Skip to content

Commit

Permalink
Added more logging to SuricataMessageManager
Browse files Browse the repository at this point in the history
  • Loading branch information
Evgeniy Sinev committed May 10, 2018
1 parent c337539 commit b65077d
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions .../src/main/java/com/payneteasy/srvlog/adapter/syslog/surricata/SuricataMessageManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,17 @@ public SuricataMessageManager(ILogCollector aCollector) {
}

public boolean isMessageFromSurricata(String aRawMessage) {
return aRawMessage.contains("suricata") && aRawMessage.contains("{");
return aRawMessage.contains("suricata") && aRawMessage.contains("{") && aRawMessage.contains("flow_id");
}

public void processRawMessage(String aRawMessage) {
try {
collector.saveSnortLog(createSnortLogData(aRawMessage));
SnortLogData snortLogData = createSnortLogData(aRawMessage);
if(LOG.isDebugEnabled()) {
LOG.debug("Suricata raw message: {}", aRawMessage);
LOG.debug("Suricata snort log: {}", snortLogData);
}
collector.saveSnortLog(snortLogData);
} catch (IOException e) {
LOG.error("Cannot process {}", aRawMessage, e);
}
Expand Down Expand Up @@ -96,7 +101,7 @@ private SnortLogData convertToSnort(String aJson, SuricataJsonMessage aEvent) {
SuricataAlert alert = aEvent.getAlert();
SuricataHttp http = aEvent.getHttp();

snort.setProgram ( "surricata" );
snort.setProgram ( "suricata" );
snort.setSensorName ( aEvent.getIn_iface() );
snort.setDate ( aEvent.getTimestamp() );
snort.setPriority ( alert.getSeverity() ); // [Priority: 2 ]
Expand Down

0 comments on commit b65077d

Please sign in to comment.