From b65077ded5e8356280c07bee45a02c2c5fe7cf93 Mon Sep 17 00:00:00 2001 From: Evgeniy Sinev Date: Thu, 10 May 2018 10:18:37 +0300 Subject: [PATCH] Added more logging to SuricataMessageManager --- .../syslog/surricata/SuricataMessageManager.java | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/srvlog-service/src/main/java/com/payneteasy/srvlog/adapter/syslog/surricata/SuricataMessageManager.java b/srvlog-service/src/main/java/com/payneteasy/srvlog/adapter/syslog/surricata/SuricataMessageManager.java index 2e1e19d..e819664 100644 --- a/srvlog-service/src/main/java/com/payneteasy/srvlog/adapter/syslog/surricata/SuricataMessageManager.java +++ b/srvlog-service/src/main/java/com/payneteasy/srvlog/adapter/syslog/surricata/SuricataMessageManager.java @@ -31,12 +31,17 @@ public SuricataMessageManager(ILogCollector aCollector) { } public boolean isMessageFromSurricata(String aRawMessage) { - return aRawMessage.contains("suricata") && aRawMessage.contains("{"); + return aRawMessage.contains("suricata") && aRawMessage.contains("{") && aRawMessage.contains("flow_id"); } public void processRawMessage(String aRawMessage) { try { - collector.saveSnortLog(createSnortLogData(aRawMessage)); + SnortLogData snortLogData = createSnortLogData(aRawMessage); + if(LOG.isDebugEnabled()) { + LOG.debug("Suricata raw message: {}", aRawMessage); + LOG.debug("Suricata snort log: {}", snortLogData); + } + collector.saveSnortLog(snortLogData); } catch (IOException e) { LOG.error("Cannot process {}", aRawMessage, e); } @@ -96,7 +101,7 @@ private SnortLogData convertToSnort(String aJson, SuricataJsonMessage aEvent) { SuricataAlert alert = aEvent.getAlert(); SuricataHttp http = aEvent.getHttp(); - snort.setProgram ( "surricata" ); + snort.setProgram ( "suricata" ); snort.setSensorName ( aEvent.getIn_iface() ); snort.setDate ( aEvent.getTimestamp() ); snort.setPriority ( alert.getSeverity() ); // [Priority: 2 ]