forked from sethhall/bro-scripts
-
Notifications
You must be signed in to change notification settings - Fork 7
/
notice.bro.patch
34 lines (32 loc) · 978 Bytes
/
notice.bro.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
--- notice.bro.orig 2010-03-18 09:52:21.000000000 -0400
+++ notice.bro 2010-03-18 09:54:23.000000000 -0400
@@ -277,11 +277,29 @@
if ( reading_traces() || dest == "" )
return;
+ local message = fmt("%s\n\n", n$msg);
+
+ if ( n?$sub )
+ message = fmt("%Assub=%s\n", message, n$sub);
+
+ if ( n?$aux )
+ {
+ for ( a in n$aux )
+ message = fmt("%As%s=%s\n", message, a, n$aux[a]);
+ }
+ if ( n?$id )
+ {
+ local id_string = fmt("%s/%d > %s/%d",
+ n$id$orig_h, n$id$orig_p,
+ n$id$resp_h, n$id$resp_p);
+ message = fmt("%Asconn=%s\n", message, id_string);
+ }
+
# The contortions here ensure that the arguments to the mail
# script will not be confused. Re-evaluate if 'system' is reworked.
local mail_cmd =
- fmt("echo \"%s\" | %s -s \"[Bro Alarm] %s\" %s",
- str_shell_escape(n$msg), mail_script, n$note, dest);
+ fmt("echo \"%As\" | %s -s \"[Bro Alarm] %s\" %s",
+ str_shell_escape(message), mail_script, n$note, dest);
system(mail_cmd);
}