diff --git a/correlation.c b/correlation.c index a607bec..04e406c 100644 --- a/correlation.c +++ b/correlation.c @@ -211,13 +211,11 @@ __AI_correlated_alerts_to_json () encoded_pkt = NULL; pkt_len = pkt_iterator->pkt->pcap_header->len + pkt_iterator->pkt->payload_size; - if ( !( encoded_pkt = (char*) malloc ( 4*pkt_len + 1 ))) + if ( !( encoded_pkt = (char*) calloc ( 4*pkt_len + 1, sizeof ( char )))) { AI_fatal_err ( "Fatal dynamic memory allocation", __FILE__, __LINE__ ); } - memset ( encoded_pkt, 0, 4*pkt_len + 1 ); - base64_encode ( (const char*) pkt_iterator->pkt->pkt_data, pkt_len, diff --git a/neural.c b/neural.c index 9f31c74..936dcc1 100644 --- a/neural.c +++ b/neural.c @@ -290,6 +290,7 @@ AI_alert_neural_som_correlation ( const AI_snort_alert *a, const AI_snort_alert t1.src_port = ntohs ( a->tcp_src_port ); t1.dst_port = ntohs ( a->tcp_dst_port ); t1.timestamp = a->timestamp; + t1.desc = a->desc; t2.gid = b->gid; t2.sid = b->sid; @@ -299,6 +300,8 @@ AI_alert_neural_som_correlation ( const AI_snort_alert *a, const AI_snort_alert t2.src_port = ntohs ( b->tcp_src_port ); t2.dst_port = ntohs ( b->tcp_dst_port ); t2.timestamp = b->timestamp; + t2.desc = b->desc; + return __AI_som_alert_distance ( t1, t2 ); } /* ----- end of function AI_alert_neural_som_correlation ----- */ diff --git a/neural_cluster.c b/neural_cluster.c index 6925f0c..ac3caac 100644 --- a/neural_cluster.c +++ b/neural_cluster.c @@ -104,8 +104,9 @@ __AI_neural_clusters_to_xml ( kmeans_t *km, AI_alerts_per_neuron *alerts_per_neu inet_ntop ( AF_INET, &src_addr, src_ip, INET_ADDRSTRLEN ); inet_ntop ( AF_INET, &dst_addr, dst_ip, INET_ADDRSTRLEN ); - fprintf ( fp, "\t\t\n", + alert_iterator->alerts[k].desc, alert_iterator->alerts[k].gid, alert_iterator->alerts[k].sid, alert_iterator->alerts[k].rev, diff --git a/outdb.c b/outdb.c index 77ea502..378b61c 100644 --- a/outdb.c +++ b/outdb.c @@ -287,6 +287,7 @@ AI_store_alert_to_db_thread ( void *arg ) void* AI_store_cluster_to_db_thread ( void *arg ) { + int i; unsigned long cluster1 = 0, cluster2 = 0, latest_cluster_id = 0; @@ -342,34 +343,23 @@ AI_store_cluster_to_db_thread ( void *arg ) return (void*) 0; } - if ( !( row = (DB_row) DB_fetch_row ( res ))) - { - pthread_mutex_unlock ( &outdb_mutex ); - pthread_exit ((void*) 0); - return (void*) 0; - } + new_cluster = true; - /* If no cluster exists containing at least of them, create it */ - new_cluster = false; - - if ( !row[0] && !row[1] ) + for ( i=0; (row = (DB_row) DB_fetch_row ( res )); i++ ) { - new_cluster = true; - } else { - if ( row[0] ) + new_cluster = false; + + if ( i == 0 ) { cluster1 = strtoul ( row[0], NULL, 10 ); + } else if ( i == 1 ) { + cluster2 = strtoul ( row[0], NULL, 10 ); } + } - if ( row[1] ) - { - cluster2 = strtoul ( row[1], NULL, 10 ); - } - - if ( cluster1 == 0 && cluster2 == 0 ) - { - new_cluster = true; - } + if ( cluster1 == 0 && cluster2 == 0 ) + { + new_cluster = true; } DB_free_result ( res ); diff --git a/spp_ai.h b/spp_ai.h index 1a65a7b..1b0d6db 100644 --- a/spp_ai.h +++ b/spp_ai.h @@ -474,6 +474,7 @@ typedef struct { uint16_t src_port; uint16_t dst_port; time_t timestamp; + char* desc; } AI_som_alert_tuple; /*****************************************************************/ /** Key for the AI_alerts_per_neuron hash table */