts ( AI_snort_alert **log )
tmp->grouped_alerts[ tmp->grouped_alerts_count - 1 ] = tmp2->next;
count++;
_dpd.logMsg ( " -> Grouping '%s' and '%s'\n", tmp->desc, tmp2->next->desc );
tmp3 = tmp2->next->next;
tmp2->next = tmp3;
@ -296,7 +301,6 @@ _AI_merge_alerts ( AI_snort_alert **log )
}
}
_dpd.logMsg ( "\n" );
return count;
} /* ----- end of function _AI_merge_alerts ----- */