Merge pull request #2776 in SNORT/snort3 from ~MDAGON/snort3:rep_peg to master

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Fri, 5 Mar 2021 20:33:40 +0000 (20:33 +0000)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Fri, 5 Mar 2021 20:33:40 +0000 (20:33 +0000)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Fri, 5 Mar 2021 20:33:40 +0000 (20:33 +0000)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Fri, 5 Mar 2021 20:33:40 +0000 (20:33 +0000)
diff --git a/src/network_inspectors/reputation/reputation_config.h b/src/network_inspectors/reputation/reputation_config.h

index 83869faabb93a466e2a086738c3ecb9998ad7fc0..9ef911fccc621a3354230273061f81ca1bf33d48 100644 (file)
--- a/src/network_inspectors/reputation/reputation_config.h
+++ b/src/network_inspectors/reputation/reputation_config.h
@@ -109,6 +109,7 @@ struct ReputationStats
      PegCount trusted;
      PegCount monitored;
      PegCount memory_allocated;
+    PegCount total_alerts;
  };
  
  extern const PegInfo reputation_peg_names[];
diff --git a/src/network_inspectors/reputation/reputation_inspect.cc b/src/network_inspectors/reputation/reputation_inspect.cc

index d9bdd71ac11f24cf9a7d9de6191f8099a814f40d..ce17ce5f2010e8a0eef4542b722a6436a8e017a2 100644 (file)
--- a/src/network_inspectors/reputation/reputation_inspect.cc
+++ b/src/network_inspectors/reputation/reputation_inspect.cc
@@ -49,7 +49,7 @@ const PegInfo reputation_peg_names[] =
  { CountType::SUM, "trusted", "number of packets trusted" },
  { CountType::SUM, "monitored", "number of packets monitored" },
  { CountType::SUM, "memory_allocated", "total memory allocated" },
-
+{ CountType::SUM, "total_alerts", "total alerts triggered" },
  { CountType::END, nullptr, nullptr }
  };
  
@@ -277,6 +277,7 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
          act->block_session(p, true);
          act->set_drop_reason("reputation");
          reputationstats.blocked++;
+        reputationstats.total_alerts++;
          if (PacketTracer::is_active())
              PacketTracer::log("Reputation: packet blocked, drop\n");
      }
@@ -294,6 +295,7 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
  
          DetectionEngine::queue_event(GID_REPUTATION, monitor_event);
          reputationstats.monitored++;
+        reputationstats.total_alerts++;
      }
  
      else if (TRUSTED_SRC == decision or TRUSTED_DST == decision)
@@ -310,6 +312,7 @@ static void snort_reputation(ReputationConfig* config, Packet* p)
          DetectionEngine::queue_event(GID_REPUTATION, allowlist_event);
          act->trust_session(p, true);
          reputationstats.trusted++;
+        reputationstats.total_alerts++;
      }
  }
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Fri, 5 Mar 2021 20:33:40 +0000 (20:33 +0000)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Fri, 5 Mar 2021 20:33:40 +0000 (20:33 +0000)
src/network_inspectors/reputation/reputation_config.h		patch \| blob \| blame \| history
src/network_inspectors/reputation/reputation_inspect.cc		patch \| blob \| blame \| history